Michal Biesiada

13 exploits Active since Oct 2025
CVE-2026-29856 WRITEUP HIGH WRITEUP
aaPanel 7.57.0 - Regular Expression Denial of Service in VirtualHost Configuration Parser
An issue in the VirtualHost configuration handling/parser component of aaPanel v7.57.0 allows attackers to cause a Regular Expression Denial of Service (ReDoS) via a crafted input.
CVSS 7.5
CVE-2026-29858 WRITEUP HIGH WRITEUP
aaPanel 7.57.0 - Local File Inclusion via Path Validation Bypass
A lack of path validation in aaPanel v7.57.0 allows attackers to execute a local file inclusion (LFI), leadingot sensitive information exposure.
CVSS 7.5
CVE-2026-29859 WRITEUP CRITICAL WRITEUP
aaPanel v7.57.0 - Arbitrary File Upload
An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS 9.8
CVE-2025-61514 WRITEUP MEDIUM WRITEUP
SageMath, Inc CoCalc <0d2ff58 - RCE
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 6.5
CVE-2025-67163 WRITEUP MEDIUM WRITEUP
Simple Machines Forum 2.1.6 - Stored Cross-Site Scripting via Forum Name Parameter
A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter.
CVSS 6.1
CVE-2025-67164 WRITEUP CRITICAL WRITEUP
Pagekit 1.0.18 - Authenticated Arbitrary File Upload and Remote Code Execution via /storage/poc.php
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS 9.9
CVE-2025-67165 WRITEUP CRITICAL WRITEUP
Pagekit CMS 1.0.18 - Insecure Direct Object Reference Privilege Escalation
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
CVSS 9.8
CVE-2025-67168 WRITEUP MEDIUM WRITEUP
RiteCMS 3.1.0 - Use of Password Hash With Insufficient Computational Effort
RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords.
CVSS 5.3
CVE-2025-67170 WRITEUP MEDIUM WRITEUP
RiteCMS 3.1.0 - Reflected Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.
CVSS 6.1
CVE-2025-67171 WRITEUP HIGH WRITEUP
RiteCMS 3.1.0 - Path Traversal in Templates Component
Incorrect access control in the /templates/ component of RiteCMS v3.1.0 allows attackers to access sensitive files via directory traversal.
CVSS 7.5
CVE-2025-67172 WRITEUP HIGH WRITEUP
RiteCMS v3.1.0 - Authenticated Remote Code Execution via parse_special_tags()
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.
CVSS 7.2
CVE-2025-67173 WRITEUP MEDIUM WRITEUP
RiteCMS 3.1.0 - Cross-Site Request Forgery in Page Creation/Editing Function
A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request.
CVSS 6.8
CVE-2025-67174 WRITEUP HIGH WRITEUP
RiteCMS 3.1.0 - Local File Inclusion via Directory Traversal in admin_language_file Parameter
A local file inclusion (LFI) vulnerability in RiteCMS v3.1.0 allows attackers to read arbitrary files on the host via a directory traversal in the admin_language_file and default_page_language_file in the admin.php component
CVSS 7.5