Milad Karimi (Ex3ptionaL)

26 exploits Active since Apr 2022
CVE-2025-4664 NOMISEC MEDIUM WORKING POC
Google Chrome <136.0.7103.113 - Info Disclosure
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
13 stars
CVSS 4.3
CVE-2025-34499 EXPLOITDB MEDIUM text WRITEUP
AnyDesk 7.0.15,9.0.1 - Code Injection
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.
CVE-2024-0353 EXPLOITDB HIGH text WRITEUP
Eset Endpoint Antivirus < 8.1.2062.0 - Improper Privilege Management
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
CVSS 7.8
CVE-2024-0353 EXPLOITDB HIGH text WRITEUP
Eset Endpoint Antivirus < 8.1.2062.0 - Improper Privilege Management
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
CVSS 7.8
CVE-2023-54331 EXPLOITDB HIGH text WRITEUP
Outline 1.6.0 - Privilege Escalation
Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.
CVSS 7.8
EIP-2026-117928 EXPLOITDB text WRITEUP
SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
EIP-2026-117488 EXPLOITDB text WRITEUP
Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path
CVE-2024-21338 EXPLOITDB HIGH c WORKING POC
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-49138 EXPLOITDB HIGH c WORKING POC
Microsoft Windows 10 1507 < 10.0.10240.20857 - Heap Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-38193 EXPLOITDB HIGH WORKING POC
Windows Ancillary Function Driver - Privilege Escalation
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2023-29336 EXPLOITDB HIGH c WORKING POC
Win32k - Privilege Escalation
Win32k Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2025-21333 EXPLOITDB HIGH c WORKING POC
Microsoft Windows 10 21h2 < 10.0.19044.5371 - Heap Buffer Overflow
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVSS 7.8
EIP-2026-117730 EXPLOITDB text WRITEUP
Oracle Database 12c Release 1 - Unquoted Service Path
EIP-2026-114357 EXPLOITDB python SCANNER
Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload
EIP-2026-114299 EXPLOITDB python SCANNER
Wordpress Seotheme - Remote Code Execution Unauthenticated
EIP-2026-113580 EXPLOITDB text WORKING POC
Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
EIP-2026-113479 EXPLOITDB python WORKING POC
Wordpress Augmented-Reality - Remote Code Execution Unauthenticated
CVE-2023-2745 EXPLOITDB MEDIUM python WORKING POC
Wordpress < 4.1.38 - Path Traversal
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
CVSS 5.4
CVE-2022-4395 EXPLOITDB CRITICAL text WORKING POC
Membership For WooCommerce <2.1.7 - Unauthenticated RCE
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
CVSS 9.8
CVE-2021-25094 EXPLOITDB HIGH python WORKING POC
Tatsu Wordpress Plugin RCE
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
CVSS 8.1
CVE-2024-28000 EXPLOITDB CRITICAL python WORKING POC
WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
CVSS 9.8
CVE-2024-45440 EXPLOITDB MEDIUM python SCANNER
Drupal 11.x-dev - Info Disclosure
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
CVSS 5.3
CVE-2023-41425 EXPLOITDB MEDIUM python WORKING POC
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
CVSS 6.1
CVE-2025-25257 EXPLOITDB CRITICAL text WORKING POC
Fortinet FortiWeb - SQL Injection
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
CVSS 9.8
CVE-2024-4367 EXPLOITDB HIGH python WORKING POC
Mozilla Firefox < 115.11.0 - Improper Condition Check
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS 8.8