Smarttfoxx

7 exploits Active since Dec 2017
CVE-2026-29923 NOMISEC HIGH WRITEUP
EnTech Taiwan PowerStrip <=3.90.736 - Privilege Escalation
The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures.
2 stars
CVSS 7.8
CVE-2025-45778 NOMISEC MEDIUM WRITEUP
The Language Sloth Web Application 1.0 - Stored Cross-Site Scripting via Description Text Field
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
2 stars
CVSS 6.1
CVE-2025-67261 NOMISEC MEDIUM WRITEUP
Abacre Retail Point of Sale 14.0.0.396 - Blind SQL Injection via Orders Search Function
Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page.
1 stars
CVSS 6.5
CVE-2025-67263 NOMISEC MEDIUM WRITEUP
Abacre Retail Point of Sale 14.0.0.396 - Stored Cross-Site Scripting in Clients Module Name and Surname Fields
Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS) vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these fields, which, persisted in the database.
1 stars
CVSS 6.1
CVE-2026-31431 GITHUB HIGH c WORKING POC
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
CVSS 7.8
CVE-2025-65320 NOMISEC HIGH WRITEUP
Abacre Restaurant Point of Sale < 15.0.0.1656 - Cleartext Storage of Sensitive Information in Memory
Abacre Restaurant Point of Sale (POS) up to 15.0.0.1656 are vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory during an activation attempt.
CVSS 7.5
CVE-2017-16921 NOMISEC HIGH WORKING POC
OTRS <6.0.1-4.0.26 - Command Injection
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
CVSS 8.8