Shown below is a list of my collected CVE's
- CVE-2025-36755 Internal Asset Exposed to Unsafe Debug Access Level or State
- CVE-2024-56341 Cross-site scripting
Nagios XI is an extended interface of Nagios Core, intended as the enterprise-level version of the monitoring tool. XI acts as monitoring software, configuration manager and toolkit. While Nagios Core is free, XI must be purchased from Nagios Enterprises.
- CVE-2024-54957 Open Redirect
- CVE-2024-54958 Cross-Site Scripting (XSS)
- CVE-2024-54959 Cross-Site Request Forgery (CSRF)
- CVE-2024-54960 SQL Injection
- CVE-2024-54961 Information Disclosure
RWS Group, known commercially as RWS, is a British company that provides intellectual property translation, filing and search services, technical and commercial translation and localization, and develops and supports translation productivity and management software.
- CVE-2024-43025 HTML injection
- CVE-2024-43024 Stored Cross-Site Scripting (XSS)
Passbolt is an open source password manager designed for collaboration. You can securely generate, store, manage and monitor your team credentials.
- CVE-2024-33670 HTML Injection
VIA Go/Connect is a Wireless Content Presentation, Collaboration, and Conferencing Solution. It allows users to connect to the device and stream and share content. During a pentest I discovered multiple 0days that affected the latest firmware:
- CVE-2023-33468 Remote user connection to device
- CVE-2023-33469 Remote Code Execution (RCE) with root privileges
