Exploit Intelligence Platform

CVE-2018-25164 7.5 HIGH 1 PoC Analysis EPSS 0.00

EverSync 0.5 - Info Disclosure

EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application data and credentials.

CWE-552 Mar 06, 2026

CVE-2018-25163 8.2 HIGH 1 PoC Analysis EPSS 0.00

BitZoom 1.0 - SQL Injection

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to extract database schema information and table contents from the application database.

CWE-89 Mar 06, 2026

CVE-2018-25162 6.5 MEDIUM 1 PoC Analysis EPSS 0.00

2-Plan Team 1.0.4 - Authenticated RCE

2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files directory and executed by the web server for remote code execution.

CWE-434 Mar 06, 2026

CVE-2018-25161 8.2 HIGH 1 PoC Analysis EPSS 0.00

Warranty Tracking System 11.06.3 - SQL Injection

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements using UNION SELECT to extract sensitive database information including usernames, database names, and version details.

CWE-89 Mar 06, 2026

CVE-2026-29041 8.8 HIGH 2 PoCs Analysis EPSS 0.00

Chamilo <1.11.34 - Authenticated RCE

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequately validate file extensions or enforce safe server-side storage restrictions. As a result, an authenticated low-privileged user can upload a crafted file containing executable code and subsequently execute arbitrary commands on the server. This issue has been patched in version 1.11.34.

CWE-434 Mar 06, 2026

CVE-2026-28391 9.8 CRITICAL 1 PoC 1 Writeup Analysis EPSS 0.00

OpenClaw <2026.2.2 - Command Injection

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...% to execute unapproved commands beyond the allowlisted operations.

CWE-78 Mar 05, 2026

CVE-2026-26418 7.5 HIGH 1 PoC Analysis EPSS 0.00

TCS Cognix Recon Client 3.0 - Auth Bypass

Missing authentication and authorization in the web API of Tata Consultancy Services Cognix Recon Client v3.0 allows remote attackers to access application functionality without restriction via the network.

CWE-284 Mar 05, 2026

CVE-2026-26417 8.1 HIGH 1 PoC Analysis EPSS 0.00

TCS Cognix Recon Client 3.0 - Privilege Escalation

A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts via crafted requests.

CWE-284 Mar 05, 2026

CVE-2026-26416 8.8 HIGH 1 PoC Analysis EPSS 0.00

TCS Cognix Recon Client 3.0 - Privilege Escalation

An authorization bypass vulnerability in Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to escalate privileges across role boundaries via crafted requests.

CWE-269 Mar 05, 2026

CVE-2026-29000 10.0 CRITICAL 1 PoC Analysis EPSS 0.00

pac4j-jwt <4.5.9/5.7.9/6.3.3 - Auth Bypass

pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.

CWE-347 Mar 04, 2026

CVE-2026-20131 10.0 CRITICAL 3 PoCs Analysis EPSS 0.00

Cisco FMC - Deserialization

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced.

CWE-502 Mar 04, 2026

CVE-2026-20079 10.0 CRITICAL 3 PoCs Analysis EPSS 0.00

Cisco Secure FMC - Auth Bypass

A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

CWE-288 Mar 04, 2026

CVE-2019-25507 8.2 HIGH 1 PoC Analysis EPSS 0.00

Ashop Shopping Cart - SQL Injection

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection to extract sensitive database information.

CWE-89 Mar 04, 2026

CVE-2019-25506 8.2 HIGH 1 PoC Analysis EPSS 0.00

FreeSMS 2.1.2 - SQL Injection

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to /pages/crc_handler.php?method=login to authenticate as any known user and subsequently modify their password via the profile update function.

CWE-89 Mar 04, 2026

CVE-2019-25505 7.1 HIGH 1 PoC Analysis EPSS 0.00

Tradebox 5.4 - SQL Injection

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly_deposit endpoint with malicious symbol values using boolean-based blind, time-based blind, error-based, or union-based SQL injection techniques to extract sensitive database information.

CWE-89 Mar 04, 2026

CVE-2019-25504 8.2 HIGH 1 PoC Analysis EPSS 0.00

NCrypted Jobgator - SQL Injection

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. Attackers can send POST requests to the agents Find-Jobs endpoint with malicious experience values to extract sensitive database information.

CWE-89 Mar 04, 2026

CVE-2019-25503 7.1 HIGH 1 PoC Analysis EPSS 0.00

PHPads 2.0 - SQL Injection

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name.

CWE-89 Mar 04, 2026

CVE-2019-25502 6.1 MEDIUM 1 PoC Analysis EPSS 0.00

Simple Job Script - XSS

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.

CWE-79 Mar 04, 2026

CVE-2019-25501 8.2 HIGH 1 PoC Analysis EPSS 0.00

Simple Job Script - SQL Injection

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST requests to delete_application_ajax.php with crafted payloads to extract sensitive data, bypass authentication, or modify database contents.

CWE-89 Mar 04, 2026

CVE-2019-25500 8.2 HIGH 1 PoC Analysis EPSS 0.00

Simple Job Script - SQL Injection

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to extract sensitive data or modify database contents.

CWE-89 Mar 04, 2026

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps