# CVE & PoC

- [Brute Force Login Vulnerability in Soosyze CMS 2.0 (CVE-2025-52392)](/beafn28/cve-and-poc/brute-force-login-vulnerability-in-soosyze-cms-2.0-cve-2025-52392.md)
- [PoC - CVE-2025-9140 (Lingdang CRM 8.6.4.7)- SQL Injection](/beafn28/cve-and-poc/poc-cve-2025-9140-lingdang-crm-8.6.4.7-sql-injection.md)
- [Broken Access Control in LibreTime analytics endpoints (CVE-2025-60427)](/beafn28/cve-and-poc/broken-access-control-in-libretime-analytics-endpoints-cve-2025-60427.md)
- [WordPress Upload.am – Contributor+ Arbitrary Option Disclosure (CVE-2025-12630)](/beafn28/cve-and-poc/wordpress-upload.am-contributor+-arbitrary-option-disclosure-cve-2025-12630.md)
- [Directus < 11.13.0 – Improper Permission Handling on Deleted Fields (CVE-2025-64746)](/beafn28/cve-and-poc/directus-less-than-11.13.0-improper-permission-handling-on-deleted-fields-cve-2025-64746.md)
- [nopCommerce <= 4.70 and 4.80.3 – Insufficient Session Cookie Invalidation (CVE-2025-11699)](/beafn28/cve-and-poc/nopcommerce-less-than-4.70-and-4.80.3-insufficient-session-cookie-invalidation-cve-2025-11699.md)
- [Typesetter CMS Reflected XSS via Editing Component (CVE-2025-71164)](/beafn28/cve-and-poc/typesetter-cms-reflected-xss-via-editing-component-cve-2025-71164.md)
- [Typesetter CMS Reflected XSS via Status.php (CVE-2025-71165)](/beafn28/cve-and-poc/typesetter-cms-reflected-xss-via-status.php-cve-2025-71165.md)
- [Typesetter CMS Reflected XSS via Move Message Handling (CVE-2025-71166)](/beafn28/cve-and-poc/typesetter-cms-reflected-xss-via-move-message-handling-cve-2025-71166.md)
- [PoC - CVE-2025-10327 (RPi-Jukebox-RFID 2.8.0) – Remote Command Execution](/beafn28/cve-and-poc/poc-cve-2025-10327-rpi-jukebox-rfid-2.8.0-remote-command-execution.md)
- [birkir prime GraphQL GET-Based CSRF (CVE-2025-15550)](/beafn28/cve-and-poc/birkir-prime-graphql-get-based-csrf-cve-2025-15550.md)
- [FluentCMS Stored XSS via SVG Upload in File Management  (CVE-2025-15549)](/beafn28/cve-and-poc/fluentcms-stored-xss-via-svg-upload-in-file-management-cve-2025-15549.md)
- [PoC - CVE-2025-10666 (D-Link DIR-825 Rev.B ≤ 2.10) - Stack Buffer Overflow (DoS)](/beafn28/cve-and-poc/poc-cve-2025-10666-d-link-dir-825-rev.b-2.10-stack-buffer-overflow-dos.md)
- [PoC - CVE-2025-10370 (RPi-Jukebox-RFID 2.8.0) - Stored Cross-Site Scripting (XSS)](/beafn28/cve-and-poc/poc-cve-2025-10370-rpi-jukebox-rfid-2.8.0-stored-cross-site-scripting-xss.md)
- [LavaLite CMS Stored XSS via Package Creation and Search (CVE-2025-71177)](/beafn28/cve-and-poc/lavalite-cms-stored-xss-via-package-creation-and-search-cve-2025-71177.md)
- [PoC - CVE-2024-23334  (aiohttp ≤ 3.9.1) - Directory Traversal via follow\_symlinks](/beafn28/cve-and-poc/poc-cve-2024-23334-aiohttp-3.9.1-directory-traversal-via-follow_symlinks.md)
- [PoC - Ingress-NGINX Admission Controller File Descriptor Injection to RCE (Varios CVE asociados)](/beafn28/cve-and-poc/poc-ingress-nginx-admission-controller-file-descriptor-injection-to-rce-varios-cve-asociados.md)
- [PoC - CVE-2025-32023 (Redis) - Remote Code Execution (RCE)](/beafn28/cve-and-poc/poc-cve-2025-32023-redis-remote-code-execution-rce.md)
- [PoC - CVE-2025-24054 - Windows NTLM Hash Disclosure via .library-ms Spoofing](/beafn28/cve-and-poc/poc-cve-2025-24054-windows-ntlm-hash-disclosure-via-.library-ms-spoofing.md)
- [PoC - CVE-2023-4911 - glibc “Looney Tunables” Local Privilege Escalations](/beafn28/cve-and-poc/poc-cve-2023-4911-glibc-looney-tunables-local-privilege-escalations.md)
- [PoC - CVE-2025-24054 - Windows NTLM Hash Disclosure / Spoofing](/beafn28/cve-and-poc/poc-cve-2025-24054-windows-ntlm-hash-disclosure-spoofing.md)
- [Bludit CMS CSRF in Plugin and Theme Management Endpoints (CVE-2026-27741)](/beafn28/cve-and-poc/bludit-cms-csrf-in-plugin-and-theme-management-endpoints-cve-2026-27741.md)
- [Bludit CMS Stored XSS in Post Content (CVE-2026-27742)](/beafn28/cve-and-poc/bludit-cms-stored-xss-in-post-content-cve-2026-27742.md)
- [GetSimpleCMS-CE Stored XSS via components.php (CVE-2026-26351)](/beafn28/cve-and-poc/getsimplecms-ce-stored-xss-via-components.php-cve-2026-26351.md)
- [Bio-Formats XXE in Leica Metadata Parser (CVE-2026-22186)](/beafn28/cve-and-poc/bio-formats-xxe-in-leica-metadata-parser-cve-2026-22186.md)
- [PoC- CVE-2025-4524 - Local File Inclusion (WordPress Madara)](/beafn28/cve-and-poc/poc-cve-2025-4524-local-file-inclusion-wordpress-madara.md)
- [PoC - CVE-2025-34040 - Arbitrary File Upload to RCE (Zhiyuan OA)](/beafn28/cve-and-poc/poc-cve-2025-34040-arbitrary-file-upload-to-rce-zhiyuan-oa.md)
- [PoC- CVE-2025-4123 - SSRF / XSS via Open Redirect (Grafana)](/beafn28/cve-and-poc/poc-cve-2025-4123-ssrf-xss-via-open-redirect-grafana.md)