CVE-2023-24249
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.
Github link:
https://github.com/ldb33/CVE-2023-24249-PoC
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.
Github link:
https://github.com/ldb33/CVE-2023-24249-PoC
GitHub
GitHub - ldb33/CVE-2023-24249-PoC: Proof of concept for HTB easy machine Usage
Proof of concept for HTB easy machine Usage. Contribute to ldb33/CVE-2023-24249-PoC development by creating an account on GitHub.
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/x1ongsec/CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/x1ongsec/CVE-2025-24813
GitHub
GitHub - x1ongsec/CVE-2025-24813: tomcat CVE-2025-24813 反序列化RCE环境
tomcat CVE-2025-24813 反序列化RCE环境. Contribute to x1ongsec/CVE-2025-24813 development by creating an account on GitHub.
CVE-2024-41817
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
Github link:
https://github.com/maikneysm/AutoPwn-Titanic.htb
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
Github link:
https://github.com/maikneysm/AutoPwn-Titanic.htb
GitHub
GitHub - maikneysm/AutoPwn-Titanic.htb: This is an automated exploitation script for the Hack The Box machine *Titanic*. It extracts…
This is an automated exploitation script for the Hack The Box machine *Titanic*. It extracts Gitea user hashes via LFI, assists in cracking them, and exploits an ImageMagick vulnerability (CVE-2024...
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/Dermot-lab/TryHack
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/Dermot-lab/TryHack
GitHub
Dermot-lab/TryHack
CVE-2024-3094. Contribute to Dermot-lab/TryHack development by creating an account on GitHub.
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/issamjr/CVE-2025-3248-Scanner
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/issamjr/CVE-2025-3248-Scanner
GitHub
GitHub - issamjr/CVE-2025-3248-Scanner: Powerful unauthenticated RCE scanner for CVE-2025-3248 affecting Langflow < 1.3.0
Powerful unauthenticated RCE scanner for CVE-2025-3248 affecting Langflow < 1.3.0 - issamjr/CVE-2025-3248-Scanner
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/issamjr/CVE-2025-49113-Scanner
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/issamjr/CVE-2025-49113-Scanner
GitHub
GitHub - issamjr/CVE-2025-49113-Scanner: A powerful Python scanner to detect CVE-2025-49113 vulnerability in Roundcube Webmail.…
A powerful Python scanner to detect CVE-2025-49113 vulnerability in Roundcube Webmail. Developed by Issam Junior (@issamiso). - issamjr/CVE-2025-49113-Scanner
CVE-2025-26909
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.
Github link:
https://github.com/issamjr/CVE-2025-26909-Scanner
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.
Github link:
https://github.com/issamjr/CVE-2025-26909-Scanner
GitHub
GitHub - issamjr/CVE-2025-26909-Scanner: Advanced scanner and PoC for CVE-2025-26909 in Hide My WP Ghost
Advanced scanner and PoC for CVE-2025-26909 in Hide My WP Ghost - issamjr/CVE-2025-26909-Scanner
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-3248
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-3248: CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python…
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage - B1ack4sh/Blackash-CVE-2025-3248
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/byteReaper77/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/byteReaper77/CVE-2024-4577
GitHub
GitHub - byteReaper77/CVE-2024-4577: Exploit (C) CVE-2024-4577 on PHP CGI
Exploit (C) CVE-2024-4577 on PHP CGI . Contribute to byteReaper77/CVE-2024-4577 development by creating an account on GitHub.
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/0-d3y/langflow-rce-exploit
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/0-d3y/langflow-rce-exploit
GitHub
GitHub - 0-d3y/langflow-rce-exploit: Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ]
Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ] - 0-d3y/langflow-rce-exploit
CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/nfoltc/CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/nfoltc/CVE-2025-49132
GitHub
GitHub - nfoltc/CVE-2025-49132: Check a list of Pterodactyl panels for vulnerabilities from a file.
Check a list of Pterodactyl panels for vulnerabilities from a file. - nfoltc/CVE-2025-49132
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/dennisec/Mass-CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/dennisec/Mass-CVE-2025-3248
GitHub
GitHub - dennisec/Mass-CVE-2025-3248: Mass-CVE-2025-3248
Mass-CVE-2025-3248. Contribute to dennisec/Mass-CVE-2025-3248 development by creating an account on GitHub.
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-1094
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-1094: CVE-2025-1094
CVE-2025-1094. Contribute to B1ack4sh/Blackash-CVE-2025-1094 development by creating an account on GitHub.