cypherdavy

3 exploits Active since Jan 2025
CVE-2025-69906 NOMISEC HIGH WRITEUP
Monstra Cms - Unrestricted File Upload
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution.
3 stars
CVSS 8.8
CVE-2024-57373 NOMISEC HIGH WRITEUP
LifestyleStore v1.0 - CSRF
Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 allows a remote attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to account modifications or data compromise.
3 stars
CVSS 8.1
CVE-2025-29722 NOMISEC MEDIUM WRITEUP
Yassmittal Commercify - CSRF
A CSRF vulnerability in Commercify v1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users. The issue exists due to missing CSRF protection on sensitive endpoints.
CVSS 6.3