Hey Hunter's,
DarkShadow is here back again!
OpenCode RCE POC (CVE-2026-22182)
in this CVE the interesting part is, you can execute arbitrary command on the Ai agent but not using any traditional prompting just pure command injection in json💀
So guy's if you really enjoy to read POCs then show your love in react ❤️
#bugbountytips #rce #cve
DarkShadow is here back again!
OpenCode RCE POC (CVE-2026-22182)
in this CVE the interesting part is, you can execute arbitrary command on the Ai agent but not using any traditional prompting just pure command injection in json💀
So guy's if you really enjoy to read POCs then show your love in react ❤️
#bugbountytips #rce #cve
❤11🔥8
This media is not supported in your browser
VIEW IN TELEGRAM
Hey Hunter’s,
DarkShadow is here back again!
Laravel-livewire RCE (CVE-2025-54068) - Video POC
Here is the Exploit Github repo: https://github.com/synacktiv/Livepyre
~credit synacktiv
#bugbountytips #rce
DarkShadow is here back again!
Laravel-livewire RCE (CVE-2025-54068) - Video POC
Here is the Exploit Github repo: https://github.com/synacktiv/Livepyre
~credit synacktiv
#bugbountytips #rce
🔥15❤2
🚨 CVE-2026-24770: RAGFlow RCE (Zip Slip) Weaponized PoC
Critical unauthenticated RCE in RAGFlow’s MinerUParser—attackers can execute arbitrary commands. 3,000+ instances are currently exposed.
🔍 Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-24770"
Dork: app="RAGFlow" 👉 ZoomEye Search Link https://www.zoomeye.ai/searchResult?q=dnVsLmN2ZT0iQ1ZFLTIwMjYtMjQ3NzAi&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260209
Critical unauthenticated RCE in RAGFlow’s MinerUParser—attackers can execute arbitrary commands. 3,000+ instances are currently exposed.
🔍 Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-24770"
Dork: app="RAGFlow" 👉 ZoomEye Search Link https://www.zoomeye.ai/searchResult?q=dnVsLmN2ZT0iQ1ZFLTIwMjYtMjQ3NzAi&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260209
❤4👍1
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1
Brut Security pinned «👀 Please don’t forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the ⭐️ to show your support. Thanks!»
This media is not supported in your browser
VIEW IN TELEGRAM
🛡️ CVE | Cyber Vulnerabilities Exchange
A professional channel focused on verified CVEs, critical vulnerabilities, exploit research, and technical security analysis.
What you’ll get:
• Newly disclosed vulnerabilities
• Exploit research and PoCs
• Technical breakdowns and mitigation insights
• Offensive and defensive security discussions
• Practical input for pentesters and security professionals
Clear, technical, and research-driven. No noise, no exaggeration.
⚠️ Shared for educational and security awareness purposes only.
Channel: https://t.me/cve0day
A professional channel focused on verified CVEs, critical vulnerabilities, exploit research, and technical security analysis.
What you’ll get:
• Newly disclosed vulnerabilities
• Exploit research and PoCs
• Technical breakdowns and mitigation insights
• Offensive and defensive security discussions
• Practical input for pentesters and security professionals
Clear, technical, and research-driven. No noise, no exaggeration.
⚠️ Shared for educational and security awareness purposes only.
Channel: https://t.me/cve0day
❤10
Please open Telegram to view this post
VIEW IN TELEGRAM
❤13
Brut Security pinned «👉 👉 👉 👉 Please don’t forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the ⭐️ to show your support. Thanks!😋 😋 😋 »
Hey Hunter's,
DarkShadow is here back again!
💀Blind Remote Code Execution in Cookies☠
NOTE:
–in some servers use sh as default not bash, so in your payload sh payloads are perfect.
–don't forget to check the cookies while you tested any webapp, because in some cases Cookies are intersect with bash process.
–Last but seriously important, Always use burp collab for blind testing...
So guy's if you really Enjoy to read my such methods then show your love ♥️
#bugbountytips #rce #darkshadow
DarkShadow is here back again!
💀Blind Remote Code Execution in Cookies☠
NOTE:
–in some servers use sh as default not bash, so in your payload sh payloads are perfect.
–don't forget to check the cookies while you tested any webapp, because in some cases Cookies are intersect with bash process.
–Last but seriously important, Always use burp collab for blind testing...
So guy's if you really Enjoy to read my such methods then show your love ♥️
#bugbountytips #rce #darkshadow
❤8🔥3👍1
🚨 CVE-2026-25253: OpenClaw Logical Flaw
Critical Token Leakage via Unsanitized WebSocket Redirect!
An attacker crafts a malicious URL containing a controlled gatewayUrl query parameter and embedded token, causing OpenClaw to silently establish a WebSocket connection to the attacker-controlled endpoint and exfiltrate the sensitive token without user interaction or consent.
Full Vulnerability Details & Analysis at DarkEye:
🔗 https://darkeye.org/vuln/cve/CVE-2026-25253
🔍 Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-25253"
Search Dork: app="OpenClaw"
Exposure: 33k+ instances identified globally.
ZoomEye Search Link:
👉 https://www.zoomeye.ai/searchResult?q=YXBwPSJPcGVuQ2xhdyI=&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260213
Critical Token Leakage via Unsanitized WebSocket Redirect!
An attacker crafts a malicious URL containing a controlled gatewayUrl query parameter and embedded token, causing OpenClaw to silently establish a WebSocket connection to the attacker-controlled endpoint and exfiltrate the sensitive token without user interaction or consent.
Full Vulnerability Details & Analysis at DarkEye:
🔗 https://darkeye.org/vuln/cve/CVE-2026-25253
🔍 Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-25253"
Search Dork: app="OpenClaw"
Exposure: 33k+ instances identified globally.
ZoomEye Search Link:
👉 https://www.zoomeye.ai/searchResult?q=YXBwPSJPcGVuQ2xhdyI=&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260213
❤2🔥2
Hey Hunter’s,
DarkShadow is here back again, dropping a another RCE methd!
Remote Code Execution - js framework
process.mainModule.require('child_process').execSync('id').toString()
THIS IS A VERY EFFECTIVE PAYLOAD FOR RCE IN JS FRAMEWORK, so when you test any js based webapp don't forget to apply it
#bugbountytips #rce
DarkShadow is here back again, dropping a another RCE methd!
Remote Code Execution - js framework
process.mainModule.require('child_process').execSync('id').toString()
THIS IS A VERY EFFECTIVE PAYLOAD FOR RCE IN JS FRAMEWORK, so when you test any js based webapp don't forget to apply it
#bugbountytips #rce
🔥4
🖤 Hackers’ Valentine’s Day be like… 💻
Love is temporary,
But bug bounty is permanent.
🔥 !SO STAY HACKED! 🔥
Love is temporary,
But bug bounty is permanent.
🔥 !SO STAY HACKED! 🔥
❤8