Eren Simsek - Security Researcher - Exploit Intelligence Platform

CVE-2026-5300 WRITEUP MEDIUM WRITEUP

Missing Authentication for Critical Function in coolercontrold

Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests

CVSS 5.9

View Code

CVE-2026-5302 WRITEUP MEDIUM WRITEUP

Permissive Cross-domain Policy with Untrusted Domains in coolercontrold

CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites

CVSS 6.3

View Code

CVE-2026-5208 WRITEUP HIGH WRITEUP

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold

Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names

CVSS 8.2

View Code

EIP-2026-105552 EXPLOITDB ruby WORKING POC

Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit)

View Code