infernosalex/CVE-2023-45612-PoC Create: 2025-10-03 14:59:26 +0000 UTC Push: 2025-10-06 21:33:47 +0000 UTC |

doyensec/KSMBD-CVE-2025-37947 Create: 2025-10-03 14:08:46 +0000 UTC Push: 2025-10-08 13:24:34 +0000 UTC |

Nxploited/CVE-2025-9286 Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation Create: 2025-10-03 13:17:50 +0000 UTC Push: 2025-10-03 13:17:50 +0000 UTC |

fa1consec/cve_2025_61622_poc This PoC demonstrates the Remote Code Execution (RCE) vulnerability in Apache Pyfory (versions 0.12.0-0.12.2 and legacy PyFury 0.1.0-0.10.3) due to insecure pickle fallback deserialization (CVE-2025-61622). Create: 2025-10-03 12:44:16 +0000 UTC Push: 2025-10-03 12:44:16 +0000 UTC |

paktiko1986/pocpoc_bypass_cve_2020-11023 Create: 2025-10-03 06:08:27 +0000 UTC Push: 2025-10-03 06:09:03 +0000 UTC |

ibrahmsql/CVE-2025-24893 CVE-2025-24893 exploit Create: 2025-10-02 21:14:49 +0000 UTC Push: 2025-10-02 21:14:49 +0000 UTC |

gotr00t0day/CVE-2025-24893 Unauthenticated Remote Code Execution in XWiki via SolrSearch Macro Create: 2025-10-02 19:45:19 +0000 UTC Push: 2025-10-02 19:45:20 +0000 UTC |

Szym0n13k/CVE-2025-55972-Remote-Unauthenticated-Denial-of-Service-DoS-in-TCL-Smart-TV-UPnP-DLNA-AVTransport A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS). Create: 2025-10-02 18:58:18 +0000 UTC Push: 2025-10-02 18:58:19 +0000 UTC |

Szym0n13k/CVE-2025-55971-Blind-Unauthenticated-SSRF-in-TCL-Smart-TV-UPnP-DLNA-AVTransport TCL 65C655 Smart TV, running firmware version V8-R75PT01-LF1V269.001116 (Android TV, Kernel 5.4.242+), is vulnerable to a blind, unauthenticated Server-Side Request Forgery (SSRF) via the UPnP MediaRenderer service (AVTransport). Create: 2025-10-02 18:58:16 +0000 UTC Push: 2025-10-02 18:58:16 +0000 UTC |

Nxploited/CVE-2025-8359 AdForest <= 6.0.9 - Authentication Bypass to Admin Create: 2025-10-02 16:57:48 +0000 UTC Push: 2025-10-02 16:57:48 +0000 UTC |

restdone/CVE-2025-57457 Create: 2025-10-02 16:51:25 +0000 UTC Push: 2025-10-02 16:51:26 +0000 UTC |

MoAlali/CVE-2025-56381 ERPNEXT v15.67.0 was discovered to contain multiple SQL injection > vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters. Create: 2025-10-01 19:24:42 +0000 UTC Push: 2025-10-01 19:24:43 +0000 UTC |

MoAlali/CVE-2025-56380 Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint. Create: 2025-10-01 19:14:57 +0000 UTC Push: 2025-10-01 19:14:57 +0000 UTC |

MoAlali/CVE-2025-56379 A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content field. Create: 2025-10-01 18:48:11 +0000 UTC Push: 2025-10-01 18:48:12 +0000 UTC |

onniio/CVE-2025-32463 Create: 2025-10-01 14:03:43 +0000 UTC Push: 2025-10-01 14:03:43 +0000 UTC |

quetuan03/CVE-2025-54677 WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 is vulnerable to a medium priority Arbitrary File Upload Create: 2025-10-01 10:08:48 +0000 UTC Push: 2025-10-01 10:08:48 +0000 UTC |

quetuan03/CVE-2025-57926 WordPress Passster Plugin <= 4.2.18 is vulnerable to Cross Site Scripting (XSS) Create: 2025-10-01 09:53:14 +0000 UTC Push: 2025-10-01 09:53:14 +0000 UTC |

quetuan03/CVE-2025-58789 WordPress WP Full Stripe Free Plugin <= 8.2.5 is vulnerable to SQL Injection Create: 2025-10-01 09:22:40 +0000 UTC Push: 2025-10-01 09:22:40 +0000 UTC |

quetuan03/CVE-2025-58788 WordPress License Manager for WooCommerce Plugin <= 3.0.12 is vulnerable to SQL Injection Create: 2025-10-01 08:43:20 +0000 UTC Push: 2025-10-01 08:43:20 +0000 UTC |

Kov404/CVE-2025-56515 Cross-Site Scripting (XSS) Vulnerability in Fiora Chat Application Create: 2025-09-30 17:54:59 +0000 UTC Push: 2025-09-30 17:55:00 +0000 UTC |