iSee857

106 exploits Active since Mar 2024
CVE-2024-53544 GITHUB CRITICAL python WORKING POC
NovaCHRON Smart Time Plus <8.6 - SQL Injection
NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the getCookieNames method in the smarttimeplus/MySQLConnection endpoint.
40 stars
CVSS 9.8
CVE-2025-2266 GITHUB CRITICAL python WORKING POC
Checkout Mestres do WP for WooCommerce <8.7.5 - Privilege Escalation
The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
40 stars
CVSS 9.8
CVE-2025-2294 GITHUB CRITICAL python WORKING POC
Kubio AI Page Builder <2.5.1 - Local File Inclusion
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
40 stars
CVSS 9.8
CVE-2025-26319 GITHUB CRITICAL python WORKING POC
FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.
40 stars
CVSS 9.8
CVE-2025-20188 GITHUB CRITICAL python WORKING POC
Cisco IOS XE - Unauthenticated Arbitrary File Upload and Remote Code Execution via Hard-coded JWT
A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.
40 stars
CVSS 10.0
CVE-2024-11305 GITHUB MEDIUM python WORKING POC
Altenergy Power Control Software <20241108 - SQL Injection
A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
40 stars
CVSS 6.3
CVE-2025-1338 GITHUB HIGH python WORKING POC
NUUO Camera <20250203 - Command Injection
A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
40 stars
CVSS 7.3
CVE-2024-3273 GITHUB HIGH python WORKING POC
D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L - OS Command Injection via nas_sharing.cgi System Parameter
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
40 stars
CVSS 7.3
CVE-2024-52295 GITHUB CRITICAL python WORKING POC
DataEase < 2.10.2 - Use of Hard-coded Credentials for JWT Forgery
DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2.
40 stars
CVSS 9.8
CVE-2025-49001 GITHUB CRITICAL python WORKING POC
DataEase < 2.10.10 - Improper Authentication via JWT Secret Bypass
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.10, secret verification does not take effect successfully, so a user can use any secret to forge a JWT token. The vulnerability has been fixed in v2.10.10. No known workarounds are available.
40 stars
CVSS 9.8
CVE-2024-57241 GITHUB MEDIUM python WORKING POC
dedecms 5.71sp1 - URL Redirection via GET Request
Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error does not judge the input GET request resulting in URL redirection.
40 stars
CVSS 6.5
CVE-2025-56520 GITHUB MEDIUM python WORKING POC
Dify 1.6.0 RemoteFileUploadApi - Server-Side Request Forgery
Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720.
40 stars
CVSS 5.3
CVE-2025-0868 GITHUB CRITICAL python WORKING POC
DocsGPT 0.8.1-0.12.0 - Remote Code Execution via /api/remote Endpoint
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0.
40 stars
CVE-2025-26793 GITHUB CRITICAL python WORKING POC
FREEDOM Administration - Default Login
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents' PII. NOTE: the Supplier's perspective is that the "vulnerable systems are not following manufacturers' recommendations to change the default password."
40 stars
CVE-2024-9264 GITHUB CRITICAL python WORKING POC
Grafana 11.0.0-11.0.5 - Authenticated Command Injection via DuckDB SQL Expressions
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
40 stars
CVSS 9.9
CVE-2024-8963 GITHUB CRITICAL python WORKING POC
Ivanti Endpoint Manager Cloud Services Appliance - Unauthenticated Path Traversal
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
40 stars
CVSS 9.4
CVE-2025-4428 GITHUB HIGH python WORKING POC
Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
40 stars
CVSS 7.2
CVE-2025-4427 GITHUB MEDIUM python WORKING POC
Ivanti Endpoint Manager Mobile <= 12.5.0.0 - Unauthenticated Authentication Bypass via API
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
40 stars
CVSS 5.3
CVE-2025-0392 GITHUB MEDIUM python WORKING POC
Guangzhou Huayi Intelligent Technology Jeewms < 2025-01-01 - SQL Injection via datagridGraph Function
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.
40 stars
CVSS 6.3
CVE-2024-48307 GITHUB CRITICAL python WORKING POC
JeecgBoot 3.7.1 - SQL Injection via /onlDragDatasetHead/getTotalData
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.
40 stars
CVSS 9.8
CVE-2025-10090 GITHUB HIGH python WORKING POC
Jinher OA < 1.2 - SQL Injection via ID Parameter in GetTreeDate.aspx
A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
40 stars
CVSS 7.3
CVE-2025-22214 GITHUB MEDIUM python WORKING POC
Landray EIS 2001-2006 - SQL Injection via Message/fi_message_receiver.aspx replyid Parameter
Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.
40 stars
CVSS 4.3
CVE-2025-3248 GITHUB CRITICAL python WORKING POC
Langflow AI - Unauthenticated Remote Code Execution
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
40 stars
CVSS 9.8
CVE-2025-8345 GITHUB MEDIUM python WORKING POC
Lingdang CRM < 8.6.5.2 - SQL Injection via yunzhijiaApi.php delete_user Function
A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this vulnerability is the function delete_user of the file crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. The manipulation of the argument function leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.6.5.2 is able to address this issue. It is recommended to upgrade the affected component.
40 stars
CVSS 6.3
CVE-2025-61884 GITHUB HIGH python WORKING POC
Oracle Configurator 12.2.3-12.2.14 - Unauthenticated CRLF Injection via Runtime UI
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
40 stars
CVSS 7.5