yunaranyancat

22 exploits Active since Dec 2020
CVE-2025-55182 NOMISEC CRITICAL SCANNER
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
CVSS 10.0
CVE-2022-50947 EXPLOITDB MEDIUM text WORKING POC
WordPress Plugin Testimonial Slider and Showcase 2.2.6 Stored XSS
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title parameter. Attackers with editor privileges can inject JavaScript payloads through the testimonial title field that execute in the browsers of users viewing the draft post, enabling cookie theft and session hijacking.
CVSS 6.4
CVE-2022-50946 EXPLOITDB MEDIUM text WORKING POC
WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title parameter. Attackers with editor privileges can inject script payloads through the testimonial title field that execute in the browsers of other users viewing the draft post, enabling cookie theft and session hijacking.
CVSS 6.4
CVE-2020-35261 WRITEUP MEDIUM WORKING POC
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Restaurant Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
CVSS 5.4
CVE-2020-36550 WRITEUP MEDIUM WORKING POC
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Table Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.
CVSS 5.4
CVE-2020-36551 WRITEUP MEDIUM WORKING POC
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Item Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.
CVSS 5.4
CVE-2020-36552 WRITEUP MEDIUM WORKING POC
Multi Restaurant Table Reservation System 1.0 - Cross-Site Scripting via Made Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.
CVSS 5.4
CVE-2020-36553 WRITEUP MEDIUM WORKING POC
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Area Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.
CVSS 5.4
CVE-2020-28173 WRITEUP HIGH WORKING POC
Simple College Website 1.0 - Remote Code Execution via Image Upload in Admin Settings
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.
CVSS 7.2
CVE-2022-36194 WRITEUP MEDIUM WRITEUP
Centreon 22.04.0 - Stored Cross-Site Scripting via Broker Configuration Name Parameter
Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.
CVSS 5.4
CVE-2022-36669 WRITEUP CRITICAL WORKING POC
Hospital Information System 1.0 - SQL Injection
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVSS 9.8
CVE-2022-37137 WRITEUP MEDIUM WORKING POC
PayMoney 3.3 - Stored Cross-Site Scripting via Ticket Message Field
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function.
CVSS 5.4
CVE-2022-37140 WRITEUP HIGH WORKING POC
PayMoney 3.3 - Client-Side Remote Code Execution via Malicious RTF File Upload
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.
CVSS 8.0
CVE-2023-36630 WRITEUP HIGH WRITEUP
CloudPanel <2.3.1 - Privilege Escalation/Authentication Bypass
In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.
CVSS 8.8
CVE-2020-36983 EXPLOITDB HIGH text WRITEUP
Quick 'n Easy FTP Service 3.2 - RCE
Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured service binary path to inject malicious executables with elevated LocalSystem privileges during system boot or service restart.
CVSS 7.8
CVE-2020-36553 EXPLOITDB MEDIUM text WORKING POC
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Area Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.
CVSS 5.4
CVE-2020-36552 EXPLOITDB MEDIUM text WORKING POC
Multi Restaurant Table Reservation System 1.0 - Cross-Site Scripting via Made Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.
CVSS 5.4
CVE-2020-36551 EXPLOITDB MEDIUM text WORKING POC
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Item Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.
CVSS 5.4
CVE-2020-36550 EXPLOITDB MEDIUM text WORKING POC
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Table Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.
CVSS 5.4
CVE-2020-35261 EXPLOITDB MEDIUM text WORKING POC
Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Restaurant Name Field
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.
CVSS 5.4
CVE-2020-29284 EXPLOITDB CRITICAL text WORKING POC
Multi Restaurant Table Reservation System 1.0 - Unauthenticated SQL...
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
CVSS 9.8
EIP-2026-112081 EXPLOITDB python WORKING POC
Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution