Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)

2 exploits Active since May 2024
CVE-2024-4358 NOMISEC CRITICAL WORKING POC
Telerik Report Server Auth Bypass and Deserialization RCE
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
CVSS 9.8
CVE-2024-6670 METASPLOIT CRITICAL ruby WORKING POC
WhatsUp Gold SQL Injection (CVE-2024-6670)
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVSS 9.8