This page is a central hub for exploits, featuring both my own work and contributions from other researchers. Here, you’ll find a curated collection of vulnerabilities and proofs of concept.
This page is a central hub for exploits, featuring both my own work and contributions from other researchers. Here, you’ll find a curated collection of vulnerabilities and proofs of concept.
| CVE | Description | Type | Vulnerability release date | Author |
|---|---|---|---|---|
| CVE-2025-39913 | UAF in kernel ≤ 6.12.38 linux (psock-cork) | OS | 2025-10-01 | Byte Reaper |
| CVE-2025-11077 | SQL Injection in Online Learning Management (add_content.php) | Web | 2025-09-29 | Byte Reaper |
| CVE-2025-39866 | use-after-free and race condition in linux kernel 6.12.16 | OS | 2025-09-26 | Byte Reaper |
| CVE-2025-59342 | Path traversal vulnerability in esm.sh (esm-dev) | Web | 2025-09-18 | Byte Reaper |
| CVE-2025-10046 | SQL injection ELEX WooCommerce Google Shopping | web | 2025-08-18 | Byte Reaper |
| CVE-2025-9090 | Command Injection in Tenda AC20 16.03.08.12 (/goform/telnet) | OS | 2025-08-18 | Byte Reaper |
| CVE-2025-8550 | XSS in atjiu pybbs /admin/topic/list via Username parameter | Web | 2025-08-05 | Byte Reaper |
| CVE-2025-8471 | SQl injection in projectworlds Online Admissions System | Web | 2025-08-02 | Byte Reaper |
| CVE-2025-54589 | Reflected XSS in Copyparty ≤1.18.6 | Web | 2025-07-31 | Byte Reaper |
| CVE-2025-8191 | Cross-Site Scripting (XSS) vulnerability in Swagger UI ( <= 1.0.3) | Web | 2025-07-26 | Byte Reaper |
| CVE-2025-32429 | sql injection in XWiki (getdeleteddocuments.vm) | Web | 2025-07-24 | Byte Reaper |
| CVE-2025-6082 | Full Path Disclosure in the “Birth Chart Compatibility” WordPress plugin | Web | 2025-07-22 | Byte Reaper |
| CVE-2025-7840 | XSS in Campcodes Online Movie Theater Seat Reservation System 1.0 (Firstname=) | Web | 2025-07-19 | Byte Reaper |
| CVE-2025-7753 | SQL Injection in Online Appointment Booking System 1.0 via the username parameter. | Web | 2025-07-17 | Byte Reaper |
| CVE-2025-6907 | SQL injection in Code-Projects Car Rental System 1.0 (/book_car.php) | Web | 2025-06-30 | Byte Reaper |
| CVE-2024-4577 | PHP-CGI Argument Injection vulnerability on Windows (Unicode PHP-CGI) | Web | 2024-06-06 | Byte Reaper |
| CVE-2025-41373 | SQL Injection in Gandia Integra Total | Web | 2019-08-15 | Byte Reaper |
| CVE-2019-15107 | Remote code execution in Webmin | Web | 2019-08-15 | Byte Reaper |
| CVE-2019-9042 | RCE in Sitemagic CMS v4.4 (404.php) | Web | 2019-04-21 | Byte Reaper |
| CVE-2019-18219 | Cross-Site-Scripting (XSS) in Sitemagic CMS 4.4.1 (index.php, upgrade.php) | Web | 2019-04-21 | Byte Reaper |
| CVE-2004-1659 | XSS in CuteNews 1.3.6 (index.php) | Web | 2004-09-20 | Byte Reaper |
| CVE-2003-1240 | Remote file inclusion in CuteNews 0.88 ((1) shownews.php, (2) search.php, or (3) comments.php) | Web | 2003-08-15 | Byte Reaper |
| CVE-2004-0660 | CuteNews 1.3.1 (XSS) (1) show_archives.php, (2) show_news.php) | Web | 2003-08-15 | Byte Reaper |
| CVE-2008-4557 | CuteNews 1.1.1 (RCE) (plugins/wacko/highlight/html.php) | Web | 2003-08-15 | Byte Reaper |
| CVE-2025-8730 | Authentication bypass vulnerability in the web interface of Belkin F9K1009 routers | Network | 2025-08-08 | Byte Reaper |
| CVE-2025-7769 | inject a command via the DEVICE_PING endpoint in Tigo Energy Cloud Connect Advanced (CCA) | Network | 2025-06-08 | Byte Reaper |
| CVE-2025-7795 | Buffer overflow vulnerability in Tenda routers | Network | 2025-07-18 | Byte Reaper |
| CVE-2025-47917 | Use-After-Free in mbedTLS leading to remote code execution (RCE) | Network | 2025-07-20 | Byte Reaper |
| CVE-2025-7766 | XXE in Lantronix Provisioning Manager allows remote command execution without authentication | Network | 2025-07-22 | Byte Reaper |
| CVE-2025-54769 | Authenticated directory traversal in LPAR2RRD (RCE) | Network | 2025-07-29 | Byte Reaper |
| CVE-2022-0847 | Dirty Pipe in Linux kernel ≤5.16.11 (privilege escalation.) | OS | 2022-03-29 | Byte Reaper |
Welcome to the Byte Reaper Exploit Submission page. Here, you can submit your working exploits to be published in the Exploits Section of Byte Reaper.
To ensure high quality and safety, all submissions are carefully reviewed and tested before publishing.
Your email should include all required information in a clear and organized format. Incomplete submissions may be rejected.
- Provide a short and descriptive name for your exploit.
- Explain clearly what the exploit does, how it works, and its impact. Specify which part of the software it targets and any important technical details.
- Include the CVE identifier if the related vulnerability has one; otherwise, leave blank.
- Specify the software name and the exact version affected by the exploit.
- The name you want displayed publicly on the platform as the contributor.
- Submit the exploit code or proof-of-concept files directly as attachments. Do not send links.
- All submissions are manually analyzed and tested by the Byte Reaper team to ensure safety and quality.
This process can take time depending on the complexity of the exploit.
Please expect a response within 3–5 business days.
Exploits that do not meet the guidelines, contain unsafe code, or are incomplete may be rejected.
Accepted exploits will be published in the Exploits Section with proper attribution to the author.
[Exploit Submission] Remote Code Execution in App 2.1.0
Hello Byte Reaper Team, I would like to submit an exploit for publication in the Byte Reaper Exploits Section.
Remote Code Execution in App 2.1.0
This exploit triggers a Remote Code Execution in App version 2.1.0, allowing remote code execution with user-level privileges. It targets the file upload API endpoint. Manual testing and code review are required before publishing.
CVE-2025-12345
App 2.1.0
[Author]
Attached is the exploit code file (.py,.txt,.c,.cpp...).