47884 matches found
Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection
/ Title : Tigo Energy Cloud Connect Advanced CCA 4.0.1 - Command Injection Author : Byte Reaper CVE : CVE-2025-7769 / include include include include "argparse.h" include include include define FULLURL 2500 define POSTPAYLOAD 5500 const char baseurl = NULL; const char cookies = NULL; const char i...
Ghost CMS 5.59.1 - Arbitrary File Read
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.59.1 - Arbitrary File Read Date: 2023-09-20 Exploit Author: ibrahimsql https://github.com/ibrahmsql Vendor Homepage: https://ghost.org Software Link: https://github.com/TryGhost/Ghost Version: =2.28.1, zipfile, tempfile Usag...
JetBrains TeamCity 2023.11.4 - Authentication Bypass
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: JetBrains TeamCity 2023.11.4 - Authentication Bypass Date: 2024-02-21 Exploit Author: ibrahimsql https://github.com/ibrahimsql Vendor Homepage: https://www.jetbrains.com/teamcity/ Version: =2.25.1 """ import requests import argparse...
projectworlds Online Admission System 1.0 - SQL Injection
/ Title : projectworlds Online Admission System 1.0 - SQL Injection Author : Byte Reaper CVE : CVE-2025-8471 / include include include include include "argparse.h" include define FULL 2200 int verbose = 0; int selCookie = 0; const char cookies; void sleepAssemblyvoid struct timespec s ; s.tvsec =...
Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE)
Exploit Title: Microsoft SharePoint Server 2019 – Remote Code Execution RCE Google Dork: intitle:"Microsoft SharePoint" inurl:"/layouts/15/ToolPane.aspx" Date: 2025-08-07 Exploit Author: Agampreet Singh RedRoot Tool Maker – https://github.com/Agampreet-Singh/RedRoot Vendor Homepage:...
Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials
/ Title : Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials Author : Byte Reaper CVE : CVE-2025-8730 Description : Exploit demonstrating an authentication bypass vulnerability in the web interface of Belkin F9K1009 and F9K1010 routers. The flaw resides in improper session validation...
Cisco ISE 3.0 - Authorization Bypass
Exploit Title: Cisco ISE 3.0 - Authorization Bypass Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Authorization Bypass CVE: CVE-2025-20125 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
Titles: Microsoft Edge Renderer Process Mojo IPC 134.0.6998.177 - Sandbox Escape Author: nu11secur1ty Date: 08/07/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730...
atjiu pybbs 6.0.0 - Cross Site Scripting (XSS)
/ Exploit Title : atjiu pybbs 6.0.0 - Cross Site Scripting XSS Exploit Author: Byte Reaper Vendor Homepage: https://github.com/atjiu/pybbs Tested on: Kali Linux CVE: CVE-2025-8550...
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec - Vendor Homepage: https://www.vmware.com - Version: vSphere Client 8.0.3.0 - Tested On:...
LPAR2RRD 8.04 - Remote Code Execution (RCE)
/ Author : Byte Reaper Title : LPAR2RRD 8.04 - Remote Code Execution RCE CVE : CVE-2025-54769 Vulnerability: RCE && directory traversal Description : Uploads a malicious Perl script via the LPAR2RRD upgrade endpoint, exploits directory traversal to place it in a CGI-executable path, then triggers...
Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
/ Author : Byte Reaper CVE : CVE-2025-54589 Title : Copyparty 1.18.6 - Reflected Cross-Site Scripting XSS CVE-2025-54589 is a reflected cross-site scripting XSS vulnerability in Copyparty ≤ 1.18.6 where the filter parameter is inserted into the HTML response without proper sanitization, allowing ...
Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
Titles: Microsoft Edge Chromium-based 135.0.7049.114/.115 - Information Disclosure Date: 08/02/2025 Vendor: Microsoft Software: https://www.microsoft.com/bg-bg/edge/download?form=MA13FJ Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741 Description CVE-2025-49741...
Gandia Integra Total 4.4.2236.1 - SQL Injection
/ Author : Byte Reaper CVE : CVE-2025-41373 Vulnerability : SQL Affected Path : /encuestas/integrawebv4/integra/html/view/hislistadoacciones.php?idestudio= Affected Versions : 2.1.2217.3 to v4.4.2236.1 Description: This endpoint concatenates the idestudio parameter directly into an SQL query...
Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
/ Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-8191 Title : Swagger UI 1.0.3 - Cross-Site Scripting XSS Description : CVE-2025-8191, a vulnerability in the Swagger UI service due to poor description parameter filtering, leading to command execution on a remote server. / include...
Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)
Titles: Microsoft Virtual Hard Disk VHDX 11 - Remote Code Execution RCE Author: nu11secur1ty Date: 07/23/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/windows/windows-11?r=1 Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-49683 Base Score: 7.8 HIGHVector:...
Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation
!/usr/bin/env python3 Exploit Title: Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation Exploit Author: Gurjot Singh CVE: CVE-2023-3460 Description : The attached PoC demonstrates how an unauthenticated attacker can escalate privileges to admin by abusing unsanitized input in...
Linux PAM Environment - Variable Injection Local Privilege Escalation
Exploit Title: Linux PAM Environment - Variable Injection Local Privilege Escalation Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: PAM pamenv.so module allows environment variable injection via /.pamenvironment leading to privilege escalation throu...
XWiki 14 - SQL Injection via getdeleteddocuments.vm
Exploit Title: XWiki 14 - SQL Injection via getdeleteddocuments.vm Google Dork: N/A Date: 28 July 2025 Exploit Author: Byte Reaper LinkedIn: N/A Vendor Homepage: https://www.xwiki.org Software Link: https://www.xwiki.org Version: XWiki Platform ≤ 14.x Tested on: XWiki Platform ≤ 14.x CVE:...
Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting XSS via component /blog/blogpost/add Date: 23/07/2025 Exploit Author: Kevin Dicks Vendor Homepage: https://github.com/stephenmcd/mezzanine Software Link: https://github.com/stephenmcd/mezzanine Version: 6.1.0 Category: Web Application...
Xlight FTP 1.1 - Denial Of Service (DOS)
Exploit Title: Xlight FTP 1.1 - Denial Of Service DOS Google Dork: N/A Date: 22 July 2025 Exploit Author: Fernando Mengali LinkedIn: https://www.linkedin.com/in/fernando-mengali/ Vendor Homepage: https://www.xlightftpd.com Software Link: N/A Version: 1.1 Tested on: Windows XP CVE: CVE-2024-0737...
Adobe ColdFusion 2023.6 - Remote File Read
Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767 Vendor Homepage: https://www.adobe.com/ Requirements: requests=2.25.0,...
Invision Community 4.7.20 - (calendar/view.php) SQL Injection
Exploit Title: Invision Community = 4.7.18. Proof of Concept https://karmainsecurity.com/pocs/CVE-2025-48932.php...
Discourse 3.1.1 - Unauthenticated Chat Message Access
!/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @ https://twitter.com/ibrahmsql Date: 2023-12-14 require 'net/http' require 'uri' require 'json' require 'openssl' require...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field
Exploit Title: LiveHelperChat 4. Save the changes. 5. Revist the Department Assignment settings page and edit the Alias Nick field, the cross site scripting xss will execute...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Personal Canned Messages
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Personal Canned Messages Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Facebook Integration Page Name Field Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/...
Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow
/ Title : Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-7795 Vulnerability : Buffer Overflow Description : A buffer overflow vulnerability affecting certain Tenda routers, exploitable via an unauthenticated POST request to an...
Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)
Titles: Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting XSS Author: nu11secur1ty Date: 2025-07-18 Vendor: Microsoft Software: Microsoft Edge Browser Reference: https://www.cve.org/CVERecord?id=CVE-2015-6176 !/usr/bin/python nu11secur1ty CVE-2015-6176 import http.server import...
Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE
Exploit Title: Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE Google Dork: inurl:/wp-content/plugins/pie-register/ Date: 2025-07-09 Exploit Author: Md Amanat Ullah xSwads Vendor Homepage: https://wordpress.org/plugins/pie-register/ Software Link:...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Telegram Bot Username Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software Link:...
Joomla JS Jobs plugin 1.4.2 - SQL injection
Exploit Title: Joomla JS Jobs plugin 1.4.2 - SQL injection Google Dork: n/a Date: 07/07/2025 Exploit Author: Adam Wallwork Vendor Homepage: https://joomsky.com/ Demo: https://demo.joomsky.com/js-jobs/jm/free/ Software Link: https://extensions.joomla.org/extension/js-jobs/ Version: v1.4.2 Tested o...
Simple File List WordPress Plugin 4.2.2 - File Upload to RCE
Exploit Title: Simple File List WordPress Plugin 4.2.2 - File Upload to RCE Google Dork: inurl:/wp-content/plugins/simple-file-list/ Date: 2025-07-15 Exploit Author: Md Amanat Ullah xSwads Vendor Homepage: https://wordpress.org/plugins/simple-file-list/ Software Link:...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via the Chat Transfer Function Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Operator Surname Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software Link:...
TOTOLINK N300RB 8.54 - Command Execution
Title: TOTOLINK N300RB 8.54 - Command Execution Author: Skander BELABED - Magellan Sécurité Date: 07/11/2025 Vendor: TOTOLINK Product: N300RB Firmware version: 8.54 CVE: CVE-2025-52089 Description: A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8....
SugarCRM 14.0.0 - SSRF/Code Injection
Exploit Title : SugarCRM 14.0.0 - SSRF/Code Injection Author: Egidio Romano aka EgiX Email : [email protected] Software Link: https://www.sugarcrm.com Affected Versions: All commercial versions before 13.0.4 and 14.0.1. CVE Reference: CVE-2024-58258 Vulnerability Description: User input passed...
PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN Vendor Homepage: https://github.com/pivotx Software Link: https://github.com/pivotx/PivotX Version: 3.0.0 RC3 Tested on: Debian 11, PHP 7.4 CVE : CVE-2025-52367 Vulnerability Type:...
MikroTik RouterOS 7.19.1 - Reflected XSS
Exploit Title: MikroTik RouterOS 7.19.1 - Reflected XSS Google Dork: inurl:/login?dst= Date: 2025-07-15 Exploit Author: Prak Sokchea Vendor Homepage: https://mikrotik.com Software Link: https://mikrotik.com/download Version: RouterOS /login?dst=javascript:alert3 A reflected XSS will be triggered...
Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege
Titles: Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege Author: nu11secur1ty Date: 07/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/windows/windows-11?r=1 Reference: https://portswigger.net/web-security/access-control CVE-2025-49677 Descripti...
WP Publications WordPress Plugin 1.2 - Stored XSS
Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS Google Dork: inurl:/wp-content/plugins/wp-publications/ Date: 2025-07-15 Exploit Author: Zeynalxan Quliyev Vendor Homepage: https://wordpress.org/plugins/wp-publications/ Software Link:...
NodeJS 24.x - Path Traversal
Exploit Title : NodeJS 24.x - Path Traversal Exploit Author : Abdualhadi khalifa CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploitpathtraversalprecisetargeturl: str, targetfile: str, method: str - dict: traversesequence = "..\" 6...
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion LFI Date: 2025-07-09 Exploit Author: Imraan Khan Lich-Sec Vendor Homepage: https://wss.com/ Software Link: https://client.protop.co.za/ Version: v4.4.2-2024-11-27 Tested on: Ubuntu 22.04 / Linux CVE: CVE-2025-44177...
Langflow 1.2.x - Remote Code Execution (RCE)
!/usr/bin/env python3 Exploit Title: Langflow 1.2.x - Remote Code Execution RCE Date: 2025-07-11 Exploit Author: Raghad Abdallah Al-syouf Vendor Homepage: https://github.com/logspace-ai/langflow Software Link: https://github.com/logspace-ai/langflow/releases Version: = 1.2.x Tested on: Ubuntu /...
Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges
Exploit Title : Microsoft Graphics Component Windows 11 Pro Build 26100+ - Local Elevation of Privileges Author: nu11secur1ty Date: 07/11/2025 --- Overview This repository contains a PowerShell script to validate whether a Windows 11 system is vulnerable to CVE-2025-49744—a critical local privile...
Keras 2.15 - Remote Code Execution (RCE)
!/usr/bin/env python3 Exploit Title: Keras 2.15 - Remote Code Execution RCE Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-07-09 Tested on: Ubuntu 22.04 LTS, Python 3.10, TensorFlow/Keras = 2.15 CVE: CVE-2025-1550 Type: Remote Code...
Discourse 3.2.x - Anonymous Cache Poisoning
!/usr/bin/env python3 """ Exploit Title: Discourse 3.2.x - Anonymous Cache Poisoning Date: 2024-10-15 Exploit Author: ibrahimsql Github: : https://github.com/ibrahmsql Vendor Homepage: https://discourse.org Software Link: https://github.com/discourse/discourse Version: Discourse latest patched...
Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
!/bin/bash Exploit Title: Microsoft Defender for Endpoint MDE - Elevation of Privilege Date: 2025-05-27 Exploit Author: Rich Mirch Vendor Homepage: https://learn.microsoft.com/en-us/defender-endpoint/ Software Link:...
Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
Exploit Title: Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover Date: October 25, 2024 Exploit Author: stealthcopter Vendor Homepage: https://stacksmarket.co/ Software Link: https://wordpress.org/plugins/stacks-mobile-app-builder/ Version: = 5.2.3 Tested on: Ubuntu...
Microsoft Outlook - Remote Code Execution (RCE)
Titles: Microsoft Outlook - Remote Code Execution RCE Author: nu11secur1ty Date: 07/06/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/microsoft-365/outlook/log-in Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47176...