274089 matches found
Exploit for OS Command Injection in Vsftpd_Project Vsftpd
vsftpd 2.3.4 Backdoor Exploit A small, dependency-free Python...
Kernel-Dojo-Labs
Kernel-Dojo Lab An interactive practice environment for the...
Exploit for CVE-2026-5076
No d...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2...
Exploit for Use After Free in Arm Avalon_Gpu_Kernel_Driver
CVE-2022-46395 QEMU r36p0 Lab This repository contains a QEMU...
📄 Lyrion Music Server 9.2.0 server.log Reflected Cross Site Scripting
Lyrion Music Server version 9.2.0 suffers from an unauthenticated reflected cross site scripting vulnerability through server.log endpoint abusing the search GET parameter. Input is not properly sanitized before being returned to the user, allowing the execution of arbitrary HTML/JS code in a use...
📄 Lyrion Music Server 9.2.0 search Cross Site Scripting
Lyrion Music Server version 9.2.0 has advanced search parameters that are stuffed back into the page so the form keeps its values. Several free-text fields do not apply filtering, resulting in reflected cross site scripting. Lyrion Music Server 9.2.0 search. Multiple Script Insertions Vendor: LMS...
📄 WordPress Contest Gallery 28.1.4 SQL Injection
WordPress Contest Gallery plugin versions 28.1.4 and below suffer from a remote SQL injection vulnerability. Exploit Title: WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection Tested on: Docker - PHP 8.2/Apache + MariaDB WordPress Environment CVE: 2026-3180 """ Description A...
📄 Lyrion Music Server 9.2.0 metadata Persistent Cross Site Scripting
Lyrion Music Server version 9.2.0 stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding, resulting in persistent cross site scripting. An attacker who gets a file with a malicious tag into...
📄 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting
The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provided value that gets logged a crafted URL, User-Agent, stream title, player name becomes persistent cross site scripting. Lyrion Music Server 9.2.0...
📄 Lyrion Music Server 9.2.0 Path Traversal / File Read
Lyrion Music Server version 9.2.0 suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server. Lyrion Music Server 9.2.0 Path Traversal File Read Vendor: LMS Community Product web page:...
📄 Lyrion Music Server 9.2.0 Arbitrary Directory Listing
Lyrion Music Server version 9.2.0 exposes a readdirectory query through both its CLI service TCP port 9090 and its HTTP JSON-RPC endpoint /jsonrpc.js that takes a folder parameter and lists its contents with no restriction to the configured media directories and no authentication in the default...
📄 Craft CMS 5.9.5 Missing Authorization / Denial of Service
Craft CMS versions 5.9.5 and below suffer from a missing authorization vulnerability that can trigger an unwanted migration. CVE-2026-31266 - Craft CMS Missing Authorization CVE Information | Field | Value | |-------|-------| | CVE ID | CVE-2026-31266 | | Vendor | Pixel & Tonic | | Product | Craf...
WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
Exploit Title: WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection Google Dork: N/A Date: 2026-06-02 Exploit Author: cardosource Vendor Homepage: https://contest-gallery.com/ Software Link: https://wordpress.org/plugins/contest-gallery/ Version: getrow without proper...
Lyrion Music Server 9.2.0 (server.log) Unauthenticated Reflected XSS
Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...
Lyrion Music Server 9.2.0 Arbitrary Directory Listing
Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...
Lyrion Music Server 9.2.0 (server.log) Unauthenticated Stored XSS
Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...
Lyrion Music Server 9.2.0 (metadata) Stored XSS
Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...
Lyrion Music Server 9.2.0 Path Traversal File Read
Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...
Lyrion Music Server 9.2.0 (search.*) Multiple Script Insertions
Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...