Marven11

8 exploits Active since Jun 2024
CVE-2024-28397 NOMISEC MEDIUM WORKING POC
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
71 stars
CVSS 5.3
CVE-2024-39205 NOMISEC CRITICAL WORKING POC
pyload-ng v0.5.0b3.dev85 - Remote Code Execution via Crafted HTTP Request
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
17 stars
CVSS 9.8
CVE-2024-28397 NOMISEC MEDIUM WORKING POC
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
5 stars
CVSS 5.3
CVE-2025-55449 NOMISEC HIGH WORKING POC
AstrBotDevs AstrBot 3.5.15 - Auth Bypass
AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.
2 stars
CVSS 7.3
CVE-2024-39205 METASPLOIT CRITICAL ruby WORKING POC
pyload-ng v0.5.0b3.dev85 - Remote Code Execution via Crafted HTTP Request
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
CVSS 9.8
CVE-2025-55449 WRITEUP HIGH WORKING POC
AstrBotDevs AstrBot 3.5.15 - Auth Bypass
AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.
CVSS 7.3
CVE-2024-39205 WRITEUP CRITICAL WORKING POC
pyload-ng v0.5.0b3.dev85 - Remote Code Execution via Crafted HTTP Request
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
CVSS 9.8
CVE-2024-28397 METASPLOIT MEDIUM ruby WORKING POC
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
CVSS 5.3