Rahul Kadavil

12 exploits Active since Sep 2023
CVE-2026-31151 WRITEUP CRITICAL WORKING POC
Kaleris YMS 7.2.2.1 - Auth Bypass
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
CVSS 9.8
CVE-2026-31153 WRITEUP MEDIUM WORKING POC
Bynder 0.1.394 - Stored XSS
A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 5.4
CVE-2023-36361 WRITEUP CRITICAL WORKING POC
Audimexee 14.1.7 - SQL Injection
Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter.
CVSS 9.8
CVE-2024-51163 WRITEUP HIGH WORKING POC
Vegam Solutions Vegam 4i <6.3.47.0 - Info Disclosure
A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information.
CVSS 7.5
CVE-2024-51163 WRITEUP HIGH WORKING POC
Vegam Solutions Vegam 4i <6.3.47.0 - Info Disclosure
A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information.
CVSS 7.5
CVE-2025-43949 WRITEUP CRITICAL WRITEUP
MuM MapEdit <24.2.3 - SQL Injection
MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server.
CVSS 9.8
CVE-2025-43950 WRITEUP HIGH WRITEUP
DPMAdirektPro 4.1.5 - Privilege Escalation
DPMAdirektPro 4.1.5 is vulnerable to DLL Hijacking. It happens by placing a malicious DLL in a directory (in the absence of a legitimate DLL), which is then loaded by the application instead of the legitimate DLL. This causes the malicious DLL to load with the same privileges as the application, thus causing a privilege escalation.
CVSS 7.8
CVE-2025-59684 WRITEUP HIGH WRITEUP
Digisigner One - Uncontrolled Search Path
DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.
CVSS 8.8
CVE-2025-59685 WRITEUP MEDIUM WRITEUP
Kazaar 1.25.12 - Info Disclosure
Kazaar 1.25.12 allows a JWT with none in the alg field.
CVSS 5.3
CVE-2025-59686 WRITEUP MEDIUM WORKING POC
Kazaar 1.25.12 - Path Traversal
Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.
CVSS 6.5
CVE-2025-59687 WRITEUP MEDIUM WORKING POC
IMPAQTR Aurora <1.36 - Info Disclosure
IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization.
CVSS 4.3
CVE-2025-59797 WRITEUP MEDIUM WRITEUP
Profession Fit 5.0.99 Build 44910 - Auth Bypass
Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page.
CVSS 5.8