📄 Stacks Mobile App Builder 5.2.3 Authentication Bypass

Stacks Mobile App Builder versions 5.2.3 and below suffer from an authentication bypass vulnerability via account takeover. Exploit Title: Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover Date: October 25, 2024 Exploit Author: stealthcopter Vendor Homepage:...

📄 ISPConfig language_edit.php PHP Code Injection

This Metasploit module exploits a PHP code injection vulnerability in the ISPConfig languageedit.php file. The vulnerability occurs when the adminallowlangedit setting is enabled, allowing authenticated administrators to inject arbitrary PHP code through the language editor interface. This...

📄 Microsoft PowerPoint 2019 Remote Code Execution

This exploit leverages a use-after-free vulnerability in Microsoft PowerPoint allowing an attacker to execute arbitrary code by tricking a user into opening a specially crafted PPTX file. This proof of concept generates such a malicious PPTX file designed to trigger the use-after-free condition...

📄 bludit 3.16.2 Session Fixation

bludit version 3.16.2 suffers from a session fixation vulnerability. Exploit Title: Session Fixation - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Session Fixation 1: Steps to Reproduce: Visit the login pag...

📄 bludit 3.16.2 Cross Site Scripting

bludit version 3.16.2 suffers from a cross site scripting vulnerability that leverages an SVG file upload. Exploit Title: XSS via SVG File Upload - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ XSS via SVG Fi...

📄 MikroTik RouterOS Cross Site Scripting

A reflected cross site scripting vulnerability exists in MikroTik RouterOS versions prior to version 7, specifically in the UserManager web interface. This flaw can be exploited by unauthenticated attackers, allowing JavaScript injection via a specially crafted URL without requiring a valid login...

📄 bludit 3.16.2 Directory Traversal

bludit version 3.16.2 suffers from a directory traversal vulnerability. Exploit Title: Directory Traversal "Site Title" - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Directory Traversal "Site Title" 1: Step...

📄 Oracle 23ai / 21c / 19c Privilege Escalation

Oracle versions 23ai, 21c, and 19c suffer from a privilege escalation vulnerability that allows DBA access. Title: Oracle 23ai Privilege Escalation From GRANT ANY ROLE To DBA Role Vendor: Oracle Product: Oracle database system Affected Versions: 23ai , 21c , 19c Risk Level: Medium Author of...

📄 Tiki Wiki CMS Groupware 28.3 Server-Side Template Injection

Tiki Wiki CMS Groupware versions 28.3 and below suffer from two server-side template injection vulnerabilities via specially crafted wiki pages. ---------------------------------------------------------------------------------- Tiki Wiki CMS Groupware '" The second vulnerability can be leveraged ...

📄 bludit 3.16.2 Persistent Cross Site Scripting

bludit version 3.16.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS "Add New Content" Functionality - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS "Add Ne...

📄 ScriptCase Remote Command Execution

ScriptCase versions 1.0.003-build-2 Production Environment and 9.12.006 23 ScriptCase are affected by a pre-authenticated remote command execution vulnerability. This is achieved by chaining two vulnerabilities: the first is the ability to reset the administrator password of the prod console unde...

📄 Wing FTP Server NULL-byte Authentication Bypass

Wing FTP Server allows arbitrary Lua code injection via a NULL-byte %00 truncation bug CVE-2025-47812. Supplying %00 as the username makes the C++ authentication routine validate only the prefix, while the full string is written unfiltered into the session file and later executed with root/SYSTEM...

📄 OpenAM Authentication Bypass

OpenAM versions prior to 14.6.6 proof of concept exploit. / | | |\ \ \ / / \ \ / | | | | / \ / / \ \ \ / / | | \ | Y | | \ / | | / // || \ || || / // || / / / Name: watchtowr-vs-openamauth-impersonation2022-06-16.py Author: Aliz Hammond import json import re import textwrap import...

📄 AndroMouse Server 8.0 Unauthenticated Remote System Control

AndroMouse Server version 8.0 allows attackers to send UDP commands to remotely restart, shutdown, sleep, lock, or log off the target machine without authentication. This leads to unauthorized power state manipulation and potential denial of service. Exploit Title: AndroMouse Server 8.0 –...

📄 AndroMouse Server 8.0 Unauthenticated Directory Enumeration

AndroMouse Server version 8.0 exposes an unauthenticated TCP command interface on port 8888. A remote attacker can send crafted commands to enumerate the contents of arbitrary directories on the host file system, without user interaction or authentication. Exploit Title: AndroMouse Server 8.0 –...

📄 AndroMouse Server 8.0 Remote Code Execution

AndroMouse Server version 8.0 proof of concept that exploits an unauthenticated UDP interface to simulate mouse/keyboard actions and execute malicious commands via certutil. Exploit Title: AndroMouse Server 8.0 - Remote Code Execution Date: 03/07/25 Exploit Author: Chokri Hammedi Vendor Homepage:...

📄 Microsoft AutoUpdate Privilege Escalation

Microsoft AutoUpdate MAU suffers from a privilege escalation vulnerability. Titles: CVE-2025-47968-Core-Logic Microsoft AutoUpdate MAU Elevation of Privilege Vulnerability Author: nu11secur1ty Date: 07/03/2025 Vendor: https://www.microsoft.com/en-us Software:...

📄 AndroMouse Server 8.0 Unauthenticated Screenshot Exposure

AndroMouse Server version 8.0 listens on TCP/UDP port 8888 and allows unauthenticated retrieval of desktop screenshots. Attackers can abuse this feature by repeatedly requesting screenshots to create a covert live monitoring stream, compromising user privacy without any notification or consent...

📄 Turn off PC 1.0 Unauthenticated Remote System Control

Turn Off PC version 1.0 exposes an unsecured socket port 8081 allowing complete remote power control shutdown, restart, sleep without authentication, enabling system disruption attacks. Exploit Title: Turn Off PC 1.0 - Unauthenticated Remote System Control Shutdown/Restart/Sleep Date: 02/07/25...

📄 gogs 0.13.0 Remote Code Execution

gogs version 0.13.0 suffers from a remote code execution vulnerability. Exploit Title: gogs 0.13.0 - Remote Code Execution RCE Date: 27th June, 2025 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/gogs/gogs.git Version: gogs =0.13.0 Tested on: Ubuntu CVE: CVE-2024-3993...

📄 Microsoft SharePoint 2019 NTLM Authentication Information Disclosure

Microsoft SharePoint Central Administration improperly exposes NTLM-authenticated endpoints to low-privileged or even brute-forced domain accounts. Once authenticated, an attacker can access the api/web endpoint, disclosing rich metadata about the SharePoint site, including user group...

📄 Moodle 4.4.0 Remote Code Execution

Moodle version 4.4.0 authenticated remote code execution exploit. Exploit Title: Moodle 4.4.0 - Authenticated Remote Code Execution Exploit Author: Likhith Appalaneni Vendor Homepage: https://moodle.org Software Link: https://github.com/moodle/moodle/releases/tag/v4.4.0 Tested Version: Moodle 4.4...

📄 AnyCommand 1.2.7 Unauthenticated Live Desktop Stream Access

AnyCommand 1.2.7 exposes a live MJPEG screen stream at http://target:8081/stream without access control. Unauthenticated attackers can directly access and view the victim’s live screen feed without triggering any prompts or requiring a valid session. Exploit Title: AnyCommand 1.2.7 -...

📄 Hecate PC Remote Control 1.6.1.0 Remote Code Execution

Hecate PC Remote Control version 1.6.1.0 listens on UDP port 48436 and accepts unauthenticated JSON commands for keyboard and mouse input. This lack of authentication allows a remote attacker to simulate user interaction, open system dialogs, and execute arbitrary commands. Exploit Title: Hecate ...

📄 Hecate PC Remote Control 1.6.1.0 Remote System Control

Hecate PC Remote Control version 1.6.1.0 is vulnerable to unauthenticated system control. An attacker on the same network can send crafted UDP packets to the target without authentication, allowing them to remotely issue system-level commands such as lock, shutdown, restart, and sleep. Exploit...

📄 Vite Local File Inclusion

Vite suffers from a local file inclusion vulnerability. This issue affected versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. Titles: CVE-2025-30208 - Vite @fs LFI Local File Inclusion Vulnerability Author: nu11secur1ty Date: 01/09/2025 Vendor: https://vite.dev/ Software:...

📄 AnyCommand 1.2.7 Remote Code Execution

AnyCommand version 1.2.7 contains critical vulnerabilities enabling unauthenticated attackers to achieve remote code execution. The exploit bypasses weak 6-digit PIN authentication through bruteforcing, then abuses the command interface to simulate keystrokes for command execution and payload...

📄 Saturn Remote Mouse Server 1.0.4.0 Remote Code Execution

Saturn Remote Mouse Server version 1.0.4.0 exposes an unauthenticated UDP command interface port 27000 allowing remote attackers to inject keystrokes. This proof of concept demonstrates remote code execution by simulating Windows key combinations to spawn cmd.exe and execute malicious PowerShell...

📄 Saturn Remote Mouse Server V1 Remote Code Execution

Saturn Remote Mouse Server V1 suffers from a remote code execution vulnerability. Exploit Title: Saturn Remote Mouse Server V1 - Remote Code Execution RCE Date: 2025-06-30 Exploit Author: tmrswrr Vendor Homepage: https://www.saturnremote.com/ Software Link:...

📄 TinyWebGallery 2.7 Cross Site Scripting

TinyWebGallery version 2.7 suffers from a persistent cross site scripting vulnerability. Exploit Title: TinyWebGallery 2.7 - Authenticated Stored XSS Date: 2025-27-06 Exploit Author: tmrswrr Vendor Homepage: https://www.tinywebgallery.com Version: 2.7 Tested on:...

📄 TinyWebGallery 2.7 Shell Upload

TinyWebGallery version 2.7 suffers from an authenticated remote shell upload vulnerability. Exploit Title: TinyWebGallery 2.7 - Authenticated Shell Upload Date: 2025-27-06 Exploit Author: tmrswrr Vendor Homepage: https://www.tinywebgallery.com Version: 2.7 Tested on:...

📄 Mouselink 5.0.1 Unauthenticated Remote Code Execution

Mouselink version 5.0.1 allows unauthenticated remote code execution due to improper JWT validation, enabling attackers to forge JWT tokens with a known hardcoded secret. Using the forged token, attackers can bypass authentication, connect to the WebSocket interface, and simulate keyboard input t...

📄 WordPress Social Welfare 3.5.2 Remote Code Execution

WordPress Social Welfare plugin versions 3.5.2 and below suffer from a remote code execution vulnerability. !/usr/bin/env python3 Exploit Title: Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution RCE Date: 25-06-2025 Exploit Author: Huseyin Mardini @housma Original Researcher: Luka Sik...

📄 Sitecore 10.4 Remote Code Execution

Sitecore version 10.4 suffers from a remote code execution vulnerability. Exploit Title: Sitecore 10.4 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://developers.sitecore.com/downloads Version: Sitecore 10.3 - 10.4 CVE : CVE-2025-27218 Link:...

📄 Skyvern 0.1.84 SSTI Remote Code Execution

This Metasploit module exploits a server-side template injection vulnerability in Skyvern versions 0.1.84 and below. The module requires an API key to deliver requests and upload the malicious workflow. This module requires Metasploit: https://metasploit.com/download Current source:...

📄 Mouselink 5.0.1 Unauthenticated Remote System Control

Mouselink version 5.0.1 is vulnerable to JWT authentication bypass, allowing remote attackers to perform system-level actions such as shutdown, restart, sleep, and logout without valid credentials. Exploit Title: Mouselink 5.0.1 - Unauthenticated Remote System Control Date: 26/06/25 Exploit Autho...

📄 McAfee Agent 5.7.6 Insecure Storage

This script demonstrates the vulnerability in McAfee's Trellix Agent Database where attackers can retrieve and decrypt credentials from the ma.db database file. Version 5.7.6 is affected. Exploit Title: McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit...

📄 PiHome MaxAir Smart Thermostat SQL Injection

A security vulnerability has been identified in the PiHome MaxAir Smart Thermostat system that permits an authenticated attacker to execute arbitrary SQL statements against the backend database. Description: A security vulnerability has been identified in the PiHome MaxAir Smart Thermostat system...

📄 freeSSHd 1.0.9 Denial of Service

freeSSHd version 1.0.9 suffers from a denial of service vulnerability. Exploit Title: freeSSHd 1.0.9 - Denial of Service DoS Date: 2024-01-13 Discovery by: Fernando Mengali Linkedin: https://www.linkedin.com/in/fernando-mengali/ Software Link:...

📄 Pterodactyl Panel Remote Code Execution

Pterodactyl Panel versions prior to 1.11.11 suffers from a remote code execution vulnerability. Exploit Title: Pterodactyl Panel 1.11.11 - Remote Code Execution RCE Date: 22/06/2025 Exploit Author: Zen-kun04 Vendor Homepage: https://pterodactyl.io/ Software Link:...

📄 OpenCart 4.1.0.4 Cross Site Scripting

OpenCart versions 4.1.0.4 and below suffer from multiple persistent cross site scripting vulnerabilities. These findings exist in the blog editor and via SVG file uploads. CVE-2025-45892 – Stored XSS via Blog Editor Affected Versions: OpenCart 4.1.0.4 and below Vector: Stored XSS Attack Surface:...

📄 PX4 Military UAV Autopilot 1.12.3 Denial of Service

A stack-based buffer overflow vulnerability in PX4 Military UAV Autopilot versions 1.12.3 and below is triggered when handling a malformed MAVLink message of type TRAJECTORYREPRESENTATIONWAYPOINTS. An attacker with access to the MAVLink communication channel can send a crafted packet to crash the...

📄 Mouselink 5.0.1 Remote System Control

Mouselink version 5.0.1 allows remote attackers to control system functions shutdown, restart, sleep, logout. By default, no password is configured, allowing an attacker to obtain a valid JWT token and invoke privileged /api/PCControl/ endpoints, leading to unauthorized system operations. Exploit...

📄 Mouselink 5.0.1 Remote Code Execution

Mouselink version 5.0.1 allows unauthenticated remote attackers to execute arbitrary commands by abusing an exposed login endpoint and insecure WebSocket-based keyboard simulation. With no password per default, an attacker can obtain a JWT token, open a WebSocket session, and simulate keystrokes ...

📄 WordPress Tatsu 3.3.11 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution in the Tatsu WordPress plugin in versions 3.3.11 and below. The module uploads a malicious zip with a PHP payload that gets executed in the second part of exploit. This module requires Metasploit:...

📄 Off 2.15 Unauthenticated Remote System Control

Off version 2.15 exposes a TCP service on 1984 port that allows unauthenticated attackers to issue remote system control commands such as Shutdown, Restart, Lock, Sleep, and Hibernate. Exploit Title: Off 2.15 - Unauthenticated Remote System Control Date: 25/06/25 Exploit Author: Chokri Hammedi...

📄 libxslt xsltParseStylesheetProcess Use-After-Free

There is a use-after-free issue in libxslt read on a namespace URL stored in exclPrefixTab. The issue was reproduced on the latest Git version. The proof of concept and ASAN log are provided at the end of the report. There is a use-after-free issue in libxslt read on a namespace URL stored in...

📄 Monect PC Remote 7.7.2 Unquoted Service Path

Monect PC Remote version 7.7.2 suffers from an unquoted service path vulnerability in MonectServerService. Exploit Title: Monect PC Remote 7.7.2 - Unquoted path service Date: 25/06/25 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.monect.com/ Software Link:...

📄 Off 2.15.4 Unauthenticated Remote System Control

Off version 2.15.4 exposes a TCP service that accepts remote commands like Shutdown, Restart, Lock, Sleep, and Hibernate without any authentication. Exploit Title: Off 2.15.4 - Unauthenticated Remote System Control Shutdown/Restart/Lock/Sleep/Hibernate Date: 25/06/25 Exploit Author: Chokri Hammed...

📄 CloudClassroom-PHP-Project 1.0 SQL Injection

CloudClassroom-PHP-Project version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass. 🛡️ CVE Disclosure: CVE-2025-26198 — SQL Injection in CloudClassroom-PHP-Project Disclosure Date: 18 June 2025 CVE ID: CVE-2025-26198 Severity: CRITICAL CVSS 9.8 --- 🧩 Summary A...