CVE-2024-45496
Author: fatcatresearch
None
GitHub Link:
https://github.com/fatcatresearch/cve-2024-45496
Author: fatcatresearch
None
GitHub Link:
https://github.com/fatcatresearch/cve-2024-45496
CVE-2024-32019.zip
4.2 KB
CVE-2024-32019
Author: 80Ottanta80
Netdata is an open source observability tool. In affected versions the
GitHub Link:
https://github.com/80Ottanta80/CVE-2024-32019-PoC
Author: 80Ottanta80
Netdata is an open source observability tool. In affected versions the
ndsudo tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The ndsudo tool is packaged as a root-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the PATH environment variable. This allows an attacker to control where ndsudo looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.GitHub Link:
https://github.com/80Ottanta80/CVE-2024-32019-PoC
CVE-2023-45612.zip
282.3 KB
CVE-2023-45612
Author: seraphimi
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
GitHub Link:
https://github.com/seraphimi/ktor-xxe
Author: seraphimi
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
GitHub Link:
https://github.com/seraphimi/ktor-xxe
CVE-2025-49144.zip
46 KB
CVE-2025-49144
Author: havertz2110
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
GitHub Link:
https://github.com/havertz2110/CVE-2025-49144
Author: havertz2110
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
GitHub Link:
https://github.com/havertz2110/CVE-2025-49144