Vulnerabilities Database - CXSecurity.com

Linux Kernel mseal Invariant Violation (Linux kernel 6.17-7.0 rc5)

Antonius — Sat, 04 Apr 2026 16:01:28 +0000

Topic: Linux Kernel mseal Invariant Violation (Linux kernel 6.17-7.0 rc5) Risk: High Text:Title : CVE-2026-23416 - Linux Kernel mseal Invariant Violation (Linux kernel 6.17-7.0 rc5) Exploit Poc : https://github.com...

astrojs/vercel < = 10.0.0 - Unauthenticated x-astro-path Header Path Override

Mohammed Idrees Banyamer — Fri, 03 Apr 2026 20:23:39 +0000

Topic: astrojs/vercel < = 10.0.0 - Unauthenticated x-astro-path Header Path Override Risk: Medium Text:#!/usr/bin/env python3 # Exploit Title: @astrojs/vercel < = 10.0.0 - Unauthenticated x-astro-path Header Path Override ...

Microsoft SQL Server Privilege Elevation Through

Emad Al-Mousa — Fri, 03 Apr 2026 20:23:17 +0000

Topic: Microsoft SQL Server Privilege Elevation Through Risk: Medium Text:Title: Microsoft SQL Server Privilege Elevation Through ##MS_DatabaseManager## Role [CVE-2025-24999] Product: Database Manufa...

FreeScout Unauthenticated RCE via ZWSP .htaccess Bypass

offensiveee — Tue, 31 Mar 2026 19:40:02 +0000

Topic: FreeScout Unauthenticated RCE via ZWSP .htaccess Bypass Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...

Wavlink WL-WN579X3-C firewall.cgi UPNP Stack-based Buffer Overflow

Mohammed Idrees Banyamer — Tue, 31 Mar 2026 19:38:48 +0000

Topic: Wavlink WL-WN579X3-C firewall.cgi UPNP Stack-based Buffer Overflow Risk: Medium Text:# Exploit Title: Wavlink WL-WN579X3-C firewall.cgi UPNP Stack-based Buffer Overflow # CVE: CVE-2026-5004 # Date: 2026-03-29 ...

esiclivre 0.2.2 SQL Injection

Bryan — Thu, 26 Mar 2026 08:58:54 +0000

Topic: esiclivre 0.2.2 SQL Injection Risk: Medium Text:# CVE-2026-30655 — SQL Injection in esiclivre (password reset) ## Summary A SQL injection vulnerability exists in the pas...

Payara Server Cross Site Scripting

DeepSecurity Research — Thu, 26 Mar 2026 08:56:48 +0000

Topic: Payara Server Cross Site Scripting Risk: Low Text:# XSS to Admin account takeover (CVE-2025-14340) A Cross-Site Scripting vulnerability in Payara’s Administration Rest Inte...

esiclivre 0.2.2 SQL Injection

Bryan — Thu, 26 Mar 2026 08:55:51 +0000

Topic: esiclivre 0.2.2 SQL Injection Risk: Medium Text:# CVE-2026-30655 — SQL Injection in esiclivre (password reset) ## Summary A SQL injection vulnerability exists in the pas...

SiYuan < = v3.6.1 Note unauthenticated arbitrary file read (path traversal)

Mohammed Idrees Banyamer — Thu, 26 Mar 2026 08:55:06 +0000

Topic: SiYuan < = v3.6.1 Note unauthenticated arbitrary file read (path traversal) Risk: Medium Text:#!/usr/bin/env python3 # Exploit Title: SiYuan < = v3.6.1 Note unauthenticated arbitrary file read (path traversal) # CVE: CVE...

Tenda AC21 V1.0 V16.03.08.16 - Stack Buffer Overflow in SetNetControlList

Mohammed Idrees Banyamer — Thu, 26 Mar 2026 08:54:45 +0000

Topic: Tenda AC21 V1.0 V16.03.08.16 - Stack Buffer Overflow in SetNetControlList Risk: High Text:#!/usr/bin/env python3 # Exploit Title: Tenda AC21 - Stack Buffer Overflow in SetNetControlList # CVE: CVE-2026-4565 # Date:...

WWBN AVideo < = 26.0 - Authenticated SQL Injection

Mohammed Idrees Banyamer — Thu, 26 Mar 2026 08:54:07 +0000

Topic: WWBN AVideo < = 26.0 - Authenticated SQL Injection Risk: Medium Text:Exploit Title: WWBN AVideo < = 26.0 - Authenticated SQL Injection CVE: CVE-2026-33723 Date: 2026-03-25 Exploit Author: Mohamm...

Windows RRAS Remote Code Execution Vulnerability (CVE-2026-26111) - SE-RCE Exploit

nu11secur1ty — Sat, 21 Mar 2026 22:02:08 +0000

Topic: Windows RRAS Remote Code Execution Vulnerability (CVE-2026-26111) - SE-RCE Exploit Risk: High Text:# Titles: Windows RRAS Remote Code Execution Vulnerability (CVE-2026-26111) - SE-RCE Exploit # Author: nu11secur1ty # Date: 1...

Linux Kernel 5.8 < 5.15.25 - Local Privilege Escalation Exploit

Antonius — Sat, 21 Mar 2026 22:01:47 +0000

Topic: Linux Kernel 5.8 < 5.15.25 - Local Privilege Escalation Exploit Risk: High Text:/* Exploit Title: Linux Kernel 5.8 < 5.15.25 - Local Privilege Escalation (DirtyPipe 2) Exploit Author: Antonius (w1sdom) gi...

Discourse < = 2026.2.1 Authenticated Missing Authorization

Mohammed Idrees Banyamer — Sat, 21 Mar 2026 22:01:36 +0000

Topic: Discourse < = 2026.2.1 Authenticated Missing Authorization Risk: Medium Text:#!/usr/bin/env python3 # Exploit Title: Discourse < = 2026.2.1 Authenticated Missing Authorization (Official Warnings Bypass) ...

Glances < = 4.5.2 OS Command Injection via Mustache Template Fields

Mohammed Idrees Banyamer — Wed, 18 Mar 2026 21:17:22 +0000

Topic: Glances < = 4.5.2 OS Command Injection via Mustache Template Fields Risk: High Text:#!/usr/bin/env python3 # Exploit Title: Glances < = 4.5.2 OS Command Injection via Mustache Template Fields # CVE: ...

LB-LINK BL-WR9000 V2.4.9 - Stack-based Buffer Overflow in /goform/get_hidessid_cfg

Mohammed Idrees Banyamer — Tue, 17 Mar 2026 22:04:23 +0000

Topic: LB-LINK BL-WR9000 V2.4.9 - Stack-based Buffer Overflow in /goform/get_hidessid_cfg Risk: High Text:#!/usr/bin/env python3 # Exploit Title: LB-LINK BL-WR9000 HideSSID Stack Overflow # CVE: CVE-2026-42...

LB-LINK BL-WR9000 V2.4.9 - Unauthenticated / Post-Auth Stack-based Buffer Overflow

Mohammed Idrees Banyamer — Tue, 17 Mar 2026 22:04:07 +0000

Topic: LB-LINK BL-WR9000 V2.4.9 - Unauthenticated / Post-Auth Stack-based Buffer Overflow Risk: High Text:#!/usr/bin/env python3 # Exploit Title: LB-LINK BL-WR9000 - Stack-based Buffer Overflow in /goform/get_virtual_cfg # C...

zumba/json-serializer zumba/json-serializer < 3.2.3 RCE

Mohammed Idrees Banyamer — Sun, 15 Mar 2026 16:26:34 +0000

Topic: zumba/json-serializer zumba/json-serializer < 3.2.3 RCE Risk: High Text:#!/usr/bin/env python3 # Exploit Title: zumba/json-serializer zumba/json-serializer < 3.2.3 RCE # CVE: CVE-2026-27206 # Date...

Wekan 8.31.0 - 8.33Meteor DDP notificationUsers Sensitive Data Leak

Mohammed Idrees Banyamer — Sun, 15 Mar 2026 16:25:36 +0000

Topic: Wekan 8.31.0 - 8.33Meteor DDP notificationUsers Sensitive Data Leak Risk: Medium Text:#!/usr/bin/env python3 # Exploit Title: Wekan 8.31.0 - 8.33Meteor DDP notificationUsers Sensitive Data Leak # CVE: ...

Splunk Remote Command Execution via Improper Input Validation

RERO — Sun, 15 Mar 2026 16:25:07 +0000

Topic: Splunk Remote Command Execution via Improper Input Validation Risk: Low Text:Description A critical Remote Command Execution (RCE) vulnerability has been identified in the Splunk platform. The vulnera...

Microsoft Windows MSHTML Security Feature Bypass Vulnerability

RERO — Sat, 14 Mar 2026 22:35:32 +0000

Topic: Microsoft Windows MSHTML Security Feature Bypass Vulnerability Risk: High Text:A security feature bypass vulnerability exists in the Microsoft MSHTML engine used by legacy Internet Explorer components and a...

Qualcomm GPU Driver Memory Corruption Vulnerability in Android Devices

RERO — Sat, 14 Mar 2026 22:35:11 +0000

Topic: Qualcomm GPU Driver Memory Corruption Vulnerability in Android Devices Risk: High Text:A memory corruption vulnerability has been identified in Qualcomm GPU drivers used in a wide range of Android devices. The vuln...

Frappe Framework < 14.99.0 and < 15.84.0 Unauthenticated SQL Injection

Mohammed Idrees Banyamer — Sat, 14 Mar 2026 22:34:17 +0000

Topic: Frappe Framework < 14.99.0 and < 15.84.0 Unauthenticated SQL Injection Risk: Medium Text:#!/usr/bin/env python3 # Exploit Title: Frappe Framework Unauthenticated SQL Injection # CVE: CVE-2026-31877 # Date: 2026-03...

PyJWT < 2.12.0 crit header bypass / Insufficient crit validation

Mohammed Idrees Banyamer — Sat, 14 Mar 2026 22:33:56 +0000

Topic: PyJWT < 2.12.0 crit header bypass / Insufficient crit validation Risk: Low Text:#!/usr/bin/env python3 # Exploit Title: PyJWT < 2.12.0 crit header bypass / Insufficient crit validation # CVE: CVE-2026-3259...

PluckCMS 4.7.10 Unrestricted File Upload

CodeSecLab — Sun, 08 Mar 2026 15:40:55 +0000

Topic: PluckCMS 4.7.10 Unrestricted File Upload Risk: High Text:# Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepag...

Python-Multipart < 0.0.22 - Path Traversal / Arbitrary File Write (CVE-2026-24486)

cardosource — Sun, 08 Mar 2026 15:40:16 +0000

Topic: Python-Multipart < 0.0.22 - Path Traversal / Arbitrary File Write (CVE-2026-24486) Risk: High Text:Exploit Title: Python-Multipart < 0.0.22 - Path Traversal / Arbitrary File Write Date: 2026-02-23 Exploit Author: cardosource ...

WeGIA < = 3.6.4 Unauthenticated Admin Authentication Bypass

Mohammed Idrees Banyamer — Sun, 08 Mar 2026 15:39:38 +0000

Topic: WeGIA < = 3.6.4 Unauthenticated Admin Authentication Bypass Risk: High Text:#!/usr/bin/env python3 # Exploit Title: WeGIA < = 3.6.4 Authentication Bypass to Admin Session # CVE: CVE-2026-28411 # Date: ...

NocoDB < = 0.301.2 User Enumeration via Password Reset Endpoint

Mohammed Idrees Banyamer — Sun, 08 Mar 2026 15:39:04 +0000

Topic: NocoDB < = 0.301.2 User Enumeration via Password Reset Endpoint Risk: High Text:#!/usr/bin/env python3 # Exploit Title: NocoDB User Enumeration via Password Reset Endpoint # CVE: CV...

Craft CMS 4.x & 5.x RCE via Blocklist Bypass

Mohammed Idrees Banyamer — Sun, 08 Mar 2026 15:38:51 +0000

Topic: Craft CMS 4.x & 5.x RCE via Blocklist Bypass Risk: Medium Text:#!/usr/bin/env python3 # Exploit Title: Craft CMS 4.x & 5.x RCE via Blocklist Bypass # CVE: CVE-2026-28783 # Date: 2025-11-...

pac4j-jwt < 4.5.9, < 5.7.9, < 6.3.3 JwtAuthenticator Authentication Bypass via JWE-wrapped PlainJWT

Mohammed Idrees Banyamer — Sun, 08 Mar 2026 15:38:36 +0000

Topic: pac4j-jwt < 4.5.9, < 5.7.9, < 6.3.3 JwtAuthenticator Authentication Bypass via JWE-wrapped PlainJWT Risk: High Text:#!/usr/bin/env python3 # Exploit Title: pac4j-jwt < 4.5.9, < 5.7.9, < 6.3.3 JwtAuthenticator Authentication Bypass via JWE-wra...

AirPlay Dual‑Mode Discovery Scanner for Flipper Zero ESP32 WiFi Dev Board

indoushka — Sun, 08 Mar 2026 15:38:07 +0000

Topic: AirPlay Dual‑Mode Discovery Scanner for Flipper Zero ESP32 WiFi Dev Board Risk: Medium Text: | # Title : AirPlay Dual‑Mode Discovery Scanner for Flipper Zero ESP32 W...

WeGIA < = 3.6.4 Remote Code Execution via OS Command Injection

Mohammed Idrees Banyamer — Tue, 03 Mar 2026 20:45:02 +0000

Topic: WeGIA < = 3.6.4 Remote Code Execution via OS Command Injection Risk: High Text:#!/usr/bin/env python3 # Exploit Title: WeGIA < = 3.6.4 Remote Code Execution via OS Command Injection in Backup Restore # CVE...

WordPress Backup Migration 1.3.7 Remote Command Execution

DANG — Tue, 03 Mar 2026 20:44:40 +0000

Topic: WordPress Backup Migration 1.3.7 Remote Command Execution Risk: High Text:# Exploit Title: WordPress Backup Migration 1.3.7 - Remote Command Execution # Date: 2025-10-26 # Exploit Author: DANG # Ven...

WeGIA 3.5.0 SQL Injection

Onur Demir — Tue, 03 Mar 2026 20:44:31 +0000

Topic: WeGIA 3.5.0 SQL Injection Risk: Medium Text:# Exploit Title: WeGIA 3.5.0 - SQL Injection # Date: 2025-10-14 # Exploit Author: Onur Demir (OnurDemir-Dev) # Vendor Homepa...

Windows Notepad App (Store Version) - Remote/Local Code Execution via Markdown Link

nu11secur1ty — Mon, 02 Mar 2026 21:13:06 +0000

Topic: Windows Notepad App (Store Version) - Remote/Local Code Execution via Markdown Link Risk: Medium Text:# Exploit Title: Windows Notepad App (Store Version) - Remote/Local Code Execution via Markdown Link # Date: 2026-02-26 # Exp...

MaxSite CMS < = 109.1 unauthenticated RCE via run_php plugin

Mohammed Idrees Banyamer — Mon, 02 Mar 2026 21:12:44 +0000

Topic: MaxSite CMS < = 109.1 unauthenticated RCE via run_php plugin Risk: High Text:#!/usr/bin/env python3 # Exploit Title: MaxSite CMS < = 109.1 unauthenticated RCE via run_php plugin # CVE: CVE-2026-3395 # D...

Statamic CMS < 5.73.11 & < 6.4.0 Stored XSS via SVG Upload Leading to Privilege Escalation

Mohammed Idrees Banyamer — Mon, 02 Mar 2026 21:11:32 +0000

Topic: Statamic CMS < 5.73.11 & < 6.4.0 Stored XSS via SVG Upload Leading to Privilege Escalation Risk: Low Text:#!/usr/bin/env python3 # Exploit Title: Statamic CMS Stored XSS via SVG Upload # CVE: CVE-2026-28426 # Date: 2026-02-28 # E...

OpenStack Vitrage < 12.0.1 / 13.0.1 Eval Injection Remote Code Execution

Mohammed Idrees Banyamer — Mon, 02 Mar 2026 21:11:25 +0000

Topic: OpenStack Vitrage < 12.0.1 / 13.0.1 Eval Injection Remote Code Execution Risk: High Text:#!/usr/bin/env python3 # Exploit Title: OpenStack Vitrage < 12.0.1 / 13.0.1 Eval Injection Remote Code Execution # CVE: CVE-2...

Tenda F453 v1.0.0.3 frmL7ImForm Buffer Overflow

Mohammed Idrees Banyamer — Mon, 02 Mar 2026 21:11:15 +0000

Topic: Tenda F453 v1.0.0.3 frmL7ImForm Buffer Overflow Risk: Low Text:#!/usr/bin/env python3 # Exploit Title: Tenda F453 frmL7ImForm Buffer Overflow # CVE: CVE-2026-3380 ...

Icinga for Windows 1.13.3 - 'key_maker.py' Incorrect Default Permissions Private Key Exposure

nu11secur1ty — Thu, 26 Feb 2026 18:38:53 +0000

Topic: Icinga for Windows 1.13.3 - 'key_maker.py' Incorrect Default Permissions Private Key Exposure Risk: High Text:# Exploit Title: Icinga for Windows 1.13.3 - 'key_maker.py' Incorrect Default Permissions Private Key Exposure # Date: 2026-02...