47904 matches found
OctoPrint 1.11.2 - File Upload
Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org Software Link: https://github.com/OctoPrint/OctoPrint Affected Versions: = 1.11.2 Patched Versions: 1.11.3 CVE: CVE-2025-58180 CVSS per advisory: 7.5 Platform:...
Redis 8.0.2 - RCE
Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://redis.io/ Software Link: https://redis.io/ Version: Affects := 8.0.0, 8 + p8size & 0xff def buildmalformedhll: """ Construct a malformed...
aiohttp 3.9.1 - directory traversal PoC
Exploit Title: Python aiohttp directory traversal PoC CVE-2024-23334 Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.aiohttp.org / https://www.python.org Software Link: https://github.com/aio-libs/aiohttp vulnerable tag: 3.9.1 Version: aiohttp...
Docker Desktop 4.44.3 - Unauthenticated API Exposure
Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure Date: 2025-10-06 Exploit Author: OilSeller2001 Vendor Homepage: https://www.docker.com/ Software Link: https://www.docker.com/products/docker-desktop/ Version: Affected on Windows and macOS versions prior to 4.44.3 Tested on:...
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
Exploit Title: FortiWeb Fabric Connector 7.6.x - Pre-authentication SQL Injection to Remote Code Execution Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win, Ubuntu CVE : CVE-2025-25257 Overvi...
D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow DoS Google Dork: N/A Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.dlink.com/ Software Link: https://tsd.dlink.com.tw/downloads2008detail.asp Version: DIR-825 Rev.B = 2.10 Tested on: DIR-825...
RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link: https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0 Version: 2.8.0 Tested on: Raspber...
Piranha CMS 12.0 - Stored XSS in Text Block
Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage: https://piranhacms.org Software Link:...
RPi-Jukebox-RFID 2.8.0 - Remote Command Execution
Exploit Title: RPi-Jukebox-RFID 2.8.0 - Remote Code Execution Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link: https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0 Version: 2.8.0 Tested on: Raspberry P...
Siklu EtherHaul Series EH-8010 - Arbitrary File Upload
Exploit Title: Siklu EtherHaul Series - Unauthenticated Arbitrary File Upload Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit Author: semaja2 - Andrew James Vendor Homepage: https://www.ceragon.com/products/siklu-by-ceragon Software Link: ftp://ftp.bubakov.net/siklu/ Version: EH-8010...
Siklu EtherHaul Series EH-8010 - Remote Command Execution
Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit Author: semaja2 - Andrew James Vendor Homepage: https://www.ceragon.com/products/siklu-by-ceragon Software Link: ftp://ftp.bubakov.net/siklu/ Version: EH-8010 and...
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
Exploit Title: FreeBSD rtsold 15.x - Remote Code Execution via DNSSL Date: 2025-12-16 Exploit Author: Lukas Johannes Möller Vendor Homepage: https://www.freebsd.org/ Version: FreeBSD 13.x, 14.x, 15.x before 2025-12-16 patches Tested on: FreeBSD 14.1-RELEASE CVE: CVE-2025-14558 Description: rtsold...
WordPress Quiz Maker 6.7.0.56 - SQL Injection
Exploit Title: WordPress Quiz Maker 6.7.0.56 - SQL Injection Date: 2025-12-16 Exploit Author: Rahul Sreenivasan Tr0j4n Vendor Homepage: https://ays-pro.com/wordpress/quiz-maker Software Link: https://wordpress.org/plugins/quiz-maker/ Version: = 6.7.0.56 Tested on: WordPress 6.x with Quiz Maker...
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
Exploit Title: Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie Date: 19-12-2025 Exploit Author: Karuppiah Sabari Kumar0xsabre Vendor Homepage: https://wordpress.org/plugins/chained-quiz/ Software Link: https://downloads.wordpress.org/plugin/chained-quiz.1.3.3.zip...
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
Exploit Title: Summar Employee Portal 3.98.0 - Authenticated SQL Injection Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.summar.es/ Software Link: https://www.summar.es/software-recursos-humano...
esm-dev 136 - Path Traversal
Exploit Title: esm-dev 136 - Path Traversal Date: 2025-07-11 Exploit Author: Byte Reaper Vendor Homepage: https://github.com/esm-dev/esm.sh Software Link: https://github.com/esm-dev/esm.sh CVE-2025-59342 - File : exploit.c - Date : 09/17/2025 - Target : esm-dev - Version: 136 - Target Endpoint :...
Pluck 4.7.7-dev2 - PHP Code Execution
Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Version: 4.74-dev5 Tested on: Ubuntu Windows CVE : CVE-2018-11736 PoC: 1) 1. Log in to the Pluck...
Django 5.1.13 - SQL Injection
Exploit Title: Django 5.1.13 - SQL Injection Google Dork: none Not applicable for this vulnerability Date: 2025-12-03 Exploit Author: Wafcontrol Security Team Vendor Homepage: https://www.djangoproject.com/ Software Link: https://www.djangoproject.com/download/ Version: 5.2 before 5.2.8, 5.1 befo...
MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
Exploit Title: MobileDetect 2.8.31 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ Software Link: https://github.com/serbanghita/Mobile-Detect/ Version: 4da80e5 Tested on: Windows CVE : CVE-2018-25080 Proof Of...
phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)
Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Version: 2.9.8 Tested on: Ubuntu Windows CVE : CVE-2017-15735 PoC: While still logged...
phpIPAM 1.4 - SQL-Injection
Exploit Title: phpIPAM 1.4 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.4 Tested on: Windows CVE : CVE-2019-16693 Proof Of Concept Ensure you have a valid user session...
phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
Exploit Title: phpMyFaq 2.9.8 - Cross Site Request Forgery CSRF Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link: https://github.com/thorsten/phpMyFAQ/ Version: 2.9.8 Tested on: Windows 10 CVE : CVE-2017-15808 PoC:...
OpenRepeater 2.1 - OS Command Injection
Exploit Title: OpenRepeater 2.1 - OS Command Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/OpenRepeater/openrepeater Software Link: https://github.com/OpenRepeater/openrepeater Version: 2.1 Tested on: Ubuntu CVE : CVE-2019-25024 Proof Of Concept PoC for...
phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
Exploit Title: phpMyFAQ 2.9.8 - Cross-Site Request ForgeryCSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Version: 2.9.8 Tested on: Ubuntu Windows CVE : CVE-2017-15734 PoC: Get...
MaNGOSWebV4 4.0.6 - Reflected XSS
Exploit Title: MaNGOSWebV4 4.0.6 - Reflected XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/paintballrefjosh/MaNGOSWebV4 Software Link: https://github.com/paintballrefjosh/MaNGOSWebV4 Version: 4.0.6 Tested on: Ubuntu Windows CVE : CVE-2017-6478 PoC: // Access...
phpMyAdmin 5.0.0 - SQL Injection
Exploit Title: phpMyAdmin 5.0.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ Software Link: https://github.com/phpmyadmin/phpmyadmin/ Version: 5.0.0 Tested on: Windows CVE : CVE-2020-5504 Proof Of Concept GET...
RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
Exploit Title: RosarioSIS 6.7.2 - Cross Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 6.7.2 Tested on: Windows CVE : CVE-2020-15716 Proof Of Concep...
openSIS Community Edition 8.0 - SQL Injection
Exploit Title: openSIS Community Edition 8.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/OS4ED/openSIS-Classic Software Link: https://github.com/OS4ED/openSIS-Classic Version: 8.0 Tested on: Windows CVE : CVE-2021-40617 Proof Of Concept GET...
RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 6.7.2 Tested on: Windows CVE : CVE-2020-15718 Proof Of Concep...
PluckCMS 4.7.10 - Unrestricted File Upload
Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck/ Software Link: https://github.com/pluck-cms/pluck/ Version: 4.7.10 Tested on: Windows CVE : CVE-2020-20969 Proof Of Concept GET...
phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)
Exploit Title: phpIPAM 1.6 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windows CVE : CVE-2024-41358 Proof Of Concept GET...
phpIPAM 1.5.1 - SQL Injection
Exploit Title: phpIPAM 1.5.1 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windows CVE : CVE-2023-1211 Proof Of Concept POST...
phpIPAM 1.6 - Reflected-Cross-Site Scripting (XSS)
Exploit Title: phpIPAM 1.6 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windows CVE : CVE-2024-41357 Proof Of Concept PoC to trigge...
YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
Exploit Title: YOURLS 1.8.2 - Cross-Site Request Forgery CSRF Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/yourls/yourls/ Software Link: https://github.com/yourls/yourls/ Version: 1.8.2 Tested on: Windows CVE : CVE-2022-0088 Proof Of Concept CSRF PoC CSRF Proof ...
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpmyfaq/ Software Link: https://github.com/thorsten/phpmyfaq/ Version: 3.1.7 Tested on: Windows CVE : CVE-2022-3766 Proof Of Concept GET...
Piwigo 13.6.0 - SQL Injection
Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&userid='...
Flowise 3.0.4 - Remote Code Execution (RCE)
Exploit Title: Flowise 3.0.4 - Remote Code Execution RCE Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise Version: 3.0.5 CVE: CVE-2025-59528 from requests import post, session from argpars...
Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.95.0 2025-10-22 Date: 2025-10-23 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v2.95.0.zip Tested on: Windows...
Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell
!/usr/bin/env python Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: = 4.7.18.0.eden Logic ver: 6.00 Summary: EVE is a smart home and building automation solution designed for both residential and commercial...
ClipBucket 5.5.0 - Arbitrary File Upload
Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Software Link: https://github.com/MacWarrior/clipbucket-v5 Version: ------BOUND-- The file is uploaded without...
HTTP/2 2.0 - Denial Of Service (DOS)
!/usr/bin/env python3 """ Exploit Title: HTTP/2 2.0 - Denial Of Service DOS Google Dork: -NA- Date: 29th August 2025 Exploit Author: Madhusudhan Rajappa Vendor Homepage: -NA- Software Link: -NA- Version: HTTP/2.0 Tested on: -NA- CVE : CVE-2023-44487 """ import asyncio import ssl import time impor...
Mbed TLS 3.6.4 - Use-After-Free
/ Exploit Title: Mbed TLS 3.6.4 - Use-After-Free Google Dork: N/A Date: 2025-08-29 Exploit Author: Byte Reaper Vendor Homepage: https://github.com/Mbed-TLS/mbedtls Software Link: https://github.com/Mbed-TLS/mbedtls Version: ≤ 3.6.4 Tested on: Kali Linux CVE: CVE-2025-47917 / include include inclu...
ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection
/ Exploit Title : ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection Author : Byte Reaper Cve id : CVE-2025-10046 Service : plugin wordpress Plugin : ELEX WooCommerce Google Shopping Version : 1.4.3 Type : SQL injection Parameter injection : filetodelete Location file :...
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
Exploit Title: XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution RCE Date: 09/01/2025 Exploit Author: Maksim Rogov Vendor Homepage: https://www.xwiki.org/ Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: 5.3‑milestone‑2 ≤ v 'Remote Code Execution...
Tourism Management System 2.0 - Arbitrary Shell Upload
Exploit Title: Tourism Management System 2.0 - Arbitrary Shell Upload Date: 2025-10-09 Exploit Author: Debug Security Vendor Homepage: https://kodcloud.com/ Software Link: https://github.com/sohamjuhin/Tourism-Management-System Version: v2.0 Tested on: Windows 11, PHP 8.2.4, Apache 2.4.56 CVE:...
dotCMS 25.07.02-1 - Authenticated Blind SQL Injection
!/usr/bin/env python3 Exploit Title: dotCMS 25.07.02-1 - Authenticated Blind SQL Injection Google Dork: N/A Date: 2025-09-09 Exploit Author: Matan Sandori OSCP, OSEP, OSWE Vendor Homepage:https://www.dotcms.com/ Software Link: https://github.com/dotCMS/core/releases/tag/v25.07.02-1 tested on:...
Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of Privilege
Exploit Title: Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of Privilege Date: 2025-09-10 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL CVE : CVE-2025-21333 include include include include...
HTMLDOC 1.9.13 - Stack Buffer Overflow
!/usr/bin/env python3 Exploit Title: HTMLDOC 1.9.13 - Stack Buffer Overflow Google Dork: N/A Date: 2025-08-26 Exploit Author: wulfgarpro Vendor Homepage: https://github.com/michaelrsweet/htmldoc Software Link: https://github.com/michaelrsweet/htmldoc/releases/tag/v1.9.13 Version: 256. Negative...
Concrete CMS 9.4.3 - Stored XSS
Exploit Title: Concrete CMS 9.4.3 - Stored XSS Date: 2/09/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.concretecms.org/ Software Link: https://www.concretecms.org/downloadfile/8e11ad24-cc1e-4880-8553-7c18ede22c50/2658 Version: 9.4.3 CVE : CVE-2025-8573 Tested on: Windows XP ''...
ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)
Exploit Title: ClipBucket 5.5.2 Build 90 - Server-Side Request Forgery SSRF Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Software Link: https://github.com/MacWarrior/clipbucket-v5 Version: 5.5.2 Build 90 Tested on: Ubun...