Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

cd ./co...

CVE-2018-1000841

Zend.To version Prior to 5.15-1 contains a Cross Site Scripting XSS vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability...

EUVD-2018-0117

Malware in sbrugna...

EUVD-2008-5497

Malware in sbrugna...

EUVD-2018-11087

Malware in sbrugna...

NodeJS 24.x - Path Traversal

Exploit Title : NodeJS 24.x - Path Traversal Exploit Author : Abdualhadi khalifa CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploitpathtraversalprecisetargeturl: str, targetfile: str, method: str - dict: traversesequence = "..\" 6...

Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)

Exploit Title: Ingress-NGINX 4.11.0 - Remote Code Execution RCE Google Dork: N/A Date: 2025-06-19 Exploit Author: Likhith Appalaneni Vendor Homepage: https://kubernetes.github.io/ingress-nginx/ Software Link: https://github.com/kubernetes/ingress-nginx Version: ingress-nginx v4.11.0 on Kubernetes...

Tenda AC18 /goform/setPptpUserList Buffer Overflow Vulnerability

The Tenda AC18 is a router from the Chinese company Tenda. The Tenda AC18 suffers from a buffer overflow vulnerability that originates from a misuse of the parameter list in the file /goform/setPptpUserList, which can be exploited by an attacker to submit a special request and execute arbitrary...

CVE-2024-45400

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix...

CVE-2025-20155

Cisco IOS XE Software vulnerability CVE-2025-20155: insecure bootstrap file validation can let an authenticated, local attacker write arbitrary files to the device when SD-WAN/SD-Routing bootstrap is used. Root cause is insufficient input validation of the bootstrap file read during initial deplo...

Exploit for Path Traversal in Zoneminder

CVE-2022-29806 ZoneMinder up to 1.36.12 Language privilege esc...

📄 AlegroCart 1.2.9 Cross Site Scripting

AlegroCart version 1.2.9 suffers from persistent and reflective cross site scripting vulnerabilities. Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ XSS via SVG Imag...

📄 tar-fs 3.0.0 Arbitrary File Write

tar-fs version 3.0.0 suffers from an arbitrary file write vulnerability. Exploit Title: tar-fs 3.0.0 - Arbitrary File Write/Overwrite Date: 17th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mafintosh/tar-fs Version: tar-fs 3.0.0 Tested on: Ubuntu CVE:...

TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting XSS Authenticated Date: 10th, March, 2025 Exploit Author: ABABANK REDTEAM Vendor Homepage: https://compassplustechnologies.com/ Version: 3.2.41.10.26 Tested on: Window Server 2016 1. Login to web application 2. Click on Entire...

Linux Distros Unpatched Vulnerability : CVE-2018-1000078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...

CVE-2023-37569

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker ...

CVE-2024-28074

It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability...

Compop Online Mall 3.5.3 Authentication Bypass Vulnerability

Exploit Title: Compop Online Mall Authentication Bypass Google Dork: Terms of Use inurl:compop.vip Exploit Author: dmlino Vendor Homepage: https://www.compop.ca/ Version: 3.5.3 CVE : CVE-2024-48445 Vulnerability Overview: The system uses a Unix timestamp "ts" parameter in URLs for authentication,...

CVE-2025-22146 Improper authentication on SAML SSO process allows user impersonation in sentry

Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a...

Adobe Animate 数字错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Animate that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...