CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/00xCanelo/CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/00xCanelo/CVE-2025-49113
GitHub
GitHub - 00xCanelo/CVE-2025-49113: đź’Ą Python Exploit for CVE-2025-49113 | Roundcube Webmail RCE via PHP Object Injection
đź’Ą Python Exploit for CVE-2025-49113 | Roundcube Webmail RCE via PHP Object Injection - 00xCanelo/CVE-2025-49113
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/00xCanelo/CVE-2025-27591-PoC
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/00xCanelo/CVE-2025-27591-PoC
GitHub
GitHub - 00xCanelo/CVE-2025-27591: 🔥 Local Privilege Escalation Exploit for CVE-2025-27591 | Abuses world-writable log dir in Below…
🔥 Local Privilege Escalation Exploit for CVE-2025-27591 | Abuses world-writable log dir in Below to gain root via /etc/passwd injection - 00xCanelo/CVE-2025-27591
CVE-2024-47575
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Github link:
https://github.com/AnnnNix/CVE-2024-47575
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Github link:
https://github.com/AnnnNix/CVE-2024-47575
GitHub
GitHub - AnnnNix/CVE-2024-47575: PoC for CVE-2024-47575
PoC for CVE-2024-47575. Contribute to AnnnNix/CVE-2024-47575 development by creating an account on GitHub.
CVE-2025-32023
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
Github link:
https://github.com/shayantrix/POC-CVE-2025-32023
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
Github link:
https://github.com/shayantrix/POC-CVE-2025-32023
GitHub
GitHub - shayantrix/POC-CVE-2025-32023: This is a reference to https://github.com/leesh3288/CVE-2025-32023, a bit modified.
This is a reference to https://github.com/leesh3288/CVE-2025-32023, a bit modified. - shayantrix/POC-CVE-2025-32023
CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Github link:
https://github.com/Perimora/cve_2022_0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Github link:
https://github.com/Perimora/cve_2022_0492
GitHub
GitHub - Perimora/cve_2022_0492: PoC for CVE-2022-0492
PoC for CVE-2022-0492. Contribute to Perimora/cve_2022_0492 development by creating an account on GitHub.
CVE-2025-34085
An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-34085
An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-34085
GitHub
GitHub - 0xgh057r3c0n/CVE-2025-34085: WordPress Simple File List Unauthenticated RCE Exploit
WordPress Simple File List Unauthenticated RCE Exploit - 0xgh057r3c0n/CVE-2025-34085
CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Github link:
https://github.com/IK-20211125/CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Github link:
https://github.com/IK-20211125/CVE-2025-48384
GitHub
GitHub - IK-20211125/CVE-2025-48384: CVE-2025-48384 PoC
CVE-2025-48384 PoC. Contribute to IK-20211125/CVE-2025-48384 development by creating an account on GitHub.
CVE-2025-49706
None
Github link:
https://github.com/AdityaBhatt3010/CVE-2025-49706-SharePoint-Spoofing-Vulnerability-Under-Active-Exploitation
None
Github link:
https://github.com/AdityaBhatt3010/CVE-2025-49706-SharePoint-Spoofing-Vulnerability-Under-Active-Exploitation
GitHub
GitHub - AdityaBhatt3010/CVE-2025-49706-SharePoint-Spoofing-Vulnerability-Under-Active-Exploitation: A deep dive into CVE-2025…
A deep dive into CVE-2025-49706 — the SharePoint spoofing flaw now exploited in the wild for stealthy web shell deployment and privilege escalation. - AdityaBhatt3010/CVE-2025-49706-SharePoint-Spoo...