Invincibility

CVE POC Collection Validated Proof-of-Concept exploits for CV...

CVE-2026-9302 546669204 vps-inventory-monitoring VpsTest Console VpsTest.php eval code injection

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...

CVE-2026-35449

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP...

CVE-2026-35449

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP...

CVE-2026-35449 WWBN AVideo has Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP...

CVE-2026-35449

WWBN AVideo, versions 26.0 and prior, has an unauthenticated information disclosure via the install/test.php diagnostic script. The CLI-only guard is disabled, allowing HTTP access to the script and exposure of viewer IPs, session IDs, and user agents to unauthenticated visitors. Remediation per ...

Information Exposure

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the install/test.php script when the command-line interface guard is disabled. An attacker can access sensitive information such as viewer...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the statsURL parameter in the plugin/Live/test.php endpoint. An administrator can access sensitive internal resources and clou...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56703)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56703 advisory. - In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6selectpath...

CVE-2019-25243

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...

iWT FaceSentry Access Control System 安全漏洞

The iWT FaceSentry Access Control System is an iWT open source application. It provides an access control function. A security vulnerability exists in iWT FaceSentry Access Control System version 6.4.8, which stems from an authenticated remote command injection in the pingTest.php and...

PT-2025-53329

Name of the Vulnerable Software and Affected Versions FaceSentry version 6.4.8 Description FaceSentry 6.4.8 has a remote command injection issue in the pingTest.php and tcpPortTest.php scripts. An attacker with authentication can inject and execute arbitrary shell commands with root privileges...

ExploitForge

Getting Started with Create React App This project was bootst...

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

EUVD-2025-197814

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

CVE-2025-63748

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

PT-2025-47158

Name of the Vulnerable Software and Affected Versions QaTraq version 6.9.2 Description Authenticated users can upload arbitrary files through the "Add Attachment" feature within the "Test Script" module. The application does not restrict file types, allowing the upload of executable PHP files...

CVE-2025-63748

CVE-2025-63748 affects QaTraq 6.9.2. Authenticated users can upload arbitrary files via the Add Attachment feature in the Test Script module due to insufficient file-type restrictions. Uploaded files (e.g., executable PHP) can be accessed through View Attachment and may execute on the server, ind...