Matei Josephs

7 exploits Active since Dec 2023
CVE-2023-48928 WRITEUP MEDIUM WRITEUP
Franklin Fueling Systems SSA <1.6.24.492 - Open Redirect
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
CVSS 6.1
CVE-2023-48929 WRITEUP CRITICAL WRITEUP
Franklin Fueling Systems SSA <1.6.24.492 - Privilege Escalation
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.
CVSS 9.8
CVE-2024-51431 WRITEUP CRITICAL WRITEUP
LB-LINK BL-WR1300H 1.0.4 - Use of Hard-coded Credentials
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
CVSS 9.8
CVE-2024-51432 WRITEUP MEDIUM WRITEUP
FiberHome HG6544C RP2743 - Stored Cross-Site Scripting via SSID Field
Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized
CVSS 4.8
CVE-2025-52358 WRITEUP MEDIUM WRITEUP
Vivaldi United Group iCONTROL+ Server - Stored Cross-Site Scripting via Error or Edit-Menu-Item Parameters
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's browser session.
CVSS 6.3
CVE-2025-55618 WRITEUP HIGH WRITEUP
Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d - XSS
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.
CVSS 7.3
CVE-2025-56463 WRITEUP MEDIUM WRITEUP
Mercusys MW305R < 3.30 - TLS Certificate Private Key Exposure
Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key disclosure.
CVSS 6.8