https://poc-in-github.motikan2010.net/ PoC auto collect from GitHub. Be careful Malware. Sat, 07 Mar 2026 17:45:30 +0900 https://github.com/Rohitberiwala/CVE-2025-60787-MotionEye-RCE MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
[GitHub]Professional PoC for CVE-2025-60787: Remote Code Execution in MotionEye (<= 0.43.1b4). This exploit demonstrates an OS Command Injection vulnerability through client-side validation bypass, allowing attackers to execute arbitrary commands via configuration files. Sat, 07 Mar 2026 17:45:30 +0900 CVE-2025-60787 https://github.com/dreamboyim66-boop/CVE-2026-1492-POC The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.
[GitHub]User Registration & Membership <= 5.1.2 - Unauthenticated Privilege Escalation via Membership Registration Sat, 07 Mar 2026 21:01:53 +0900 CVE-2026-1492 https://github.com/svchost9913/CVE-2022-46169_unauth_remote_code_execution Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determin
[GitHub]Unauthenticated Remote Code Execution through authentication bypass and command injection in Cacti < 1.2.23 and < 1.3.0 Tue, 11 Apr 2023 17:21:53 +0900 CVE-2022-46169 https://github.com/hazeyez/CVE-2023-0297 Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
[GitHub]RCE Unauth in PyLoad <0.5.0b3.dev31 Mon, 22 May 2023 08:42:46 +0900 CVE-2023-0297 https://github.com/abramas/CVE-2022-0543 It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
[GitHub]Redis RCE through Lua Sandbox Escape vulnerability Tue, 06 Sep 2022 01:25:49 +0900 CVE-2022-0543 https://github.com/lusterx/CVE-2021-3130 Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.
[GitHub]Unauthenticated RCE in Laravel Debug Mode <8.4.2 Tue, 15 Nov 2022 15:14:59 +0900 CVE-2021-3130 https://github.com/gmh5225/CVE-2022-24716 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
[GitHub]Arbitrary File Disclosure Vulnerability in Icinga Web 2 <2.8.6, <2.9.6, <2.10 Mon, 20 Mar 2023 16:01:53 +0900 CVE-2022-24716 https://github.com/nimphtix/CVE-2022-24715 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.
[GitHub] Authenticated Remote Code Execution in Icinga Web 2 <2.8.6, <2.9.6, <2.10 Sat, 25 Mar 2023 20:42:56 +0900 CVE-2022-24715 https://github.com/726232111/CVE-2022-24638 [GitHub]Unauthenticated RCE in Open Web Analytics (OWA) <1.7.4 Thu, 25 May 2023 16:53:53 +0900 CVE-2022-24638 https://github.com/sty886/CVE-2020-1350-SigRed A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
[GitHub]CVE-2020-1350的PoC Sat, 07 Mar 2026 20:10:17 +0900 CVE-2020-1350