Alexandre ZANNI (noraj) - Security Researcher - Exploit Intelligence Platform

CVE-2019-25137 WRITEUP HIGH WORKING POC

Umbraco CMS <7.15.10 - Authenticated RCE

Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.

CVSS 7.2

View Code

CVE-2025-47228 EXPLOITDB MEDIUM python WORKING POC

Netmake ScriptCase <9.12.006 - Command Injection

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.

CVSS 6.7

View Code

EIP-2026-100666 EXPLOITDB python WORKING POC

Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)

View Code