Exploit-DB Updates

[remote] Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure

Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure

Exploit-DB Updates

[webapps] Gandia Integra Total 4.4.2236.1 - SQL Injection

Gandia Integra Total 4.4.2236.1 - SQL Injection

Exploit-DB Updates

[webapps] Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)

Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] LPAR2RRD 8.04 - Remote Code Execution (RCE)

LPAR2RRD 8.04 - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] Swagger UI 1.0.3 - Cross-Site Scripting (XSS)

Swagger UI 1.0.3 - Cross-Site Scripting (XSS)

Exploit-DB Updates

[webapps] Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation

Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation

Exploit-DB Updates

[local] Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)

Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)

Exploit-DB Updates

[local] Linux PAM Environment - Variable Injection Local Privilege Escalation

Linux PAM Environment - Variable Injection Local Privilege Escalation

Exploit-DB Updates

[webapps] Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)

Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)

Exploit-DB Updates

[webapps] Adobe ColdFusion 2023.6 - Remote File Read

Adobe ColdFusion 2023.6 - Remote File Read

Exploit-DB Updates

[webapps] Invision Community 4.7.20 - (calendar/view.php) SQL Injection

Invision Community 4.7.20 - (calendar/view.php) SQL Injection

Exploit-DB Updates

[webapps] XWiki 14 - SQL Injection via getdeleteddocuments.vm

XWiki 14 - SQL Injection via getdeleteddocuments.vm

Exploit-DB Updates

[dos] Xlight FTP 1.1 - Denial Of Service (DOS)

Xlight FTP 1.1 - Denial Of Service (DOS)

Exploit-DB Updates

[remote] Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)

Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)

Exploit-DB Updates

[remote] Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow

Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow

Exploit-DB Updates

[webapps] Joomla JS Jobs plugin 1.4.2 - SQL injection

Joomla JS Jobs plugin 1.4.2 - SQL injection

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username

Exploit-DB Updates

[webapps] Discourse 3.1.1 - Unauthenticated Chat Message Access

Discourse 3.1.1 - Unauthenticated Chat Message Access

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Personal Canned Messages

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Personal Canned Messages

Exploit-DB Updates

[webapps] Simple File List WordPress Plugin 4.2.2 - File Upload to RCE

Simple File List WordPress Plugin 4.2.2 - File Upload to RCE

Exploit-DB Updates

[webapps] Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE

Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field

Exploit-DB Updates

[webapps] LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function

Exploit-DB Updates

[local] Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges

Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of Privileges

Exploit-DB Updates

[webapps] Langflow 1.2.x - Remote Code Execution (RCE)

Langflow 1.2.x - Remote Code Execution (RCE)

Exploit-DB Updates

[hardware] TOTOLINK N300RB 8.54 - Command Execution

TOTOLINK N300RB 8.54 - Command Execution

Exploit-DB Updates

[webapps] SugarCRM 14.0.0 - SSRF/Code Injection

SugarCRM 14.0.0 - SSRF/Code Injection

Exploit-DB Updates

[remote] MikroTik RouterOS 7.19.1 - Reflected XSS

MikroTik RouterOS 7.19.1 - Reflected XSS

Exploit-DB Updates

[webapps] White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)

White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)

Exploit-DB Updates

[webapps] PivotX 3.0.0 RC3 - Remote Code Execution (RCE)

PivotX 3.0.0 RC3 - Remote Code Execution (RCE)

Exploit-DB Updates

[local] Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege

Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege

Exploit-DB Updates

[remote] NodeJS 24.x - Path Traversal

NodeJS 24.x - Path Traversal

Exploit-DB Updates

[remote] Keras 2.15 - Remote Code Execution (RCE)

Keras 2.15 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] WP Publications WordPress Plugin 1.2 - Stored XSS

WP Publications WordPress Plugin 1.2 - Stored XSS

Exploit-DB Updates

[webapps] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover

Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover

Exploit-DB Updates

[remote] Microsoft PowerPoint 2019 - Remote Code Execution (RCE)

Microsoft PowerPoint 2019 - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)

ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)

Exploit-DB Updates

[local] Sudo chroot 1.9.17 - Local Privilege Escalation

Sudo chroot 1.9.17 - Local Privilege Escalation

Exploit-DB Updates

[local] Sudo 1.9.17 Host Option - Elevation of Privilege

Sudo 1.9.17 Host Option - Elevation of Privilege

Exploit-DB Updates

[local] Microsoft Defender for Endpoint (MDE) - Elevation of Privilege

Microsoft Defender for Endpoint (MDE) - Elevation of Privilege

Exploit-DB Updates

[remote] Microsoft Outlook - Remote Code Execution (RCE)

Microsoft Outlook - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Discourse 3.2.x - Anonymous Cache Poisoning

Discourse 3.2.x - Anonymous Cache Poisoning

Exploit-DB Updates

[remote] Microsoft SharePoint 2019 - NTLM Authentication

Microsoft SharePoint 2019 - NTLM Authentication

Exploit-DB Updates

[remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)

Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)

Exploit-DB Updates

[remote] gogs 0.13.0 - Remote Code Execution (RCE)

gogs 0.13.0 - Remote Code Execution (RCE)

Exploit-DB Updates

[webapps] Moodle 4.4.0 - Authenticated Remote Code Execution

Moodle 4.4.0 - Authenticated Remote Code Execution

Exploit-DB Updates

[webapps] Sitecore 10.4 - Remote Code Execution (RCE)

Sitecore 10.4 - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information

McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information

Exploit-DB Updates

[webapps] Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)

Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)

PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)

Exploit-DB Updates

[remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)

OneTrust SDK 6.33.0 - Denial Of Service (DoS)

Exploit-DB Updates

[webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)

Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] freeSSHd 1.0.9 - Denial of Service (DoS)

freeSSHd 1.0.9 - Denial of Service (DoS)

Exploit-DB Updates

[remote] Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)

Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse

FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse

Exploit-DB Updates

[local] Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)

Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)

Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)

Exploit-DB Updates

[remote] WebDAV Windows 10 - Remote Code Execution (RCE)

WebDAV Windows 10 - Remote Code Execution (RCE)