CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Github link:
https://github.com/szybnev/CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Github link:
https://github.com/szybnev/CVE-2023-7028
GitHub
GitHub - szybnev/CVE-2023-7028: This FORK of repository presents a proof-of-concept of CVE-2023-7028. I am only improve exploit…
This FORK of repository presents a proof-of-concept of CVE-2023-7028. I am only improve exploit usage - szybnev/CVE-2023-7028
CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGrap
Github link:
https://github.com/holokitty/Exploit-CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGrap
Github link:
https://github.com/holokitty/Exploit-CVE-2024-36401
GitHub
holokitty/Exploit-CVE-2024-36401
Python exploit for GeoServer (CVE-2024-36401) with JSP web shell upload - holokitty/Exploit-CVE-2024-36401
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/ChetanKomal/sudo_exploit
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/ChetanKomal/sudo_exploit
GitHub
GitHub - ChetanKomal/sudo_exploit: CVE-2025-32463
CVE-2025-32463. Contribute to ChetanKomal/sudo_exploit development by creating an account on GitHub.
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/Dre4m017/fuzzy
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/Dre4m017/fuzzy
GitHub
GitHub - Dre4m017/fuzzy: cve-2024-32002
cve-2024-32002. Contribute to Dre4m017/fuzzy development by creating an account on GitHub.
CVE-2024-4947
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/bjrjk/CVE-2024-4947
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/bjrjk/CVE-2024-4947
GitHub
GitHub - bjrjk/CVE-2024-4947: A in-the-wild V8 type confusion bug.
A in-the-wild V8 type confusion bug. Contribute to bjrjk/CVE-2024-4947 development by creating an account on GitHub.
CVE-2025-2825
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.
Github link:
https://github.com/Shivshantp/CVE-2025-2825-CrushFTP-AuthBypass
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-31161. Reason: This Record is a reservation duplicate of CVE-2025-31161. Notes: All CVE users should reference CVE-2025-31161 instead of this Record. All references and descriptions in this Record have been removed to prevent accidental usage.
Github link:
https://github.com/Shivshantp/CVE-2025-2825-CrushFTP-AuthBypass
GitHub
GitHub - Shivshantp/CVE-2025-2825-CrushFTP-AuthBypass: Authentication Bypass PoC for CVE-2025-2825 – Exploiting CrushFTP 10.x
Authentication Bypass PoC for CVE-2025-2825 – Exploiting CrushFTP 10.x - Shivshantp/CVE-2025-2825-CrushFTP-AuthBypass
CVE-2025-53770
None
Github link:
https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE
None
Github link:
https://github.com/AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE
GitHub
GitHub - AdityaBhatt3010/CVE-2025-53770-SharePoint-Zero-Day-Variant-Exploited-for-Full-RCE: A critical zero-auth RCE vulnerability…
A critical zero-auth RCE vulnerability in SharePoint (CVE-2025-53770), now exploited in the wild, building directly on the spoofing flaw CVE-2025-49706. - AdityaBhatt3010/CVE-2025-53770-SharePoint-...
CVE-2022-1386
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
Github link:
https://github.com/fayassgit/CVE-2022-1386-FusionBuilder-SSRF
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
Github link:
https://github.com/fayassgit/CVE-2022-1386-FusionBuilder-SSRF
GitHub
GitHub - fayassgit/CVE-2022-1386-FusionBuilder-SSRF: Unauthenticated SSRF PoC in WordPress Fusion Builder <3.6.2 (CVE-2022-1386)
Unauthenticated SSRF PoC in WordPress Fusion Builder <3.6.2 (CVE-2022-1386) - fayassgit/CVE-2022-1386-FusionBuilder-SSRF
CVE-2023-51385
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Github link:
https://github.com/saarcastified/CVE-2023-51385---OpenSSH-ProxyCommand-Injection-PoC
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Github link:
https://github.com/saarcastified/CVE-2023-51385---OpenSSH-ProxyCommand-Injection-PoC
GitHub
GitHub - saarcastified/CVE-2023-51385---OpenSSH-ProxyCommand-Injection-PoC: This repository contains a proof-of-concept (PoC) for…
This repository contains a proof-of-concept (PoC) for exploiting the OpenSSH ProxyCommand vulnerability — CVE-2025-51385 — affecting OpenSSH servers <9.6 Version - saarcastified/CVE-2023-513...
CVE-2025-34085
An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-34085
An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-34085
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-34085: CVE-2025-34085
CVE-2025-34085. Contribute to B1ack4sh/Blackash-CVE-2025-34085 development by creating an account on GitHub.
CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
Github link:
https://github.com/alexander47777/-CVE-2024-39930
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
Github link:
https://github.com/alexander47777/-CVE-2024-39930
GitHub
GitHub - alexander47777/-CVE-2024-39930: Gogs Under Attack: Unpacking the Critical SSH Vulnerability (CVE-2024–39930)
Gogs Under Attack: Unpacking the Critical SSH Vulnerability (CVE-2024–39930) - alexander47777/-CVE-2024-39930