Exploit

@nulled

78 Following

6 Followers

Farcaster pfp

Warpcast -> Farcaster The rebrand is officially complete.

210 replies

724 recasts

2397 reactions

Exploit pfp

CVE-2025-29660 A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques.

0 reply

0 recast

0 reaction

0G Labs pfp

0gm from the 0G Panda 🐼!

745 replies

4882 recasts

5145 reactions

Exploit pfp

0 reply

0 recast

0 reaction

0G Labs pfp

Continuing our Guild on 0G series, we’re spotlighting three more AI-native builders: Leea Labs, Unagi, & Rivalz 💡🤖. From agent orchestration and living NFTs to reasoning-powered oracles, these teams are redefining DeAI ⚡

292 replies

6706 recasts

7151 reactions

Exploit pfp

iPhone 16e Sweepstakes!

0 reply

0 recast

0 reaction

Exploit pfp

onefootball app not work

0 reply

0 recast

0 reaction

OneFootball Club pfp

OneFootball Club

@onefootballclub

Win 1 of 10 Apple iPhone 16e! 📱✨ 👇 Here's how: 1. Download the OneFootball app 2. Go to Profile 👉 Join OneFootball Club 3. You're in ✅

8469 replies

6397 recasts

7450 reactions

Exploit pfp

CVE-2025-25013 Improper restriction of environment variables in Elastic Defend can lead to exposure of sensitive information such as API keys and tokens via automatic transmission of unfiltered environment variables to the stack.

0 reply

0 recast

0 reaction

Exploit pfp

0 reply

0 recast

0 reaction

Exploit pfp

CVE-2025-3268 A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

0 reply

0 recast

0 reaction

Exploit pfp

CVE-2024-11180 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

0 reply

0 recast

0 reaction

Exploit pfp

CVE-2025-2638 A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

0 reply

0 recast

0 reaction

Exploit pfp

CVE-2025-30472 Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

0 reply

0 recast

0 reaction

Exploit pfp

CVE-2025-2387 A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

0 reply

0 recast

0 reaction

Exploit pfp

CVE-2025-2320 A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

0 reply

0 recast

0 reaction

Exploit pfp

CVE-2024-55060 A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

0 reply

0 recast

0 reaction

Exploit pfp

CVE-2025-2220 A vulnerability was found in Odyssey CMS up to 10.34. It has been classified as problematic. Affected is an unknown function of the file /modules/odyssey_contact_form/odyssey_contact_form.php of the component reCAPTCHA Handler. The manipulation of the argument g-recaptcha-response leads to key management error. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

0 reply

0 recast

0 reaction

Exploit pfp

CVE-2024-12010 A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

0 reply

0 recast

0 reaction

Exploit pfp

0 reply

0 recast

0 reaction