Bluetooth-app

Bluetooth Security Testing App A Kivy-based Android applicati...

xss_hunter.py

EnterXSS Fuzzer – Automated Cross-Site Scripting Detection...

sigma-audit

Sigma Stack Audit Full-spectrum security audit combining five...

SQLi

Blind SQLi - Status Code & Time Based Herramienta de Blind SQ...

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

Flowise Dual CVE PoC — CVE-2025-58434 + CVE-2025-59528 !CVE-...

blind-sqli-lab

🔬 Blind SQL Injection Lab — Time-Based PostgreSQL + FastAPI...

📄 ChurchCRM 6.4.0 Cross Site Scripting

ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment. CVE-2025-67876: ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking Overview | Field | Details | |---|---| | CVE ID | CVE-2025-67876 | | Severity ...

📄 Authentic 8 Insecure Direct Object Reference / Broken Access Control

Authentic 8 has an broken access control that can be leveraged via insecure direct object reference that can lead to PII information disclosure. ================================================================================================================================== | Title : Authentic 8...

📄 Pachno 1.0.6 Cross Site Request Forgery

Pachno version 1.0.6 suffers from a cross site request forgery vulnerability. Pachno 1.0.6 Cross-Site Request Forgery Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly known as...

📄 ChurchCRM SQL Injection

ChurchCRM versions prior to 6.5.3 suffer from a remote SQL injection vulnerability in ConfirmReportEmail.php. CVE-2025-68400: ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php Overview | Field | Details | |---|---| | CVE ID | CVE-2025-68400 | | Severity | CRITICAL |...

📄 Dolibarr 22.0.4 Command Injection

Dolibarr versions 22.0.4 and below suffer from a remote code injection vulnerability via via MAINODTASPDF. CVE-2026-23500: OS Command Injection RCE via MAINODTASPDF configuration in Dolibarr Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23500 | | Severity | CRITICAL | | Advisory |...

📄 EGroupware SQL Injection

EGroupware versions prior to 23.1.20260113 and greater than or equal to 26.0.20251208 but less than 26.0.20260113 are affected by a remote SQL injection vulnerability in the Nextmatch filter processing. CVE-2026-22243: EGroupware has SQL Injection in Nextmatch Filter Processing Overview | Field |...

📄 Pachno 1.0.6 FileCache Deserialization Remote Code Execution

Pachno version 1.0.6 uses the unserialize function on the contents of cache files stored under PACHNOPATH/cache/ during the framework bootstrap sequence, before any authentication, routing, or controller logic is executed. Cache files are created with world-writable permissions chmod 0666 and use...

📄 Redaxo 5.20.1 Path Traversal

Redaxo versions 5.20.1 and below suffer from a path traversal vulnerability. CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read Overview | Field | Details | |---|---| | CVE ID | CVE-2026-21857 | | Severity | HIGH | | Advisory | View Advisory | | Discovered by...

📄 Pachno 1.0.6 Shell Upload

Pachno version 1.0.6 suffers from a remote shell upload vulnerability. The multipart file parameter to the /uploadfile endpoint allows authenticated users to upload files directly to the server. File upload must be enabled by an admin, who can also configure the storage path, within a...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario Print Template. CVE-2025-69216: OpenSTAManager has a SQL Injection in Scadenzario Print Template Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69216 | | Severity | HIGH | |...

📄 ChurchCRM Cross Site Scripting

ChurchCRM versions 6.5.2 and below suffer from a persistent cross site scripting vulnerability in the person property assignment functionality. Note that the advisory says versions 6.3.0 and below are affected but the CVE entry states versions prior to 6.5.3. CVE-2025-67875: ChurchCRM has stored...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario bulk operations module. CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module Overview | Field | Details | |---|---| | CVE ID |...

📄 TypiCMS Cross Site Scripting

TypiCMS versions prior to 16.1.7 suffer from a persistent cross site scripting via SVG file uploads. CVE-2026-27621: TypiCMS Core has Stored Cross-Site Scripting XSS via SVG File Upload Overview | Field | Details | |---|---| | CVE ID | CVE-2026-27621 | | Severity | MEDIUM | | Advisory | View...

📄 Omega-PSIR Cross Site Scripting

Omega-PSIR suffers from a cross site scripting vulnerability via the lang parameter. CVE-2026-1434: Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a... Overview | Field | Details | |---|---| | CVE ID | CVE-2026-1434 | | Severity | MEDIUM | | Advisory | N/A...