The content provided in this CVE repository is intended for informational purposes only. The vulnerabilities and associated information documented here are provided "as is" and are not subject to any support. By using this repository, you acknowledge and agree that you are using the information contained herein at your own risk. We will not be liable for any direct, indirect or other kinds of damages.
| CVE ID | Exploit | Type | Product | Author(s) | References |
|---|---|---|---|---|---|
| CVE-2025-46816 | - | Unauthenticated RCE | GoSHS | Guilhem RIOUX | Advisory |
| CVE-2025-32786 | PoC | Unauthenticated SQLi | GLPI (glpiinventory plugin) | Guilhem RIOUX | - |
| CVE-2025-32432 | PoC | Unauthenticated RCE | Craft CMS | Nicolas BOURRAS | Blog |
| CVE-2025-32104 | - | Windows Kernel Arbitrary R/W | Sangoma Technologies driver pbsdrv.sys | Jean-Pascal THOMAS | - |
| CVE-2025-22380 | - | Incorrect Access Control | Poweradmin | Guilhem RIOUX | - |
| CVE-2025-22379 | - | Authenticated SQL injection | PineApp Mail Secure | Aurelien CHALOT | - |
| CVE-2025-22378 | - | Command injection | Avid Nexis Agent | Aurelien CHALOT | - |
| CVE-2024-58136 | - | Improper Protection of Alternate Path | Yii Framework | Nicolas BOURRAS | Blog |
| CVE-2024-55931 | - | Token stored in session storage | Xerox Workplace Suite | Cyril SERVIERES | - |
| CVE-2024-55930 | - | Weak default folder permissions | Xerox Workplace Suite | Cyril SERVIERES | - |
| CVE-2024-55929 | - | Mail spoofing | Xerox Workplace Suite | Cyril SERVIERES | - |
| CVE-2024-55928 | - | Clear text secrets returned & Remote system secrets in clear text | Xerox Workplace Suite | Cyril SERVIERES | - |
| CVE-2024-55927 | - | Flawed token generation implementation & Hard-coded key implementation | Xerox Workplace Suite | Cyril SERVIERES | - |
| CVE-2024-55926 | - | Arbitrary file upload, deletion and read through header manipulation | Xerox Workplace Suite | Cyril SERVIERES | - |
| CVE-2024-55925 | - | API Security bypass through header manipulation | Xerox Workplace Suite | Cyril SERVIERES | - |
| CVE-2024-50339 | PoC | Remote code execution | GLPI | Guilhem RIOUX | Advisory & Blog |
| CVE-2024-40638 | PoC | SQL Injection (authenticated) | GLPI | Guilhem RIOUX | Advisory |
| CVE-2024-37149 | PoC | Remote code execution | GLPI | Guilhem RIOUX | Advisory |
| CVE-2024-29889 | PoC | SQL Injection (authenticated) | GLPI | Guilhem RIOUX | Advisory |
| CVE-2024-23767 | PoC | Configuration tampering | Anybus X-Gateway | Claire VACHEROT | Blog post |
| CVE-2024-23766 | PoC | Denial of service | Anybus X-Gateway | Claire VACHEROT | Blog post |
| CVE-2024-23765 | - | Denial of service | Anybus X-Gateway | Claire VACHEROT | Blog post |
| CVE-2023-44256 | PoC | SSRF | Fortinet FortiManager & FortiAnalyzer | Mickael DORIGNY | Advisory |
| CVE-2023-44249 | - | Authorization bypass | Fortinet FortiManager & FortiAnalyzer | Mickael DORIGNY | Advisory |
| CVE-2023-42787 | PoC | Unprivileged user, web console CLI access | Fortinet FortiManager & FortiAnalyzer | Mickael DORIGNY | Advisory |
| CVE-2023-41320 | PoC | SQLi (update clause) | GLPI < 10.1.0 | Guilhem RIOUX | Advisory |
| CVE-2023-36626 | - | Stored XSS | Inetnum Gecco v6.00.017 | Emmanuel CAMPA | - |
| CVE-2023-36625 | - | Unauthenticated RCE | Montala Resourcespace | Guilhem RIOUX | - |
| CVE-2023-33303 | - | Insufficient Session Expiration | Fortinet FortiEDR | Kevin CARLI | Advisory |
| CVE-2023-26469 | PoC | Path traversal | Jorani/bbalet | Guilhem RIOUX | - |
| CVE-2023-23565 | PoC | Local File Inclusion (authenticated) | Geomatika IsiGeo Web 6.0 | Romain PENLOUP | - |
| CVE-2023-23564 | PoC | Command injection (authenticated) | Geomatika IsiGeo Web 6.0 | Romain PENLOUP & Guilhem RIOUX | - |
| CVE-2023-23563 | PoC | SQL Injection (authenticated) | Geomatika IsiGeo Web 6.0 | Romain PENLOUP | - |
| CVE-2023-20065 | - | Local Privilege Escalation | CISCO IOS XE Software | Mickael DORIGNY & Benoit MALABOEUF | Advisory |
| CVE-2022-45186 | PoC | Authenticated Database Leak | SuiteCRM <= 7.12.7 (<= 8.2.0) | Guilhem RIOUX | - |
| CVE-2022-45185 | PoC | Authenticated RCE (arbitrary unserialize) | SuiteCRM <= 7.12.7 (<= 8.2.0) | Guilhem RIOUX | - |
| CVE-2022-41573 | PoC | File Upload | Ovidentia 8.3 | Nidal GUEDOUAR | - |
| CVE-2022-41572 | PoC | Privilege escalation | Eyesofnetwork <= 5.3 | Guilhem RIOUX | - |
| CVE-2022-41571 | PoC | Authenticated local file inclusion | Eyesofnetwork <= 5.3 | Guilhem RIOUX | - |
| CVE-2022-41570 | PoC | Unauthenticated sql injection | Eyesofnetwork <= 5.3 | Guilhem RIOUX | - |
| CVE-2022-35914 | PoC | Unauthenticated RCE | GLPI (versions < 10.0.3 < 9.5.9 ) | Cyril SERVIERES | Blog post |
| CVE-2022-34346 | PoC | SQL Injection (Authentificated) | PMB (version 7.4.1 ) | Mike HOUZIAUX | - |
| CVE-2022-34328 | PoC | XSS (Reflected) | PMB (version 7.3.10 ) | Mike HOUZIAUX | - |
| CVE-2021-46107 | PoC | Unauthenticated SSRF | Ligeo Archives (version < 4.0.78) | Guilhem RIOUX | - |
| CVE-2021-44032 | PoC | Authentication Bypass | TP-Link Omada SDN Controler V4.4.4 (Windows) | Kevin LEHONGRE | - |
| CVE-2021-42056 | - | Privilege Escalation | Safenet Authentication Client (Linux) | Wilfried PASCAULT | - |
| CVE-2021-36355 | - | File upload to RCE | evolucaire imaging <8.5 (8.2.0.12) | Cyril SERVIERES | - |
| CVE-2020-25287 | PoC | Authenticated RCE | Pligg 2.0.3 | Mike HOUZIAUX | - |
| CVE-2020-17454 | PoC | Self XSS | WSO2 API Manager: 3.1.0 or earlier | Zakaria BRAHIMI | Advisory |
| CVE-2020-14950 | PoC | Authenticated RCE | aapanel 6.6.6 | Mike HOUZIAUX | - |
| CVE-2020-14462 | PoC | Authenticated reflected XSS | Caldera 2.7.0 | Aurélien CHALOT | - |
| CVE-2020-14421 | PoC | Authenticated RCE | aapanel 6.6.6 | Mike HOUZIAUX | - |
| CVE-2020-14295 | PoC | Authenticated RCE (from SQLi) | cacti (1.2.7, 1.2.12) | Cyril SERVIERES | Advisory |
| CVE-2020-14146 | PoC | XSS (Reflected) | KumbiaPHP 1.1.1 | Mike HOUZIAUX | - |
| CVE-2020-11712 | PoC | XSS (Reflected) | Openupload 0.4.3 | Mike HOUZIAUX | - |
| CVE-2020-10787 | PoC | Root EoP | VestaCP 0.9.8-26 | Alexandre ZANNI | Post |
| CVE-2020-10786 | PoC | Authenticated RCE | VestaCP 0.9.8-26 | Alexandre ZANNI | Post |
| CVE-2020-10220 | PoC | Unauthenticated SQLi | rConfig < 3.9.4 | Jean-Pascal THOMAS | Blog post |
| CVE-2020-8776 CVE-2020-8777 CVE-2020-8778 |
PoC | Stored XSS | Alfresco 5.2.4 | Alexandre ZANNI & Romain LOISEL | Post |
| CVE-2020-1949 | PoC | Reflected XSS | Sling CMS App 0.14.0 and previous releases | Guillaume GRABÉ | Advisory |
| CVE-2019-19585 | PoC | Root LPE | rConfig < 3.9.4 | Jean-Pascal THOMAS | Blog post |
| CVE-2019-19509 | PoC & MSF | Authenticated RCE | rConfig < 3.9.4 | Jean-Pascal THOMAS | Blog post |
| CVE-2019-15253 | PoC | Stored XSS | Cisco DNAC 1.3 | Dylan GARNAUD & Benoit MALABOEUF | Advisory |
| CVE-2019-13029 | PoC | Stored XSS | REDCap 8.10/9.1 | Alexandre ZANNI & Dylan GARNAUD | Post |
Note: the table is sorted by CVE ID.