Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.238 views

ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)

Exploit Title: ABB Cylon FLXeon 9.3.4 - Remote Code Execution Authenticated Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...

10CVSS9.6AI score0.04328EPSS
Exploits18
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.261 views

GeoVision GV-ASManager 6.1.0.0 - Broken Access Control

Exploit Title: Broken Access Control in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.0.0 or less Tested...

8.8CVSS8.8AI score0.22168EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.248 views

RosarioSIS 7.6 - SQL Injection

Exploit Title: RosarioSIS 7.6 - SQL Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 7.6 Tested on: Ubuntu Windows CVE : CVE-2021-44567 PoC: POST...

9.8CVSS9.7AI score0.23673EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.365 views

WebFileSys 2.31.0 - Directory Path Traversal

Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html Software Link:...

5.3CVSS7AI score0.01805EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.159 views

Nagios Log Server 2024R1.3.1 - API Key Exposure

Exploit Title: Nagios Log Server 2024R1.3.1 - API Key Exposure Date: 2025-04-08 Exploit Author: Seth Kraft, Alex Tisdale Vendor Homepage: https://www.nagios.com/ Vendor Changelog: https://www.nagios.com/changelog/log-server Software Link: https://www.nagios.com/products/log-server/download/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.166 views

Centron 19.04 - Remote Code Execution (RCE)

Exploit Title : Centron 19.04 - Remote Code Execution RCE Tested on Centreon API 19.04.0 Centreon 19.04 - Login Password Bruteforcer Written on 6 Nov 2019 Referencing API Authentication of the Centreon API document Author: st4rry centbruteon.py Centreon Download Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.274 views

CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)

Exploit Title: CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting XSS Date: 2024-08-15 Exploit Author: Raj Nandi Vendor Homepage: https://codeastro.com/ Software Link: https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/ Version: 1.0 Tested on: Any ...

5.1CVSS5.2AI score0.01128EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.222 views

PandoraFMS 7.0NG.772 - SQL Injection

Exploit Title: PandoraFMS 7.0NG.772 - SQL Injection Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link: https://github.com/pandorafms/pandorafms/releases/download/v772-LTS/pandorafmsagentlinux-7.0NG.772.tar.gz Version: v7.0NG.772 Tested on: Linux...

8.8CVSS8.9AI score0.0073EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.202 views

K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)

Exploit Title: K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service DoS Date: 13.08.2024 Author: M. Akil Gündoğan Vendor Homepage: https://k7computing.com/ Version: v17.0.2019 Tested on: Windows 10 Pro x64 CVE ID: CVE-2024-36424 Vulnerability Description:...

5.5CVSS7.1AI score0.00991EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.382 views

Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Typecho 1.3.0 - Stored Cross-Site Scripting XSS Google Dork: intext:"Powered by Typecho" inurl:/index.php Date: 18/08/2024 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://typecho.org Software Link: https://github.com/typecho/typecho Version: 1.3.0 Tested...

9CVSS9.2AI score0.02671EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.269 views

AquilaCMS 1.409.20 - Remote Command Execution (RCE)

Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution RCE Date: 2024-10-25 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.aquila-cms.com/ Software Link: https://github.com/AquilaCMS/AquilaCMS Version: v1.409.20 CVE: CVE-2024-48572, CVE-2024-48573 import io import json import...

9.8CVSS9.6AI score0.01EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.251 views

flatCore 1.5.5 - Arbitrary File Upload

Exploit Title: flatCore 1.5.5 - Arbitrary File Upload Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS Version: 1.5.5 Tested on: Ubuntu Windows CVE : CVE-2019-10652 PoC: 1 1. Access the...

7.2CVSS7.1AI score0.0709EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.307 views

Typecho 1.3.0 - Race Condition

Exploit Title: Typecho 1.3.0 - Race Condition Google Dork: intext:"Powered by Typecho" inurl:/index.php Date: 18/08/2024 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://typecho.org Software Link: https://github.com/typecho/typecho Version: 1.3.0 Tested on: Typecho 1.3....

6.5CVSS6.6AI score0.01445EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.225 views

Cosy+ firmware 21.2s7 - Command Injection

Exploit Title: Cosy+ firmware 21.2s7 - Command Injection Google Dork: N/A Date: 2024-8-20 Exploit Author: CodeB0ss Contact: t.me/codeb0ss / [email protected] Version: 21.2s7 Tested on: Windows 11 Home Edition CVE: CVE-2024-33896 import socket import subprocess import time def...

7.2CVSS6.9AI score0.04023EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.292 views

Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover

Exploit Title: Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover Google Dork: N/A Date: 21/07/2024 Exploit Author: Mohammed Adel Vendor Homepage: https://www.cisco.com Software Link:...

10CVSS7.2AI score0.80635EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/10 12:0 a.m.211 views

Feng Office 3.11.1.2 - SQL Injection

Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.240 views

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)

Exploit Title: Anchor CMS 0.12.7 - Stored Cross Site Scripting XSS Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/archive/refs/tags/0.12.7.zip Version: latest Tested on: MacOS Log in to Anchor CMS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.276 views

Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)

Exploit Title: Apache HugeGraph Server 1.2.0 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://hugegraph.apache.org/docs/download/download/ Version: Apache HugeGraph 1.0.0 - 1.2.0 CVE : CVE-2024–27348 from requests import Request, Session import sys import json d...

9.8CVSS9.8AI score0.9921EPSS
Exploits11
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.249 views

Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege

Exploit Title: ManageEngine ADManager Plus Build 7210 Elevation of Privilege Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

8.8CVSS7.1AI score0.03941EPSS
Exploits1
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.216 views

PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)

Exploit Title: PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery CSRF Date: 2024-07-01 Exploit Author: Vuln Seeker Cybersecurity Team Vendor Homepage: https://wordpress.org/plugins/pz-frontend-manager/ Version: = 1.0.5 Tested on: Firefox Contact me: [email protected] The...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.295 views

DocsGPT 0.12.0 - Remote Code Execution

Exploit Title: DocsGPT 0.12.0 - Remote Code Execution Date: 09/04/2025 Exploit Author: Shreyas Malhotra OSMSEC Vendor Homepage: https://github.com/arc53/docsgpt Software Link: https://github.com/arc53/DocsGPT/archive/refs/tags/0.12.0.zip Version: 0.8.1 through 0.12.0 Tested on: Debian Linux/Ubunt...

9.3CVSS7.4AI score0.15099EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.324 views

Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)

Exploit Title: Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution RCE Google Dork: N/A Date: 07/09/2024 Exploit Author: Andrew Lemon/Red Threat https://redthreatsec.com Vendor Homepage: https://www.q-free.com Software Link: N/A Version: 1.9 Tested on: Intelight x-1 Linux...

9.8CVSS9.7AI score0.02368EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.261 views

ChurchCRM 5.9.1 - SQL Injection

Exploit Title: ChurchCRM 5.9.1 - SQL Injection Author: Sanan Qasimzada Date: 06.07.2024 Vendor: http://churchcrm.io/ Software: https://github.com/ChurchRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears to be...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.276 views

ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: ResidenceCMS 2.10.1 - Stored Cross-Site Scripting XSS Date: 8-7-2024 Category: Web Application Exploit Author: Jeremia Geraldi Sihombing Version: 2.10.1 Tested on: Windows CVE: CVE-2024-39143 Description: ---------------- A stored cross-site scripting XSS vulnerability exists in...

5.4CVSS5.5AI score0.00928EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/09 12:0 a.m.297 views

Artica Proxy 4.50 - Remote Code Execution (RCE)

Exploit Title: Artica Proxy 4.50 - Remote Code Execution RCE Date: 23-04-2024 Exploit Author: Madan Vendor Homepage: https://artica-proxy.com/ Version: 4.40, 4.50 Tested on: relevant os CVE : CVE-2024-2054 you can also find the exploit on my github repo: https://github.com/Madan301/CVE-2024-2054...

9.8CVSS9.6AI score0.8126EPSS
Exploits9
Exploit DB
Exploit DB
added 2025/04/08 12:0 a.m.196 views

UNA CMS 14.0.0-RC - PHP Object Injection

Exploit Title: UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability Author: Egidio Romano aka EgiX Software link.......: https://unacms.com - Software Links: https://unacms.com https://github.com/unacms/una - Affected Versions: All versions from 9.0.0-RC1 to 14.0.0-RC...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/08 12:0 a.m.543 views

jQuery 3.3.1 - Prototype Pollution & XSS Exploit

Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepage: https://jquery.com Software Link: https://code.jquery.com/jquery-3.3.1.min.js Version: 3.3.1 Tested on: Windows 10, Ubuntu 20.04, Chrome...

6.1CVSS7.4AI score0.87218EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/08 12:0 a.m.293 views

InfluxDB OSS 2.7.11 - Operator Token Privilege Escalation

Exploit Title: InfluxDB OSS Operator Privilege Escalation via BusinessLogic Flaw Date: 22/03/2024 Exploit Author: Andrea Pasin Xenom0rph97 Researcher Homepage: https://xenom0rph97.github.io/xeno/ GitHub Exploit repo: https://github.com/XenoM0rph97/CVE-2024-30896 Software Link:...

9.1CVSS7.4AI score0.05208EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/08 12:0 a.m.195 views

Jasmin Ransomware - Arbitrary File Download (Authenticated)

Exploit Title: Jasmin Ransomware - Authenticated Arbitrary File Download Google Dork: N/A Date: 22-03-2025 Exploit Author: bRpsd cyatlive.no Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: N/A Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/08 12:0 a.m.298 views

GeoVision GV-ASManager 6.1.0.0 - Information Disclosure

Exploit Title: Information Disclosure in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.0.0 or less Teste...

7.5CVSS7.4AI score0.22168EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/08 12:0 a.m.260 views

Sony XAV-AX5500 1.13 - Firmware Update Validation Remote Code Execution (RCE)

Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage: https://www.sony.com/et/electronics/in-car-receivers-players/xav-ax5500 Software Link: https://archive.org/details/xav-ax-5500-v-113 Version: 1.13 Tested o...

6.8CVSS7.4AI score0.01761EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/08 12:0 a.m.199 views

Nagios Xi 5.6.6 - Authenticated Remote Code Execution (RCE)

Exploit Title: Nagiosxi authenticated Remote Code Execution Date: 17/02/2024 Exploit Author: Calil Khalil Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios Xi 5.6.6 Tested on: Ubuntu CVE : CVE-2019-15949 python3 exp.py -t https:/// -b // -u user -p 'password' -lh -lp -k...

9CVSS7.4AI score0.77741EPSS
Exploits13
Exploit DB
Exploit DB
added 2025/04/08 12:0 a.m.215 views

WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation

Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage: https://wordpress.org/plugins/user-registration/ Software Link:...

8.1CVSS7AI score0.44565EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/04/07 12:0 a.m.415 views

Apache Tomcat 11.0.3 - Remote Code Execution

Exploit Title: Apache Tomcat Path Equivalence - Remote Code Execution Exploit Author: Al Baradi Joy CVE: CVE-2025-24813 Date: 2025-04-06 Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-90.cgi Version: Apache Tomcat 11.0.3 / 10.1.35 / 9.0.98 Tested on:...

10CVSS7.3AI score0.99945EPSS
Exploits47
Exploit DB
Exploit DB
added 2025/04/07 12:0 a.m.242 views

YesWiki 4.5.1 - Unauthenticated Path Traversal

Exploit Title: YesWiki 4.5.2 - Unauthenticated Path Traversal Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-31131 Vendor Homepage: https://yeswiki.net/ Software Link: https://github.com/YesWiki/yeswiki Affected Version: 4.5.2 Tested On: YesWiki 4.5.1 on Ubuntu 22.04...

8.6CVSS7AI score0.05366EPSS
Exploits6
Exploit DB
Exploit DB
added 2025/04/07 12:0 a.m.238 views

XWiki Platform 15.10.10 - Remote Code Execution

Exploit Title: XWiki Platform - Remote Code Execution Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-24893 Vendor Homepage: https://www.xwiki.org/ Software Link: https://github.com/xwiki/xwiki-platform Version: Affected versions up to and including XWiki 15.10.10 Teste...

9.8CVSS7AI score0.99898EPSS
Exploits51
Exploit DB
Exploit DB
added 2025/04/06 12:0 a.m.307 views

Watcharr 1.43.0 - Remote Code Execution (RCE)

Exploit Title : Watcharr 1.43.0 - Remote Code Execution RCE CVE-2024-48827 exploit by Suphawith Phusanbai Affected Watcharr version 1.43.0 and below. import argparse import requests import json import jwt from pyfiglet import Figlet f = Figletfont='slant',width=100 printf.renderText'CVE-2024-4882...

8.8CVSS7AI score0.02716EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/06 12:0 a.m.352 views

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover

Exploit Title: Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover Shodan Dork: html:"expedition project" FOFA Dork: "expedition project" && iconhash="1499876150" Exploit Author: ByteHunter Email: [email protected] Vulnerable Versions: 1.2 1.2.92 Tested on: 1.2.90.1 & 1.2.75 CVE ...

9.8CVSS9.8AI score0.91783EPSS
Exploits9
Exploit DB
Exploit DB
added 2025/04/06 12:0 a.m.351 views

WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)

Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat shellModule/info.php ?php / @category modules @package Reverse Shell @author Swammers8 @link...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/06 12:0 a.m.196 views

Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: Reservit Hotel Content 3. Add the following payload to the Button text French field sane save: " style=animation-name:rotation onanimationstart=alert/XSS/// 4. The XSS will trigger upon saving and when any user will access the content dashboard again References:...

4.8CVSS7.1AI score0.00823EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/06 12:0 a.m.261 views

Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload

Exploit Title: WordPress Backup and Staging Plugin ≤ 1.21.16 - Arbitrary File Upload to RCE Original Author: Patchstack hypothetical Exploit Author: Al Baradi Joy Exploit Date: April 5, 2025 Vendor Homepage: https://wp-timecapsule.com/ Software Link: https://wordpress.org/plugins/wp-time-capsule/...

9.8CVSS7.4AI score0.93709EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/04/06 12:0 a.m.362 views

DataEase 2.4.0 - Database Configuration Information Exposure

Exploit Title: DataEase 2.4.0 - Database Configuration Information Exposure Shodan Dork: http.html:"dataease" FOFA Dork: body="dataease" && title=="DataEase" Exploit Author: ByteHunter Email: [email protected] vulnerable Versions: 2.4.0-2.5.0 Tested on: 2.4.0 CVE : CVE-2024-30269 import...

5.3CVSS5.4AI score0.16EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/05 12:0 a.m.318 views

Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection

Exploit Title: Microchip TimeProvider 4100 Grandmaster Data plot modules 2.4.6 - SQL Injection Exploit Author: Armando Huesca Prida, Marco Negro Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of Disclosure:...

6.5CVSS7.1AI score0.00843EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/05 12:0 a.m.266 views

Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)

Exploit Title: Exclusive Addons for Elementor ≤ 2.6.9 - Authenticated Stored Cross-Site Scripting XSS Original Author: Wordfence Security Team Exploit Author: Al Baradi Joy Exploit Date: March 13, 2024 Vendor Homepage: https://exclusiveaddons.com/ Software Link:...

6.4CVSS7.4AI score0.01593EPSS
Exploits12
Exploit DB
Exploit DB
added 2025/04/05 12:0 a.m.318 views

Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload

Exploit Title: WordPress Plugin Royal Elementor Addons = 1.3.78 - Unauthenticated Arbitrary File Upload RCE Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://royal-elementor-addons.com Software Link:...

9.8CVSS7.4AI score0.81695EPSS
Exploits18
Exploit DB
Exploit DB
added 2025/04/05 12:0 a.m.275 views

Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)

Exploit Title: Kubio AI Page Builder = 2.5.1 - Local File Inclusion LFI Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://wordpress.org/plugins/kubio/ Software Link: https://downloads.wordpress.org/plugin/kubio.2.5.1.zip Reference:...

9.8CVSS7.4AI score0.76761EPSS
Exploits12
Exploit DB
Exploit DB
added 2025/04/05 12:0 a.m.377 views

Next.js Middleware 15.2.2 - Authorization Bypass

Exploit Title: Next.js Middleware Bypass Vulnerability CVE-2025-29927 Date: 2025-03-26 Exploit Author: kOaDT Vendor Homepage: https://nextjs.org/ Software Link: https://github.com/vercel/next.js Version: 13.0.0 - 13.5.8 / 14.0.0 - 14.2.24 / 15.0.0 - 15.2.2 / 11.1.4 - 12.3.4 Tested on: Ubuntu...

9.1CVSS7.4AI score0.99301EPSS
Exploits58
Exploit DB
Exploit DB
added 2025/04/05 12:0 a.m.388 views

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow

Exploit Title : IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow ======== ================================================ 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline 5. References 6. Credits 7. Legal Notices ========...

8.2CVSS7AI score0.0163EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/04 12:0 a.m.247 views

Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)

Exploit Title: Angular-Base64-Upload Library 0.1.20 - Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload Software Link:...

9.8CVSS9.6AI score0.43683EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/04 12:0 a.m.309 views

Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)

Exploit Title: Microchip TimeProvider 4100 Grandmaster Banner Config Modules 2.4.6 - Stored Cross-Site Scripting XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of...

7.7CVSS6.4AI score0.00786EPSS
Exploits3
Total number of security vulnerabilities47904