Security

Topic: XWiki Platform 15.10.10 Metasploit Module for Remote Code Execution (RCE) Risk: High Text:## # Exploit Title: XWiki Platform 15.10.10

Topic: Flask 3.1.2 CookApp – Multiple – RCE-Unauthenticated-access Risk: High Text:# Exploit Title: Flask 3.1.2 CookApp – Multiple – RCE-Unauthenticated-access

Topic: Flask 3.0.0 CookApp – Multiple Unauthenticated RCE Vulnerabilities Risk: High Text:# Exploit Title: Flask 3.0.0 CookApp – Multiple Unauthenticated

Topic: phpIPAM 1.5.1 SQL Injection Risk: Medium Text:# Exploit Title: phpIPAM 1.5.1 – SQL Injection # Date: 2025-11-25 # Exploit

Topic: BigAnt Office Messenger 5.6.06 SQL Injection Risk: Medium Text:# Exploit Title: BigAnt Office Messenger 5.6.06 – SQL Injection #

 During our investigation of CVE-2025-59230, a Windows Remote Access Connection Manager elevation of privilege vulnerability that was patched by Microsoft

Topic: Mbed TLS 3.6.4 Use-After-Free Risk: High Text:/* * Exploit Title: Mbed TLS 3.6.4 – Use-After-Free * Google Dork: N/A

Topic: NetBT e-Fatura ‘InboxProcessor’ Unquoted Service Path Privilege Escalation Risk: Medium Text:# Exploit Title: NetBT e-Fatura ‘InboxProcessor’ Unquoted Service Path

Topic: R.s.W – Sql Injection Risk: Medium Text:********************************************************* # Exploit Title: SQL Injection – Red Spider Web CMS # Date:

Topic: Pluck 4.7.7-dev2 PHP Code Execution Risk: High Text:# Exploit Title: Pluck 4.7.7-dev2 – PHP Code Execution # Date: 2024-10-26