Sina Kheirkhah (@SinSinology)

16 exploits Active since Aug 2023
CVE-2023-34039 NOMISEC CRITICAL WORKING POC
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
96 stars
CVSS 9.8
CVE-2024-1800 GITHUB CRITICAL python WORKING POC
Progress Telerik Report Server < 10.0.24.130 - Remote Code Execution via Insecure Deserialization
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
78 stars
CVSS 9.9
CVE-2024-4358 NOMISEC CRITICAL WORKING POC
Telerik Report Server Auth Bypass and Deserialization RCE
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
78 stars
CVSS 9.8
CVE-2025-61882 GITHUB CRITICAL python WORKING POC
Oracle Concurrent Processing 12.2.3-12.2.14 - Unauthenticated Takeover
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
54 stars
CVSS 9.8
CVE-2024-6670 NOMISEC CRITICAL WORKING POC
WhatsUp Gold SQL Injection (CVE-2024-6670)
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
35 stars
CVSS 9.8
CVE-2025-52691 NOMISEC CRITICAL SCANNER
SmarterMail < 100.0.9413 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
17 stars
CVSS 10.0
CVE-2025-2777 GITHUB CRITICAL python WORKING POC
SysAid On-Prem <= 23.3.40 - XML External Entity
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
12 stars
CVSS 9.3
CVE-2025-2776 GITHUB CRITICAL python WORKING POC
SysAid On-Prem <= 23.3.40 - XML External Entity
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
12 stars
CVSS 9.3
CVE-2025-2778 GITHUB python WORKING POC
Rejected
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
12 stars
CVE-2024-4883 NOMISEC CRITICAL WORKING POC
Progress WhatsUp Gold < 23.1.3 - Unauthenticated Remote Code Execution via NmApi.exe
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.
11 stars
CVSS 9.8
CVE-2026-41940 NOMISEC CRITICAL WORKING POC
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
2 stars
CVSS 9.8
CVE-2025-25252 GITHUB MEDIUM python WORKING POC
FortiOS SSL VPN <7.6.2, 7.4.6, 7.2.10, 7.0.16, 6.4 - Info Disclosure
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record.
2 stars
CVSS 4.8
CVE-2023-34039 NOMISEC CRITICAL WORKING POC
VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure
Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.
1 stars
CVSS 9.8
CVE-2026-41940 GITHUB CRITICAL go WORKING POC
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVSS 9.8
CVE-2024-8069 NOMISEC HIGH WORKING POC
Citrix Session Recording - Privilege Escalation
Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
CVSS 8.0
CVE-2025-64446 VULNCHECK_XDB CRITICAL WORKING POC
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
CVSS 9.8