50738 matches found
📄 MCPJam Inspector 1.4.2 Remote Code Execution
This Metasploit auxiliary module targets a remote code execution vulnerability in MCPJam Inspector version 1.4.2. The flaw exists in the /api/mcp/connect endpoint, where user-controlled input is improperly passed to a backend execution mechanism...
📄 V8 Sandbox Bypass: BigInt Division Memory Corruption
This is a variant of crbug.com/474041332. The issue there was that MultiplyFFT, an optimized version of integer multiplication for very large inputs, is not robust against concurrent modification of its input buffers, but was called from ProcessorImpl::FromStringLarge with a temporary buffer insi...
📄 ChurchCRM Database Restore Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in ChurchCRM versions prior to 6.2.0. The vulnerability resides in the Database Restore functionality, which allows an authenticated user with administrative privileges to upload a malicious backup file. By bypassing upload...
📄 Fortinet FortiSandbox 4.4.8 Remote Command Execution
Fortinet FortiSandbox versions 4.4.0 through 4.4.8 suffer from a remote command execution vulnerability. CVE-2026-39808 On November 2025, a critical vulnerability was discovered on Fortinet's FortiSandbox which allowed an unauthenticated attacker to execute commands in the underlying OS as root...
📄 Siemens SICAM A8000 25.30 Denial of Service
Siemens SICAM A8000 CP-8050/CP-8031/CP-8010/CP-8012 versions 25.30 and below suffer from a resource exhaustion denial of service vulnerability. CyberDanube Security Research 20260408-0 ------------------------------------------------------------------------------- title| Remote Operation Denial o...
📄 Siemens SICAM A8000 25.30 Denial of Service / Memory Corruption
Siemens SICAM A8000 CP-8050/CP-8031/CP-8010/CP-8012 versions 25.30 and below suffer from Content-Length denial of service and XML related memory corruption vulnerabilities. CyberDanube Security Research 20260408-1 -------------------------------------------------------------------------------...
📄 Kiuwan SAST 2.8.2412.0 Improper Enforcement
It was found out that a user is still able to login at the Kiuwan WebUI via SSO, even if the Kiuwan mapped account has been disabled in the user settings by an admin. This issue has been addressed in version 2.8.2509.4. SEC Consult Vulnerability Lab Security Advisory...
📄 Twig Sandbox Bypass / XXE / Remote Code Execution / LFI
Research describing a critical vulnerability that exists in the October CMS Twig sandbox Safe Mode that allows authenticated users with template editing privileges to bypass security restrictions and execute arbitrary PHP code or read arbitrary files via XML injection or local file inclusion from...
📄 Selenium Grid/Selenoid Unauthenticated Remote Code Execution
Selenium Grid and Selenoid expose a WebDriver API that allows creating browser sessions with arbitrary capabilities. When deployed without authentication the default for both, an attacker can achieve remote code execution through two browser-specific techniques: For Chrome, the goog:chromeOptions...
📄 CMS Sense 2.0 Cross Site Scripting
CMS Sense version 2.0 suffers from a cross site scripting vulnerability. ================================================================================================================================== | Title : CMS sense v 2.0 HTML Injection Leading to XSS via Attribute Breakout | | Author :...
📄 WebRemoteControl Unauthenticated Remote Code Execution
WebRemoteControl suffers from an unauthenticated remote code execution vulnerability. Exploit Title: WebRemoteControl - Unauthenticated Remote Code Execution Date: 2026-04-14 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/wolfgangasdf/WebRemoteControl Software Link:...
📄 WebRemoteControl Unauthenticated Remote Filesystem Access
WebRemoteControl suffers from an unauthenticated remote filesystem access vulnerability. This proof of concept exploit lets you browse directory contents and access files. Exploit Title: WebRemoteControl - Unauthenticated Remote Filesystem Access Date: 2026-04-14 Exploit Author: Chokri Hammedi...
📄 Redaxo 5.20.1 Path Traversal
Redaxo versions 5.20.1 and below suffer from a path traversal vulnerability. CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read Overview | Field | Details | |---|---| | CVE ID | CVE-2026-21857 | | Severity | HIGH | | Advisory | View Advisory | | Discovered by...
📄 Pachno 1.0.6 Wiki TextParser XML Injection
Pachno version 1.0.6 suffers from an XML eXternal Entity XXE vulnerability in the wiki textparser. Pachno 1.0.6 Wiki TextParser XXE Vulnerability Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboratio...
📄 EGroupware SQL Injection
EGroupware versions prior to 23.1.20260113 and greater than or equal to 26.0.20251208 but less than 26.0.20260113 are affected by a remote SQL injection vulnerability in the Nextmatch filter processing. CVE-2026-22243: EGroupware has SQL Injection in Nextmatch Filter Processing Overview | Field |...
📄 Shopware Improper Control
Shopware versions greater than or equal to 6.7.0.0 and less than 6.7.6.1 has an improper control related to Twig rendered views. CVE-2026-23498: Shopware Has Improper Control of Generation of Code in Twig rendered views Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23498 | | Severity...
📄 WBCE CMS 1.6.4 SQL Injection
WBCE CMS versions 1.6.4 and below suffer from a remote time-bsed SQL injection vulnerability via the groups parameter. CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups Parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65950 | | Severity |...
📄 ChurchCRM Cross Site Scripting
ChurchCRM versions 6.5.2 and below suffer from a persistent cross site scripting vulnerability in the person property assignment functionality. Note that the advisory says versions 6.3.0 and below are affected but the CVE entry states versions prior to 6.5.3. CVE-2025-67875: ChurchCRM has stored...
📄 FacturaScripts SQL Injection
FacturaScripts versions prior to 2025.81 suffer from a remote SQL injection vulnerability in the Autocomplete Actions functionality. CVE-2026-25514: FacturaScripts has SQL Injection in Autocomplete Actions Overview | Field | Details | |---|---| | CVE ID | CVE-2026-25514 | | Severity | HIGH | |...
📄 Pachno 1.0.6 FileCache Deserialization Remote Code Execution
Pachno version 1.0.6 uses the unserialize function on the contents of cache files stored under PACHNOPATH/cache/ during the framework bootstrap sequence, before any authentication, routing, or controller logic is executed. Cache files are created with world-writable permissions chmod 0666 and use...
📄 ChurchCRM 6.4.0 Cross Site Scripting
ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment. CVE-2025-67876: ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking Overview | Field | Details | |---|---| | CVE ID | CVE-2025-67876 | | Severity ...
📄 Pachno 1.0.6 Shell Upload
Pachno version 1.0.6 suffers from a remote shell upload vulnerability. The multipart file parameter to the /uploadfile endpoint allows authenticated users to upload files directly to the server. File upload must be enabled by an admin, who can also configure the storage path, within a...
📄 FacturaScripts SQL Injection
FacturaScripts versions prior to 2025.81 suffer from a remote SQL injection vulnerability in the API ORDER BY clause. CVE-2026-25513: FacturaScripts has SQL Injection in API ORDER BY Clause Overview | Field | Details | |---|---| | CVE ID | CVE-2026-25513 | | Severity | HIGH | | Advisory | View...
📄 Pachno 1.0.6 Cross Site Request Forgery
Pachno version 1.0.6 suffers from a cross site request forgery vulnerability. Pachno 1.0.6 Cross-Site Request Forgery Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly known as...
📄 Authentic 8 Insecure Direct Object Reference / Broken Access Control
Authentic 8 has an broken access control that can be leveraged via insecure direct object reference that can lead to PII information disclosure. ================================================================================================================================== | Title : Authentic 8...
📄 InvoicePlane 1.6.3 Path Traversal
InvoicePlane versions 1.6.3 and below suffer from a path traversal vulnerability in the getfile method of the Guest module. CVE-2026-23491: InvoicePlane has Unauthenticated Path Traversal in Guest Controller Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23491 | | Severity | CRITICAL ...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario bulk operations module. CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module Overview | Field | Details | |---|---| | CVE ID |...
📄 Pachno 1.0.6 Privilege Escalation
The authorization check in the runSwitchUser action in Pachno version 1.0.6 evaluates the expression !canSaveConfiguration && !hasCookie'originalusername' and only forbids the request when both subexpressions are true. The presence of the originalusername cookie is sufficient to satisfy the secon...
📄 ChurchCRM SQL Injection
ChurchCRM versions prior to 6.5.3 suffer from a remote SQL injection vulnerability in ConfirmReportEmail.php. CVE-2025-68400: ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php Overview | Field | Details | |---|---| | CVE ID | CVE-2025-68400 | | Severity | CRITICAL |...
📄 OpenSTAManager 2.9.8 Cross Site Scripting
OpenSTAManager versions 2.9.8 and below suffer from a cross site scripting vulnerability in modificaiva.php via the righe parameter. CVE-2026-24415: OpenSTAManager Affected by XSS in modificaiva.php via righe parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24415 | | Severity ...
📄 Cockpit CMS 2.13.5 NoSQL Injection
Cockpit CMS version 2.13.5 is vulnerable to NoSQL operator injection on multiple API endpoints. User-supplied filter objects are forwarded to the Mongolite query engine without stripping MongoDB operators. Authenticated users can bypass intended query filters and perform boolean-based blind queri...
📄 TypiCMS Cross Site Scripting
TypiCMS versions prior to 16.1.7 suffer from a persistent cross site scripting via SVG file uploads. CVE-2026-27621: TypiCMS Core has Stored Cross-Site Scripting XSS via SVG File Upload Overview | Field | Details | |---|---| | CVE ID | CVE-2026-27621 | | Severity | MEDIUM | | Advisory | View...
📄 WBCE CMS 1.6.4 Brute Force
WBCE CMS versions 1.6.4 suffers from a brute force protection bypass vulnerability. CVE-2025-66204: WBCE CMS allows brute-force protection bypass using X-Forwarded-For header Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66204 | | Severity | MEDIUM | | Advisory | View Advisory | |...
📄 Pachno 1.0.6 Cross Site Scripting
Pachno version 1.0.6 suffers from persistent cross site scripting vulnerabilities. Pachno 1.0.6 Stored Cross-Site Scripting Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote time-based SQL injection vulnerability in the Article Pricing module. CVE-2026-24416: OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24416 | |...
📄 XWiki Blog Cross Site Scripting
XWiki Blog versions prior to 9.15.7 suffer from a persistent cross site scripting vulnerability via the blog post title. CVE-2025-66024: XWiki Blog Application home page vulnerable to Stored XSS via Post Title Overview | Field | Details | |---|---| | CVE ID | CVE-2025-66024 | | Severity | HIGH | ...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Stampe module. CVE-2025-69215: OpenSTAManager has an SQL Injection in the Stampe Module Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69215 | | Severity | HIGH | | Advisory | View Advisory...
📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference
WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxcomplete.php. CVE-2025-69213: OpenSTAManager has a SQL Injection in ajaxcomplete.php getsedi endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69213 | | Severity | HIGH | | Advisory |...
📄 Pachno 1.0.6 Open Redirection
Pachno version 1.0.6 suffers from an open redirection vulnerability. Input passed via the returnto GET/POST parameter to the login endpoint is not properly verified before being used to redirect users. The getLoginForwardUrl helper applies htmlentities to the value which is intended for HTML outp...
📄 Omega-PSIR Cross Site Scripting
Omega-PSIR suffers from a cross site scripting vulnerability via the lang parameter. CVE-2026-1434: Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a... Overview | Field | Details | |---|---| | CVE ID | CVE-2026-1434 | | Severity | MEDIUM | | Advisory | N/A...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario Print Template. CVE-2025-69216: OpenSTAManager has a SQL Injection in Scadenzario Print Template Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69216 | | Severity | HIGH | |...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Prima Nota module. CVE-2026-24419: OpenSTAManager has a SQL Injection in the Prima Nota module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24419 | | Severity | HIGH | | Advisory | View...
📄 OpenSTAManager 2.9.8 Command Injection
OpenSTAManager versions 2.9.8 and below suffer from a command injection vulnerability via the P7M file processing functionality. CVE-2025-69212: OpenSTAManager has an OS Command Injection in P7M File Processing Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69212 | | Severity | CRITIC...
📄 Dolibarr 22.0.4 Command Injection
Dolibarr versions 22.0.4 and below suffer from a remote code injection vulnerability via via MAINODTASPDF. CVE-2026-23500: OS Command Injection RCE via MAINODTASPDF configuration in Dolibarr Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23500 | | Severity | CRITICAL | | Advisory |...
📄 OpenSTAManager 2.9.8 SQL Injection / Denial of Service
OpenSTAManager versions 2.9.8 and below suffer from a remote time-based SQL injection vulnerability in the search functionality that can lead to a denial of service condition. CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service Overview | Field |...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxselect.php. CVE-2025-69214: OpenSTAManager has a SQL Injection in ajaxselect.php componenti endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69214 | | Severity | HIGH | | Advisory |...
📄 WordPress IndieWeb 4.0.5 Cross Site Scripting
WordPress IndieWeb plugin versions 4.0.5 and below suffers from persistent cross site scripting vulnerability. CVE-2025-14893: Authenticated Stored Cross-Site Scripting XSS in IndieWeb WordPress Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. Th...
📄 D-Link DIR-650IN Command Injection
Proof of concept details for an authenticated command injection vulnerability in D-Link DIR-650IN. Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link:...
📄 SQLite 3.50.1 Heap Overflow
SQLite version 3.50.1 proof of concept that triggers a heap overflow in winsqlite3.dll via excessive aggregate functions. Exploit Title: SQLite 3.50.1 - Heap Overflow Date: 2025-11-05 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub:...