CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Github link:
https://github.com/korden-c/CVE-2025-46801
  Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Github link:
https://github.com/korden-c/CVE-2025-46801
CVE-2025-4918
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
Github link:
https://github.com/korden-c/CVE-2025-4918
  
  An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
Github link:
https://github.com/korden-c/CVE-2025-4918
GitHub
  
  GitHub - korden-c/CVE-2025-4918: CVE-2025-4918 – Out-of-Bounds Memory Corruption in Mozilla Firefox
  CVE-2025-4918 – Out-of-Bounds Memory Corruption in Mozilla Firefox - korden-c/CVE-2025-4918
  CVE-2013-4786
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Github link:
https://github.com/tallperennial/CosmicRakp
  
  The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Github link:
https://github.com/tallperennial/CosmicRakp
GitHub
  
  GitHub - tallperennial/CosmicRakp: CVE-2013-4786 Go exploitation tool
  CVE-2013-4786 Go exploitation tool. Contribute to tallperennial/CosmicRakp development by creating an account on GitHub.
  CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/kk12-30/CVE-2025-4123
  
  A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/kk12-30/CVE-2025-4123
GitHub
  
  GitHub - kk12-30/CVE-2025-4123: CVE-2025-4123
  CVE-2025-4123. Contribute to kk12-30/CVE-2025-4123 development by creating an account on GitHub.
  CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resultin
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-31161
  
  CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resultin
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-31161
GitHub
  
  GitHub - 0xgh057r3c0n/CVE-2025-31161: 🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit
  🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit - 0xgh057r3c0n/CVE-2025-31161
  CVE-2019-25137
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
Github link:
https://github.com/dact91/CVE-2019-25137-RCE
  
  Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
Github link:
https://github.com/dact91/CVE-2019-25137-RCE
GitHub
  
  GitHub - dact91/CVE-2019-25137-RCE: CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered
  CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered - dact91/CVE-2019-25137-RCE
  CVE-2023-50564
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Github link:
https://github.com/glynzr/CVE-2023-50564
  
  An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Github link:
https://github.com/glynzr/CVE-2023-50564
GitHub
  
  GitHub - glynzr/CVE-2023-50564: Pluck v4.7.18 - Remote Code Execution (RCE)
  Pluck v4.7.18 - Remote Code Execution (RCE). Contribute to glynzr/CVE-2023-50564 development by creating an account on GitHub.
  CVE-2024-42009
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Github link:
https://github.com/DaniTheHack3r/CVE-2024-42009-PoC
  
  A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Github link:
https://github.com/DaniTheHack3r/CVE-2024-42009-PoC
GitHub
  
  GitHub - DaniTheHack3r/CVE-2024-42009-PoC: CVE-2024-42009 Proof of Concept
  CVE-2024-42009 Proof of Concept. Contribute to DaniTheHack3r/CVE-2024-42009-PoC development by creating an account on GitHub.
  CVE-2021-24086
Windows TCP/IP Denial of Service Vulnerability
Github link:
https://github.com/personnumber3377/windows_tcpip_fuzz
  
  Windows TCP/IP Denial of Service Vulnerability
Github link:
https://github.com/personnumber3377/windows_tcpip_fuzz
GitHub
  
  GitHub - personnumber3377/windows_tcpip_fuzz: This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This…
  This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This is inspired by this vulnerability here: https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mec...
  CVE-2023-20963
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
Github link:
https://github.com/black7024/BadParcel
  
  In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
Github link:
https://github.com/black7024/BadParcel
GitHub
  
  GitHub - black7024/BadParcel: CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch)
  CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch) - black7024/BadParcel
  CVE-2025-4664
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/korden-c/CVE-2025-4664
  Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/korden-c/CVE-2025-4664
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813-
  
  Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813-
GitHub
  
  GitHub - mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813-: Apache Tomcat - Remote Code…
  Apache Tomcat - Remote Code Execution via Session Deserialization (CVE-2025-24813) - mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813-
  CVE-2025-24203
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
Github link:
https://github.com/pxx917144686/iDevice_ZH
  
  The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
Github link:
https://github.com/pxx917144686/iDevice_ZH
GitHub
  
  GitHub - pxx917144686/iDevice_ZH: CVE-2025-24203漏洞
  CVE-2025-24203漏洞. Contribute to pxx917144686/iDevice_ZH development by creating an account on GitHub.
  