CVE-2023-53909

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

Exploit for CVE-2025-14700

CVE-2025-14700 POC Automatic exploit for Authentic...

CVE-2025-14081

Technical details for CVE-2025-14081 are not publicly disclosed in the provided documents. Monitor for updates from vendors and security advisories.

PT-2025-51967

Name of the Vulnerable Software and Affected Versions phpMyFAQ version 3.1.12 Description The software contains a CSV injection flaw that permits authenticated users to inject malicious formulas into their profile names. An attacker can modify their user profile name with a payload such as...

Exploit for Improper Neutralization of Line Delimiters in Cacti

Cacti CVE-2025-24367 Authenticated RCE PoC This repository co...

Exploit for CVE-2025-1337

CVE-2025-13377 – 10Web Booster ≤ 2.32.7 – Authenticated Arbitr...

cscart-rce-lfi-exploit

cscart-rce-lfi-exploit CS-Cart Authe...

CVE-2025-12417

CVE-2025-12417 affects the SurveyFunnel – Survey Plugin for WordPress (SurveyFunnel Lite) up to version 1.1.5. It is an authenticated (Contributor+) Stored Cross-Site Scripting vulnerability via the shortcode surveyfunnel_lite_survey; no public patch details are provided in the connected document...

📄 GuppY CMS 6.00.10 Shell Upload

Proof of concept exploit demonstrating a remote shell upload vulnerability in GuppY CMS version 6.00.10. ============================================================================================================================================= | Title : GuppY CMS 6.00.10 php Code Execution...

CVE-2025-13771

WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

CVE-2025-34335 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via ActivateLicense.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodesfiles/ActivateLicense.php. When a license file is uploaded, the application derives a new...

CVE-2025-64084

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vuccdetailsajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL...

CVE-2025-37144

Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

PT-2025-41989

Name of the Vulnerable Software and Affected Versions AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems affected versions not specified Description An issue exists that could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploit...

EUVD-2018-11853

Malware in sbrugna...

EUVD-2019-5200

Malware in sbrugna...

EUVD-2020-11778

Malware in sbrugna...

EUVD-2019-4680

Malware in sbrugna...

EUVD-2021-11220

Malware in sbrugna...

(0Day) Ivanti Endpoint Manager GetCountForQuery SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetCountForQuery method. The issue results from the lack o...