esp_rfid_tool_v2_pwn

esprfidtoolv2pwn qscXploit is watching you... 👁️‍🗨️ I...

📄 ESP-RFID-Tool V2 PRO Traversal / XSS / Bypass / Enumeration

ESP-RFID-Tool V2 PRO suffers from bypass, cross site request forgery, cross site scripting, information leakage, path traversal, and multiple other vulnerabilities. The vendor has seemingly taken a hostile approach to responding to these findings and is uncooperative. Security Advisory:...

PT-2026-28358

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack susceptible to a data race condition leading to a use-after-free issue. This condition is triggered by events such as EV plug-in/unplug and...

📄 RPi-Jukebox-RFID 2.8.0 Cross Site Scripting

RPi-Jukebox-RFID version 2.8.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link:...

📄 RPi-Jukebox-RFID 2.8.0 Command Injection

RPi-Jukebox-RFID version 2.8.0 proof of concept command injection exploit that leverages /phoniebox/api/playlist/shuffle.php. ============================================================================================================================================= | Title : RPi-Jukebox-RFID...

📄 RPi-Jukebox-RFID 2.8.0 Remote Code Execution

RPi-Jukebox-RFID version 2.8.0 proof of concept exploit that demonstrates an OS command injection vulnerability in the shuffle.php API endpoint. The vulnerable parameter playlist is passed directly to a shell command without sanitization, allowing an attacker to execute arbitrary system commands...

CVE-2023-50126

Missing encryption in the RFID tags of the Hozard alarm system Alarmsysteem v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state...

CVE-2021-33881

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation aka conduct a "tear off" attack over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation,...

CVE-2024-41367

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\api\playlist\appendFileToPlaylist.php...

CVE-2024-41368

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\inc.setWlanIpMail.php...

CVE-2024-41364

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\trackEdit.php...

CVE-2024-41366

RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution RCE vulnerability via htdocs\userScripts.php...

CVE-2025-15208

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has bee...

CVE-2025-15208

CVE-2025-15208 affects Code-Projects Refugee Food Management System 1.0, specifically the /home/editrefugee.php handler where the rfid parameter can be manipulated to perform SQL injection. Exploitation is described as remote with a publicly released exploit. Multiple connected sources (NVD, Red ...

CVE-2025-15181

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. Th...

CVE-2025-15181 code-projects Refugee Food Management System pagenateRefugeesList.php sql injection

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. Th...

CVE-2025-15181 code-projects Refugee Food Management System pagenateRefugeesList.php sql injection

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. Th...

PT-2025-53708

Name of the Vulnerable Software and Affected Versions code-projects Refugee Food Management System version 1.0 Description A security flaw exists in code-projects Refugee Food Management System 1.0. The issue is a SQL injection impacting an unknown function within the /home/pagenateRefugeesList.p...

Code-Projects Refugee Food Management System SQL注入漏洞

Code-Projects Refugee Food Management System is an open source refugee food management system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Refugee Food Management System version 1.0, which stems from incorrect manipulation of the parameter rfid in the file...

PT-2025-53803

Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A security flaw exists in Refugee Food Management System version 1.0. The issue involves SQL injection stemming from the manipulation of the rfid argument within the file...