47884 matches found
MaNGOSWebV4 4.0.6 - Reflected XSS
Exploit Title: MaNGOSWebV4 4.0.6 - Reflected XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/paintballrefjosh/MaNGOSWebV4 Software Link: https://github.com/paintballrefjosh/MaNGOSWebV4 Version: 4.0.6 Tested on: Ubuntu Windows CVE : CVE-2017-6478 PoC: // Access...
phpIPAM 1.4 - SQL-Injection
Exploit Title: phpIPAM 1.4 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.4 Tested on: Windows CVE : CVE-2019-16693 Proof Of Concept Ensure you have a valid user session...
openSIS Community Edition 8.0 - SQL Injection
Exploit Title: openSIS Community Edition 8.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/OS4ED/openSIS-Classic Software Link: https://github.com/OS4ED/openSIS-Classic Version: 8.0 Tested on: Windows CVE : CVE-2021-40617 Proof Of Concept GET...
PluckCMS 4.7.10 - Unrestricted File Upload
Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck/ Software Link: https://github.com/pluck-cms/pluck/ Version: 4.7.10 Tested on: Windows CVE : CVE-2020-20969 Proof Of Concept GET...
OpenRepeater 2.1 - OS Command Injection
Exploit Title: OpenRepeater 2.1 - OS Command Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/OpenRepeater/openrepeater Software Link: https://github.com/OpenRepeater/openrepeater Version: 2.1 Tested on: Ubuntu CVE : CVE-2019-25024 Proof Of Concept PoC for...
RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 6.7.2 Tested on: Windows CVE : CVE-2020-15718 Proof Of Concep...
phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)
Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Version: 2.9.8 Tested on: Ubuntu Windows CVE : CVE-2017-15735 PoC: While still logged...
phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
Exploit Title: phpMyFaq 2.9.8 - Cross Site Request Forgery CSRF Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link: https://github.com/thorsten/phpMyFAQ/ Version: 2.9.8 Tested on: Windows 10 CVE : CVE-2017-15808 PoC:...
phpMyAdmin 5.0.0 - SQL Injection
Exploit Title: phpMyAdmin 5.0.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ Software Link: https://github.com/phpmyadmin/phpmyadmin/ Version: 5.0.0 Tested on: Windows CVE : CVE-2020-5504 Proof Of Concept GET...
RosarioSIS 6.7.2 - Cross Site Scripting (XSS)
Exploit Title: RosarioSIS 6.7.2 - Cross Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 6.7.2 Tested on: Windows CVE : CVE-2020-15716 Proof Of Concep...
phpIPAM 1.6 - Reflected-Cross-Site Scripting (XSS)
Exploit Title: phpIPAM 1.6 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windows CVE : CVE-2024-41357 Proof Of Concept PoC to trigge...
phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)
Exploit Title: phpIPAM 1.6 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windows CVE : CVE-2024-41358 Proof Of Concept GET...
YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
Exploit Title: YOURLS 1.8.2 - Cross-Site Request Forgery CSRF Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/yourls/yourls/ Software Link: https://github.com/yourls/yourls/ Version: 1.8.2 Tested on: Windows CVE : CVE-2022-0088 Proof Of Concept CSRF PoC CSRF Proof ...
Piwigo 13.6.0 - SQL Injection
Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&userid='...
phpIPAM 1.5.1 - SQL Injection
Exploit Title: phpIPAM 1.5.1 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windows CVE : CVE-2023-1211 Proof Of Concept POST...
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpmyfaq/ Software Link: https://github.com/thorsten/phpmyfaq/ Version: 3.1.7 Tested on: Windows CVE : CVE-2022-3766 Proof Of Concept GET...
Flowise 3.0.4 - Remote Code Execution (RCE)
Exploit Title: Flowise 3.0.4 - Remote Code Execution RCE Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise Version: 3.0.5 CVE: CVE-2025-59528 from requests import post, session from argpars...
Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.95.0 2025-10-22 Date: 2025-10-23 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v2.95.0.zip Tested on: Windows...
ClipBucket 5.5.0 - Arbitrary File Upload
Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Software Link: https://github.com/MacWarrior/clipbucket-v5 Version: ------BOUND-- The file is uploaded without...
Mbed TLS 3.6.4 - Use-After-Free
/ Exploit Title: Mbed TLS 3.6.4 - Use-After-Free Google Dork: N/A Date: 2025-08-29 Exploit Author: Byte Reaper Vendor Homepage: https://github.com/Mbed-TLS/mbedtls Software Link: https://github.com/Mbed-TLS/mbedtls Version: ≤ 3.6.4 Tested on: Kali Linux CVE: CVE-2025-47917 / include include inclu...
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
Exploit Title: XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution RCE Date: 09/01/2025 Exploit Author: Maksim Rogov Vendor Homepage: https://www.xwiki.org/ Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: 5.3‑milestone‑2 ≤ v 'Remote Code Execution...
HTMLDOC 1.9.13 - Stack Buffer Overflow
!/usr/bin/env python3 Exploit Title: HTMLDOC 1.9.13 - Stack Buffer Overflow Google Dork: N/A Date: 2025-08-26 Exploit Author: wulfgarpro Vendor Homepage: https://github.com/michaelrsweet/htmldoc Software Link: https://github.com/michaelrsweet/htmldoc/releases/tag/v1.9.13 Version: 256. Negative...
Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell
!/usr/bin/env python Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: = 4.7.18.0.eden Logic ver: 6.00 Summary: EVE is a smart home and building automation solution designed for both residential and commercial...
ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection
/ Exploit Title : ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection Author : Byte Reaper Cve id : CVE-2025-10046 Service : plugin wordpress Plugin : ELEX WooCommerce Google Shopping Version : 1.4.3 Type : SQL injection Parameter injection : filetodelete Location file :...
Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of Privilege
Exploit Title: Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of Privilege Date: 2025-09-10 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL CVE : CVE-2025-21333 include include include include...
dotCMS 25.07.02-1 - Authenticated Blind SQL Injection
!/usr/bin/env python3 Exploit Title: dotCMS 25.07.02-1 - Authenticated Blind SQL Injection Google Dork: N/A Date: 2025-09-09 Exploit Author: Matan Sandori OSCP, OSEP, OSWE Vendor Homepage:https://www.dotcms.com/ Software Link: https://github.com/dotCMS/core/releases/tag/v25.07.02-1 tested on:...
Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)
Exploit Title: Casdoor 2.55.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 2.55.0 Date: 09/10/2025 Exploit Author: Van Lam Nguyen Facebook: vanlam1412 Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v2.55.0.zip Tested on...
HTTP/2 2.0 - Denial Of Service (DOS)
!/usr/bin/env python3 """ Exploit Title: HTTP/2 2.0 - Denial Of Service DOS Google Dork: -NA- Date: 29th August 2025 Exploit Author: Madhusudhan Rajappa Vendor Homepage: -NA- Software Link: -NA- Version: HTTP/2.0 Tested on: -NA- CVE : CVE-2023-44487 """ import asyncio import ssl import time impor...
Tourism Management System 2.0 - Arbitrary Shell Upload
Exploit Title: Tourism Management System 2.0 - Arbitrary Shell Upload Date: 2025-10-09 Exploit Author: Debug Security Vendor Homepage: https://kodcloud.com/ Software Link: https://github.com/sohamjuhin/Tourism-Management-System Version: v2.0 Tested on: Windows 11, PHP 8.2.4, Apache 2.4.56 CVE:...
ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)
Exploit Title: ClipBucket 5.5.2 Build 90 - Server-Side Request Forgery SSRF Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Software Link: https://github.com/MacWarrior/clipbucket-v5 Version: 5.5.2 Build 90 Tested on: Ubun...
Concrete CMS 9.4.3 - Stored XSS
Exploit Title: Concrete CMS 9.4.3 - Stored XSS Date: 2/09/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.concretecms.org/ Software Link: https://www.concretecms.org/downloadfile/8e11ad24-cc1e-4880-8553-7c18ede22c50/2658 Version: 9.4.3 CVE : CVE-2025-8573 Tested on: Windows XP ''...
GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)
Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
!/usr/bin/env python3 Exploit Title: Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass Google Dork: inurl:/mifs "Ivanti" OR "EPM" OR "Endpoint Manager" Date: 2025-01-21 Exploit Author: Your Name https://github.com/your-username Vendor Homepage: https://www.ivanti.com/ Software Link:...
StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
Exploit Title: StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload Exploit Author: xpl0dec Vendor Homepage: https://www.storychief.io/wordpress-content-scheduler Software Link: https://github.com/Story-Chief/wordpress/ Version: ”; ? 2. Adjust the echo phpinfo section as needed 3. Host it o...
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
/ Exploit Title : Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-6082 Software Link : https://frp.wordpress.org/plugins/birth-chart-compatibility/ Description : Proof‑of‑Concept exploits the Full Path Disclosure bu...
GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure
Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...
Lingdang CRM 8.6.4.7 - SQL Injection
Exploit Title: Lingdang CRM 8.6.4.7 - SQL Injection Google Dork: N/A Date: 2025-08-19 Exploit Author: Beatriz Fresno Naumova Vendor: Shanghai Lingdang Information Technology Software Link: N/A – commercial product Version: = 8.6.4.7 fixed in 8.6.5.x per vendor advisory Tested on: Generic LAMP...
Tenda AC20 16.03.08.12 - Command Injection
/ Exploit Title : Tenda AC20 16.03.08.12 - Command Injection Author : Byte Reaper CVE : CVE-2025-9090 Description: A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. target endpoint :...
PHPMyAdmin 3.0 - Bruteforce Login Bypass
""" Exploit-Title: PHPMyAdmin 3.0 - Bruteforce Login Bypass Author: Nikola Markovic [email protected] Date: 2023 Google-Dork: intext: phpMyAdmin Vendor: https://www.phpmyadmin.net/ Version: 3.0 & 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 Tested on: win/linux/unix Python-Version: 3.0 CVE...
BigAnt Office Messenger 5.6.06 - SQL Injection
Exploit Title: BigAnt Office Messenger 5.6.06 - SQL Injection Date: 01.09.2025 Exploit Author: Nicat Abbasov Vendor Homepage: https://www.bigantsoft.com/ Software Link: https://www.bigantsoft.com/download.html Version: 5.6.06 Tested on: 5.6.06 CVE : CVE-2024-54761 Github repo:...
Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
/ Exploit Title: Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection XXE Google Dork: N/A Date: 2025-08-17 Exploit Author: Byte Reaper Vendor Homepage: https://www.lantronix.com/ Software Link: https://www.lantronix.com/products/lantronix-provisioning-manager/ Version:...
Soosyze CMS 2.0 - Brute Force Login
Exploit Title: Soosyze CMS 2.0 - Brute Force Login Google Dork: N/A Date: 2025-08-13 Exploit Author: Beatriz Fresno Naumova beafn28 Vendor Homepage: https://soosyze.com/ Software Link: https://github.com/soosyze/soosyze Version: 2.0 tested Tested on: macOS Sonoma 14.x Apple Silicon M1, /bin/bash...
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure Date: 13/08/2025 Exploit Author: Ruben Enkaoua Author link: https://x.com/RubenLabs, https://github.com/rubenformation Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/...
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting XSS Google Dork: N/A Date: 2024-08-12 Exploit Author: GURJOT SINGH Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip Version: Steps: 1. Log in or...
ServiceNow Multiple Versions - Input Validation & Template Injection
!/usr/bin/env python3 """ Title : ServiceNow Multiple Versions - Input Validation & Template Injection Date: 2025-01-31 Author: ibrahimsql Vendor: ServiceNow Version: Vancouver, Washington DC, Utah various patches affected from 0 before Utah Patch 10 Hot Fix 3 affected from 0 before Utah Patch 10...
Microsoft Windows - Storage QoS Filter Driver Checker
Titles: Microsoft Windows - Storage QoS Filter Driver Checker Author: nu11secur1ty Date: 08/04/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730 Description This PowerShell...
Cisco ISE 3.0 - Remote Code Execution (RCE)
Exploit Title: Cisco ISE 3.0 - Remote Code Execution RCE Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Java Deserialization RCE CVE: CVE-2025-20124 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...
Ghost CMS 5.42.1 - Path Traversal
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.42.1 - Path Traversal Date: 2023-06-15 Exploit Author:ibrahimsql https://github.com/ibrahimsql Vendor Homepage: https://ghost.org Software Link: https://github.com/TryGhost/Ghost Version: =2.28.1 """ import requests import s...
Grav CMS 1.7.48 - Remote Code Execution (RCE)
Exploit Title: Grav CMS 1.7.48 - Remote Code Execution RCE Date: 2025-08-07 Exploit Author: binneko https://github.com/binneko Vendor Homepage: https://getgrav.org/ Software Link: https://github.com/getgrav/grav/releases/tag/1.7.48 Version: Grav CMS v1.7.48 / Admin Plugin v1.10.48 Tested on: Debi...
Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure
Exploit Title: Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure Exploit Author: Yesith Alvarez Vendor Homepage: hhttps://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 CVE: CVE-2025-5777 Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-5777/exploit.py impor...