CVE-2008-4250
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Github link:
https://github.com/NoTrustedx/Exploit_MS08-067
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Github link:
https://github.com/NoTrustedx/Exploit_MS08-067
GitHub
GitHub - NoTrustedx/Exploit_MS08-067: MS08-067 | CVE-2008-4250
MS08-067 | CVE-2008-4250. Contribute to NoTrustedx/Exploit_MS08-067 development by creating an account on GitHub.
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/valeriot30/cve-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/valeriot30/cve-2024-3094
GitHub
GitHub - valeriot30/cve-2024-3094: A XZ backdoor vulnerability explained in details
A XZ backdoor vulnerability explained in details. Contribute to valeriot30/cve-2024-3094 development by creating an account on GitHub.
CVE-2025-3102
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-3102
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-3102
GitHub
GitHub - 0xgh057r3c0n/CVE-2025-3102: SureTriggers <= 1.0.78 - Authorization Bypass Exploit
SureTriggers <= 1.0.78 - Authorization Bypass Exploit - 0xgh057r3c0n/CVE-2025-3102
CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Github link:
https://github.com/ElusiveHacker/CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Github link:
https://github.com/ElusiveHacker/CVE-2019-7214
GitHub
GitHub - ElusiveHacker/CVE-2019-7214: For CTF use only (the CVE-2019-7214 also resolves the host from /etc/hosts)
For CTF use only (the CVE-2019-7214 also resolves the host from /etc/hosts) - ElusiveHacker/CVE-2019-7214
CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/J0ey17/Exploit_CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/J0ey17/Exploit_CVE-2023-27163
GitHub
GitHub - J0ey17/Exploit_CVE-2023-27163: Proof of Concept exploit for Server Side Request Forgery vulnerability in Requests Basket…
Proof of Concept exploit for Server Side Request Forgery vulnerability in Requests Basket v1.2.1 and before. - J0ey17/Exploit_CVE-2023-27163
CVE-2025-32206
Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2.
Github link:
https://github.com/postal-filled-zap/CVE
Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2.
Github link:
https://github.com/postal-filled-zap/CVE
CVE-2019-20085
TVT NVMS-1000 devices allow GET /.. Directory Traversal
Github link:
https://github.com/Z3R0-0x30/CVE-2019-20085
TVT NVMS-1000 devices allow GET /.. Directory Traversal
Github link:
https://github.com/Z3R0-0x30/CVE-2019-20085
GitHub
GitHub - Z3R0-0x30/CVE-2019-20085: A repository used for Hackthebox ServMon Machine
A repository used for Hackthebox ServMon Machine. Contribute to Z3R0-0x30/CVE-2019-20085 development by creating an account on GitHub.
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/Ademking/CVE-2025-49113-nuclei-template
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/Ademking/CVE-2025-49113-nuclei-template
GitHub
GitHub - Ademking/CVE-2025-49113-nuclei-template: CVE-2025-49113 - Roundcube <= 1.6.10 Post-Auth RCE via PHP Object Deserialization
CVE-2025-49113 - Roundcube <= 1.6.10 Post-Auth RCE via PHP Object Deserialization - Ademking/CVE-2025-49113-nuclei-template
CVE-2019-12840
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Github link:
https://github.com/fenix0499/CVE-2019-12840-NodeJs-Exploit
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Github link:
https://github.com/fenix0499/CVE-2019-12840-NodeJs-Exploit
GitHub
GitHub - fenix0499/CVE-2019-12840-NodeJs-Exploit: Authenticated Remote Command Execution - Webmin <= 1.910
Authenticated Remote Command Execution - Webmin <= 1.910 - fenix0499/CVE-2019-12840-NodeJs-Exploit
CVE-2025-2539
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information.
Github link:
https://github.com/RootHarpy/CVE-2025-2539
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information.
Github link:
https://github.com/RootHarpy/CVE-2025-2539
GitHub
GitHub - RootHarpy/CVE-2025-2539: Unauthenticated Arbitrary File Read exploit for WordPress File Away Plugin ≤ 3.9.9.0.1
Unauthenticated Arbitrary File Read exploit for WordPress File Away Plugin ≤ 3.9.9.0.1 - RootHarpy/CVE-2025-2539
CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/ynsmroztas/CVE-2025-4123-Exploit-Tool-Grafana-
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/ynsmroztas/CVE-2025-4123-Exploit-Tool-Grafana-
GitHub
GitHub - ynsmroztas/CVE-2025-4123-Exploit-Tool-Grafana-: CVE-2025-4123 - Grafana Tool
CVE-2025-4123 - Grafana Tool. Contribute to ynsmroztas/CVE-2025-4123-Exploit-Tool-Grafana- development by creating an account on GitHub.