Exploitdb - Page 7 of Exploitdb Vulnerabilities List

Exploit DB•added 2025/05/25 12:0 a.m.•250 views

Windows 2024.15 - Unauthenticated Desktop Screenshot Capture

Exploit Title: Windows 2024.15 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Version: 2024.15 Tested on: Windows 10/11 with Remote for Windows helper ''' Description: -...

Exploit DB•added 2025/05/25 12:0 a.m.•417 views

Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow

!/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow Google Dork: if applicable Date: 2025-05-23 Exploit Author: Pepelux user in ExploitDB Vendor Homepage: https://www.grandstream.com/ Software Link: download link if available Version: Grandstream GSD3710 -...

9.8CVSS9.2AI score0.09438EPSS

Exploit DB•added 2025/05/25 12:0 a.m.•261 views

ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation

!/usr/bin/env python Exploit Title: ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalabl...

Exploit DB•added 2025/05/25 12:0 a.m.•291 views

ABB Cylon Aspect Studio 3.08.03 - Binary Planting

Exploit Title: ABB Cylon Aspect Studio 3.08.03 - Binary Planting Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: type project P R O J E C T .| | | |'| . | | |. |' .---"| .-' '-. | | .--'| || | | | .-'| .| | || '- | | | || | |' | |. | || | | | | || | | '-' ' "" '-' '-.'...

7.1CVSS7.1AI score0.01113EPSS

Exploit DB•added 2025/05/21 12:0 a.m.•234 views

Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)

Exploit Title: Remote Keyboard Desktop 1.0.1 - Remote Code Execution RCE Date: 05/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://remotecontrolio.web.app/ Software Link: https://apps.microsoft.com/detail/9n0jw8v5sc9m?hl=neutral&gl=US&ocid=pdpshare Version: 1.0.1 Tested on: Windows...

Exploit DB•added 2025/05/18 12:0 a.m.•364 views

Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation

Exploit Title: Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation Date: 2025-04-23 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.zyxel.com/ Version: Zyxel uOS V1.31 see https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-= =3D...

7.8CVSS7AI score0.00349EPSS

Exploit DB•added 2025/05/18 12:0 a.m.•280 views

Invision Community 5.0.6 - Remote Code Execution (RCE)

\n"; print "\nExample....: php $argv0 http://localhost/invision/"; print "\nExample....: php $argv0 https://invisioncommunity.com/\n\n"; die; $ch = curlinit; $params = "app" = "core", "module" = "syst...

Exploit DB•added 2025/05/18 12:0 a.m.•288 views

CrushFTP 11.3.1 - Authentication Bypass

Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.crushftp.com Software Link: https://www.crushftp.com/download.html Version: =2.28.1 , colorama=0.4.6 ,...

9.8CVSS7.4AI score0.88937EPSS

Exploits20

Exploit DB•added 2025/05/13 12:0 a.m.•359 views

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ Date: 2025-05-12 Exploit Author: Md Shoriful Islam RootHarpy Vendor Homepage:...

9.8CVSS7.1AI score0.12729EPSS

Exploit DB•added 2025/05/13 12:0 a.m.•413 views

Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)

Exploit Title: Kentico Xperience 13.0.178 - Cross Site Scripting XSS Date: 2025-05-09 Version: Kentico Xperience before 13.0.178 Exploit Author: Alex Messham Contact: [email protected] Source: https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC/ CVE: CVE-2025-32370 import...

9.8CVSS9.6AI score0.00544EPSS

Exploit DB•added 2025/05/13 12:0 a.m.•319 views

TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow

/ Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - DHCP Stack Buffer Overflow Date: 10/20/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-11237 Category: Remote Technical...

9.8CVSS7.1AI score0.04128EPSS

Exploit DB•added 2025/05/13 12:0 a.m.•279 views

RDPGuard 9.9.9 - Privilege Escalation

Exploit Title: RDPGuard 9.9.9 - Privilege Escalation Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version: 9.9.9 latest Tested on: Windows 10 32bit Steps to Reproduce 1. Prepare a .bat...

Exploit DB•added 2025/05/09 12:0 a.m.•412 views

VirtualBox 7.0.16 - Privilege Escalation

Exploit Title: VirtualBox 7.0.16 - Privilege Escalation Date: 2025-05-06 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64 CVE : CVE-2024-21111 include include include include include include include inclu...

7.8CVSS7AI score0.11116EPSS

Exploit DB•added 2025/05/09 12:0 a.m.•293 views

Apache ActiveMQ 6.1.6 - Denial of Service (DOS)

Exploit Title: Apache ActiveMQ 6.1.6 - Denial of Service DOS Date: 2025-05-9 Exploit Author: Abdualhadi khalifa https://x.com/absholi7ly/ Github: https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ CVE: CVE-2025-27533 import socket import struct import time import datetime...

7.5CVSS7AI score0.02253EPSS

Exploit DB•added 2025/05/09 12:0 a.m.•317 views

WordPress Depicter Plugin 3.6.1 - SQL Injection

Exploit Title: WordPress Depicter Plugin 3.6.1 - SQL Injection Google Dork: inurl:/wp-content/plugins/depicter/ Date: 2025-05-06 Exploit Author: Andrew Long datagoboom Vendor Homepage: https://wordpress.org/plugins/depicter/ Software Link: https://downloads.wordpress.org/plugin/depicter.3.6.1.zip...

7.5CVSS7.1AI score0.47524EPSS

Exploits6

Exploit DB•added 2025/05/09 12:0 a.m.•319 views

SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation

Exploit Title: SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation Date: 2025-05-7 Exploit Author: Abdualhadi khalifa https://x.com/absholi7ly/ Affected: Versions All versions of OttoKit SureTriggers ≤ 1.0.82. Conditions for Exploitation The vulnerability can be exploited under the followin...

9.8CVSS7.1AI score0.81472EPSS

Exploit DB•added 2025/05/09 12:0 a.m.•326 views

Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation

Exploit Title: Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation Date: 2025-05-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64 CVE : CVE-2024-38193 pragma once...

7.8CVSS7.2AI score0.73233EPSS

Exploit DB•added 2025/05/06 12:0 a.m.•336 views

Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)

Exploit Title: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2025-05-02 Exploit Author: Sn1p3r-H4ck3r Siripong Jintung Vendor Homepage: https://snipeitapp.com Software Link: https://github.com/grokability/snipe-it Version: /printassigned endpoint. This...

5CVSS7AI score0.01048EPSS

Exploit DB•added 2025/05/06 12:0 a.m.•275 views

Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 1.901.0 Date: 03/07/2024 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v1.901.0.zip Tested on: Windows CVE : N/...

Exploit DB•added 2025/05/06 12:0 a.m.•389 views

ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)

Exploit Title: ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery CSRF Google Dork: inurl:"/api/method/frappe" Date: 2025-04-29 Exploit Author: Ahmed Thaiban Thvt0ne Vendor Homepage: https://erpnext.com Software Link: https://github.com/frappe/erpnext Version: Delete User Click Her...

8.1CVSS7.1AI score0.00224EPSS

Exploit DB•added 2025/05/01 12:0 a.m.•461 views

ZTE ZXV10 H201L - RCE via authentication bypass

Exploit Title: ZTE ZXV10 H201L - RCE via authentication bypass Exploit Author: l34n tasos meletlidis https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client, requests, os, argparse, struct, zlib from io import BytesIO from os import stat from Crypto.Cipher import AES def...

Exploit DB•added 2025/05/01 12:0 a.m.•268 views

Daikin Security Gateway 14 - Remote Password Reset

Daikin Security Gateway 214 - Remote Password Reset Vendor: Daikin Industries, Ltd. Product web page: https://www.daikin.com https://www.daikin.eu/enus/products/product.html/DRGATEWAYAA.html Affected version: App: 100, Frm: 214 Summary: The Security gateway allows the iTM and LC8 controllers to...

Exploit DB•added 2025/05/01 12:0 a.m.•307 views

Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing

Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: https://hyp3rlinx.altervista.org/advisories/MicrosoftWindowsxrm-msFileNTLM-HashDisclosure.txt x.com/hyp3rlinx ISR: ApparitionSec Vendor www.microsoft.com Product .xrm-ms File Type Vulnerability Type NTLM Hash...

Exploit DB•added 2025/05/01 12:0 a.m.•332 views

Microsoft - NTLM Hash Disclosure Spoofing (library-ms)

Exploit title: Microsoft - NTLM Hash Disclosure Spoofing library-ms Exploit Author: John Page aka hyp3rlinx x.com/hyp3rlinx ISR: ApparitionSec Back in 2018, I reported a ".library-ms" File NTLM information disclosure vulnerability to MSRC and was told "it was not severe enough", that being said I...

6.5CVSS7.2AI score0.08036EPSS

Exploits18

Exploit DB•added 2025/04/30 12:0 a.m.•284 views

unzip-stream 0.3.1 - Arbitrary File Write

Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write Date: 18th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mhr3/unzip-stream Version: unzip-stream 0.3.1 Tested on: Ubuntu CVE: CVE-2024-42471 NB: Python's built-in zipfile module has limitations on t...

7.5CVSS7.4AI score0.0771EPSS

Exploit DB•added 2025/04/22 12:0 a.m.•234 views

tar-fs 3.0.0 - Arbitrary File Write/Overwrite

Exploit Title: tar-fs 3.0.0 - Arbitrary File Write/Overwrite Date: 17th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mafintosh/tar-fs Version: tar-fs 3.0.0 Tested on: Ubuntu CVE: CVE-2024-12905 Run the command: Example: python3 exploit.py authorizedkeys...

7.5CVSS7.4AI score0.00806EPSS

Exploit DB•added 2025/04/22 12:0 a.m.•221 views

code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)

Exploit Title: code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/exam/feedback.php Date: 2025-04-19 Exploit Author: Pruthu Raut Vendor Homepage: https://code-projects.org/ Software Link:...

6.1CVSS7.4AI score0.00951EPSS

Exploit DB•added 2025/04/22 12:0 a.m.•300 views

WonderCMS 3.4.2 - Remote Code Execution (RCE)

Exploit Title: WonderCMS 3.4.2 - Remote Code Execution RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ CVE: CVE-2023-41425 import requests import...

6.1CVSS7.4AI score0.91079EPSS

Exploits16

Exploit DB•added 2025/04/22 12:0 a.m.•288 views

WordPress Core 6.2 - Directory Traversal

Exploit Title: WordPress Core 6.2 - Directory Traversal Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Version: = 6.2 Tested on: Win, Ubuntu CVE : CVE-2023-2745 import requests from colorama import init,...

6.1CVSS7.4AI score0.79284EPSS

Exploits7

Exploit DB•added 2025/04/22 12:0 a.m.•255 views

Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege

Exploit Title: Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ CVE: CVE-2024-49138 include...

7.8CVSS7.4AI score0.86946EPSS

Exploit DB•added 2025/04/22 12:0 a.m.•239 views

OpenSSH server (sshd) 9.8p1 - Race Condition

Exploit Title : OpenSSH server sshd 9.8p1 - Race Condition Author : Milad Karimi Ex3ptionaL Date : 2025-04-16 Description: Targets a signal handler race condition in OpenSSH's server sshd on glibc-based Linux systems. It exploits a vulnerability where the SIGALRM handler calls async-signal-unsafe...

7AI score

Exploit DB•added 2025/04/22 12:0 a.m.•290 views

Microsoft Windows 11 - Kernel Privilege Escalation

Exploit Title: Microsoft Windows 11 - Kernel Privilege Escalation Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win, Ubuntu CVE : CVE-2024-21338 include "pch.hpp" include "poc.hpp" // This...

7.8CVSS7.4AI score0.78644EPSS

Exploits13

Exploit DB•added 2025/04/22 12:0 a.m.•227 views

Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution

Exploit Title: Firefox ESR 115.11 - Arbitrary JavaScript execution in PDF.js Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...

8.8CVSS7.4AI score0.40321EPSS

Exploits14

Exploit DB•added 2025/04/19 12:0 a.m.•361 views

FoxCMS 1.2.5 - Remote Code Execution (RCE)

Date: 2025-04-17 Exploit Title: Exploit Author: VeryLazyTech Vendor Homepage: https://www.foxcms.org/ Software Link: https://www.foxcms.cn/ Version: FoxCMS v.1.2.5 Tested on: Ubuntu 22.04, Windows Server 2019 CVE: CVE-2025-29306 Website: https://www.verylazytech.com !/bin/bash banner cat " exit 1...

9.8CVSS7AI score0.86208EPSS

Exploits11

Exploit DB•added 2025/04/19 12:0 a.m.•325 views

Drupal 11.x-dev - Full Path Disclosure

!/usr/bin/env python Exploit Title: Drupal 11.x-dev - Full Path Disclosure Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Version: 11.x-dev CVE:...

5.3CVSS7AI score0.86689EPSS

Exploit DB•added 2025/04/18 12:0 a.m.•297 views

UJCMS 9.6.3 - User Enumeration via IDOR

Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link: https://github.com/dromara/ujcms Version: UJCMS 9.6.3 Tested on: Linux CVE: CVE-2024-12483 Advisory:...

6.3CVSS7.4AI score0.03597EPSS

Exploit DB•added 2025/04/18 12:0 a.m.•293 views

Tatsu 3.3.11 - Unauthenticated RCE

Exploit Title:Tatsu 3.3.11 - Unauthenticated RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Product: Tatsu wordpress plugin = 3.3.11 CVE:...

8.1CVSS7.4AI score0.90975EPSS

Exploits9

Exploit DB•added 2025/04/18 12:0 a.m.•253 views

Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation

Exploit Title: Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation Date: 16 December, 2024 Exploit Author: Jun Takemura Author's GitHub: https://github.com/JunTakemura Author's Blog: juntakemura.dev Vendor Homepage: https://themehunk.com Software Link:...

9.8CVSS7.4AI score0.9188EPSS

Exploits5

Exploit DB•added 2025/04/18 12:0 a.m.•223 views

KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection

Exploit Title: KiviCare Clinic & Patient Management System EHR 3.6.4 - Unauthenticated SQL Injection SQL Injection Google Dork: inurl:"/wp-content/plugins/kivicare-clinic-management-system/ Date: 11/12/2024 Exploit Author: Samet "samogod" Gözet Vendor Homepage: wordpress.org Software Link:...

7.5CVSS7.4AI score0.72218EPSS

Exploit DB•added 2025/04/18 12:0 a.m.•213 views

Apache Commons Text 1.10.0 - Remote Code Execution

Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Software Link:https://repo1.maven.org/maven2/org/apache/commons/commons-text/ Version: Apache...

9.8CVSS7.4AI score0.94251EPSS

Exploits41

Exploit DB•added 2025/04/18 12:0 a.m.•278 views

Inventio Lite 4 - SQL Injection

Exploit Title: Inventio Lite 4 - SQL Injection Error Based SQLi in "username" parameter on "/?action=processlogin." Date: 08/21/2024 Exploit Author: pointedsec Vendor Homepage: http://evilnapsis.com Software Link: https://github.com/evilnapsis/inventio-lite Version: ' or email LIKE '' and passwor...

9.8CVSS7.4AI score0.05248EPSS

Exploit DB•added 2025/04/18 12:0 a.m.•240 views

Langflow 1.3.0 - Remote Code Execution (RCE)

Exploit Title: Langflow 1.3.0 - Remote Code Execution RCE Date: 2025-04-17 Exploit Author: VeryLazyTech Vendor Homepage: http://www.langflow.org/ Software Link: https://github.com/langflow-ai/langflow Version: Langflow 1.3.0 Tested on: Windows Server 2019 CVE: CVE-2025-3248 CVE-2025-3248 - Remote...

9.8CVSS7.4AI score0.92665EPSS

Exploits33

Exploit DB•added 2025/04/17 12:0 a.m.•268 views

Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation

Exploit Title: Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation Google Dork: N/A Date: 2024-12-26 Exploit Author: Kwangyun Keum Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-bank-donor-management-system/ Version: 2.4 Tested on: Windo...

6.9CVSS7.1AI score0.00152EPSS

Exploit DB•added 2025/04/17 12:0 a.m.•246 views

AnyDesk 9.0.1 - Unquoted Service Path

Exploit Title: AnyDesk 9.0.1 - Unquoted Service Path Date: 2024-12-11 Exploit Author: Parastou Razi Contact: [email protected] Vendor Homepage: http://anydesk.com Software Link: http://anydesk.com/download Version: Software Version 9.0.1 Tested on: Windows 11 x64 1. Description: The Anydesk...

Exploit DB•added 2025/04/17 12:0 a.m.•191 views

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal

Exploit Title: ABB Cylon Aspect 3.08.02 ethernetUpdate.php - Authenticated Path Traversal Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable...

Exploit DB•added 2025/04/17 12:0 a.m.•264 views

TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Denial Of Service DOS Date: 10/22/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-12342 Description: Two critical...

7.1CVSS7.1AI score0.12213EPSS

Exploit DB•added 2025/04/17 12:0 a.m.•336 views

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload...

9.8CVSS7AI score0.89192EPSS

Exploits5

Exploit DB•added 2025/04/17 12:0 a.m.•235 views

ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution

Exploit Title: ABB Cylon Aspect 3.08.02 deployStart.php Unauthenticated Command Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable...

10CVSS7AI score0.17736EPSS