Leo Georget

10 exploits Active since Sep 2023
CVE-2026-31151 WRITEUP CRITICAL WORKING POC
Kaleris YMS 7.2.2.1 - Auth Bypass
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
CVSS 9.8
CVE-2026-31153 WRITEUP MEDIUM WORKING POC
Bynder 0.1.394 - Stored XSS
A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 5.4
CVE-2023-36361 WRITEUP CRITICAL WORKING POC
Audimexee 14.1.7 - SQL Injection
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
CVSS 9.8
CVE-2024-51162 WRITEUP HIGH WORKING POC
Audimex EE <15.1.20 - Privilege Escalation
An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility upon password hashes of any user, ongoing audit data and more.
CVSS 8.8
CVE-2025-43949 WRITEUP CRITICAL WRITEUP
MuM MapEdit <24.2.3 - SQL Injection
MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server.
CVSS 9.8
CVE-2025-43950 WRITEUP HIGH WRITEUP
DPMAdirektPro 4.1.5 - Privilege Escalation
DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a directory (in the absence of a legitimate DLL), which is then loaded by the application instead of the legitimate DLL. This causes the malicious DLL to load with the same privileges as the application, thus causing a privilege escalation.
CVSS 7.8
CVE-2025-59684 WRITEUP HIGH WRITEUP
Digisigner One - Uncontrolled Search Path
DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.
CVSS 8.8
CVE-2025-59685 WRITEUP MEDIUM WRITEUP
Kazaar 1.25.12 - Info Disclosure
Kazaar 1.25.12 allows a JWT with none in the alg field.
CVSS 5.3
CVE-2025-59686 WRITEUP MEDIUM WORKING POC
Kazaar 1.25.12 - Path Traversal
Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.
CVSS 6.5
CVE-2025-59687 WRITEUP MEDIUM WORKING POC
IMPAQTR Aurora <1.36 - Info Disclosure
IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization.
CVSS 4.3