Michal Biesiada

13 exploits Active since Oct 2025
CVE-2026-29856 WRITEUP HIGH WRITEUP
aaPanel 7.57.0 - DoS
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.
CVSS 7.5
CVE-2026-29858 WRITEUP HIGH WRITEUP
aaPanel 7.57.0 - Path Traversal
A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.
CVSS 7.5
CVE-2026-29859 WRITEUP CRITICAL WRITEUP
aaPanel v7.57.0 - Arbitrary File Upload
An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS 9.8
CVE-2025-61514 WRITEUP MEDIUM WRITEUP
SageMath, Inc CoCalc <0d2ff58 - RCE
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 6.5
CVE-2025-67163 WRITEUP MEDIUM WRITEUP
Simplemachines Simple Machines Forum - XSS
A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter.
CVSS 6.1
CVE-2025-67164 WRITEUP CRITICAL WRITEUP
Pagekit - Code Injection
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS 9.9
CVE-2025-67165 WRITEUP CRITICAL WRITEUP
Pagekit - IDOR
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
CVSS 9.8
CVE-2025-67168 WRITEUP MEDIUM WRITEUP
RiteCMS v3.1.0 - Info Disclosure
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
CVSS 5.3
CVE-2025-67170 WRITEUP MEDIUM WRITEUP
Ritecms - XSS
A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
CVSS 6.1
CVE-2025-67171 WRITEUP HIGH WRITEUP
Ritecms - Path Traversal
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal.
CVSS 7.5
CVE-2025-67172 WRITEUP HIGH WRITEUP
Ritecms - Code Injection
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.
CVSS 7.2
CVE-2025-67173 WRITEUP MEDIUM WRITEUP
Ritecms - CSRF
A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.
CVSS 6.8
CVE-2025-67174 WRITEUP HIGH WRITEUP
Ritecms - Path Traversal
A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component
CVSS 7.5