daniele_m

30 exploits Active since Jan 2024
CVE-2023-42250 WRITEUP MEDIUM WRITEUP
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via Autocomplete Endpoint
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
CVSS 6.1
CVE-2023-52288 WRITEUP HIGH WRITEUP
flaskcode < 0.0.8 - Unauthenticated Path Traversal via /resource-data Endpoint
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files.
CVSS 7.5
CVE-2023-52289 WRITEUP HIGH WRITEUP
flaskcode < 0.0.8 - Unauthenticated Path Traversal and Arbitrary File Write via /update-resource-data Endpoint
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.
CVSS 7.5
CVE-2025-57563 WRITEUP MEDIUM WRITEUP
StarNet Communications Corporation FastX <4.1.51 - Path Traversal
A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files.
CVSS 6.5
CVE-2025-57618 WRITEUP HIGH WRITEUP
FastX3 <= 3.3.67 - Unauthenticated Path Traversal and Remote Code Execution
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as existing JTIs. With this information, an attacker can forge valid JWTs, impersonate the root user, and achieve remote code execution in privileged context via authenticated endpoints.
CVSS 7.3