Mohamed Shahat (shiky8) - Security Researcher - Exploit Intelligence Platform

CVE-2025-63952 WRITEUP MEDIUM WORKING POC

Magewell Pro Convert <1.2.213 - CSRF

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

CVSS 5.7

View Code

CVE-2025-63953 WRITEUP MEDIUM WORKING POC

Magewell Pro Convert <1.2.213 - CSRF

A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

CVSS 6.5

View Code

CVE-2025-65228 WRITEUP LOW WRITEUP

R.V.R. Elettronica TLK302T Firmware 1.5.1799 - Stored Cross-Site Scripting

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller (firmware 1.5.1799).

CVSS 3.5

View Code

CVE-2025-65229 WRITEUP MEDIUM WRITEUP

Lyrion Music Server <= 9.0.3 - Authenticated Stored Cross-Site Scripting in Player Name Field

A stored cross-site scripting (XSS) vulnerability exists in the web interface of Lyrion Music Server <= 9.0.3. An authenticated user with access to Settings Player can save arbitrary HTML/JavaScript in the Player name field. That value is stored by the server and later rendered without proper output encoding on the Information (Player Info) tab, causing the script to execute in the context of any user viewing that page.

CVSS 4.6

View Code

CVE-2025-65230 WRITEUP MEDIUM WRITEUP

Barix Instreamer v04.05-v04.06 - Stored Cross-Site Scripting in Web UI Configuration Streaming Destination Input

Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting (XSS) vulnerability in the Web UI Configuration Streaming Destination input.

CVSS 5.4

View Code

CVE-2025-65231 WRITEUP MEDIUM WORKING POC

Barix Instreamer Firmware < 4.06 - Stored Cross-Site Scripting via CTS Close Command

Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting (XSS) in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page.

CVSS 6.1

View Code