Manjyot Singh

11 exploits Active since Sep 2023
CVE-2026-31151 WRITEUP CRITICAL WORKING POC
Kaleris YMS 7.2.2.1 - Auth Bypass
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
CVSS 9.8
CVE-2026-31153 WRITEUP MEDIUM WORKING POC
Bynder 0.1.394 - Stored XSS
A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 5.4
CVE-2023-36361 WRITEUP CRITICAL WORKING POC
Audimexee 14.1.7 - SQL Injection
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
CVSS 9.8
CVE-2024-56113 WRITEUP HIGH WORKING POC
Smart Toilet Lab - Motius <1.3.11 - Info Disclosure
Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.
CVSS 7.5
CVE-2024-56114 WRITEUP MEDIUM WORKING POC
Henkel Canlineapp - Incorrect Authorization
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account.
CVSS 6.5
CVE-2025-43949 WRITEUP CRITICAL WRITEUP
MuM MapEdit <24.2.3 - SQL Injection
MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server.
CVSS 9.8
CVE-2025-43950 WRITEUP HIGH WRITEUP
DPMAdirektPro 4.1.5 - Privilege Escalation
DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a directory (in the absence of a legitimate DLL), which is then loaded by the application instead of the legitimate DLL. This causes the malicious DLL to load with the same privileges as the application, thus causing a privilege escalation.
CVSS 7.8
CVE-2025-59684 WRITEUP HIGH WRITEUP
Digisigner One - Uncontrolled Search Path
DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.
CVSS 8.8
CVE-2025-59685 WRITEUP MEDIUM WRITEUP
Kazaar 1.25.12 - Info Disclosure
Kazaar 1.25.12 allows a JWT with none in the alg field.
CVSS 5.3
CVE-2025-59686 WRITEUP MEDIUM WORKING POC
Kazaar 1.25.12 - Path Traversal
Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.
CVSS 6.5
CVE-2025-59687 WRITEUP MEDIUM WORKING POC
IMPAQTR Aurora <1.36 - Info Disclosure
IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization.
CVSS 4.3