Litespeed Cache 6.5.0.1 Authentication Bypass

Litespeed Cache version 6.5.0.1 suffers from an authentication bypass vulnerability. Exploit Title: Litespeed unauthorized account takeover Google Dork: if applicable Date: reported on 17 September 2024 Exploit Author: Gnzls Vendor Homepage: https://www.litespeedtech.com/ Software Link:...

Kyaan 1.0 SQL Injection

Kyaan version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: kyaan - Multiple Vulnerabilities Date: March 27, 2025 Exploit Author: wa03 Telegram: @wa03 Vendor Homepage: https://kyaan.co Version: 1.0 Tested on: Windows local xampp DBMS: MySQL CVE: N/A Google Dork:...

Sitecore CVE-2025-27218 BinaryFormatter Deserialization

This Metasploit module exploits a .NET deserialization vulnerability in Sitecore Experience Manager XM and Experience Platform XP 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header. This module requires Metasploit: https://metasploit.com/download Current...

CMS Made Simple 2.2.21 Remote Code Execution

CMS Made Simple versions 2.2.21 and below allow an authenticated administrator to upload files with the .phar or .phtml extensions, enabling execution of PHP code leading to remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

Online Medicine Ordering System 1.0 Authentication Bypass / SQL Injection

Online Medicine Ordering System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Titles: OMOS-1.0-Copyright©2025-Multiple-SQLi Author: nu11secur1ty Date: 03/28/2025 Vendor: https://github.com/oretnom23 Software:...

Geovision GV-ASManager 6.1.10 Cross Site Request Forgery

Geovision GV-ASManager versions 6.1.10 and below suffer from a cross site request forgery vulnerability. CVE-2024-56901 CVE-2024-56901 - A Cross-Site Request Forgery CSRF vulnerability in Geovision GV-ASManager web application with the version 6.1.1.0 or less that allows attackers to arbitrarily...

Kernel Live Patch Security Notice LSN-0110-1

A half dozen vulnerabilities have been addressed in the Linux kernel including use-after-free and heap overflow issues. Linux kernel vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 22.04 LTS -...

Webworx CMS 1.0 SQL Injection / Cross Site Scripting

Webworx CMS version 1.0 suffers from remote SQL injection and cross site scripting vulnerabilities. Exploit Title: WebWorx CMS - SQL Injection & Cross-Site Scripting XSS Vulnerabilities Date: 2025-03-25 Exploit Author: wa03/@td9l Telegram: @wa03 Vendor Homepage: https://webworx.technology/ Versio...

University Registration System 1.0 Insecure Direct Object Reference

University Registration System version 1.0 suffers from an insecure direct object reference vulnerability that allows for information disclosure. Exploit Title: University Registration System - IDOR Leads to Information Disclosure Date: 2025-03-25 Exploit Author: wa03/td9l Telegram: @wa03/@td9l...

WordPress Modal 1.5.8 Code Execution / Denial of Service

WordPress Modal plugin versions 1.5.8 and below suffer from remote code execution and denial of service vulnerabilities due to unsafe deserialization. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title Wordpress Modal Popup Box Plugin - Multiple Vulnerabilities...

Eramba Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Eramba. An authenticated user can execute arbitrary commands on the server by exploiting the path parameter in the download-test-pdf endpoint. Eramba debug mode has to be enabled. Versions up to 3.19.1 are affected. This...

Dolphin Pro 7.4.2 SQL Injection

Dolphin Pro version 7.4.2 suffers from a remote SQL injection vulnerability. Exploit Title: SQL Injection in Admin Functionality - dolphin.prov7.4.2 Date: 03/2025 Exploit Author: Andrey Stoykov Version: 7.4.2 Date: 03/2025 Tested on: Debian 12 Blog:...

WordPress Iron Security 2.2.3 IP Spoofing

WordPress Iron Security plugin versions 2.2.3 and below suffer from a source IP spoofing vulnerability. Wordpress Plugin Iron Security - IP Spoofing Exploit Author: bRpsd | cyatlive.no Date: March 20, 2025 Product: https://wordpress.org/plugins/iron-security/ Version: 2.2.3 and below CVE : N/A...

Dolphin Pro 7.4.2 Cross Site Scripting

Dolphin Pro version 7.4.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS via Send Message Functionality - dolphin.prov7.4.2 Date: 03/2025 Exploit Author: Andrey Stoykov Version: 7.4.2 Date: 03/2025 Tested on: Debian 12 Blog:...

WordPress Advanced Form Integration 1.82.0 SQL Injection / Cross Site Scripting

WordPress Advanced Form Integration plugin versions 1.82.0 and below suffer from a remote SQL injection vulnerability that can be leveraged for cross site scripting attacks. CVE-2024-2387 Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms =...

WordPress Extensive VC Addons for WPBakery Page Builder 1.9.0 Code Execution

WordPress Extensive VC Addons for WPBakery Page Builder version 1.9.0 suffers from a remote execution vulnerability. Exploit Title: Extensive VC Addons for WPBakery page builder 1.9.1 - Unauthenticated RCE Date: 12 march 2025 Exploit Author: Ravina Vendor Homepage: wprealize Version: 1.9.1 Tested...

Fail2Ban 0.11.2 Privilege Escalation / Command Execution

If a user can execute fail2ban-client with sudo, they can achieve local privilege escalation and command injection via user-modified actions. Author: Raed Ahsan Date: 24/03/2025 Fail2Ban-client privilege-escalation """ Fail2Ban Automated Exploit Script - CVE Candidate...

Gitea 1.24.0 Cross Site Scripting

Gitea version 1.24.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Gitea 1.24.0 - HTML Injection Date: 2025-03-09 Exploit Author: Mikail KOCADAĞ Vendor Homepage: https://gitea.com Software Link: https://dl.gitea.io/gitea/1.24.0/ Version: 1.24.0 Tested on: Windows 10...

VeeVPN 1.6.1 Unquoted Service Path

VeeVPN version 1.6.1 suffers from an unquoted service path vulnerability. Exploit Title: VeeVPN 1.6.1 - 'VeePNService' Unquoted Service Path Date: 2024-12-27 Exploit Author: Doğukan Orhan Vendor Homepage: https://veepn.com/ Version: 1.6.1 Tested on: Windows 10 Pro x64 Step to discover Unquoted...

Aztech DSL5005EN Authentication Bypass

Aztech DSL5005EN authentication bypass exploit that changes the administrative password. Exploit Title: Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change Unauthenticated Date: 2025-02-26 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.aztech.com Version: DSL5005EN...

TranzAxis 3.2.41.10.26 Cross Site Scripting

TranzAxis version 3.2.41.10.26 suffers from a persistent cross site scripting vulnerability. Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting XSS Authenticated Date: 10th, March, 2025 Exploit Author: ABABANK REDTEAM Vendor Homepage: https://compassplustechnologies.com/ Version:...

TeamPass 3.0.0.21 SQL Injection

TeamPass version 3.0.0.21 suffers from a remote SQL injection vulnerability. Exploit Title: TeamPass SQL Injection Google Dork: intitle:"Teampass" + inurl:index.php?page=items Date: 02/23/2025 Exploit Author: Max Meyer - Rivendell Vendor Homepage: http://www.teampass.net Software Link:...

Chamilo LMS 1.11.24 Shell Upload

Chamilo LMS versions 1.11.24 and below remote shell upload exploit. Exploit Title: Chamilo LMS 1.11.24 - Remote Code Execution RCE Exploit Author: 0x00-null - Mohamed Kamel BOUZEKRIA Exploit Date: September 3, 2024 Vendor Homepage: https://chamilo.org/ Software Link: https://chamilo.org/ Version:...

Jasmin Ransomware Arbitrary File Download

Jasmin Ransomware suffers from an arbitrary file download vulnerability. Exploit Title: Jasmin Ransomware - Authenticated Arbitrary File Download Google Dork: N/A Date: 22-03-2025 Exploit Author: bRpsd cyatlive.no Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware Software Link:...

WordPress iSpring Embedder 1.0 CSRF / Shell Upload

WordPress iSpring Embedder plugin versions 1.0 and below suffer from a cross site request forgery vulnerability that can be leveraged to upload a PHP web shell. CVE-2025-23922 - WordPress iSpring Embedder CSRF to Arbitrary File Upload 📌 CVE Details - CVE ID: CVE-2025-23922 - Published: 2025-01-16...

Edunext Systems + School Management Software 1.0 SQL Injection

Edunext Systems + School Management Software version 1.0 suffers from multiple remote SQL injection vulnerabilities. Exploit Title: Edunext Systems + School Management Software Multiple SQL injection Google Dork: inurl:/page.php?PAGE= , inurl:/image-gallery-detail.php?galid= , intext:Powered by...

Tripp Lite SU750XL UPS Privilege Escalation / Missing Authentication

Tripp Lite SU750XL UPS suffers from multiple privilege escalation issues due to missing authentication. Although these issues were previously found on PDUs back in 2019, it appears the UPSes are also affected. Author: Lucas Lalumiere Contact: [email protected] Date: 2025-3-17 Vendor: Tripp Li...

Koha SQL Injection

Koha versions prior to 24.11.02 suffer from a remote SQL injection vulnerability in C4/Serials.pm. Koha CVE-2025-22954: SQL Injection in lateissues-export.pl Overview This repository contains a proof of concept for CVE-2025-22954, a critical severity CVSS 10.0 SQL injection vulnerability in Koha...

libxslt xsltParseStylesheetProcess Use-After-Free

libxslt suffers from a use-after-free vulnerability in xsltParseStylesheetProcess. There is a use-after-free issue in libxslt read on a namespace URL stored in exclPrefixTab. The issue was reproduced on the latest Git version. The proof of concept and ASAN log are provided at the end of the repor...

Apache Tomcat Remote Code Execution / Information Disclosure

This is the formal advisory from Apache regarding the recent partial PUT vulnerability that allows for potential remote code execution or information disclosure. Apache Tomcat versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0.M1 to 9.0.98 are affected. CVE-2025-24813 Potential RCE...

Linux 6.4 io_uring Use-After-Free

iouring in Linux 6.4 suffers from a iouring page use-after-free condition via buffer ring mmap. Since commit c56e022c0a27 "iouring: add support for user mapped provided buffer ring", landed in Linux 6.4, iouring makes it possible to allocate, mmap, and deallocate "buffer rings". A "buffer ring" c...

Linux watch_queue Filter Out-Of-Bounds Write

The Linux watchqueue filter suffers from an out of bounds write vulnerability amongst other issues that are also noted. This bug report is about things in the watchqueue subsystem, which is only enabled under CONFIGWATCHQUEUE. That seems to be disabled e.g. on Debian, but Ubuntu and Fedora enable...

Linux DRM Race Condition / Use-After-Free

Linux has an issue where drmfileupdatepid calls getpid too late, which creates a race condition that can lead to use-after-free of a struct pid. I am sending this to security@ and to the drm-misc maintainers - based on...

Linux Landlock Disable

A logic bug was discovered in Linux that makes it possible for a process to get rid of all Landlock restrictions applied to it. I found a logic bug that makes it possible for a process to get rid of all Landlock restrictions applied to it: When a process' cred struct is replaced, this almost alwa...

Linux io_uring Out-Of-Bounds Access

iouaddrmap in iouring handles multi-page region dangerously in a way that may allow for out-of-bounds access. iouaddrmap wants to import a region from userspace, and then address the imported region through the linear mapping area. This requires that the imported region is physically contiguous. ...

Linux i915 PTE Use-After-Free

i915 code in Linux has an out-of-bounds PTE write in vmfaultgtt that leads to a PTE use-after-free condition. I found a bug in the i915 code that allows a process with access to a render node /dev/dri/renderD128 to corrupt kernel memory. This bug is subject to a 90-day disclosure deadline. If a f...

Linux 5.6 Cred Refcount Overflow

Linux 5.6 suffers from a cred refcount overflow at approximately 39 gigs of memory usage via iouring. see also my related prior bug reports about overflowing refcounts with lots of RAM usage: https://crbug.com/project-zero/809: BPF program refcount, with 32GiB RAM...

PowerVR Patch Security Issues

A couple security issues were discovered in PowerVR during a patch review. While reviewing a preview patch for https://bugs.chromium.org/p/project-zero/issues/detail?id=2540 , I noticed some issues - most of them minor, but the following two seem like they probably have bigger security impact: F....

Linux 6.4 mbind() Use-After-Free / Race Condition

There is a race between mbind and VMA-locked page faults that leads to a use-after-free condition. tested on git master, at commit 57012c57536f Summary: There's a race between mbind and VMA-locked page faults, leading to UAF. You can quickly hit this with a straightforward reproducer that just...

Semantic Segmentation Editor 1.6.0 Directory Traversal

Semantic Segmentation Editor version 1.6.0 suffers from multiple directory traversal vulnerabilities. Exploit Title: Semantic Segmentation Editor 1.6.0 - Directory Traversal File Upload Date: 2025-03-14 Exploit Author: Fatih Türüt defendzero.com Vendor Homepage: Hitachi Automotive & Industry Lab...

Azon Dominator 6.0 HTML Injection

Azon Dominator version 6.0 suffers from an html injection vulnerability. Hi There, Azon Dominator is vulnerable to an HTML Injection vulnerability in its search functionality. The issue arises due to insufficient input validation in the q parameter, allowing an attacker to inject arbitrary HTML...

InvoiceShelf 1.3.0 Remote Code Execution

This Metasploit module exploits a PHP deserialization vulnerability in InvoiceShelf versions 1.3.0 and below that results in remote code execution. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModul...

Application Accounts Manager 1.0 Cross Site Scripting

Application Accounts Manager version 1.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS on application-accounts-manager 1.0 Date: 03.14.2025 Exploit Author: Ümit AYAZ Vendor Homepage: www.sourcecodester.com Software Link:...

WordPress Munk Sites 1.0.7 Cross Site Request Forgery

WordPress Munk Sites plugin versions 1.0.7 and below suffer from a cross site request forgery vulnerability that allows an adversary to trick an admin into installing arbitrary plugins. 🚀 CVE-2025-25101 - WordPress Munk Sites Plugin = 1.0.7 - CSRF to Arbitrary Plugin Installation 📌 Overview...

Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection

Fortra FileCatalyst Workflow version 5.1.6 build 135 remote SQL injection exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135 PHP Code Injecti...

General Device Manager 2.5.2.2 Buffer Overflow

General Device Manager version 2.5.2.2 remote buffer overflow exploit that provides a reverse shell. Based on a discovery made in 2024 by Ahmet Ümit Bayram. ============================================================================================================================================...

GE Proficy Cimplicity 7.5 Directory Traversal

GE Proficy Cimplicity version 7.5 proof of concept directory traversal vulnerability that takes advantage of a flaw discovered in 2013. ============================================================================================================================================= | Title : GE Profic...

Loaded Commerce 6.6 Client-Side Template Injection

Loaded Commerce version 6.6 suffers from a client-side template injection vulnerability. Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI AngularJS Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on:...

Drupal 7.15 XML Injection

Drupal version 7.15 proof of concept XML external entity injection exploit that leverages a vulnerability originally discovered in 2012. ============================================================================================================================================= | Title : Drupal...

Cyber Panel 2.3.x Remote Command Execution

Cyber Panel version 2.3.x proof of concept remote command execution exploit that leverages three vulnerabilities discovered in 2024. ============================================================================================================================================= | Title : Cyber Panel...