📰 Cyber Feed Aggregator

⚔️ Exploit

Latest Exploit coverage curated from trusted cybersecurity sources.

• [webapps] Pluck 4.7.7-dev2 - PHP Code Execution
  Exploit-DB.com RSS Feed — Mon, 08 Dec 2025 00:00:00 +0000

  Pluck 4.7.7-dev2 - PHP Code Execution

• [webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
  Exploit-DB.com RSS Feed — Wed, 03 Dec 2025 00:00:00 +0000

  phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)

• [webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)
  Exploit-DB.com RSS Feed — Wed, 03 Dec 2025 00:00:00 +0000

  phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)

• [webapps] MaNGOSWebV4 4.0.6 - Reflected XSS
  Exploit-DB.com RSS Feed — Wed, 03 Dec 2025 00:00:00 +0000

  MaNGOSWebV4 4.0.6 - Reflected XSS

• [webapps] Django 5.1.13 - SQL Injection
  Exploit-DB.com RSS Feed — Wed, 03 Dec 2025 00:00:00 +0000

  Django 5.1.13 - SQL Injection

• Logitech Streamlabs Desktop 1.19.6 (overlay) CPU Exhaustion
  Vulnerabilities! - Zero Science Lab — Thursday, 13 Nov 2025 15:59:33 GMT

  A vulnerability exists in Streamlabs Desktop where importing a crafted .overlay file can cause uncontrolled CPU consumption, leading to a denial-of-service condition. The .overlay file is an archive containing a config.json configuration. By inserting an excessively large string into the name attribute of a scene...

• Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injections
  Vulnerabilities! - Zero Science Lab — Thursday, 13 Nov 2025 15:59:33 GMT

  The EVE X1/X5 server suffers from multiple authenticated OS command injection vulnerabilities. This can be exploited to inject and execute arbitrary shell commands through multiple scripts affecting multiple parameters.

• Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation
  Vulnerabilities! - Zero Science Lab — Thursday, 06 Nov 2025 14:59:33 GMT

  A misconfiguration in the sudoers file permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user (www-data) or accessible through a command injection vector, an attacker can overwrite or replace...

• Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm
  Vulnerabilities! - Zero Science Lab — Thursday, 06 Nov 2025 14:59:33 GMT

  The application stores user passwords in the database using the MD5 hashing algorithm, which is considered cryptographically insecure due to its vulnerability to collision and brute-force attacks. MD5 lacks modern protections such as salting and computational hardness, making it trivial for attackers to crack...

• Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials
  Vulnerabilities! - Zero Science Lab — Monday, 03 Nov 2025 11:32:33 GMT

  The EVE X1 server uses a weak set of default administrative credentials that can be found and used to gain full control of the system.

• Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability
  Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research — Mon, 03 Jul 2023 06:20:42 +0000
• Bundeswehr Generalmajor officially acknowledges Whitehat for Responsible Disclosure Activities
  Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research — Mon, 25 Oct 2021 08:51:55 +0000
• BMW Mail - Persistent Validation Vulnerability
  Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research — Tue, 19 Oct 2021 16:40:46 +0000
• Google Upgrades VRP Bug Bounty Platform
  Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research — Wed, 28 Jul 2021 08:28:31 +0000
• MSRC extends Bug Bounty Program for Microsoft Teams
  Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research — Tue, 06 Apr 2021 14:11:08 +0000