CVE-2025-37144

Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits...

PT-2025-41989

Name of the Vulnerable Software and Affected Versions AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems affected versions not specified Description An issue exists that could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploit...

EUVD-2018-11853

Malware in sbrugna...

EUVD-2019-5200

Malware in sbrugna...

EUVD-2020-11778

Malware in sbrugna...

EUVD-2021-11220

Malware in sbrugna...

EUVD-2019-4680

Malware in sbrugna...

(0Day) Ivanti Endpoint Manager GetCountForQuery SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetCountForQuery method. The issue results from the lack o...

EUVD-2022-33142

Malicious code in bioql PyPI...

EUVD-2025-30962

Malicious code in bioql PyPI...

EUVD-2025-31147

Malicious code in bioql PyPI...

CVE-2025-48868

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

PT-2025-36542

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.20 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

CVE-2025-41045

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'datasconfigethicallicensekey' parameter in /apprain/admin/config/ethical...

Exploit for CVE-2024-28397

CodeTwoRCEExploit This script incorporates authentication to a...

Exploit for CVE-2025-49113

CVE-2025-49113 – Roundcube Remote Code Execution RCE PoC Th...

Linux Distros Unpatched Vulnerability : CVE-2007-0667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The redirect function in Form.pm for 1 LedgerSMB before 1.1.5 and 2 SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, relate...

📄 WebsiteBaker 2.13.7 r164 Command Injection

WebsiteBaker version 2.13.7 r164 suffers from an authenticated command injection vulnerability. Exploit Title: WebsiteBaker 2.13.7 r164 Command Injection Authenticated Exploit Author: tmrswrr /Hulya KARABAG Vendor Homepage: https://forum.websitebaker.org/ Software Link:...

📄 TinyWebGallery 2.7 Shell Upload

TinyWebGallery version 2.7 suffers from an authenticated remote shell upload vulnerability. Exploit Title: TinyWebGallery 2.7 - Authenticated Shell Upload Date: 2025-27-06 Exploit Author: tmrswrr Vendor Homepage: https://www.tinywebgallery.com Version: 2.7 Tested on:...

VulnCheck KEV: CVE-2022-41335

A relative path traversal vulnerability CWE-23 in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read...