exploit-arsenal CVE-2026-0920 CVE-2026-0926 CVE-2026-1470

## https://sploitus.com/exploit?id=0D199316-3A4E-538E-8E6B-0CDCCF55C354
CVE Proof-of-Concept Collection


  Clean, dependency-free Python 3 proof-of-concept exploits for recent CVEs —
  each with a concise write-up and a screenshot of a real run.



  
  
  
  


---

Every PoC is a **single self-contained script** that takes the target details as **user input** —
command-line flags with an interactive prompt fallback — so you can point it at your own test target
in seconds. No frameworks, no `pip install`, just the Python 3 standard library.

## 🔎 Index

| CVE | Product | Vulnerability | CVSS | Auth |
|-----|---------|---------------|:----:|:----:|
| [CVE-2026-0920](CVE-2026-0920/) | LA-Studio Element Kit (WordPress) | Admin-creation backdoor · CWE-269 | 9.8 | None |
| [CVE-2026-0926](CVE-2026-0926/) | Prodigy Commerce (WordPress) | Local File Inclusion · CWE-98 | 9.8 | None |
| [CVE-2026-1470](CVE-2026-1470/) | n8n | Sandbox-escape RCE · CWE-94 | 9.9 | Authenticated |

> _More CVEs are added regularly._

## 🚀 Quick start

```bash
git clone https://github.com/GODofExploit/exploit-arsenal.git
cd exploit-arsenal/CVE-2026-0926
python3 CVE-2026-0926.py --url http://your-test-target
```

Authenticated PoCs additionally take `--username` / `--password`. Run any script with `-h` for its
options, or with no flags to be prompted for each value.

## 📁 Layout

```
CVE-XXXX-YYYY/
├── CVE-XXXX-YYYY.py     # standalone PoC (stdlib only)
├── README.md            # description, usage, mitigation, references
└── poc_screenshot.png   # screenshot of a successful run
```

## ⚠️ Responsible use

These proofs of concept are provided strictly for **authorized security testing, research, and
education**. Use them only against systems you own or have **explicit written permission** to test.
Each write-up includes vendor-recommended **mitigations** — patch first. The authors accept no
liability for misuse.

## 📄 License

Released under the [MIT License](LICENSE).