The content provided in this CVE repository is intended for informational purposes only. The vulnerabilities and associated information documented here are provided "as is" and are not subject to any support. By using this repository, you acknowledge and agree that you are using the information contained herein at your own risk. We will not be liable for any direct, indirect or other kinds of damages.
| CVE ID | Exploit | Type | Product | Author(s) | References |
|---|---|---|---|---|---|
| CVE-2024-23767 | PoC | Configuration tampering | Anybus X-Gateway | Claire VACHEROT | Blog post |
| CVE-2024-23766 | PoC | Denial of service | Anybus X-Gateway | Claire VACHEROT | Blog post |
| CVE-2024-23765 | - | Denial of service | Anybus X-Gateway | Claire VACHEROT | Blog post |
| CVE-2023-44256 | PoC | SSRF | Fortinet FortiManager & FortiAnalyzer | Mickael DORIGNY | Advisory |
| CVE-2023-44249 | - | Authorization bypass | Fortinet FortiManager & FortiAnalyzer | Mickael DORIGNY | Advisory |
| CVE-2023-42787 | PoC | Unprivileged user, web console CLI access | Fortinet FortiManager & FortiAnalyzer | Mickael DORIGNY | Advisory |
| CVE-2023-41320 | PoC | SQLi (update clause) | GLPI < 10.1.0 | Guilhem RIOUX | Advisory |
| CVE-2023-33303 | - | Insufficient Session Expiration | Fortinet FortiEDR | Kevin CARLI | Advisory |
| CVE-2023-26469 | PoC, MS | Path traversal | Jorani/bbalet | Guilhem RIOUX | - |
| CVE-2023-23565 | PoC | Local File Inclusion (authenticated) | Geomatika IsiGeo Web 6.0 | Romain PENLOUP | - |
| CVE-2023-23564 | PoC | Command injection (authenticated) | Geomatika IsiGeo Web 6.0 | Romain PENLOUP & Guilhem RIOUX | - |
| CVE-2023-23563 | PoC | SQL Injection (authenticated) | Geomatika IsiGeo Web 6.0 | Romain PENLOUP | - |
| CVE-2023-20065 | - | Local Privilege Escalation | CISCO IOS XE Software | Mickael DORIGNY & Benoit MALABOEUF | Advisory |
| CVE-2022-45186 | PoC | Authenticated Database Leak | SuiteCRM <= 7.12.7 (<= 8.2.0) | Guilhem RIOUX | - |
| CVE-2022-45185 | PoC | Authenticated RCE (arbitrary unserialize) | SuiteCRM <= 7.12.7 (<= 8.2.0) | Guilhem RIOUX | - |
| CVE-2022-41573 | PoC | File Upload | Ovidentia 8.3 | Nidal GUEDOUAR | - |
| CVE-2022-41572 | PoC | Privilege escalation | Eyesofnetwork <= 5.3 | Guilhem RIOUX | - |
| CVE-2022-41571 | PoC | Authenticated local file inclusion | Eyesofnetwork <= 5.3 | Guilhem RIOUX | - |
| CVE-2022-41570 | PoC | Unauthenticated sql injection | Eyesofnetwork <= 5.3 | Guilhem RIOUX | - |
| CVE-2022-35914 | PoC | Unauthenticated RCE | GLPI (versions < 10.0.3 < 9.5.9 ) | Cyril SERVIERES | Blog post |
| CVE-2022-34346 | PoC | SQL Injection (Authentificated) | PMB (version 7.4.1 ) | Mike HOUZIAUX | - |
| CVE-2022-34328 | PoC | XSS (Reflected) | PMB (version 7.3.10 ) | Mike HOUZIAUX | - |
| CVE-2021-46107 | PoC | Unauthenticated SSRF | Ligeo Archives (version < 4.0.78) | Guilhem RIOUX | - |
| CVE-2021-44032 | PoC | Authentication Bypass | TP-Link Omada SDN Controler V4.4.4 (Windows) | Kevin LEHONGRE | - |
| CVE-2021-42056 | - | Privilege Escalation | Safenet Authentication Client (Linux) | Wilfried PASCAULT | - |
| CVE-2021-36355 | - | File upload to RCE | evolucaire imaging <8.5 (8.2.0.12) | Cyril SERVIERES | - |
| CVE-2020-25287 | PoC | Authenticated RCE | Pligg 2.0.3 | Mike HOUZIAUX | - |
| CVE-2020-17454 | PoC | Self XSS | WSO2 API Manager: 3.1.0 or earlier | Zakaria BRAHIMI | Advisory |
| CVE-2020-14950 | PoC | Authenticated RCE | aapanel 6.6.6 | Mike HOUZIAUX | - |
| CVE-2020-14462 | PoC | Authenticated reflected XSS | Caldera 2.7.0 | Aurélien CHALOT | - |
| CVE-2020-14421 | PoC | Authenticated RCE | aapanel 6.6.6 | Mike HOUZIAUX | - |
| CVE-2020-14295 | PoC | Authenticated RCE (from SQLi) | cacti (1.2.7, 1.2.12) | Cyril SERVIERES | Advisory |
| CVE-2020-14146 | PoC | XSS (Reflected) | KumbiaPHP 1.1.1 | Mike HOUZIAUX | - |
| CVE-2020-11712 | PoC | XSS (Reflected) | Openupload 0.4.3 | Mike HOUZIAUX | - |
| CVE-2020-10787 | PoC | Root EoP | VestaCP 0.9.8-26 | Alexandre ZANNI | Post |
| CVE-2020-10786 | PoC | Authenticated RCE | VestaCP 0.9.8-26 | Alexandre ZANNI | Post |
| CVE-2020-10220 | Exploit | Unauthenticated SQLi | rConfig < 3.9.4 | Jean-Pascal THOMAS | Blog post |
| CVE-2020-8776 CVE-2020-8777 CVE-2020-8778 |
Exploit | Stored XSS | Alfresco 5.2.4 | Alexandre ZANNI & Romain LOISEL | Post |
| CVE-2020-1949 | PoC | Reflected XSS | Sling CMS App 0.14.0 and previous releases | Guillaume GRABÉ | Advisory |
| CVE-2019-19585 | PoC | Root LPE | rConfig < 3.9.4 | Jean-Pascal THOMAS | Blog post |
| CVE-2019-19509 | Exploit | Authenticated RCE | rConfig < 3.9.4 | Jean-Pascal THOMAS | Blog post |
| CVE-2019-15253 | Exploit | Stored XSS | Cisco DNAC 1.3 | Dylan GARNAUD & Benoit MALABOEUF | Advisory |
| CVE-2019-13029 | Exploit | Stored XSS | REDCap 8.10/9.1 | Alexandre ZANNI & Dylan GARNAUD | Post |
Note: the table is sorted by CVE ID.