CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

Exploit for CVE-2025-5394

🚨 CVE-2025-5394 - Unauthenticated Arbitrary Plugin Upload in A...

Exploit for Code Injection in Ispconfig

CVE-2023-46818 PoC This is a python implemntation of the PoC p...

Exploit for Deserialization of Untrusted Data in Microsoft

ToolShell → CVE‑2025‑53770 Exploit PoC This package allows: 1...

WordPress plugin Groundhogg 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

Exploit for SQL Injection in Fortinet Fortiweb

🚨 CVE-2025-25257 – FortiWeb SQLi to RCE Critical SQL Injection →...

Exploit for Unrestricted Upload of File with Dangerous Type in Hasthemes Download_Contact_Form_7_Widget_For_Elementor_Page_Builder_\&_Gutenberg_Blocks

🚨 HT Contact Form Widget to execute system commands. ✅ Exam...

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 - FortiWeb Vulnerability Checker & Exploit A P...

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 Exploit Tool Credits Based on watchTowr La...

SharPyShell

SharPyShell SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C web applications that runs on .NET Framework = 2.0VB is not supported atm. Usage python3 SharPyShell.py genera...

WordPress plugin LogisticsHub 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-30131

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...

CVE-2025-23171

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...

CVE-2025-23171

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...

CVE-2025-23171

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...

CVE-2025-23171

CVE-2025-23171 affects Versa Director SD-WAN orchestration platform. The vulnerability arises from improper restriction of file upload permissions, where the UI may not reflect upload capability, yet uploads succeed and the system discloses full filenames of temporary files (including UUID prefix...

CVE-2025-23171

The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filenam...

PT-2025-26193 · Versa · Versa Director Sd-Wan Orchestration Platform

Name of the Vulnerable Software and Affected Versions: Versa Director SD-WAN orchestration platform affected versions not specified Description: The Versa Director SD-WAN orchestration platform has an issue with file upload permissions, allowing authenticated attackers to upload arbitrary files,...

WordPress plugin Store Locator WordPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

Exploit for Improper Protection of Alternate Path in Vbulletin

Description: RCE for Vbullettin versions between 5.0.0 - 5...