50738 matches found
π Flowise 3.0.4 Remote Command Execution
Flowise versions prior to 3.0.5 suffer from a remote command execution vulnerability. Exploit Title: Flowise 3.0.4 - Remote Code Execution RCE Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link:...
π dotCMS 25.07.02-1 SQL Injection
dotCMS version 25.07.02-1 suffers from an authenticated remote blind SQL injection vulnerability. !/usr/bin/env python3 Exploit Title: dotCMS 25.07.02-1 - Authenticated Blind SQL Injection Google Dork: N/A Date: 2025-09-09 Exploit Author: Matan Sandori OSCP, OSEP, OSWE Vendor...
π ClipBucket 5.5.2 Build 90 Server-Side Request Forgery
ClipBucket version 5.5.2 Build 90 suffers from a server-side request forgery vulnerability. Exploit Title: ClipBucket 5.5.2 Build 90 - Server-Side Request Forgery SSRF Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Softwa...
π Casdoor 2.55.0 Cross Site Request Forgery
Casdoor version 2.55.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 2.55.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 2.55.0 Date: 09/10/2025 Exploit Author: Van Lam Nguyen Facebook: vanlam1412 Vendor Homepage: https://casdoor.org/ Software...
π HTMLDOC 1.9.13 Stack Buffer Overflow
HTMLDOC versions 1.9.13 and below proof of concept exploit that demonstrates a stack buffer overflow vulnerability. !/usr/bin/env python3 Exploit Title: HTMLDOC 1.9.13 - Stack Buffer Overflow Google Dork: N/A Date: 2025-08-26 Exploit Author: wulfgarpro Vendor Homepage:...
π ClipBucket 5.5.0 Shell Upload
ClipBucket versions 5.5.0 and below suffer from a remote shell upload vulnerability. Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Software Link:...
π Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials
Ilevia EVE X1/X5 Server version 4.7.18.0.eden uses a weak set of default administrative credentials that can be found and used to gain full control of the system. Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected versio...
π Casdoor 2.95.0 Cross Site Request Forgery
Casdoor version 2.55.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.95.0 2025-10-22 Date: 2025-10-23 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...
π HTTP/2 2.0 Denial of Service
This is a testing script for the HTTP/2 Rapid Reset vulnerability as described in CVE-2023-44487. !/usr/bin/env python3 """ Exploit Title: HTTP/2 2.0 - Denial Of Service DOS Google Dork: -NA- Date: 29th August 2025 Exploit Author: Madhusudhan Rajappa Vendor Homepage: -NA- Software Link: -NA-...
π Hop.bg Cross Site Scripting
Hop.bg appears to suffer from a cross site scripting vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the vendor and they have not addressed the issue, putting their users at risk, so this is being...
π Service Upstart Persistence
This Metasploit module will create a service on the box, and mark it for auto-restart. You need enough access to write service files and potentially restart services. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
π Windows Persistent Task Scheduler
This Metasploit module establishes persistence by creating a scheduled task to run a payload. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Persistent Task Scheduler', 'Description' =...
π NCR Command Center Agent 16.3 Remote Code Execution
CMCAgent in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...
π LEPTON 7.4.0 Cross Site Scripting
LEPTON version 7.4.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: LEPTON 7.4.0 - Stored Cross-Site Scripting XSS Exploit Author: tmrswrr / Hulya KARABAG Vendor Homepage: https://lepton-cms.org/ Software Link:...
π LEPTON 7.4.0 Remote Code Execution
LEPTON CMS version 7.4.0 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary system commands through the Droplets functionality. This vulnerability arises from improper input validation and execution control within the Droplets feature...
π WBCE CMS 1.6.4 Cross Site Scripting
WBCE CMS version 1.6.4 suffers from a persistent cross site scripting vulnerability. Exploit Title: WBCE CMS 1.6.4 - Stored Cross-Site Scripting XSS Date: 2025-10-29 Exploit Author: Chokri Hammedi Vendor Homepage: https://wbce.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/v1.6....
π Windows Persistent Startup Folder
This Metasploit module establishes persistence by creating a payload in the user or system startup folder. Works on Vista and newer systems. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
π RiteCMS 3.1.0 Cross Site Scripting
RiteCMS version 3.1.0 suffers from a cross site scripting vulnerability. Exploit Title: RiteCMS 3.1.0 - Reflected XSS in Admin Panel Date: October 28, 2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/ritecms/ritecms Version: RiteCMS 3.1.0...
π Wisenshop Cross Site Scripting
Wisenshop suffers from a cross site scripting vulnerability. It is unclear what version is affected as they are not published where this software is sold. Exploit Title: Wisenshop - Stored XSS Exploit Author: CraCkEr Date: 11-10-2025 Author of Script: Wisencode Infotech Vendor: Wisencode Infotech...
π RiteCMS 3.1.0 Remote Code Execution
RiteCMS version 3.1.0 suffers from an authenticated remote code execution vulnerability. Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution RCE Date: 2025-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/handylulu/RiteCMS Software Link:...
π Dynatrace ActiveGate Command Injection
Dynatrace ActiveGate versions up to 1.016 suffer from an OS command injection vulnerability. CVE-2025-61304 "OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address" In the background the ping extension is using the command prompt of Windows to...
π WBCE CMS 1.6.4 Remote Code Execution
WBCE CMS version 1.6.4 contains a critical remote code execution vulnerability in the Droplets module. Authenticated attackers with administrator privileges can inject and execute arbitrary PHP code, leading to complete system compromise. Exploit Title: WBCE CMS 1.6.4 - Remote Code Execution Date...
π ModernShop Cross Site Scripting
ModernShop suffers from a cross site scripting vulnerability. It is unclear what version is affected as they are not published where this software is sold. Exploit Title: ModernShop - RXSS Exploit Author: CraCkEr Date: 11-10-2025 Author of Script: ABHIRAM B Vendor: ABHI CODE BOX Vendor Homepage:...
π Easywork Enterprise 2.1.3.354 Cleartext Memory Secret Storage
Easywork Enterprise version 2.1.3.354 is vulnerable to cleartext storage of sensitive information in memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory...
π Log2Space Subscriber Management Software 1.1 SQL Injection
Log2Space Subscriber Management Software version 1.1 suffers from an unauthenticated remote SQL injection vulnerability. Author: Aditya Patil [email protected] Rohan Patil [email protected] CVE-2025-56450 Unauthenticated SQL Injection in Log2Space Subscriber Management Software...
π Vvveb CMS 1.0.5 Remote Code Execution
Vvveb CMS is vulnerable to code injection via the Code Editor functionality. Unsanitized editing functionality allows attacker-controlled changes to existing files on the web-accessible filesystem, allowing remote authenticated attackers with access to the Code Editor to achieve code execution wh...
π Campcodes Online Loan Management System 1.0 SQL Injection
Campcodes Online Loan Management System versions 1.0 and below suffer from a remote SQL injection vulnerability. -- coding: utf-8 -- Exploit Loan Management System v1.0 - SQL Injection Google Dork: N/A Date: 20/10/2025 Exploit Author: CodeB0ss Vendor: Loan Management System Software Link:...
π Transmission Torrent Parsing Integer Overflows
Torrent file parsing in Transmission suffers from multiple integer overflow vulnerabilities. I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the trnew/trnew0 allocation wrappers don't handle overflow. define trnewstructtype, nstructs \ structtyp...
π Microsoft Windows Server Update Services Remote Code Execution
This is a proof of concept exploit for Microsoft Windows Server Update Services that leverages an unsafe deserialization of untrusted data in WSUS's AuthorizationCookie handling. This file demonstrates payload generation in C. using System; using System.IO; using System.Security.Cryptography; usi...
π Ilevia EVE X1 Server 4.7.18.0.eden Cross Site Scripting
Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from a reflective cross site scripting vulnerability. Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: =4.7.18.0.eden Summary: EVE is a smart...
π Greenlife.bg SQL Injection
Greenlife.bg appears to suffer from a remote SQL injection vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the vendor and they have not addressed the issue, putting their users at risk, so this is being...
π Ilevia EVE X1 Server 4.7.18.0.eden Parameter Traversal / Arbitrary File Access
An unauthenticated absolute and relative path traversal vulnerability exists in the smart home/building automation platform via the /ajax/php/getfilecontent.php endpoint of Ilevia EVE X1 Server versions 4.7.18.0.eden and below. By supplying a crafted file POST parameter, a remote attacker can rea...
π Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Remote Command Injection
Ilevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the mbusfile and mbuscsv HTTP POST parameters through the /ajax/php/mbusbuildfromcsv.php script...
π PerfexCRM Authentication Bypass
PerfexCRM versions prior to 3.3.1 suffer from an authentication bypass vulnerability. Security Advisory β PerfexCRM Authentication Bypass CVE-2025-60375, RESERVED Advisory ID: perfexcrm-auth-bypass-2025 CVE: CVE-2025-60375 RESERVED Product: PerfexCRM Affected versions: versions prior to 3.3.1 3.3...
π Packet Storm EXIF Data Disclosure
A bad code push allowed EXIF data to remain in some photos on Packet Storm. Our analysis shows only 0.004% of uploaded pictures were affected and they have all been stripped to ensure no further exposure. Fortunately, the affected pictures only include items related to an admin of the site and th...
π Packet Storm Missing Cache Header
Packet Storm was missing a cache control header on the user settings page, allowing for parties to click back in a browser post-logout and see the page from the local browser cache. As shared computing situations can allow this to lead to an information disclosure issue, it was immediately...
π MotionEye Frontend 0.43.1b4 Remote Code Execution
This Metasploit module exploits a template injection vulnerability in the MotionEye Frontend. MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS command injection in configuration parameters such as imagefilename. Unsanitized user input is written to MotionEye Frontend...
π Perfex CRM Chatbot Cross Site Scripting
Perfex CRM's chatbot feature suffers from a persistent cross site scripting vulnerability. CVE-2025-60374 CVE-2025-60374: Stored Cross-Site Scripting XSS in Perfex CRM Chatbot β οΈ Security Advisory A critical Stored Cross-Site Scripting vulnerability in Perfex CRM's chatbot feature --- π Overview A...
π Malicious Windows Script Host Script File
This Metasploit module creates a Windows Script Host WSH Windows Script File .wsf. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host Script File .wsf', 'Description'...
π GNU Screen 4.5.0 Local Privilege Escalation
GNU Screen version 4.5.0 local privilege escalation exploit that leverages shared library loading. GNU Screen 4.5.0 Local Privilege Escalation Exploit CVE-2017-5618 π Overview Local privilege escalation exploit for GNU Screen 4.5.0 that hijacks shared library loading to gain root access via...
π Mac OS X Persistent Payload Installer
This Metasploit module provides a persistent boot payload by creating a launch item, which can be a LaunchAgent or a LaunchDaemon. LaunchAgents run with user level permissions and are triggered upon login by a plist entry in /Library/LaunchAgents. LaunchDaemons run with elevated privileges, and a...
π GaatiTrack 1.0 SQL Injection
GaatiTrack version 1.0 suffers from multiple remote SQL injection vulnerabilities. Metasploit module included. Titles: GaatiTrack-1.0 CopyrightΒ©2025-Multiple-SQLi - Metasploit module Author: nu11secur1ty Date: 10/06/2025 Vendor: https://www.mayurik.com/ Software:...
π WordPress KKProgressbar2 1.1.4.2 Cross Site Request Forgery
WordPress KKProgressbar2 version 1.1.4.2 cross site request forgery proof of concept exploit. Exploit Title: WordPress Plugin KKProgressbar2 - Cross-Site Request Forgery CSRF Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...
π FortiWeb Fabric Connector 7.6.x SQL Injection
FortiWeb Fabric Connector versions 7.6.x suffer from a pre-authentication remote SQL injection vulnerability. Exploit Title: FortiWeb Fabric Connector 7.6.x - Pre-authentication SQL Injection to Remote Code Execution Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact:...
π ERPNext 15.67.0 / Frappe 15.72.4 Cross Site Scripting
ERPNext version 15.67.0 and Frappe version 15.72.4 suffer from a persistent cross site scripting vulnerability. CVE-2025-56379 β Stored Cross-Site Scripting XSS in ERPNext 15.67.0 / Frappe 15.72.4 π Summary A stored CrossβSite Scripting XSS vulnerability exists in the Blog module of ERPNext...
π Apache Pyfory 0.12.2 Remote Code Execution
This proof of concept exploit demonstrates the remote code execution vulnerability in Apache Pyfory versions 0.12.0 through 0.12.2 and legacy PyFury versions 0.1.0 through 0.10.3 due to an insecure pickle fallback deserialization. !/usr/bin/env python3 """...
π ERPNext 15.67.0 / Frappe 15.72.4 Blind SQL Injection
A time-based blind SQL injection vulnerability was discovered in the frappe.client.getvalue API endpoint in Frappe Framework version 15.72.4 and it is also present in ERPNext version 15.67.0. An authenticated user with access to the reporting/client API can inject SQL via the fieldname parameter...
π Fiora Chat 1.0.0 Cross Site Scripting
Fiora Chat version 1.0.0 suffers from a cross site scripting vulnerability. CVE-2025-56514: Cross Site Scripting XSS Vulnerability in Fiora Chat Application Overview A Cross Site Scripting XSS vulnerability, identified as CVE-2025-56514, affects the Fiora chat application version 1.0.0. This...
π Trivision NC-227WF Username Enumeration
Trivision NC-227WF with firmware version 5.80 build 0141010 has a login mechanism that reveals whether a username exists or not by returning different error messages. CVE-2025-56764 β Trivision NC-227WF Summary Trivision NC-227WF firmware 5.80 build 20141010 login mechanism reveals whether a...
π CPAS Audit Management Information System 4.9 SQL Injection
CPAS Audit Management Information System versions 4.9 and below suffer from a remote SQL injection vulnerability. CPAS-bug CPAS audit management information system has SQL injection vulnerability Beijing YouDataSum Technology Co., Ltd. domain: http://youdatasum.com Affected versions...