CVE-2025-2748
None
Github link:
https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC
None
Github link:
https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC
GitHub
GitHub - xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC: PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded…
PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS - xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/DedsecTeam-BlackHat/Poleposph
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/DedsecTeam-BlackHat/Poleposph
GitHub
GitHub - DedsecTeam-BlackHat/Poleposph: Tools for scan CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution (RCE)
Tools for scan CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution (RCE) - GitHub - DedsecTeam-BlackHat/Poleposph: Tools for scan CVE-2024-25600 - WordPress Bricks Builder Remote Code ...
CVE-2025-27533
None
Github link:
https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ
None
Github link:
https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ
GitHub
GitHub - absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ: exploit for CVE-2025-27533, a Denial of Service (DoS) vulnerability…
exploit for CVE-2025-27533, a Denial of Service (DoS) vulnerability in Apache ActiveMQ - absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ
CVE-2017-8917
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Github link:
https://github.com/xcalts/CVE-2017-8917
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Github link:
https://github.com/xcalts/CVE-2017-8917
GitHub
GitHub - xcalts/CVE-2017-8917: A timed-based SQLi approach to CVE-2017-8917
A timed-based SQLi approach to CVE-2017-8917. Contribute to xcalts/CVE-2017-8917 development by creating an account on GitHub.
CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
Github link:
https://github.com/Fauzan-Aldi/CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
Github link:
https://github.com/Fauzan-Aldi/CVE-2022-21661
GitHub
GitHub - Fauzan-Aldi/CVE-2022-21661: A Python PoC for CVE-2022-21661, adapted from z92g's Go PoC, designed to demonstrate the vulnerability…
A Python PoC for CVE-2022-21661, adapted from z92g's Go PoC, designed to demonstrate the vulnerability in a more accessible scripting environment. - Fauzan-Aldi/CVE-2022-21661
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/vigilante-1337/CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/vigilante-1337/CVE-2025-3248
GitHub
GitHub - vigilante-1337/CVE-2025-3248: CVE-2025-3248: A critical flaw has been discovered in Langflow that allows malicious actors…
CVE-2025-3248: A critical flaw has been discovered in Langflow that allows malicious actors to execute arbitrary Python code on the target system. This can lead to full remote code execution withou...
CVE-2025-24085
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Github link:
https://github.com/pxx917144686/12345
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Github link:
https://github.com/pxx917144686/12345
CVE-2025-2294
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Github link:
https://github.com/Yucaerin/CVE-2025-2294
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Github link:
https://github.com/Yucaerin/CVE-2025-2294
GitHub
GitHub - Yucaerin/CVE-2025-2294: Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion - Yucaerin/CVE-2025-2294
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/Z3R0-0x30/CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/Z3R0-0x30/CVE-2021-4034
GitHub
GitHub - Z3R0-0x30/CVE-2021-4034: This contains single-file exploit for cve-2021-4034 which is a Polkit Local Privilege Escalation.…
This contains single-file exploit for cve-2021-4034 which is a Polkit Local Privilege Escalation. Use it wisely! - Z3R0-0x30/CVE-2021-4034
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Github link:
https://github.com/Z3R0-0x30/CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Github link:
https://github.com/Z3R0-0x30/CVE-2015-3306
GitHub
GitHub - Z3R0-0x30/CVE-2015-3306: This contains single-file exploit for ProFTPd 1.3.5 mod_copy (CVE-2015-3306) vulnerability, especially…
This contains single-file exploit for ProFTPd 1.3.5 mod_copy (CVE-2015-3306) vulnerability, especially for TryHackMe Kenobi Lab. - Z3R0-0x30/CVE-2015-3306