Public Exploits
Wow! @SinSinology of Summoning Team @SummoningTeam used a total of 9(!) different bugs to go from the QNAP QHora-322 through to the TrueNAS Mini X. His effort earns him $100,000 and 10 Master of Pwn points. #Pwn2Own
— Trend Zero Day Initiative (@thezdi) October 22, 2024
#P2OIreland pic.twitter.com/DfaVBJmY8O
-
PoC for SonicWall SMA 100 PreAuth RCE Chain (CVE-2023-44221, CVE-2024-38475)
-
PoC SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778)
-
Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282)
-
Cleo Unrestricted file upload and download PoC (CVE-2024-50623)
-
Fortinet FortiManager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575
-
Citrix Virtual Apps and Desktops (XEN) Unauthenticated Remote Code execution
-
Exploit for Veeam backup and Replication Pre-Auth Deserialization CVE-2024-40711
-
Progress WhatsUp Gold GetFileWithoutZip Unauthenticated Remote Code Execution (CVE-2024-4885)
-
Progress WhatsUp Gold WriteDataFile Unauthenticated Remote Code Execution (CVE-2024-4883)
-
Progress WhatsUp Gold SetAdminPassword Privilege Escalation (CVE-2024-5009)
-
Exploit for Progress MOVEit Transfer CVE-2024-5806 Authentication Bypass (CVE-2024-5806)
-
Veeam Backup Enterprise Manager Authentication Bypass (CVE-2024-29849)
-
PoC for the Veeam Recovery Orchestrator Authentication CVE-2024-29855
-
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
-
Pre-Authenticated RCE In VMware VRealize Network Insight (CVE-2023-20887)
-
VMWare Aria Operations for Networks (vRealize Network Insight) Static SSH key RCE (CVE-2023-34039)
-
Veeam Backup & Replication Remote Code Execution Vulnerability (CVE-2022-26504)
-
Veeam Backup & Replication Remote Code Execution Vulnerability (CVE-2022-26500 | CVE-2022-26501)
-
[Metasploit] VMware Cloud Foundation (NSX-V) Remote Code Execution Vulnerability (CVE-2021-39144)