Imraan Khan (Lich-Sec)

2 exploits Active since May 2025
CVE-2025-41228 EXPLOITDB MEDIUM text WRITEUP
VMware vCenter Server 8.0-8.0 U3e and Cloud Foundation 4.5.x-5.x - Reflected Cross-Site Scripting
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.
CVSS 4.3
CVE-2025-44177 EXPLOITDB HIGH text WORKING POC
White Star Software Protop 4.4.2-2024-11-27 - Unauthenticated Path Traversal via /pt3upd/ Endpoint
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
CVSS 8.2