EUVD-2025-202041

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

CVE-2025-49351

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

PT-2025-49986

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

WordPress Themify Builder plugin < 7.5.8 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Valentin LOBSTEIN in WordPress Plugin Themify Builder versions 7.5.8...

AVideo WWBNIndex Plugin Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AVideo WWBNIndex Plugin Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated remote code execution RCE vulnerability ...

DerbyNet 9.0 photo.php Cross Site Scripting

CVE ID: CVE-2024-30921 Description: A Cross-Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically affecting the photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without requiring authentication...

DerbyNet 9.0 checkin.php Cross Site Scripting

CVE ID: CVE-2024-30924 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet version 9.0, specifically within the checkin.php component. This vulnerability allows remote attackers to execute arbitrary code due to improper handling of the order URL parameter. The fl...

DerbyNet 9.0 print/render/racer.inc SQL Injection

CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...

DerbyNet 9.0 playlist.php Cross Site Scripting

CVE ID: CVE-2024-30929 Description: A Cross-Site Scripting XSS vulnerability has been found in DerbyNet version 9.0, affecting the playlist.php component. This issue allows remote attackers to execute arbitrary code by exploiting the back parameter. The application does not properly sanitize the...

DerbyNet 9.0 render-document.php Cross Site Scripting

CVE ID: CVE-2024-30920 Description: A Cross Site Scripting XSS vulnerability has been identified in DerbyNet v9.0, specifically within the render-document.php component. This vulnerability allows a remote attacker to execute arbitrary code via crafted URLs. The root cause of the vulnerability is...

DerbyNet 9.0 print/render/award.inc SQL Injection

CVE ID: CVE-2024-30922 Description: A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in Award Document Rendering through the component print/render/award.inc. This vulnerability allows remote attackers to execute arbitrary code a...

Vinchin Backup And Recovery 7.2 Command Injection

CVE ID: CVE-2024-25228 Title: Authenticated Command Injection Vulnerability in ManoeuvreHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier Description: A critical security vulnerability has been discovered in the getVerifydiyResult function within the ManoeuvreHandler.class.p...

Vinchin Backup And Recovery 7.2 Default Root Credentials Vulnerability

Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability. CVE ID: CVE-2024-22902 Title: Default Root Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Suggested Description: Vinchin Backup ...

Vinchin Backup And Recovery 7.2 Default MySQL Credentials

CVE ID: CVE-2024-22901 Title: Default MYSQL Credentials Vulnerability in Vinchin Backup & Recovery v7.2 Description: A critical security issue, identified as CVE-2024-22901, has been discovered in Vinchin Backup & Recovery version 7.2. The software has been found to use default MYSQL credentials,...

valentin-gardiner.dk Improper Access Control vulnerability OBB-3826175

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Royal Elementor Addons Remote Code Execution Exploit

Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin 'WordPress Royal Elementor Addons RCE', 'Description' = %q Exploit for the unauthenticated file upload vulnerability in WordPress Royal Elementor Addons and Templates plugin...

Zyxel USG FLEX 5.21 - OS Command Injection Exploit

Exploit Title: Zyxel USG FLEX 5.21 - OS Command Injection Shodan Dork: title:"USG FLEX 100" title:"USG FLEX 100W" title:"USG FLEX 200" title:"USG FLEX 500" title:"USG FLEX 700" title:"USG20-VPN" title:"USG20W-VPN" title:"ATP 100" title:"ATP 200" title:"ATP 500" title:"ATP 700" title:"ATP 800"...

Apache HTTP Server 2.4.50 Remote Code Execution

Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Date: 11/11/2021 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Software Link: https://github.com/Balgogan/CVE-2021-41773 Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE :...

assets.naturstein-valentin.de Cross Site Scripting vulnerability OBB-1447389

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

valentin-wine.ch XSS vulnerability

Open Bug Bounty ID: OBB-667252 Description| Value ---|--- Affected Website:| valentin-wine.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...