Penpot's remote image import let an authenticated file editor turn a normal media convenience feature into backend-origin SSRF because attacker-controlled URLs crossed into a redirect-following server fetch path without destination filtering.
A local package installation helper trusted caller-supplied package names too much. In yeoman-environment, missing generators could be installed without user confirmation, turning attacker-controlled project metadata into a package-install and code-execution path.
The SSRF filter checked hostname text, but the actual destination was decided later by DNS. That gap let attacker-controlled Webhook URLs reach loopback, metadata, and private network targets.
A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored attachment inside the same workspace.
Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a clickable anchor in the Docmost origin.
A public share looked clean in the page tree, but the search endpoint told a different story. In Docmost, restricted child pages hidden from public share viewers could still leak through public share search results.
CVE-2026-54807 WooCommerce Privilege Escalation ║ ║ Unauthenticated Admin Role Assignment via Reg. Form
Full Metasploit exploitation walkthrough against Metasploitable2 — vsftpd backdoor, Samba CVE-2007-2447, UnrealIRCd backdoor, Netcat exfiltration, and credential cracking prep.
CVE-2025-8088 exploitation chain + Quasar C2 multi-stage payload delivery
PoC for CVE-2026-13036 — Use-after-free in Blink WidgetBase::UpdateSurfaceAndScreenInfo (Chrome < 149.0.7827.197)
PoC + analysis for CVE-2026-24207 / CVE-2026-24206 — NVIDIA Triton SageMaker & Vertex AI auth-restriction bypass + RCE chain
CVE-2026-26980 - Ghost CMS Content API SQL Injection
CVE-2026-55584 — phpSysInfo IP Allowlist Bypass
POC for CVE-2023-45866 affecting Latest Android devices.
PoC exploit for CVE-2025-8110
CVE-2025-61155 — arbitrary process termination in GameDriverX64.sys (Tower of Fantasy anti-cheat). Original IDA Pro teardown, PoC, YARA, IOCs, mitigation.
Let's hijack our bootchain - CVE-2021-30327
Non-destructive vulnerability scanner for NGINX HTTP/3 (ngx_http_v3_module). It ONLY performs a safe probe: opens an HTTP/3 (QUIC) connection, sends a single HEAD request and inspects the `Server` response header. It NEVER attempts to reopen a QPACK encoder stream or trigger the use-after-free.