This repository contains information and proofs of concept (PoCs) for the CVEs I have found.
1. EasyVirt
| CVE ID | Vulnerabilty | Product |
|---|---|---|
| CVE-2024-53354 | Multiple SQL Injection | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| CVE-2024-53355 | Broken Access Control | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| CVE-2024-53356 | Weak JWT Secret | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| CVE-2024-53357 | Sensitive Data Exposure | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| CVE-2024-55062 | Remote Code Execution (Unauthenticated) | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| CVE-2024-57587 | Multiple SQL Injection (Unauthenticated) | DCScope <= 8.6.0 / Co2Scope <= 1.3.0 |
| CVE-2024-55064 | Multiple Stored XSS | DC NetScope <= 8.6.4 |
| CVE-2025-28076 | Multiple SQL Injection | DCScope <= 8.6.4 / Co2Scope <= 1.3.4 |
| CVE-2024-55063 | Multiple Remote Code Execution | DC NetScope <= 8.7.0 |
2. GreaterWMS
| CVE ID | Vulnerabilty | Product |
|---|---|---|
| CVE-2025-26201 | Authentication Bypass via Credential Disclosure | GreaterWMS <= 2.1.49 |
3. Wordpress
| CVE ID | Vulnerabilty | Product |
|---|---|---|
| CVE-2025-6716 | Stored XSS | (plugin) contest-gallery <= 26.0.8 |
| CVE-2025-6717 | SQL Injection | (plugin) b1-accounting <= 2.2.56 |
| CVE-2025-6718 | Broken Access Control + SQL Injection | (plugin) b1-accounting <= 2.2.56 |
| CVE-2025-6719 | Stored XSS | (plugin) terms-descriptions <= 3.4.8 |
| CVE-2025-6722 | Unauthenticated Information Exposure | (plugin) BitFire <= 4.5 |