CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/byteReaper77/CVE-2024-4577
  
  In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/byteReaper77/CVE-2024-4577
GitHub
  
  GitHub - byteReaper77/CVE-2024-4577: Exploit (C) CVE-2024-4577 on PHP CGI
  Exploit (C) CVE-2024-4577 on PHP CGI . Contribute to byteReaper77/CVE-2024-4577 development by creating an account on GitHub.
  CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/0-d3y/langflow-rce-exploit
  
  Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/0-d3y/langflow-rce-exploit
GitHub
  
  GitHub - 0-d3y/langflow-rce-exploit: Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ]
  Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ] - 0-d3y/langflow-rce-exploit
  CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/nfoltc/CVE-2025-49132
  
  Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/nfoltc/CVE-2025-49132
GitHub
  
  GitHub - nfoltc/CVE-2025-49132: Check a list of Pterodactyl panels for vulnerabilities from a file.
  Check a list of Pterodactyl panels for vulnerabilities from a file. - nfoltc/CVE-2025-49132
  CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/dennisec/Mass-CVE-2025-3248
  
  Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/dennisec/Mass-CVE-2025-3248
GitHub
  
  GitHub - dennisec/Mass-CVE-2025-3248: Mass-CVE-2025-3248
  Mass-CVE-2025-3248. Contribute to dennisec/Mass-CVE-2025-3248 development by creating an account on GitHub.
  CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-1094
  
  Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-1094
GitHub
  
  GitHub - B1ack4sh/Blackash-CVE-2025-1094: CVE-2025-1094
  CVE-2025-1094. Contribute to B1ack4sh/Blackash-CVE-2025-1094 development by creating an account on GitHub.
  CVE-2020-1048
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.
Github link:
https://github.com/talsim/printDemon2system
  
  An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.
Github link:
https://github.com/talsim/printDemon2system
GitHub
  
  GitHub - talsim/printDemon2system: PrintDemon (CVE-2020-1048) Privilege Escalation
  PrintDemon (CVE-2020-1048) Privilege Escalation. Contribute to talsim/printDemon2system development by creating an account on GitHub.
  CVE-2025-26466
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Github link:
https://github.com/mrowkoob/CVE-2025-26466-msf
  
  A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Github link:
https://github.com/mrowkoob/CVE-2025-26466-msf
GitHub
  
  GitHub - mrowkoob/CVE-2025-26466-msf: CVE-2025-26466 - SSH Ping DoS Ruby module for Metasploit Framework
  CVE-2025-26466 - SSH Ping DoS Ruby module for Metasploit Framework - mrowkoob/CVE-2025-26466-msf
  CVE-2023-33538
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
Github link:
https://github.com/mrowkoob/CVE-2023-33538-msf
  
  TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
Github link:
https://github.com/mrowkoob/CVE-2023-33538-msf
GitHub
  
  GitHub - mrowkoob/CVE-2023-33538-msf: CVE-2023-33538 - TP-Link Command Injection Ruby module for Metasploit Framework
  CVE-2023-33538 - TP-Link Command Injection Ruby module for Metasploit Framework  - GitHub - mrowkoob/CVE-2023-33538-msf: CVE-2023-33538 - TP-Link Command Injection Ruby module for Metasploit Framework
  CVE-2025-4322
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-4322
  
  The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-4322
GitHub
  
  GitHub - B1ack4sh/Blackash-CVE-2025-4322: CVE-2025-4322 – Unauthenticated Privilege Escalation via Password Update "Account Takeover"…
  CVE-2025-4322 – Unauthenticated Privilege Escalation via Password Update "Account Takeover" 🔥 - B1ack4sh/Blackash-CVE-2025-4322
  CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/qiaojojo/CVE-2025-49132_poc
  
  Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/qiaojojo/CVE-2025-49132_poc
GitHub
  
  GitHub - qiaojojo/CVE-2025-49132_poc: Pterodactyl翼龙面板CVE-2025-49132批量检测☝️🤓
  Pterodactyl翼龙面板CVE-2025-49132批量检测☝️🤓. Contribute to qiaojojo/CVE-2025-49132_poc development by creating an account on GitHub.
  CVE-2025-0133
A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN.
There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal.
For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the in
Github link:
https://github.com/INTELEON404/CVE-2025-0133
  
  A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially crafted link. The primary risk is phishing attacks that can lead to credential theft—particularly if you enabled Clientless VPN.
There is no availability impact to GlobalProtect features or GlobalProtect users. Attackers cannot use this vulnerability to tamper with or modify contents or configurations of the GlobalProtect portal or gateways. The integrity impact of this vulnerability is limited to enabling an attacker to create phishing and credential-stealing links that appear to be hosted on the GlobalProtect portal.
For GlobalProtect users with Clientless VPN enabled, there is a limited impact on confidentiality due to inherent risks of Clientless VPN that facilitate credential theft. You can read more about this risk in the in
Github link:
https://github.com/INTELEON404/CVE-2025-0133
GitHub
  
  GitHub - INTELEON404/CVE-2025-0133: Reflected XSS vulnerability found in Palo Alto GlobalProtect Gateway & Portal. Attackers can…
  Reflected XSS vulnerability found in Palo Alto GlobalProtect Gateway & Portal. Attackers can inject malicious scripts via crafted requests.  - GitHub - INTELEON404/CVE-2025-0133: Reflected ...
  CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/63square/CVE-2025-49132
  
  Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/63square/CVE-2025-49132
GitHub
  
  GitHub - 63square/CVE-2025-49132: PoCs for CVE-2025-49132
  PoCs for CVE-2025-49132. Contribute to 63square/CVE-2025-49132 development by creating an account on GitHub.
  CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target
  
  Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target
GitHub
  
  GitHub - ill-deed/Langflow-CVE-2025-3248-Multi-target: Langflow versions prior to 1.3.0 are susceptible to code injection in the…
  Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary c...
  