📄 ClipBucket 5.5.2 Build 90 Server-Side Request Forgery

ClipBucket version 5.5.2 Build 90 suffers from a server-side request forgery vulnerability. Exploit Title: ClipBucket 5.5.2 Build 90 - Server-Side Request Forgery SSRF Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Softwa...

📄 WatchGuard Firebox Default Credentials / SSH Access

The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative access via SSH on port 4118 using the default credentials. This configuration exposes the device to remote attackers who can gain full administrative access without prior authentication. CVE-2025-5939...

📄 Service Upstart Persistence

This Metasploit module will create a service on the box, and mark it for auto-restart. You need enough access to write service files and potentially restart services. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

📄 Windows Persistent Task Scheduler

This Metasploit module establishes persistence by creating a scheduled task to run a payload. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Persistent Task Scheduler', 'Description' =...

📄 NCR Command Center Agent 16.3 Remote Code Execution

CMCAgent in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...

📄 WBCE CMS 1.6.4 Cross Site Scripting

WBCE CMS version 1.6.4 suffers from a persistent cross site scripting vulnerability. Exploit Title: WBCE CMS 1.6.4 - Stored Cross-Site Scripting XSS Date: 2025-10-29 Exploit Author: Chokri Hammedi Vendor Homepage: https://wbce.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/v1.6....

📄 LEPTON 7.4.0 Remote Code Execution

LEPTON CMS version 7.4.0 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary system commands through the Droplets functionality. This vulnerability arises from improper input validation and execution control within the Droplets feature...

📄 LEPTON 7.4.0 Cross Site Scripting

LEPTON version 7.4.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: LEPTON 7.4.0 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr / Hulya KARABAG Vendor Homepage: https://lepton-cms.org/ Software Link:...

📄 Windows Persistent Startup Folder

This Metasploit module establishes persistence by creating a payload in the user or system startup folder. Works on Vista and newer systems. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

📄 RiteCMS 3.1.0 Cross Site Scripting

RiteCMS version 3.1.0 suffers from a cross site scripting vulnerability. Exploit Title: RiteCMS 3.1.0 - Reflected XSS in Admin Panel Date: October 28, 2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/ritecms/ritecms Version: RiteCMS 3.1.0...

📄 Dynatrace ActiveGate Command Injection

Dynatrace ActiveGate versions up to 1.016 suffer from an OS command injection vulnerability. CVE-2025-61304 "OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address" In the background the ping extension is using the command prompt of Windows to...

📄 RiteCMS 3.1.0 Remote Code Execution

RiteCMS version 3.1.0 suffers from an authenticated remote code execution vulnerability. Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution RCE Date: 2025-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/handylulu/RiteCMS Software Link:...

📄 Wisenshop Cross Site Scripting

Wisenshop suffers from a cross site scripting vulnerability. It is unclear what version is affected as they are not published where this software is sold. Exploit Title: Wisenshop - Stored XSS Exploit Author: CraCkEr Date: 11-10-2025 Author of Script: Wisencode Infotech Vendor: Wisencode Infotech...

📄 WBCE CMS 1.6.4 Remote Code Execution

WBCE CMS version 1.6.4 contains a critical remote code execution vulnerability in the Droplets module. Authenticated attackers with administrator privileges can inject and execute arbitrary PHP code, leading to complete system compromise. Exploit Title: WBCE CMS 1.6.4 - Remote Code Execution Date...

📄 ModernShop Cross Site Scripting

ModernShop suffers from a cross site scripting vulnerability. It is unclear what version is affected as they are not published where this software is sold. Exploit Title: ModernShop - RXSS Exploit Author: CraCkEr Date: 11-10-2025 Author of Script: ABHIRAM B Vendor: ABHI CODE BOX Vendor Homepage:...

📄 Easywork Enterprise 2.1.3.354 Cleartext Memory Secret Storage

Easywork Enterprise version 2.1.3.354 is vulnerable to cleartext storage of sensitive information in memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory...

📄 Vvveb CMS 1.0.5 Remote Code Execution

Vvveb CMS is vulnerable to code injection via the Code Editor functionality. Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem, allowing remote authenticated attackers with access to the Code Editor to achieve code execution wh...

📄 Log2Space Subscriber Management Software 1.1 SQL Injection

Log2Space Subscriber Management Software version 1.1 suffers from an unauthenticated remote SQL injection vulnerability. Author: Aditya Patil [email protected] Rohan Patil [email protected] CVE-2025-56450 Unauthenticated SQL Injection in Log2Space Subscriber Management Software...

📄 Campcodes Online Loan Management System 1.0 SQL Injection

Campcodes Online Loan Management System versions 1.0 and below suffer from a remote SQL injection vulnerability. -- coding: utf-8 -- Exploit Loan Management System v1.0 - SQL Injection Google Dork: N/A Date: 20/10/2025 Exploit Author: CodeB0ss Vendor: Loan Management System Software Link:...

📄 Microsoft Windows Server Update Services Remote Code Execution

This is a proof of concept exploit for Microsoft Windows Server Update Services that leverages an unsafe deserialization of untrusted data in WSUS's AuthorizationCookie handling. This file demonstrates payload generation in C. using System; using System.IO; using System.Security.Cryptography; usi...

📄 Transmission Torrent Parsing Integer Overflows

Torrent file parsing in Transmission suffers from multiple integer overflow vulnerabilities. I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the trnew/trnew0 allocation wrappers don't handle overflow. define trnewstructtype, nstructs \ structtyp...

📄 Ilevia EVE X1 Server 4.7.18.0.eden Cross Site Scripting

Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from a reflective cross site scripting vulnerability. Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: =4.7.18.0.eden Summary: EVE is a smart...

📄 Greenlife.bg SQL Injection

Greenlife.bg appears to suffer from a remote SQL injection vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the vendor and they have not addressed the issue, putting their users at risk, so this is being...

📄 Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Remote Command Injection

Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the mbusfile and mbuscsv HTTP POST parameters through the /ajax/php/mbusbuildfromcsv.php script...

📄 Ilevia EVE X1 Server 4.7.18.0.eden Parameter Traversal / Arbitrary File Access

An unauthenticated absolute and relative path traversal vulnerability exists in the smart home/building automation platform via the /ajax/php/getfilecontent.php endpoint of Ilevia EVE X1 Server versions 4.7.18.0.eden and below. By supplying a crafted file POST parameter, a remote attacker can rea...

📄 PerfexCRM Authentication Bypass

PerfexCRM versions prior to 3.3.1 suffer from an authentication bypass vulnerability. Security Advisory — PerfexCRM Authentication Bypass CVE-2025-60375, RESERVED Advisory ID: perfexcrm-auth-bypass-2025 CVE: CVE-2025-60375 RESERVED Product: PerfexCRM Affected versions: versions prior to 3.3.1 3.3...

📄 Packet Storm EXIF Data Disclosure

A bad code push allowed EXIF data to remain in some photos on Packet Storm. Our analysis shows only 0.004% of uploaded pictures were affected and they have all been stripped to ensure no further exposure. Fortunately, the affected pictures only include items related to an admin of the site and th...

📄 Packet Storm Missing Cache Header

Packet Storm was missing a cache control header on the user settings page, allowing for parties to click back in a browser post-logout and see the page from the local browser cache. As shared computing situations can allow this to lead to an information disclosure issue, it was immediately...

📄 MotionEye Frontend 0.43.1b4 Remote Code Execution

This Metasploit module exploits a template injection vulnerability in the MotionEye Frontend. MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS command injection in configuration parameters such as imagefilename. Unsanitized user input is written to MotionEye Frontend...

📄 Perfex CRM Chatbot Cross Site Scripting

Perfex CRM's chatbot feature suffers from a persistent cross site scripting vulnerability. CVE-2025-60374 CVE-2025-60374: Stored Cross-Site Scripting XSS in Perfex CRM Chatbot ⚠️ Security Advisory A critical Stored Cross-Site Scripting vulnerability in Perfex CRM's chatbot feature --- 📋 Overview A...

📄 Malicious Windows Script Host Script File

This Metasploit module creates a Windows Script Host WSH Windows Script File .wsf. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host Script File .wsf', 'Description'...

📄 GaatiTrack 1.0 SQL Injection

GaatiTrack version 1.0 suffers from multiple remote SQL injection vulnerabilities. Metasploit module included. Titles: GaatiTrack-1.0 Copyright©2025-Multiple-SQLi - Metasploit module Author: nu11secur1ty Date: 10/06/2025 Vendor: https://www.mayurik.com/ Software:...

📄 WordPress KKProgressbar2 1.1.4.2 Cross Site Request Forgery

WordPress KKProgressbar2 version 1.1.4.2 cross site request forgery proof of concept exploit. Exploit Title: WordPress Plugin KKProgressbar2 - Cross-Site Request Forgery CSRF Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...

📄 FortiWeb Fabric Connector 7.6.x SQL Injection

FortiWeb Fabric Connector versions 7.6.x suffer from a pre-authentication remote SQL injection vulnerability. Exploit Title: FortiWeb Fabric Connector 7.6.x - Pre-authentication SQL Injection to Remote Code Execution Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact:...

📄 GNU Screen 4.5.0 Local Privilege Escalation

GNU Screen version 4.5.0 local privilege escalation exploit that leverages shared library loading. GNU Screen 4.5.0 Local Privilege Escalation Exploit CVE-2017-5618 📌 Overview Local privilege escalation exploit for GNU Screen 4.5.0 that hijacks shared library loading to gain root access via...

📄 Mac OS X Persistent Payload Installer

This Metasploit module provides a persistent boot payload by creating a launch item, which can be a LaunchAgent or a LaunchDaemon. LaunchAgents run with user level permissions and are triggered upon login by a plist entry in /Library/LaunchAgents. LaunchDaemons run with elevated privileges, and a...

📄 ERPNext 15.67.0 / Frappe 15.72.4 Cross Site Scripting

ERPNext version 15.67.0 and Frappe version 15.72.4 suffer from a persistent cross site scripting vulnerability. CVE-2025-56379 — Stored Cross-Site Scripting XSS in ERPNext 15.67.0 / Frappe 15.72.4 📌 Summary A stored Cross‑Site Scripting XSS vulnerability exists in the Blog module of ERPNext...

📄 Apache Pyfory 0.12.2 Remote Code Execution

This proof of concept exploit demonstrates the remote code execution vulnerability in Apache Pyfory versions 0.12.0 through 0.12.2 and legacy PyFury versions 0.1.0 through 0.10.3 due to an insecure pickle fallback deserialization. !/usr/bin/env python3 """...

📄 ERPNext 15.67.0 / Frappe 15.72.4 Blind SQL Injection

A time-based blind SQL injection vulnerability was discovered in the frappe.client.getvalue API endpoint in Frappe Framework version 15.72.4 and it is also present in ERPNext version 15.67.0. An authenticated user with access to the reporting/client API can inject SQL via the fieldname parameter...

📄 Fiora Chat 1.0.0 Cross Site Scripting

Fiora Chat version 1.0.0 suffers from a cross site scripting vulnerability. CVE-2025-56514: Cross Site Scripting XSS Vulnerability in Fiora Chat Application Overview A Cross Site Scripting XSS vulnerability, identified as CVE-2025-56514, affects the Fiora chat application version 1.0.0. This...

📄 CPAS Audit Management Information System 4.9 SQL Injection

CPAS Audit Management Information System versions 4.9 and below suffer from a remote SQL injection vulnerability. CPAS-bug CPAS audit management information system has SQL injection vulnerability Beijing YouDataSum Technology Co., Ltd. domain: http://youdatasum.com Affected versions...

📄 Trivision NC-227WF Username Enumeration

Trivision NC-227WF with firmware version 5.80 build 0141010 has a login mechanism that reveals whether a username exists or not by returning different error messages. CVE-2025-56764 — Trivision NC-227WF Summary Trivision NC-227WF firmware 5.80 build 20141010 login mechanism reveals whether a...

📄 Windows Silent Process Exit Persistence

Windows allows you to set up a debug process when a process exits. This Metasploit module uploads a payload and declares that it is the debug process to launch when a specified process exits. This module requires Metasploit: https://metasploit.com/download Current source:...

📄 JS Archive List 6.1.5 SQL Injection

JS Archive List versions 6.1.5 and below suffer from a remote SQL injection vulnerability. CVE-2025-54726 JS Archive List = 6.1.5 - Unauthenticated SQL Injection Description The JS Archive List plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.1.5 due to...

📄 Summer Employee Portal SQL Injection

Summer Employee Portal versions prior to 3.98.0 suffer from an authenticated remote SQL injection vulnerability. Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677 Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author:...

📄 FreePBX SQL Injection / Remote Code Execution

This Metasploit module exploits an unauthenticated SQL injection flaw in FreePBX prior to versions 15.0.66, 16.0.89, and 17.0.3. The vulnerability lies in the /admin/ajax.php endpoint, which is accessible without authentication. Additionally, the database user created by FreePBX can schedule...

📄 aaPanel 7.x.x Remote Command Execution

aaPanel version 7.x.x suffers from an authenticated remote command execution vulnerability. This was discovered prior and noted in CVE-2020-14421 where it states that it affects versions 6.6.6 and below. The developers claim it is patched but it still affects the 7.x.x version. This is...

📄 Commvault CLI Argument Injection / Traversal / Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the localadmin account, which then facilitates code execution via expression language...

📄 Node.JS 4.1.1 Directory Listing

Node.JS versions 4.1.1 and below suffer from a Range header issue that results in a directory listing. !/bin/bash Exploit Title: Node.JS -u \n" exit else echo -e "\n+ TARGET: $TARGET$URI\n" curl -s -H "Range: 99999" $TARGET$URI | html2text | sed '1d;$d' fi...

📄 Init OpenRC Persistence

This Metasploit module will create a service on the box via OpenRC, and mark it for auto-restart. We need enough access to write service files and potentially restart services. Verified against alpine 3.21.2. This module requires Metasploit: https://metasploit.com/download Current source:...