Rahul Sreenivasan (Tr0j4n)

47 exploits Active since Mar 2025
CVE-2026-2898 GITHUB MEDIUM python WORKING POC
funadmin <7.1.0-rc4 - Deserialization
A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the argument cloud_account results in deserialization. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
10 stars
CVSS 5.5
CVE-2025-10042 GITHUB MEDIUM python WORKING POC
Quiz Maker < 6.7.0.56 - Unauthenticated SQL Injection via Spoofed IP Headers
The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This is only exploitable in configurations where the server is set up to retrieve the IP from a user-supplied field like `X-Forwarded-For` and limit users by IP is enabled.
10 stars
CVSS 5.9
CVE-2025-14174 GITHUB HIGH python WORKING POC
Google Chrome <143.0.7499.110 - Memory Corruption
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
10 stars
CVSS 8.8
CVE-2025-15556 GITHUB HIGH python WORKING POC
Notepad++ < 8.8.9 - Download of Code Without Integrity Check in WinGUp Updater
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user.
10 stars
CVSS 7.5
CVE-2025-2304 GITHUB CRITICAL python WORKING POC
Camaleon CMS < 2.9.1 - Privilege Escalation via Mass Assignment in UsersController
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
10 stars
CVE-2025-32463 GITHUB CRITICAL python WORKING POC
Sudo <1.9.17p1 - Privilege Escalation
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
10 stars
CVSS 9.3
CVE-2025-4606 GITHUB CRITICAL python WORKING POC
Uxper Sala - Startup & SaaS WordPress Theme <=1.1.4 - Privilege Escalation via Account Takeover
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
10 stars
CVSS 9.8
CVE-2025-47812 GITHUB CRITICAL python WORKING POC
Wing FTP Server NULL-byte Authentication Bypass (CVE-2025-47812)
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
10 stars
CVSS 10.0
CVE-2025-49132 GITHUB CRITICAL python WORKING POC
Pterodactyl Panel < 1.11.11 - Unauthenticated Remote Code Execution via Locale Endpoint
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
10 stars
CVSS 10.0
CVE-2025-5419 GITHUB HIGH python WORKING POC
Google Chrome < 137.0.7151.68 - Out-of-bounds Read and Write in V8
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
10 stars
CVSS 8.8
CVE-2025-54424 GITHUB HIGH python WORKING POC
1Panel < 2.0.6 - Remote Code Execution via Incomplete Certificate Verification
1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.
10 stars
CVSS 8.1
CVE-2025-55182 GITHUB CRITICAL python WORKING POC
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
10 stars
CVSS 10.0
CVE-2025-61183 GITHUB MEDIUM python WORKING POC
vaahcms 2.3.1 - Cross-Site Scripting via UserBase.php storeAvatar() Upload Method
Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar() method of UserBase.php
10 stars
CVSS 6.1
CVE-2025-61882 GITHUB CRITICAL python WORKING POC
Oracle Concurrent Processing 12.2.3-12.2.14 - Unauthenticated Takeover
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
10 stars
CVSS 9.8
CVE-2025-8110 GITHUB HIGH python WORKING POC
Gogs < 0.13.3 - Local Code Execution via PutContents API Symbolic Link Handling
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
10 stars
CVSS 8.8
CVE-2026-0745 GITHUB MEDIUM python WORKING POC
User Language Switch <1.6.10 - SSRF
The User Language Switch plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.10 due to missing URL validation on the 'download_language()' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
10 stars
CVSS 5.5
CVE-2026-1337 GITHUB MEDIUM python WORKING POC
Neo4j < 2026.01 - Cross-Site Scripting via Query Log Unicode Character Escaping
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01. Proof of concept exploit:  https://github.com/JoakimBulow/CVE-2026-1337
10 stars
CVSS 5.4
CVE-2026-1357 GITHUB CRITICAL python WORKING POC
WPvivid Backup & Migration <0.9.123 - Unauthenticated RCE
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter.
10 stars
CVSS 9.8
CVE-2026-1490 GITHUB CRITICAL python WORKING POC
CleanTalk Spam Protection <= 6.71 - Unauthenticated Arbitrary Plugin Installation via DNS Spoofing
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Note: This is only exploitable on sites with an invalid API key.
10 stars
CVSS 9.8
CVE-2026-1729 GITHUB CRITICAL python WORKING POC
AdForest theme <6.0.12 - Auth Bypass
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
10 stars
CVSS 9.8
CVE-2026-1731 GITHUB CRITICAL python WORKING POC
BeyondTrust Privileged Remote Access < 25.1 and Remote Support < 25.3.2 - Unauthenticated Remote Code Execution
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
10 stars
CVSS 9.8
CVE-2026-1862 GITHUB HIGH python WORKING POC
Google Chrome <144.0.7559.132 - Heap Corruption
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
10 stars
CVSS 8.8
CVE-2026-1953 GITHUB HIGH python WORKING POC
Nukegraphic CMS 3.1.2 - Authenticated Stored Cross-Site Scripting in User Profile Name Field
Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vulnerability in the user profile edit functionality at /ngc-cms/user-edit-profile.php. The application fails to properly sanitize user input in the name field before storing it in the database and rendering it across multiple CMS pages. An authenticated attacker with low privileges can inject malicious JavaScript payloads through the profile edit request, which are then executed site-wide whenever the affected user's name is displayed. This allows the attacker to execute arbitrary JavaScript in the context of other users' sessions, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of victims.
10 stars
CVE-2026-20404 GITHUB MEDIUM python WORKING POC
MediaTek Modem - Input Validation Denial of Service
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.
10 stars
CVSS 6.5
CVE-2026-2113 GITHUB HIGH python WORKING POC
yuan1994 tpadmin <1.3.12 - Deserialization
A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
10 stars
CVSS 7.3