📄 XWiki Platform 15.10.10 Remote Code Execution

XWiki Platform version 15.10.10 suffers from a remote code execution vulnerability. Exploit Title: XWiki Platform - Remote Code Execution Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-24893 Vendor Homepage: https://www.xwiki.org/ Software Link:...

📄 InfluxDB OSS 2.7.11 Privilege Escalation

InfluxDB OSS versions 2.7.11 and below suffer from a privilege escalation vulnerability. Exploit Title: InfluxDB OSS Operator Privilege Escalation via BusinessLogic Flaw Date: 22/03/2024 Exploit Author: Andrea Pasin Xenom0rph97 Researcher Homepage: https://xenom0rph97.github.io/xeno/ GitHub Explo...

📄 Bus Pass Management System 1.0 SQL Injection

Bus Pass Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Bus Pass Management System v1.0 - Unauthenticated Union Based SQLi Manuel Exploit Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

📄 UNA CMS 14.0.0-RC4 PHP Object Injection

UNA CMS versions 14.0.0-RC4 and below suffer from a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php. ------------------------------------------------------------------------------------ UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability...

📄 WordPress User Registration and Membership 4.1.1 Privilege Escalation

WordPress User Registration and Membership plugin versions 4.1.1 and below suffer from a privilege escalation vulnerability. Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage...

📄 Sony XAV-AX5500 1.13 Code Execution

Sony XAV-AX5500 version 1.13 suffers from a firmware update validation vulnerability that allows for code execution. Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage:...

📄 jQuery 3.3.1 Cross Site Scripting

jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...

📄 Nagios Xi 5.6.6 Remote Code Execution

Nagios Xi version 5.6.6 proof of concept authenticated remote code execution exploit. Exploit Title: Nagiosxi authenticated Remote Code Execution Date: 17/02/2024 Exploit Author: Calil Khalil Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios Xi 5.6.6 Tested on: Ubuntu CV...

📄 Oracle Access Manager Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated deserialization of untrusted data vulnerability in the OpenSSO Agent component of the Oracle Access Manager OAM product. The affected product versions are 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. This module requires Metasploit:...

📄 Watcharr 1.43.0 Remote Code Execution

Watcharr versions 1.43.0 and below suffer from a remote code execution vulnerability. CVE-2024-48827 exploit by Suphawith Phusanbai Affected Watcharr version 1.43.0 and below. import argparse import requests import json import jwt from pyfiglet import Figlet f = Figletfont='slant',width=100...

📄 WordPress Royal Elementor Addons 1.3.78 Shell Upload

WordPress Royal Elementor Addons plugin versions 1.3.78 and below suffer from a remote shell upload vulnerability. Exploit Title: WordPress Plugin Royal Elementor Addons = 1.3.78 - Unauthenticated Arbitrary File Upload RCE Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan...

📄 Kemal Framework 1.6.0 Path Traversal

Kemal Framework version 1.6.0 suffers from a path traversal vulnerability. Exploit Title: Kemal Framework 1.6.0 - Path Traversal Discovered by: Ahmet Ümit BAYRAM Discovered Date: 04.04.2025 Vendor Homepage: https://github.com/kemalcr Software Link:...

📄 DataEase 2.4.0 Information Disclosure

DataEase version 2.4.0 suffers from a database configuration information disclosure vulnerability. - Exploit Title: DataEase Database Creds Extractor - Shodan Dork: http.html:"dataease" - FOFA Dork: body="dataease" && title=="DataEase" - Exploit Author: ByteHunter - Email: [email protected] ...

📄 WordPress Backup and Staging 1.21.16 Shell Upload

WordPress Backup and Staging plugin versions 1.21.16 and below suffer from a remote shell upload vulnerability. Exploit Title: WordPress Backup and Staging Plugin ≤ 1.21.16 - Arbitrary File Upload to RCE Original Author: Patchstack hypothetical Exploit Author: Al Baradi Joy Exploit Date: April 5,...

📄 WBCE CMS 1.6.3 Remote Code Execution

WBCE CMS version 1.6.3 suffers from an authenticated remote code execution vulnerability. Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat...

📄 Invoice 1.0 SQL Injection / Shell Upload

Invoice version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass which in turn could be used to upload a shell. Titles: INVOICE-1.0-Copyright©2025-SQLi-Bypass-Authentication+FU+RCE Author: nu11secur1ty Date: 04/07/2025 Vendor: https://github.com/oretnom2...

📄 Kubio AI Page Builder 2.5.1 Local File Inclusion

Kubio AI Page Builder versions 2.5.1 and below suffer from a local file inclusion vulnerability. Exploit Title: Kubio AI Page Builder = 2.5.1 - Local File Inclusion LFI Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage:...

📄 AC Repair and Services System 1.0 SQL Injection

AC Repair and Services System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Titles: AC Repair and Services System - ARSS-1.0-Copyright©2025-Multiple-SQLi Author: nu11secur1ty Date: 04/05/2025 Vendor: https://github.com/oretnom23 Software:...

📄 Reservit Hotel Cross Site Scripting

Reservit Hotel versions prior to 3.0 suffer from a persistent cross site scripting vulnerability. Exploit Title: Reservit Hotel Content 3. Add the following payload to the Button text French field sane save: " style=animation-name:rotation onanimationstart=alert/XSS/// 4. The XSS will trigger upo...

📄 Blood Bank and Donor Management System 2.4 SQL Injection

Blood Bank and Donor Management System version 2.4 suffers from a remote SQL injection vulnerability. Exploit Title: Blood Bank & Donor Management System v2.4 - Union Based SQLi Manuel Exploit Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

📄 Appsmith Remote Code Execution

An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

📄 Palo Alto Networks Expedition 1.2.90.1 Privilege Escalation

Palo Alto Networks Expedition version 1.2.90.1 proof of concept exploit that allows for an administrative password reset. - Exploit Title: PoC for Admin Account Password Reset of Palo Alto Networks Expedition tool - Shodan Dork: html:"expedition project" - FOFA Dork: "expedition project" &&...

📄 Apache Tomcat Remote Code Execution

Apache Tomcat has a path equivalence remote code execution vulnerability. Versions prior to 11.0.3, 10.1.35, and 9.0.98 are affected. Exploit Title: Apache Tomcat Path Equivalence - Remote Code Execution Exploit Author: Al Baradi Joy CVE: CVE-2025-24813 Date: 2025-04-06 Vendor Homepage:...

📄 WordPress Exclusive Addons for Elementor 2.6.9 Cross Site Scripting

Wordpress Exclusive Addons for Elementor plugin versions 2.6.9 and below suffer from a persistent cross site scripting vulnerability. Exploit Title: Exclusive Addons for Elementor ≤ 2.6.9 - Authenticated Stored Cross-Site Scripting XSS Original Author: Wordfence Security Team Exploit Author: Al...

📄 YesWiki 4.5.1 Path Traversal

YesWiki version 4.5.1 suffers from an unauthenticated path traversal vulnerability. Exploit Title: YesWiki 4.5.2 - Unauthenticated Path Traversal Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-31131 Vendor Homepage: https://yeswiki.net/ Software Link:...

📄 Blood Bank and Donor Management System 2.4 Cross Site Scripting

Blood Bank and Donor Management System version 2.4 suffers from a cross site scripting vulnerability. Exploit Title: Blood Bank & Donor Management System v2.4 - Cross Site Scripting XSS Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

📄 Microsoft SQL Server 2022 Missing Log Entry

Microsoft SQL Server 2022 fails to properly log when a security audit is configured for SERVERPERMISSIONCHANGEGROUP. Title: SQL Server 2022 Security Audit Failure Vulnerability Product: Microsoft SQL Server Affected Versions: 2022 RTM-CU18 KB5050771 Tested Versions: 2022 RTM-CU18 KB5050771 Fix:...

📄 ollama 0.6.4 Server-Side Request Forgery

ollama versions 0.6.4 and below suffer from a server-side request forgery vulnerability. Exploit Title: ollama 0.6.4 - SSRF Date: 2025-04-03 Exploit Author: sud0 Vendor Homepage: https://ollama.com/ Software Link: https://github.com/ollama/ollama/releases Version: =0.6.4 Tested on: CentOS 8 impor...

📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Command Injection

Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a remote command injection vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster Config File - Remote Code Execution RCE Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antoni...

📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Cross Site Scripting

Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a persistent cross site scripting vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster banner - Stored XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero,...

📄 Nagios Log Server 2024R1.3.1 Cross Site Scripting

Nagios Log Server versions 2024R1.3.1 and below suffer from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS Vulnerability in Nagios Log Server Privilege Escalation to Admin Date: 2025-04-02 Exploit Author: Seth Kraft Vendor Homepage: https://www.nagios.com/ Vendor...

📄 Angular-Base64-Upload Library Remote Code Execution

Angular-Base64-Upload library unauthenticated remote code execution proof of concept exploit that affects versions prior to 0.1.21. !/bin/python3 Exploit Title: Unauthenticated RCE via Angular-Base64-Upload Library Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit...

📄 AppSmith 1.47 Remote Code Execution

AppSmith version 1.4.7 suffers from a remote code execution vulnerability. Exploit Title: AppSmith 1.47 - Remote Code Execution RCE Original Author: Rhino Security Labs Exploit Author: Nishanth Anand Exploit Date: April 2, 2025 Vendor Homepage: https://www.appsmith.com/ Software Link:...

📄 Vite 6.2.2 Arbitrary File Read

Vite versions 6.2.2 and below suffer from an arbitrary file read vulnerability. Exploit Title: Vite Arbitrary File Read - CVE-2025-30208 Date: 2025-04-03 Exploit Author: Sheikh Mohammad Hasan https://github.com/4mrr0r Vendor Homepage: https://vitejs.dev/ Software Link:...

📄 Usermin 2.100 Username Enumeration

Usermin versions 2.100 and below suffer from a username enumeration vulnerability. Exploit Title: Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100...

📄 SAP HTTP Request Smuggling

SAPGateBreaker HTTP request smuggling proof of concept exploit that demonstrates a vulnerability in SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher. Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 ...

📄 Tomcat Partial PUT Java Deserialization

This Metasploit module exploits a Java deserialization vulnerability in Apache Tomcats session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the tomcatrootdir/webapps/ROOT/ directory. For the exploit to...

Ksenia Security Lares 4.0 Remote Code Execution

Ksenia Security Lares version 4.0 suffers from a remote code execution vulnerability. Exploit Title: Ksenia Security Lares 4.0 Home Automation Remote Code Execution Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLock' Isajlovska Vendor Homepage: https://www.kseniasecurity.com/e...

Ksenia Security Lares 4.0 Open Redirect

Ksenia Security Lares version 4.0 suffers from an open redirection vulnerability. Exploit Title: Ksenia Security Lares 4.0 Home Automation URL Redirection Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLock' Isajlovska Vendor Homepage: https://www.kseniasecurity.com/en/ Softwar...

Ksenia Security Lares 4.0 Default Credentials

Ksenia Security Lares version 4.0 uses a weak set of default administrative credentials that can be found and used to gain full control of the system. Exploit Title: Ksenia Security Lares 4.0 Home Automation Default Credentials Google Dork: N/A Date: 31 March 2025 Exploit Author: Mencha 'ShadeLoc...

Brocade Fabric OS Remote Code Execution / Information Disclosure

Brocade Fabric OS versions prior to 9.2.2 suffer from 10 vulnerabilities including, but not limited to, remote code execution, information disclosure, man-in-the-middle, weak cryptography, and hardcoded key vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Titl...

Palo Alto Deep Packet Inspection Data Exfiltration

Palo Alto firewalls allow for exfiltration of data via multiple egress methodologies. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 3 vulnerabilities in Palo Alto Deep Packet Inspection mechanism Advisory URL:...

Solstice Pod 5.5 / 6.2 Information Disclosure

Solstice Pod versions 5.5 and 6.2 expose sensitive information such as the session key, server version, product details, and display name via an unauthenticated API. Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwi...

XWiki Standard 14.10 Remote Code Execution

XWiki Standard version 14.10 proof of concept remote code execution exploit. Exploit Title: CVE-2023-48292 Remote Code Execution Exploit Google Dork: N/A Date: 23 March 2025 Exploit Author: Mehran Seifalinia Vendor Homepage: https://www.xwiki.org/ Software Link:...

NVIDIA Container Toolkit 1.16.1 Breakout

NVIDIA Container Toolkit versions 1.16.1 and below contain a Time-of-check Time-of-Use TOCTOU vulnerability when used with a default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful...

moziloCMS 3.0 Shell Upload

moziloCMS version 3.0 suffers from a remote shell upload vulnerability. Exploit Title: MoziloCMS 3.0 - Remote Code Execution RCE Authenticated Date: 10/09/2024 Exploit Author: Secfortress https://github.com/sec-fortress Vendor Homepage: https://mozilo.de/ Software Link:...

WordPress Pipe Audio Video and Screen Recorder 1.0.6 Bypass / LFI / SSRF

WordPress Pipe Audio Video and Screen Recorder plugin version 1.0.6 suffers from webhook signature bypass, denial of service, local file inclusion, and server-side request forgery vulnerabilities. Exploit Title: WordPress Pipe Audio Video and Screen Recorder 1.0.6 - Multiple Vulnerabilities Date:...

X2CRM 8.5 Cross Site Scripting

X2CRM version 8.5 suffers from a persistent cross site scripting vulnerability. Exploit Title: X2CRM v8.5 – Stored Cross-Site Scripting XSS Authenticated Date: 12 September 2024 Exploit Author: Okan Kurtulus Vendor Homepage: https://x2engine.com/ Software Link: https://github.com/X2Engine/X2CRM...

KubeSphere 3.4.0 Insecure Direct Object Reference

KubeSphere version 3.4.0 and KubeSphere Enterprise version 4.1.1 suffer from an insecure direct object reference vulnerability. Exploit Title: IDOR Vulnerability in KubeSphere v3.4.0 & KubeSphere Enterprise v4.1.1 Date: 3 September Exploit Author: Okan Kurtulus Vendor Homepage:...

CodeCanyon Rise CRM 3.7.0 SQL Injection

CodeCanyon Rise CRM version 3.7.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. PROOF OF CONCEPT CVE: CVE-2024-8945 Exploit Title: RISE Ultimate Project Manager 3.7 sql injection POC Google Dork: N/A Date: September 19, 2024 Exploit Author: Jobyer Ahmed...