Exploits & CVE's

Authored by Erdemstar WordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability. Change Mirror Download # Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site...

Authored by nu11secur1ty Kruxton version 1.0 suffers from a remote shell upload vulnerability. Change Mirror Download ## Title: kruxton-1.0-FileUpload-RCE## Author: nu11secur1ty## Date: 04/15/2024## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html## Reference: https://portswigger.net/web-security/file-upload## Description:The system setting...

Authored by kai6u Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the...

Authored by Jann Horn, Google Security Research PowerVR has a security issue where a writability check in PMRMMapPMR() does not clear VM_MAYWRITE.

Authored by Joseph Kwabena Fiagbor Terratec dmx_6fire USB version 1.23.0.02 suffers from an unquoted service path vulnerability. advisories | CVE-2024-31804 Change Mirror Download # Exploit Title: Terratec dmx_6fire USB - Unquoted Service...

Authored by Michael Werner | Site sec-consult.com The password of database connections in AWS Glue is loaded into the website when a connection's edit page is requested. Principals with appropriate...

Authored by Clement Cruchet An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code...

Authored by h00die | Site metasploit.com This Metasploit module creates a vsix file which can be installed in Visual Studio Code as an extension. At activation/install, the extension will execute...

Authored by dhteam Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice. Change Mirror Download # Nginx =< 1.25.5 $host...

Authored by Fire_Wolf The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell,...