# Exploit Title: ERPNext 14.82.1 – Account Takeover via Cross-Site Request Forgery (CSRF) # Google Dork: inurl:”/api/method/frappe” # Date: 2025-04-29 # Exploit Author: Ahmed Thaiban (Thvt0ne) # Vendor Homepage: https://erpnext.com # Software Link: https://github.com/frappe/erpnext # Version: <= 14.82.1, 14.74.3 (Tested) # Tested on: Linux (Ubuntu 20.04), Chrome, Firefox. # CVE : CVE-2025-28062 # Category: WebApps …
[This is a Guest Diary by Michal Ambrozkiewicz, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1].] On April 29, 2025, my Raspberry Pi-based Cowrie SSH honeypot captured a sophisticated attack campaign targeting Linux systems. This wasn’t just another automated scanner – the logs reveal a multi-stage attack…
# Exploit Title: Grokability Snipe-IT 8.0.4 – Insecure Direct Object Reference (IDOR) # Google Dork: N/A # Date: 2025-05-02 # Exploit Author: Sn1p3r-H4ck3r (Siripong Jintung) # Vendor Homepage: https://snipeitapp.com # Software Link: https://github.com/grokability/snipe-it # Version: <= 8.0.4 # Tested on: Ubuntu 22.04 LTS, Apache2 + MySQL + PHP 8.1 # CVE: CVE-2025-47226 # Vulnerability…
# Exploit Title: Apache ActiveMQ 6.1.6 – Denial of Service (DOS) # Date: 2025-05-9 # Exploit Author: [Abdualhadi khalifa (https://x.com/absholi7ly/) # Github: https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ # CVE: CVE-2025-27533 import socket import struct import time import datetime import threading import requests import argparse import random from colorama import init, Fore from tabulate import tabulate from tqdm…
# Exploit Title: VirtualBox 7.0.16 – Privilege Escalation # Date: 2025-05-06 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Tested on: Win x64 # CVE : CVE-2024-21111 #include #include #include #include #include #include #include #include “resource.h” #include “def.h” #include “FileOplock.h” #pragma…
# Exploit Title: SureTriggers OttoKit Plugin 1.0.82 – Privilege Escalation # Date: 2025-05-7 # Exploit Author: [Abdualhadi khalifa (https://x.com/absholi7ly/) # Affected: Versions All versions of OttoKit (SureTriggers) ≤ 1.0.82. Conditions for Exploitation The vulnerability can be exploited under the following circumstances: 1. OttoKit must be installed and activated on the…
# Exploit Title: WordPress Depicter Plugin 3.6.1 – SQL Injection # Google Dork: inurl:/wp-content/plugins/depicter/ # Date: 2025-05-06 # Exploit Author: Andrew Long (datagoboom) # Vendor Homepage: https://wordpress.org/plugins/depicter/ # Software Link: https://downloads.wordpress.org/plugin/depicter.3.6.1.zip # Version: <= 3.6.1 # Tested on: WordPress 6.x # CVE: CVE-2025-2011 # Description: # The Slider & Popup Builder by Depicter plugin…
# Exploit Title: Microsoft Windows 11 Pro 23H2 – Ancillary Function Driver for WinSock Privilege Escalation # Date: 2025-05-05 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Tested on: Win x64 # CVE : CVE-2024-38193 #pragma once #include “ntstatus.h” #include “Windows.h” #include #pragma comment(lib, “ntdll.lib”) …
/* * Exploit Title: TP-Link VN020 F3v(T) TT_V6.2.1021) – DHCP Stack Buffer Overflow * Date: 10/20/2024 * Exploit Author: Mohamed Maatallah * Vendor Homepage: https://www.tp-link.com * Version: TT_V6.2.1021 (VN020-F3v(T)) * Tested on: VN020-F3v(T) Router (Hardware Version 1.0) * CVE: CVE-2024-11237 * Category: Remote * Technical Details: * —————– * – Triggers multiple memory corruption…
# Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 – Privilege Escalation # Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ # Date: 2025-05-12 # Exploit Author: Md Shoriful Islam (RootHarpy) # Vendor Homepage: https://wordpress.org/plugins/frontend-login-and-registration-blocks/ # Software Link: https://downloads.wordpress.org/plugin/frontend-login-and-registration-blocks.1.0.7.zip # Version: <= 1.0.7 # Tested on: Ubuntu 22.04 + WordPress 6.5.2 # CVE : CVE-2025-3605 import requests …
