Emlog Pro v2.1.14 - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. id: CVE-2023-41621 info: name: Emlog Pro v2.1.14 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross Site Scripting XSS vulnerability in Emlog Pro v2.1.14 via /admin/store.php. impact: ...

Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. id: CVE-2018-6605 info: name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection author: DhiyaneshDk severity...

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

Hitachi Pentaho Business Analytics Server - Remote Code Execution

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...

Exploit for Authentication Bypass by Spoofing in Booster Booster_For_Woocommerce

QE3 - WordPress Auto Exploitation Scanner ╔════════════...

Malicious code in verts-otimn-fofa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2a4d67b9c6a540426dba65401a06619ca0724b78d6a1912957eab4f98c1d74a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-144245

Malicious code in verts-otimn-fofa npm...

Exploit for CVE-2025-30208

ViteVulScan Vulnerabilities Overview This project involves...

Exploit for CVE-2025-30208

ViteVulScan Vulnerabilities Overview This project involves...

Exploit for CVE-2025-30208

ViteVulScan Vulnerabilities Overview This project involves...

Exploit for Path Traversal in Gibbonedu Gibbon

CVE-2023-34598 - Gibbon v25.0.0 LFI Exploit This repository c...

Exploit for CVE-2024-21534

POC - CVE-2024-21534 Jsonpath-plus vulnerable to Remote Code E...

Exploit for Improper Neutralization in Dlink Dns-320_Firmware

POC - CVE-2024–10914- Command Injection Vulnerability in name...

Exploit for Path Traversal in Jenkins

Jenkins File Read Vulnerability - CVE-2024-23897 !My Shop...

Exploit for CVE-2024-45241

PoC exploit for CVE-2024-45241, a path-traversal vulnerability...

Exploit for Authentication Bypass by Spoofing in Telerik Report_Server_2024

PoC exploit for CVE-2024-4358 and CVE-2024-1800, a deserializati...

Exploit for Path Traversal in Fastadmin

CVE-2024-7928 POC for CVE-2024-7928. Will attempt to retrieve...

Exploit for OS Command Injection in Php

PHP CGI Argument Injection CVE-2024-4577 RCE 📜 Descripti...