📄 Pragyan CMS 3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research...

📄 Moodle 4.x PHP Code Injection

This proof of concept demonstrates a code injection vulnerability in Moodle versions 4.x. ============================================================================================================================================= | Title : Moodle 4.x PHP Code Injection Vulnerability | | Author ...

📄 WordPress Hustle 7.8.4 Credential Disclosure Scanner

WordPress Hustle plugin credential disclosure security scanner that detects the installed plugin version, verifies whether it falls within known vulnerable releases 7.8.0–7.8.3, and scans for sensitive files containing hardcoded HubSpot credentials. The tool also fetches the latest official plugi...

📄 Mailpit 1.28.1 Cross Site WebSocket Hijacking

A cross site websocket hijacking vulnerability exists in Mailpit versions 1.28.1 and below. The vulnerability allows remote attackers to intercept sensitive data such as email contents, headers, and server statistics in real-time. Mailpit - Cross-Site WebSocket Hijacking CSWSH Advisory ID:...

📄 FreePBX Endpoint Authentication Bypass / SQL Injection

This proof of concept exploit demonstrates a chained attack scenario in FreePBX that combines an authentication bypass with a SQL injection vulnerability in the custom endpoint extension component. When specific configuration conditions are met, an attacker may interact with administrative...

📄 Geeklog 2.2.1 Blind SQL Injection

A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php. This issue is older research added to the archive. Geeklog 2.2.1 - Blind SQL Injection Advisory ID: RO-20-002...

📄 Mailpit SMTP CRLF Injection

A CRLF injection vulnerability exists in Mailpit's SMTP server versions prior to 1.28.3. The vulnerability allows attackers to inject arbitrary SMTP headers by including carriage return characters in email addresses due to insufficient regex validation. Mailpit - SMTP CRLF Injection via Regex...

Ivanti EPMM remote code execution

Added: 02/02/2026 CVE: CVE-2026-1281 Background Ivanti Endpoint Manager Mobile, formerly MobileIron Core, is a security and Unified Endpoint Management UEM tool. Problem A command injection vulnerability in Ivanti EPMM could allow an unauthenticated attacker to execute arbitrary commands by sendi...

📄 BulletProof Security 0.53.3 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3. This issue is older research added to the archive. BulletProof Security 0.53.3 - Multiple Cross-site Scripting Advisory ID: RO-16-007 Severity: Medium Vendor: AITpro Product: BulletProof...

📄 GIMP PNM Integer Overflow

This is a proof of concept exploit that generates a malicious .pnm file for an integer overflow vulnerability in GIMP PNM. ============================================================================================================================================= | Title : GIMP PNM Integer...

📄 Cockpit CMS 0.13.0 Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Multiple Reflected XSS Advisory ID: RO-16-003...

📄 FlatPress 1.0.2 Cross Site Scripting

Cross site scripting vulnerabilities exist in FlatPress version 1.0.2. FlatPress is a blogging engine that saves posts as simple text files. This issue is older research added to the archive. FlatPress 1.0.2 - Cross-site Scripting Advisory ID: RO-14-011 Severity: Critical Vendor: FlatPress Produc...

📄 Appsmith 1.92 Origin Header Injection

A critical vulnerability in Appsmith version 1.92 allows an unauthenticated attacker to manipulate the Origin HTTP header during the password reset process. Due to improper trust in client‑supplied headers, Appsmith constructs password reset links based on the injected origin. This enables an...

📄 feedyour.email 2.4.1 SQL Injection

A SQL injection vulnerability exists in feedyour.email versions 2.4.1 and below. The vulnerability allows remote attackers to execute arbitrary SQL commands via the search functionality. feedyour.email - SQL Injection via Search Parameter Advisory ID: RO-26-003 CVE ID: CVE-2025-XXXX Pending...

📄 Gibbon 14.0.01 Frame Injection

Frame injection vulnerabilities exist in Gibbon version 14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application. This issue is older research added to the archive. Gibbon v14.0.01 - Frame Injection Vulnerabilities Advisory ID: RO-18-012 Severity:...

📄 WP-Polls 2.73 Cross Site Scripting

A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...

📄 Mailpit Server-Side Request Forgery

A server-side request forgery vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Versions prior to 1.28.0 are affected. Mailpit - Server-Side Request Forgery SSRF Advisory ID: RO-26-001 CVE ID: CVE-2026-21859 Severity: Medium...

📄 glFusion 1.3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older...

📄 WP Flash Player 1.3 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive. WP Flash Player 1.3 - Multiple Cross-site Scripting Advisory ID: RO-15-011 Severity: High Vendor: WordPress Product: WP Flash Player Version: 1.3...

📄 Apache Roller 6.1.2 Cross Site Request Forgery

Apache Roller versions 6.1.2 and below contain a cross site request forgery vulnerability in endpoint /roller/roller-ui/profile!save.rol. This vulnerability allows attackers to arbitrarily update the victim user's profile information e.g., email, full name, locale, timezone via a crafted HTML pag...