CVE-2025-32433.zip
70.9 KB
CVE-2025-32433
Author: dollarboysushil
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE
Author: dollarboysushil
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE
CVE-2021-21707.zip
1.3 KB
CVE-2021-21707
Author: useru1k
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
GitHub Link:
https://github.com/useru1k/php-8.1.0-dev-exploit
Author: useru1k
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
GitHub Link:
https://github.com/useru1k/php-8.1.0-dev-exploit
CVE-2025-21333.zip
24.9 KB
CVE-2025-21333
Author: pradip022
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/pradip022/CVE-2025-21333-POC
Author: pradip022
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/pradip022/CVE-2025-21333-POC
CVE-2021-21707.zip
1.3 KB
CVE-2021-21707
Author: useru1k
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
GitHub Link:
https://github.com/useru1k/php-8.1.0-dev-exploit
Author: useru1k
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
GitHub Link:
https://github.com/useru1k/php-8.1.0-dev-exploit
CVE-2025-21333.zip
24.9 KB
CVE-2025-21333
Author: pradip022
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/pradip022/CVE-2025-21333-POC
Author: pradip022
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/pradip022/CVE-2025-21333-POC
CVE-2025-32433.zip
70.9 KB
CVE-2025-32433
Author: dollarboysushil
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE
Author: dollarboysushil
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE
CVE-2015-5736
Author: avielzecharia
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
GitHub Link:
https://github.com/avielzecharia/CVE-2015-5736
Author: avielzecharia
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
GitHub Link:
https://github.com/avielzecharia/CVE-2015-5736
CVE-2025-24204.zip
1.6 MB
CVE-2025-24204
Author: bale170501
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
GitHub Link:
https://github.com/bale170501/decrypted
Author: bale170501
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
GitHub Link:
https://github.com/bale170501/decrypted