EUVD-2026-28836

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

SQLi

SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...

CVE-2025-70365

A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...

GHSA-FVCW-9W9R-PXC7 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...

Exploit for CVE-2025-8489

100-days-challenge-day-21--WP scan WP Scan helped identify co...

CVE-2022-21705

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...

CVE-2024-4308

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints...

Cross site scripting

Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting XSS vulnerability was found in the keyvalue field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the...

CVE-2023-29010

CVE-2023-29010 affects Budibase: versions prior to 2.4.3 are vulnerable to Server-Side Request Forgery (SSRF) that can lead to exposure of an AWS secret key. The advisory notes that Budibase cloud users need to take no action, while self-hosted deployments on public internet with metadata-accessi...

Conti Ransomware Decryptor, TrickBot Source Code Leaked

The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The latest dump includes source code for Conti ransomware, TrickBot malware, a decryptor and the gang’s...

Authenticated remote code execution in October CMS

Impact An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode / cms.enableSafeMode in order to execute arbitrary code. - This issue only affects admin panels that rely on safe mode and restricted permissions. - T...

Fast-Security-Scanners - Security Checks For Your Researches

A small contribution to community : We use all these tools in security assessments and in our vulnerability monitoring service Check your domain for DNS NStakeover Repo docker run --dns=8.8.8.8 -e VULNID=dnsnstakeover -e DOMAIN=site.com whitespots/dnsnstakeover CachePoisoning Repo docker run --rm...

Brutality - A Fuzzer For Any GET Entries

A fuzzer for any GET entries. Features Multi-threading on demand Fuzzing, bruteforcing GET params Find admin panels Colored output Hide results by return code, word numbers Proxy support Big wordlist Colored Usages Install git clone https://github.com/ManhNho/brutality.git chmod 755 -R brutality/...

CVE-2019-11592

WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php...

Okadminfinder3 - Admin Panel Finder / Admin Login Page Finder

OKadminFinder is an Apache2 Licensed utility, rewritten in Python 3.x , for admins/pentesters who want to find admin panel of a website. There are many other tools but not as effective and secure. Yeah, Okadminfinder has the the ability to use tor and hide your identity. Requirements Linux sudo a...

webyapar-sql.txt

/$$$$$$$$$$$////$$$$$$$$$$$///////////////$$$$$$$$$$$$$$$//$$$$$$$$$$$$$$$/ ////////$$$$$$$$//////////$$$$$$$$/////////////////$$$$$//$$$$/////////////$$$$//////////// ////////$$$$$$$////////////$$$$$$$///////////////////////////$$$$$//$$$$/////////////$$$$////////////...

CVE-2007-1145

Multiple cross-site scripting XSS vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a 1 lostpassword or 2 register action in index.php, 3 unspecified vectors in the Submit form in ...