SajjadBnd

15 exploits Active since Feb 2026
CVE-2019-25708 EXPLOITDB MEDIUM text WORKING POC
Heatmiser Wifi Thermostat 1.7 Cross-Site Request Forgery
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent.
CVSS 4.3
CVE-2019-25706 EXPLOITDB HIGH text WORKING POC
Across DR-810 ROM-0 Unauthenticated File Disclosure
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.
CVSS 7.5
CVE-2019-25343 EXPLOITDB HIGH text WORKING POC
NextVPN 4.10 - Privilege Escalation
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification.
CVSS 7.8
CVE-2019-25334 EXPLOITDB MEDIUM python WORKING POC
Product Key Explorer 4.2.0.0 - Buffer Overflow
Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a specially crafted text file with repeated characters to trigger a buffer overflow when pasted into the registration name field, causing the application to crash.
CVSS 6.2
CVE-2019-25261 EXPLOITDB HIGH text WRITEUP
AnyDesk 5.4.0 - Path Traversal
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges.
CVSS 7.8
EIP-2026-117127 EXPLOITDB text WORKING POC
EmEditor 19.8 - Insecure File Permissions
EIP-2026-116096 EXPLOITDB python WORKING POC
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
EIP-2026-115974 EXPLOITDB python WORKING POC
Nsauditor 3.1.8.0 - 'Key' Denial of Service (PoC)
EIP-2026-115975 EXPLOITDB python WORKING POC
Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)
EIP-2026-115976 EXPLOITDB python WORKING POC
Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)
EIP-2026-116097 EXPLOITDB python WORKING POC
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
EIP-2026-113507 EXPLOITDB text WORKING POC
WordPress Core 5.3 - User Disclosure
EIP-2026-113112 EXPLOITDB python WORKING POC
Virtual Freer 1.58 - Remote Command Execution
EIP-2026-109600 EXPLOITDB text WORKING POC
MPC Sharj 3.11.1 - Arbitrary File Download
EIP-2026-107595 EXPLOITDB text WRITEUP
hits script 1.0 - 'item_name' SQL Injection