Poloss

6 exploits Active since Jan 2026
CVE-2026-23550 GITHUB CRITICAL python WORKING POC
Modular DS <= 2.5.1 - Incorrect Privilege Assignment
Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1.
10 stars
CVSS 9.8
CVE-2026-33868 NOMISEC MEDIUM SCANNER
Mastodon /web Encoded Slash - Open Redirect
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21, an unauthenticated Open Redirect vulnerability (CWE-601) exists in the `/web/*` route due to improper handling of URL-encoded path segments. An attacker can craft a specially encoded URL that causes the application to redirect users to an arbitrary external domain, enabling phishing attacks and potential OAuth credential theft. The issue occurs because URL-encoded slashes (`%2F`) bypass Rails path normalization and are interpreted as host-relative redirects. Versions 4.5.8, 4.4.15, and 4.3.21 patch the issue.
2 stars
CVSS 4.3
CVE-2026-0920 NOMISEC CRITICAL WORKING POC
LA-Studio Element Kit - Privilege Escalation
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site.
2 stars
CVSS 9.8
CVE-2026-11912 GITHUB HIGH python WORKING POC
Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action
The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete and modify files on the serve. This vulnerability is exploitable even when the administrator has not enabled the AllowFrontManage setting, because the is_admin() check unconditionally short-circuits the guard before that setting is evaluated.
1 stars
CVSS 7.5
CVE-2026-23550 NOMISEC CRITICAL WORKING POC
Modular DS <= 2.5.1 - Incorrect Privilege Assignment
Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1.
1 stars
CVSS 9.8
CVE-2026-9067 NOMISEC CRITICAL WORKING POC
Schema & Structured Data for WP & AMP < 1.60 - Unauthenticated Arbitrary Media Upload
The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos.
CVSS 9.1