http://www.expku.com exp库-打造中文最大exploit库 的 最近更新 zh-cn power by www.expku.com vitter@mail.securitycn.net 60 http://www.expku.com/local/56425.html <pre># Exploit Title: Windows Snipping Tool - NTLMv2 Hash Hijack # Date: 2026-04-22 # Exploit Author: nu11secur1ty # Video Demo: https://www.patreon.com/posts/cve-2026-33829-156243398 # Vendor Homepage: https://www.microsoft.com # Software Link: Bu...... 2026-05-15 00:00:00 LOCAL nu11secur1ty 出处：expkucom http://www.expku.com/local/56424.html <pre>#!/usr/bin/env python3 # Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing # Date: 2026-04-20 # Exploit Author: Chokri Hammedi # Software: https://rs.ltd/latest.php?os=win # Vendor: https://rs.ltd/...... 2026-05-15 00:00:00 LOCAL Chokri Hammedi 出处：expkucom http://www.expku.com/local/56423.html <pre># Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Remote Code Execution # Date: 2026-04-20 # Exploit Author: Chokri Hammedi # Software: https://rs.ltd/latest.php?os=win # Vendor: https://rs.ltd/ # Version: 2026.14 # Te...... 2026-05-15 00:00:00 LOCAL Chokri Hammedi 出处：expkucom http://www.expku.com/web/56422.html <pre># Exploit Title: WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI # Date: 3/30/2026 # Exploit Author: bootstrapbool # Vendor Homepage: https://supsystic.com/plugins/contact-form-plugin/ # Software Link: https://wordpress.org/plugins/contact...... 2026-05-14 00:00:00 WEB bootstrapbool 出处：expkucom http://www.expku.com/web/56421.html <pre># Exploit Title: Apache HertzBeat 1.8.0 - Remote Code Execution # Google Dork: N/A # Date: 2026-03-09 # Exploit Author: Brett Gervasoni # Vendor Homepage: https://hertzbeat.apache.org/ # Software Link: https://github.com/apache/hertzbeat/release...... 2026-05-14 00:00:00 WEB Brett Gervasoni 出处：expkucom http://www.expku.com/web/56420.html <pre># Exploit Title: ePati Antikor NGFW 2.0.1301 - Authentication Bypass # Date: 2026-04-13 # Exploit Author: [SADIK ERTÜRK] # Vendor Homepage: https://www.epati.com.tr/ # Software Link: https://www.epati.com.tr/antikor-ngfw/ # Version: v.2.0.12...... 2026-05-14 00:00:00 WEB sadik 出处：expkucom http://www.expku.com/web/56419.html <pre># Exploit Title: PJPROJECT 2.16 - Heap Bufferoverflow # Google Dork: CVE-2026-25994 PJSIP PJNATH (pjsip ≤ 2.16) # Date: Apr 6 2026 # Exploit Author: V.Nos - BinSmaser Team # Vendor Homepage: https://github.com/pjsip/pjproject # Software Link: ...... 2026-05-14 00:00:00 WEB vabismo452 出处：expkucom http://www.expku.com/web/56418.html <pre># Exploit Title: Ninja Forms Uploads - Unauthenticated PHP File Upload # Date: 2026-04-09 # Exploit Author: Sélim Lanouar (@whattheslime) # Vendor Homepage: https://ninjaforms.com/ # Software Link: https://ninjaforms.com/ex...... 2026-05-13 00:00:00 WEB selim.lanouar 出处：expkucom http://www.expku.com/web/56417.html <pre>#!/usr/bin/env python3 # Exploit Title: glances 4.5.2 - command injection # Date: 2026-04-09 # Exploit Author: Stepanov Daniil # Vendor Homepage: https://github.com/nicolargo/glances # Software Link: https://github.com/nicolargo/glances # Versio...... 2026-05-13 00:00:00 WEB best.sell 出处：expkucom http://www.expku.com/web/56416.html <pre># Exploit Title: coreruleset 4.21.0 - Firewall Bypass # Date:* 04/08/2026* # Exploit Author: Daytrift Newgen # Vendor Homepage: https://github.com/coreruleset # Software Link: https://github.com/coreruleset/coreruleset # Version: &lt; 4.22.0/3.3...... 2026-05-13 00:00:00 WEB anonimicerum 出处：expkucom http://www.expku.com/web/56415.html <pre># Exploit Title: Flowise &lt; 3.0.5 - Missing Authentication for Critical Function # Date: 10/11/2025 # Exploit Author: [nltt0] (https://github.com/nltt-br)) # Vendor Homepage: https://flowiseai.com/ # Software Link: https://github.com/FlowiseAI...... 2026-05-13 00:00:00 WEB andersoncezar048 出处：expkucom http://www.expku.com/remote/56414.html <pre># Exploit Title: telnetd 2.7 - Buffer Overflow # Google Dork: N/A # Date: 2026-04-03 # Exploit Author: Jeff Barron (jeffaf) # Vendor Homepage: https://www.gnu.org/software/inetutils/ # Software Link: https://ftp.gnu.org/gnu/inetutils/ # Version:...... 2026-05-07 00:00:00 REMOTE jeffbarron 出处：expkucom http://www.expku.com/web/56413.html <pre># Exploit Title: Ghost CMS 6.19.0 - SQLi # Date: 2026-03-30 # Exploit Author: Maksim Rogov # Exploit Licence: GPL-3.0 # Software Link: https://ghost.org/ # Version: Ghost &gt;=3D 3.24.0, &lt;=3D 6.19.0 # Tested on: Ghost 6.16.1 # CVE : CVE-2026-...... 2026-05-07 00:00:00 WEB Maksim Rogov 出处：expkucom http://www.expku.com/web/56412.html <pre>-- Exploit Title: LuaJIT 2.1.1774638290 - Arbitrary Code Execution -- Date: 2026-03-29 -- Exploit Author: TaurusOmar -- Vendor Homepage: https://luajit.org/ -- Software Link: https://luajit.org/download.html -- Version: LuaJIT 2.1.1774638290 (la...... 2026-05-07 00:00:00 WEB Taurus Omar 出处：expkucom http://www.expku.com/web/56411.html <pre># Exploit Title: Bludit CMS 3.18.4 - RCE # Date: 2026-03-28 # Exploit Author: Yahia Hamza (https://yh.do) # Vendor Homepage: https://www.bludit.com/ # Software Link: https://github.com/bludit/bludit/archive/refs/tags/3.18.2.zip # Version: Bludi...... 2026-05-07 00:00:00 WEB yahia 出处：expkucom http://www.expku.com/local/56410.html <pre># Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape # Date: 2026-03-26 # Exploit Author: Onurcan Genç # Vendor Homepage: https://www.nocobase.com/ # Software Link: https://github.com/nocobase/nocobase # Version: &lt;= 2.0.27 — patched in 2...... 2026-05-07 00:00:00 LOCAL onurcangencbilkent 出处：expkucom http://www.expku.com/web/56409.html <pre># Exploit Title: ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF) # Date: 2026-03-25 # Exploit Author: Tamil Mathi T. # Vendor Homepage: https://thingsboard.io # Software Link: https://github.com/thingsboard/thingsboard # Vers...... 2026-05-07 00:00:00 WEB 9tamilmathi 出处：expkucom http://www.expku.com/local/56408.html <pre> * Exploit Title: Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation * CVE: CVE-2025-40271 * Date: 2026-03-19 * Exploit Author: Aviral Srivastava * Vendor: Linux Kernel (kernel.org) * Affected...... 2026-05-04 00:00:00 LOCAL aviralyash27 出处：expkucom http://www.expku.com/local/56407.html <pre> * Exploit Title: Linux Kernel 3.16 – 6.19.3 nf_tables RCU UAF LPE * CVE: CVE-2026-23231 * Date: 2026-03-19 * Exploit Author: Aviral Srivastava * Vendor: Linux Kernel (kernel.org) * Affected: 3.16 – 6.1...... 2026-05-04 00:00:00 LOCAL aviralyash27 出处：expkucom http://www.expku.com/web/56406.html <pre># Exploit Title: Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE) # Date: 2026-15-03 # Exploit Author: JarrettgxzSec # Vendor Homepage: www.linksys.com # Version: FW &lt;= v2.0.04 # Tested on: v2.0.02 &amp; v2.0.04, directly conn...... 2026-05-04 00:00:00 WEB jarrett 出处：expkucom http://www.expku.com/web/56405.html <pre># Exploit Title: MindsDB 25.9.1.1 - Path Traversal # Date: 06-03-2026 # Exploit Author: Lohitya Pushkar (thewhiteh4t) # Vendor Homepage: https://mindsdb.com/ # Software Link: https://github.com/mindsdb/mindsdb # Version: &lt; 25.9.1.1 # Tested ...... 2026-05-04 00:00:00 WEB thewhiteh4t 出处：expkucom http://www.expku.com/local/56404.html <pre># Exploit Title: Windows 11 24H2 - Local Privilege Escalation # Google Dork: inurl:http.sys &quot;Windows 11 24H2&quot; vulnerability | intitle:&quot;HTTP.sys&quot; &quot;CVE-2026-21250&quot; &quot;Elevation of Privilege&quot; # Date: 2026-02-2...... 2026-05-04 00:00:00 LOCAL 3302509675 出处：expkucom http://www.expku.com/web/56403.html <pre># Exploit Title: Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH) # Date: 2026-02-26 # Exploit Author: Hazar Taspinar # Vendor Homepage: https://www.traccar.org/ # Software Link: https://github.com/traccar/traccar # Ve...... 2026-05-04 00:00:00 WEB hazar 出处：expkucom http://www.expku.com/web/56402.html <pre># Exploit Title: FUXA 1.2.8 - Authentication Bypass + RCE Exploit # Date: 2026-02-25 # Exploit Author: Joshua van der Poll (https://github.com/joshuavanderpoll/) # Software Link: https://github.com/frangoteam/FUXA/tree/v1.2.8 # Vendor Homepage: ...... 2026-04-30 00:00:00 WEB joshua 出处：expkucom http://www.expku.com/web/56401.html <pre># Exploit Title: Python-Multipart 0.0.22 - Path Traversal # Date: 2026-02-23 # Exploit Author: cardosource # Vendor Homepage: https://github.com/Kludex/python-multipart # Software Link: https://pypi.org/project/python-multipart/ # Version: &lt; ...... 2026-04-30 00:00:00 WEB jefersoncardoso.dev 出处：expkucom http://www.expku.com/local/56400.html <pre># Exploit Title: Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap # Date: 2026-02-23 # Exploit Author: nu11secur1ty # Vendor Homepage: https://www.google.com/chrome/ # Software Link: https://www.google.com/chrome/ # Version: Chrome &lt;= 1...... 2026-04-30 00:00:00 LOCAL nu11secur1ty 出处：expkucom http://www.expku.com/local/56399.html <pre># Exploit Title: Windows 11 23H2 - Denial of Service (DoS) # Google Dork: N/A # Date: 2025-08-22 # Exploit Author: Kryptoenix # Vendor Homepage: https://www.microsoft.com/ # Software Link: https://www.microsoft.com/en-us/software-download/window...... 2026-04-30 00:00:00 LOCAL tryhardertryh 出处：expkucom http://www.expku.com/web/56398.html <pre># Exploit Title: Repetier-Server 1.4.10 - Path Traversal # Exploit Author: Mohammed Idrees Banyamer # Vendor Homepage: https://www.repetier.com/ # Version: &lt;= 1.4.10 # Tested on: Windows 10 / Windows Server 2019 (Repetie...... 2026-04-30 00:00:00 WEB banyamer 出处：expkucom http://www.expku.com/web/56397.html <pre># Exploit Title: HUSTOJ Zip-Slip v26.01.24 - RCE # Date: 2026-02-14 # Exploit Author: Marshall Whittaker / oxagast # Vendor Homepage: https://github.com/zhblue/hustoj # Software Link: http://123.158.38.129:8090/livecd/HUSTOJ25.05.iso (LiveCD, o...... 2026-04-30 00:00:00 WEB Marshall Whittaker 出处：expkucom http://www.expku.com/web/56396.html <pre># Exploit Title: BusyBox 1.37.0 - Path Traversal # Google Dork: N/A # Date: 2026-02-11 # Exploit Author: Calil Khalil # Vendor Homepage: https://busybox.net # Software Link: https://busybox.net/downloads/ # Version: BusyBox 1.36.1, 1.37.0 # Test...... 2026-04-30 00:00:00 WEB Calil Khalil 出处：expkucom http://www.expku.com/local/56395.html <pre># Exploit Title: Windows 11 25H2 - Heap Overflow Ghost Patch Exploit Framework # Date: 2026-02-13 # Exploit Author: nu11secur1ty # Vendor Homepage: https://www.microsoft.com # Software Link: https://www.microsoft.com/software-download/windows11...... 2026-04-30 00:00:00 LOCAL nu11secur1ty 出处：expkucom http://www.expku.com/web/56394.html <pre># Exploit Title: JUNG Smart Visu Server 1.1.1050- Dos # CVE: CVE-2026-26235 # Date: 2026-02-12 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Author GitHub: https://github.com/banyamer-secur...... 2026-04-30 00:00:00 WEB banyamer 出处：expkucom http://www.expku.com/web/56393.html <pre># Exploit Title: SumatraPDF 3.5.2 - Remote Code Execution # Date: 2026-02-10 # Exploit Author: Mohammed I. Banyamer # Vendor Homepage: https://www.sumatrapdfreader.org/ # Software Link: https://www.sumatrapdfreader.org/download-free-pdf-viewer #...... 2026-04-30 00:00:00 WEB banyamer 出处：expkucom http://www.expku.com/web/56392.html <pre># Exploit Title: NiceGUI 3.6.1 - Path Traversal # Author: Mohammed Idrees Banyamer # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-06-06 # Tested on: NiceGUI &lt;= 3.6.1 (Python 3.8–3.12 on Linux/Windows) # C...... 2026-04-30 00:00:00 WEB banyamer 出处：expkucom http://www.expku.com/web/56391.html <pre># Exploit Title: Frigate NVR 0.16.3 - Remote Code Execution # Date: 2026-02-05 # Exploit Author: jduardo2704 # Vendor Homepage: https://frigate.video/ # Software Link: https://github.com/blakeblackshear/frigate # Version: &lt;= 0.16.3 # Tested o...... 2026-04-30 00:00:00 WEB jduardo2704 出处：expkucom http://www.expku.com/web/56390.html <pre>Exploit Title: Js2Py 0.74 - RCE Date: 2026-02-03 Exploit Author: Ali Sünbül (xeloxa) &lt;alisunbul@proton.me&gt; Author Page: https://github.com/xeloxa Vendor Homepage: https://github.com/PiotrDabkowski/Js2Py Software Link: https://pypi.org/p...... 2026-04-30 00:00:00 WEB alisunbul 出处：expkucom http://www.expku.com/web/56389.html <pre># Exploit Title: Camaleon CMS v2.9.0 - Path Traversal # Date: 2026-02-02 # Exploit Author: Sakshi Velampudi (CyberQuestor) # Vendor Homepage: https://github.com/owen2345/camaleon-cms # Software Link: https://github.com/owen2345/camaleon-cms/rele...... 2026-04-30 00:00:00 WEB velampudisakshi 出处：expkucom http://www.expku.com/web/56388.html <pre># Exploit Title: Cybersecurity AI (CAI) Framework 0.5.10 - Command Injection # CVE: CVE-2026-25130 # Date: 2026-02-03 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Author GitHub: https://gi...... 2026-04-30 00:00:00 WEB banyamer 出处：expkucom http://www.expku.com/web/56387.html <pre># Exploit Title: Erugo &lt;= 0.2.14 - Authenticated Remote Code Execution (RCE) # Date: 2026-02-02 # Exploit Author: Abdul Moiz # Vendor Homepage: https://github.com/ErugoOSS/Erugo # Software Link: https://hub.docker.com/layers/wardy784/erugo/0....... 2026-04-30 00:00:00 WEB abdulmoiz 出处：expkucom http://www.expku.com/web/56386.html <pre># Exploit Title: deephas 1.0.7 - Prototype Pollution # Google Dork: N/A # Date: 2026-02-01 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Vendor Homepage: https://www.npmjs.com/package/deeph...... 2026-04-30 00:00:00 WEB banyamer 出处：expkucom http://www.expku.com/web/56385.html <pre># Exploit Title: SUSE Manager 4.3.15 - Code Execution # Date: 29.01.2026 # Exploit Author: Wiktor Maj # Vendor Homepage: https://www.uyuni-project.org/ # Software Link: https://github.com/uyuni-project/uyuni # Version: Uyuni 2025.05, SUSE Manage...... 2026-04-30 00:00:00 WEB wjmaj98 出处：expkucom http://www.expku.com/web/56384.html <pre># Exploit Title: HAX CMS 24.x - Stored Cross-Site Scripting (XSS) # Date: 2026-01-28 # Google Dork: &quot;N/A&quot; # Author: Mohammed Idrees Banyamer # Author Country: Jordan # Instagram: @banyamer_security # Vendor Homepage: https://www.drupal...... 2026-04-29 00:00:00 WEB banyamer 出处：expkucom http://www.expku.com/web/56383.html <pre># Exploit Title: Craft CMS 5.6.16 - RCE # Google Dork: N/A # Date: 2026-01-24 # Exploit Author: Mohammed Idrees Banyamer # Author Country: Jordan # Vendor Homepage: https://craftcms.com # Software Link: https://github.com/craftcms/cms # Version:...... 2026-04-29 00:00:00 WEB banyamer 出处：expkucom http://www.expku.com/local/56382.html <pre># Exploit Title: GNU InetUtils telnetd - Remote Privilege Escalation # Date: 2026-01-24 # Exploit Author: Ali Guliyev (infat0x) # Author GitHub: https://github.com/infat0x # Vendor Homepage: https://www.gnu.org/software/inetutils/ # Software Lin...... 2026-04-29 00:00:00 LOCAL aliguliyev 出处：expkucom http://www.expku.com/web/56381.html <pre># Exploit Title: phpMyFAQ &lt;= 4.0.16 - Improper Authorization # Google Dork: N/A # Date: 2026-01-23 # Exploit Author: GUIA BRAHIM FOUAD # Vendor Homepage: https://www.phpmyfaq.de/ # Software Link: https://www.phpmyfaq.de/download/ # Version: &...... 2026-04-29 00:00:00 WEB contact 出处：expkucom http://www.expku.com/web/56380.html <pre>Exploit title: GeographicLib v2.5.1 - stack buffer overflow Date of discovery: 20 August 2025 Exploit Author: Me zer0matt (Rosario Matteo Grammatico) &lt;https://github.com/zer0matt&gt; Vendor homepage: https://github.com/geographiclib/ Software...... 2026-04-29 00:00:00 WEB rosario 出处：expkucom http://www.expku.com/local/56379.html <pre># Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution (RCE) # Date: 2026-01-17 # Exploit Author: Ahmet Mersin # Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy # Software Link: https://github.com/stangri/luci-...... 2026-04-29 00:00:00 LOCAL Ahmet Mersin 出处：expkucom http://www.expku.com/web/56378.html <pre># Exploit Title: OpenKM Multiple Critical Zero-Day # Date: 17 Jan 2026 # Exploit Author: Terra System Labs Pvt. Ltd. # Vendor Homepage: https://www.openkm.com/ # Software Link: https://hub.docker.com/r/openkm/openkm-ce # Version: OpenKM Communit...... 2026-04-29 00:00:00 WEB skumar 出处：expkucom http://www.expku.com/web/56377.html <pre># Exploit Title: GUnet OpenEclass E-learning platform &lt; 4.2 - Remote Code Execution (RCE) # Date: 2026-01-08 # Exploit Author: Ashif Iqubal # Vendor Homepage: https://www.openeclass.org/ # Software Link: https://download.openeclass.org/files/...... 2026-04-29 00:00:00 WEB unico007x 出处：expkucom http://www.expku.com/web/56376.html <pre># Exploit Title: JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution # Date: 2026-01-10 # Exploit Author: Sardor Shoakbarov # Author GitHub: https://github.com/TheDeepOpc # Vendor Homepage: https://juzaweb.com/ # Software Link: https://githu...... 2026-04-29 00:00:00 WEB sardordev02 出处：expkucom