CVE-2025-29824.zip
2.1 MB
CVE-2025-29824
Author: zmkeh
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
GitHub Link:
https://github.com/zmkeh/CVE-2025-29824-CLFS-Local-privilege-escalation
Author: zmkeh
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
GitHub Link:
https://github.com/zmkeh/CVE-2025-29824-CLFS-Local-privilege-escalation
CVE-2023-26360.zip
2.7 KB
CVE-2023-26360
Author: H3rm1tR3b0rn
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
GitHub Link:
https://github.com/H3rm1tR3b0rn/CVE-2023-26360-RCE
Author: H3rm1tR3b0rn
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
GitHub Link:
https://github.com/H3rm1tR3b0rn/CVE-2023-26360-RCE
CVE-2020-27955.zip
165.1 KB
CVE-2020-27955
Author: the-chivalrousZ
Git LFS 2.12.0 allows Remote Code Execution.
GitHub Link:
https://github.com/the-chivalrousZ/cve-2020-27955
Author: the-chivalrousZ
Git LFS 2.12.0 allows Remote Code Execution.
GitHub Link:
https://github.com/the-chivalrousZ/cve-2020-27955
CVE-2021-22204.zip
48.6 KB
CVE-2021-22204
Author: Roronoawjd
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
GitHub Link:
https://github.com/Roronoawjd/CVE-2021-22204
Author: Roronoawjd
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
GitHub Link:
https://github.com/Roronoawjd/CVE-2021-22204
CVE-2021-31166
Author: qazbnme
HTTP Protocol Stack Remote Code Execution Vulnerability
GitHub Link:
https://github.com/qazbnme/CVE-2021
Author: qazbnme
HTTP Protocol Stack Remote Code Execution Vulnerability
GitHub Link:
https://github.com/qazbnme/CVE-2021
CVE-2018-9995.zip
4.8 KB
CVE-2018-9995
Author: 0xDamian
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
GitHub Link:
https://github.com/0xDamian/CVE-2018-9995-rs
Author: 0xDamian
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
GitHub Link:
https://github.com/0xDamian/CVE-2018-9995-rs
CVE-2023-38831
Author: yangdayyy
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/yangdayyy/cve-2023-38831
Author: yangdayyy
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/yangdayyy/cve-2023-38831