CVE-2025-5287
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/RandomRobbieBF/CVE-2025-5287
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/RandomRobbieBF/CVE-2025-5287
GitHub
GitHub - RandomRobbieBF/CVE-2025-5287: Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection - RandomRobbieBF/CVE-2025-5287
CVE-2025-5701
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Github link:
https://github.com/RandomRobbieBF/CVE-2025-5701
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Github link:
https://github.com/RandomRobbieBF/CVE-2025-5701
GitHub
GitHub - RandomRobbieBF/CVE-2025-5701: HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update
HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update - RandomRobbieBF/CVE-2025-5701
CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Github link:
https://github.com/magicrc/CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Github link:
https://github.com/magicrc/CVE-2021-29447
GitHub
GitHub - magicrc/CVE-2021-29447: PoC for CVE-2021-29447
PoC for CVE-2021-29447. Contribute to magicrc/CVE-2021-29447 development by creating an account on GitHub.
CVE-2025-21420
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
Github link:
https://github.com/moiz-2x/CVE-2025-21420_POC
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
Github link:
https://github.com/moiz-2x/CVE-2025-21420_POC
GitHub
GitHub - moiz-2x/CVE-2025-21420_POC: Proof of Concept CVE-2025-21420 (Windows Disk Cleanup Tool EoP)
Proof of Concept CVE-2025-21420 (Windows Disk Cleanup Tool EoP) - moiz-2x/CVE-2025-21420_POC
CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Github link:
https://github.com/onixgod/SOC335-Event-ID-313-CVE-2024-49138-Exploitation-Detected--Lest-Defend-Writeup
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Github link:
https://github.com/onixgod/SOC335-Event-ID-313-CVE-2024-49138-Exploitation-Detected--Lest-Defend-Writeup
GitHub
GitHub - onixgod/SOC335-Event-ID-313-CVE-2024-49138-Exploitation-Detected--Lest-Defend-Writeup: In this lab I walked through an…
In this lab I walked through an end-to-end intrusion that began with an external RDP break-in, used a brand-new CLFS privilege-escalation exploit (CVE-2024–49138), and ended with SYSTEM-level cloud...
CVE-2025-24071
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Github link:
https://github.com/DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Github link:
https://github.com/DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-
GitHub
GitHub - DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-: CVE-2025-24071: NTLMv2 Hash Disclosure via .library-ms File
CVE-2025-24071: NTLMv2 Hash Disclosure via .library-ms File - DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/BugVex/Poison-HTB-Report
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/BugVex/Poison-HTB-Report
GitHub
GitHub - BugVex/Poison-HTB-Report: Privilege Escalation on HTB "Poison" using PwnKit (CVE-2021-4034)
Privilege Escalation on HTB "Poison" using PwnKit (CVE-2021-4034) - BugVex/Poison-HTB-Report
CVE-2025-31650
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.
This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.
Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
Github link:
https://github.com/assad12341/Dos-exploit-
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service.
This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5.
Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
Github link:
https://github.com/assad12341/Dos-exploit-
GitHub
GitHub - assad12341/Dos-exploit-: CVE-2025-31650
CVE-2025-31650. Contribute to assad12341/Dos-exploit- development by creating an account on GitHub.
CVE-2025-5419
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/itsShotgun/chrome_cve-2025-5419_checker
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/itsShotgun/chrome_cve-2025-5419_checker
GitHub
GitHub - itsShotgun/chrome_v8_cve_checker: Checks if your Chrome version is vulnerable to CVE-2025-5419, from the browser
Checks if your Chrome version is vulnerable to CVE-2025-5419, from the browser - itsShotgun/chrome_v8_cve_checker
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Github link:
https://github.com/knightc0de/Shellshock_vuln_Exploit
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Github link:
https://github.com/knightc0de/Shellshock_vuln_Exploit
GitHub
GitHub - knightc0de/Shellshock_vuln_Exploit: CVE-2014-6271(RCE) poc Exploit
CVE-2014-6271(RCE) poc Exploit. Contribute to knightc0de/Shellshock_vuln_Exploit development by creating an account on GitHub.
CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/Yuri08loveElaina/CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/Yuri08loveElaina/CVE-2022-26134
GitHub
GitHub - Yuri08loveElaina/CVE-2022-26134: CVE-2022-26134 - Confluence Pre-Auth Remote Code Execution [RCE]
CVE-2022-26134 - Confluence Pre-Auth Remote Code Execution [RCE] - Yuri08loveElaina/CVE-2022-26134
CVE-2024-50379
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Github link:
https://github.com/Yuri08loveElaina/CVE-2024-50379-POC
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
Github link:
https://github.com/Yuri08loveElaina/CVE-2024-50379-POC
GitHub
GitHub - Yuri08loveElaina/CVE-2024-50379-POC: Cve exploiting
Cve exploiting . Contribute to Yuri08loveElaina/CVE-2024-50379-POC development by creating an account on GitHub.