CVE-2025-56795

creationtimestamp| type| source ---|---|--- 2025-09-26 15:06:37+00:00| seen| https://sploitus.com/exploit?id=3F165406-B8AC-594E-9BF4-290640B7E2D6&utmsource=rss&utmmedium=rss 2025-09-26 15:06:37+00:00| seen|...

CVE-2025-7554

CVE-2025-7554 affects Sapido RB-1802 firmware 1.0.32, specifically the URL Filtering Page component in the file urlfilter.asp. The issue is a cross-site scripting vulnerability caused by improper manipulation of the URL argument, allowing remote exploitation. Publicly disclosed exploit details ex...

Updated rootcerts, nss & firefox packages fix security vulnerabilities

CVE-2025-6424: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. CVE-2025-6425: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private...

CVE-2025-1613

CVE-2025-1613 affects FiberHome AN5506-01A ONU GPON RP2511, specifically the /goform/URL_filterCfg URL_FILTERING Submenu. The vulnerability arises from manipulation of the url_IP parameter, enabling cross-site scripting via that processing path. The issue is exploitable remotely and has been publ...

CVE-2024-35198

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...

Reflect Cross Site Scripting

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. Proof of Concept Go to your web phpmyfaq and visit below URL. Exploit URL:...

Multi-Language Hotel Management 2022 1.0 SQL Injection Vulnerability

Title: Multi-Language-Hotel-Management-2022 1.0 SQLi Author: nu11secur1ty Vendor: https://www.nikhilbhalerao.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/Nikhil%20Bhalerao/2022/Multi-Language-Hotel-Management-2022/Docs/sparkz.zip Reference:...

U.S. Dept Of Defense: SSRF to read AWS metaData at https://█████/ [HtUS]

Hello Team, While researching your program I found that the domain https://████/ is vulnerable to Server Side Request Frogery Attacks via the url parameter. An attacker is able to fetch the aws metadata abusing the SSRF at https://████████/...

Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting

The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/?step=demo&page=owpsetup&a"alert/XSS/...

CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

Engel & Völkers Technology GmbH: Remote Code Execution (RCE) at "juid" parameter in /get_zip.php (printshop.engelvoelkers.com)

Summary Taking advantage of the vulnerability reported in 914194, it has been possible to analyze certain application code and detect remote code execution at https://printshop.engelvoelkers.com/getzip.php?juid=1 due to a lack of sanitization of the inputs received by the web application. This...

WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Spryng payments woocommerce 1.6.7 Spryng payments woocommerce is prone to a reflected...

ThinkPHP Command Execution Vulnerability

Top Thinking Information Technology ThinkPHP is a PHP-based, open source, lightweight Web application development framework from China Top Thinking Information Technology. ThinkPHP3.2.4 previous version used in Open Source BMS v1.1.1 version and other devices in the existence of a command executi...

VMware NSX SD-WAN Edge 3.1.2 - Command Injection

VMware NSX SD-WAN Edge 3.1.2 - Command Injection !/usr/bin/env python Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud Date: 2018-06-29 Exploit Author: paragonsec @ Critical Start Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start...

AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting

AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting RCESEC-2016-009 AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent Persistent Cross-Site Scripting RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product:...

MAARCH 1.4 - SQL Injection / Arbitrary File Upload Vulnerabilities

Exploit for php platform in category web applications / Exploit Title: Maarch 1.4 SQL Injection Google Dork: intext:"Maarch Maerys Archive v2.1 logo" Date: 29/10/2014 Exploit Author: Adrien Thierry Exploit Advisory:...

DFD Cart 1.1 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. DFD Cart 1.1 Multiple Remote File Inclusion Vulnerabilities Vulnerability Type: Remote File Inclusion Vulnerable file: /dfdcart/app.lib/product.control/core.php/product.control.config.php Exploit URL:...

PHP-Nuke 'KuiraniKerim' Module - 'sid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29261/info The 'KuiraniKerim' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow ...

BIGACE 2.4 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. / \ @ /|\ /|\ |-| / | \ /|/\ / | \ @ | |--------------------/--|-voV---|'/--Vov-|-----------------------|-| |-| '^ o o '^ | | | | \Y/' |-| |-| | | | | -=ShAd0w-CrEw=- |-| |-| | | | | |-| ||| | @ l /\ / \ /\ l |-| l / V \ \ V \ l @ l/ \I \ /'...

Wordpress PICA Photo Gallery Plugin 1.0 - Remote File Disclosure

No description provided by source. Description : Wordpress Plugins - PICA Photo Gallery Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/pica-photo-gallery/ Plugins : http://downloads.wordpress.org/plugin/pica-photo-gallery.zip Date : 30-05-2012 Google...