Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

H3C SSL VPN <=2022-07-10 - Cross-Site Scripting

H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...

Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...

SolarWinds Serv-U 15.3 - Directory Traversal

SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id:...

SPIP BigUp Plugin - Remote Code Execution

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. id: CVE-2024-8517 info: name: SPIP BigUp Plugin - Remote Code Execution...

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

Hitachi Pentaho Business Analytics Server - Remote Code Execution

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...

Exploit for CVE-2026-42945

CVE-2026-42945-NGINX-Rift bash Basic usage with target I...

Rejetto HTTP File Server - Template injection

This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...

sshprank 1.7.0

sshprank is a fast SSH mass-scanner, login cracker, and banner grabber tool using the python-masscan and shodan modules...

Lyussfyuring002

lyussfyuring002 web exploitation + OSINT toolkit for people...

Exploit for Missing Authentication for Critical Function in Cpanel

cPanel-CVE-2026-41940-Scanner !Licensehttps://img.shields...

Luban-2040

Luban 2040 v1 Advanced CVE & Exploit Finder Author: m...

pentestfr

Pentest Framework — Kali Linux / VirtualBox Framework Python...

A Scan-Based Analysis of Internet-Exposed IoT Devices Using Shodan Data

An open measurement problem in IoT security is whether scan-observable network configurations encode population-level exposure risk beyond individual devices. An analysis of internet-exposed IoT endpoints using a controlled multi-country sample from Shodan Search and Shodan InternetDB, selecting...

Exploit for Out-of-bounds Write in Mikrotik Routeros

Mikrotik Exploit Scan and Export RouterOS Password A security...

Exploit for Insufficient Type Distinction in Rarlab Winrar

CVE Exploit Finder Author: Your Name/Handle Focus: Automated V...

Exploit for CVE-2025-68613

n8n CVE-2025-68613 Internet Scanner A Tkinter-based GUI tool...

Exploit for Deserialization of Untrusted Data in Facebook React

RSC/Next.js RCE Vulnerability Detector & PoC Chrome Extensio...