CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Github link:
https://github.com/korden-c/CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Github link:
https://github.com/korden-c/CVE-2025-46801
CVE-2025-4918
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
Github link:
https://github.com/korden-c/CVE-2025-4918
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
Github link:
https://github.com/korden-c/CVE-2025-4918
GitHub
GitHub - korden-c/CVE-2025-4918: CVE-2025-4918 – Out-of-Bounds Memory Corruption in Mozilla Firefox
CVE-2025-4918 – Out-of-Bounds Memory Corruption in Mozilla Firefox - korden-c/CVE-2025-4918
CVE-2013-4786
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Github link:
https://github.com/tallperennial/CosmicRakp
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Github link:
https://github.com/tallperennial/CosmicRakp
GitHub
GitHub - tallperennial/CosmicRakp: CVE-2013-4786 Go exploitation tool
CVE-2013-4786 Go exploitation tool. Contribute to tallperennial/CosmicRakp development by creating an account on GitHub.
CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/kk12-30/CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/kk12-30/CVE-2025-4123
GitHub
GitHub - kk12-30/CVE-2025-4123: CVE-2025-4123
CVE-2025-4123. Contribute to kk12-30/CVE-2025-4123 development by creating an account on GitHub.
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resultin
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resultin
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-31161
GitHub
GitHub - 0xgh057r3c0n/CVE-2025-31161: 🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit
🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit - 0xgh057r3c0n/CVE-2025-31161
CVE-2019-25137
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
Github link:
https://github.com/dact91/CVE-2019-25137-RCE
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
Github link:
https://github.com/dact91/CVE-2019-25137-RCE
GitHub
GitHub - dact91/CVE-2019-25137-RCE: CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered
CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered - dact91/CVE-2019-25137-RCE
CVE-2023-50564
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Github link:
https://github.com/glynzr/CVE-2023-50564
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Github link:
https://github.com/glynzr/CVE-2023-50564
GitHub
GitHub - glynzr/CVE-2023-50564: Pluck v4.7.18 - Remote Code Execution (RCE)
Pluck v4.7.18 - Remote Code Execution (RCE). Contribute to glynzr/CVE-2023-50564 development by creating an account on GitHub.
CVE-2024-42009
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Github link:
https://github.com/DaniTheHack3r/CVE-2024-42009-PoC
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Github link:
https://github.com/DaniTheHack3r/CVE-2024-42009-PoC
GitHub
GitHub - DaniTheHack3r/CVE-2024-42009-PoC: CVE-2024-42009 Proof of Concept
CVE-2024-42009 Proof of Concept. Contribute to DaniTheHack3r/CVE-2024-42009-PoC development by creating an account on GitHub.
CVE-2021-24086
Windows TCP/IP Denial of Service Vulnerability
Github link:
https://github.com/personnumber3377/windows_tcpip_fuzz
Windows TCP/IP Denial of Service Vulnerability
Github link:
https://github.com/personnumber3377/windows_tcpip_fuzz
GitHub
GitHub - personnumber3377/windows_tcpip_fuzz: This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This…
This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This is inspired by this vulnerability here: https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mec...
CVE-2023-20963
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
Github link:
https://github.com/black7024/BadParcel
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
Github link:
https://github.com/black7024/BadParcel
GitHub
GitHub - black7024/BadParcel: CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch)
CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch) - black7024/BadParcel
CVE-2025-4664
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/korden-c/CVE-2025-4664
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/korden-c/CVE-2025-4664
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813-
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813-
GitHub
GitHub - mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813-: Apache Tomcat - Remote Code…
Apache Tomcat - Remote Code Execution via Session Deserialization (CVE-2025-24813) - mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813-