daniele_m

30 exploits Active since Jan 2024
CVE-2023-42250 WRITEUP MEDIUM WRITEUP
Seling Visual Access Manager < 4.42.2 - XSS
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php.
CVSS 6.1
CVE-2023-52288 WRITEUP HIGH WRITEUP
Sujeetkv Flaskcode < 0.0.8 - Path Traversal
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files.
CVSS 7.5
CVE-2023-52289 WRITEUP HIGH WRITEUP
Sujeetkv Flaskcode < 0.0.8 - Path Traversal
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.
CVSS 7.5
CVE-2025-57563 WRITEUP MEDIUM WRITEUP
StarNet Communications Corporation FastX <4.1.51 - Path Traversal
A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files.
CVSS 6.5
CVE-2025-57618 WRITEUP HIGH WRITEUP
FastX3 <3.3.67 - Path Traversal
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as existing JTIs. With this information, an attacker can forge valid JWTs, impersonate the root user, and achieve remote code execution in privileged context via authenticated endpoints.
CVSS 7.3