whotwagner

3 exploits Active since Feb 2023
CVE-2023-26035 METASPLOIT HIGH ruby WORKING POC
ZoneMinder < 1.36.33 - Unauthenticated Remote Code Execution via Snapshot Action
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
CVSS 7.2
CVE-2025-62368 METASPLOIT CRITICAL ruby WORKING POC
taiga-back < 6.9.0 - Remote Code Execution via Unsafe Deserialization
Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0.
CVSS 9.0
CVE-2023-26482 METASPLOIT CRITICAL ruby WORKING POC
Nextcloud Server <24.0.10 - Workflow Scope Validation Bypass to Code Execution
Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation.
CVSS 9.0