Exploits

[remote] HTTP/2 2.0 - Denial Of Service (DOS)

HTTP/2 2.0 - Denial Of Service (DOS)

[local] Mbed TLS 3.6.4 - Use-After-Free

Mbed TLS 3.6.4 - Use-After-Free

[webapps] Concrete CMS 9.4.3 - Stored XSS

Concrete CMS 9.4.3 - Stored XSS

[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)

XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)

[webapps] ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection

ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection

[webapps] dotCMS 25.07.02-1 - Authenticated Blind SQL Injection

dotCMS 25.07.02-1 - Authenticated Blind SQL Injection

[webapps] Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)

Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)

[webapps] Tourism Management System 2.0 - Arbitrary Shell Upload

Tourism Management System 2.0 - Arbitrary Shell Upload

[remote] ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)

ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)

[remote] ClipBucket 5.5.0 - Arbitrary File Upload

ClipBucket 5.5.0 - Arbitrary File Upload

[local] Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of Privilege

Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of Privilege

[remote] Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell

Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell

[webapps] Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)

Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)

Oct 29Exploit Database

[webapps] Flowise 3.0.4 - Remote Code Execution (RCE)

Flowise 3.0.4 - Remote Code Execution (RCE)

Low

Oct 31Exploit Database

[webapps] phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)

phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)

[webapps] phpIPAM 1.6 - Reflected-Cross-Site Scripting (XSS)

phpIPAM 1.6 - Reflected-Cross-Site Scripting (XSS)

[webapps] Piwigo 13.6.0 - SQL Injection

Piwigo 13.6.0 - SQL Injection

[webapps] phpIPAM 1.5.1 - SQL Injection

phpIPAM 1.5.1 - SQL Injection

[webapps] phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)

phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)

[webapps] YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)

YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)

[webapps] openSIS Community Edition 8.0 - SQL Injection

openSIS Community Edition 8.0 - SQL Injection

[webapps] PluckCMS 4.7.10 - Unrestricted File Upload

PluckCMS 4.7.10 - Unrestricted File Upload

[webapps] RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)

RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)

[webapps] RosarioSIS 6.7.2 - Cross Site Scripting (XSS)

RosarioSIS 6.7.2 - Cross Site Scripting (XSS)

[webapps] phpMyAdmin 5.0.0 - SQL Injection

phpMyAdmin 5.0.0 - SQL Injection

[webapps] OpenRepeater 2.1 - OS Command Injection

OpenRepeater 2.1 - OS Command Injection

[webapps] phpIPAM 1.4 - SQL-Injection

phpIPAM 1.4 - SQL-Injection

[webapps] MobileDetect 2.8.31 - Cross-Site Scripting (XSS)

MobileDetect 2.8.31 - Cross-Site Scripting (XSS)

[webapps] phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)

phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)

[webapps] Django 5.1.13 - SQL Injection

Django 5.1.13 - SQL Injection

[webapps] MaNGOSWebV4 4.0.6 - Reflected XSS

MaNGOSWebV4 4.0.6 - Reflected XSS

[webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)

phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)

[webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)

phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)