CVE-2025-49144
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
Github link:
https://github.com/0xCZR1/cve-2025-49144
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2.
Github link:
https://github.com/0xCZR1/cve-2025-49144
GitHub
GitHub - 0xCZR1/cve-2025-49144: Notepad++ Privilege Escalation
Notepad++ Privilege Escalation. Contribute to 0xCZR1/cve-2025-49144 development by creating an account on GitHub.
CVE-2018-1207
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.
Github link:
https://github.com/SYNKTeam/CVE-2018-1207
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.
Github link:
https://github.com/SYNKTeam/CVE-2018-1207
GitHub
GitHub - SYNKTeam/CVE-2018-1207: Reverse Shell CVE for iDRAC 7 & 8 with firmware 2.52.52.52 and below.
Reverse Shell CVE for iDRAC 7 & 8 with firmware 2.52.52.52 and below. - SYNKTeam/CVE-2018-1207
CVE-2015-10137
None
Github link:
https://github.com/Kai-One001/-CVE-2015-10137-WordPress-N-Media-Website-Contact-Form-with-File-Upload-1.3.4
None
Github link:
https://github.com/Kai-One001/-CVE-2015-10137-WordPress-N-Media-Website-Contact-Form-with-File-Upload-1.3.4
GitHub
GitHub - Kai-One001/-CVE-2015-10137-WordPress-N-Media-Website-Contact-Form-with-File-Upload-1.3.4: WordPress联系表单插件 - 未授权任意文件上传漏洞
WordPress联系表单插件 - 未授权任意文件上传漏洞. Contribute to Kai-One001/-CVE-2015-10137-WordPress-N-Media-Website-Contact-Form-with-File-Upload-1.3.4 development by creating an account on GitHub.
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/CirqueiraDev/MassExploit-CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/CirqueiraDev/MassExploit-CVE-2024-4577
GitHub
GitHub - CirqueiraDev/MassExploit-CVE-2024-4577: CVE-2024-4577 Mass Scanner & Exploit Tool
CVE-2024-4577 Mass Scanner & Exploit Tool. Contribute to CirqueiraDev/MassExploit-CVE-2024-4577 development by creating an account on GitHub.
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Shivshantp/CVE-2025-5777-TrendMicro-ApexCentral-RCE
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Shivshantp/CVE-2025-5777-TrendMicro-ApexCentral-RCE
GitHub
GitHub - Shivshantp/CVE-2025-5777-TrendMicro-ApexCentral-RCE: 🔥 PoC for CVE-2025-5777 – Auth Bypass + RCE in Trend Micro Apex Central
🔥 PoC for CVE-2025-5777 – Auth Bypass + RCE in Trend Micro Apex Central - Shivshantp/CVE-2025-5777-TrendMicro-ApexCentral-RCE
CVE-2023-2598
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
Github link:
https://github.com/SpongeBob-369/CVE-2023-2598
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
Github link:
https://github.com/SpongeBob-369/CVE-2023-2598
GitHub
GitHub - SpongeBob-369/CVE-2023-2598: The exploitation of CVE-2023-2598 about io_uring
The exploitation of CVE-2023-2598 about io_uring. Contribute to SpongeBob-369/CVE-2023-2598 development by creating an account on GitHub.
CVE-2024-4947
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/DiabloX90911/CVE-2024-4947
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/DiabloX90911/CVE-2024-4947
GitHub
GitHub - DiabloX90911/CVE-2024-4947: Explore CVE-2024-4947, a V8 type confusion bug, with analysis and PoCs. Join the discussion…
Explore CVE-2024-4947, a V8 type confusion bug, with analysis and PoCs. Join the discussion on GitHub! 🐙💻 - DiabloX90911/CVE-2024-4947
CVE-2024-38063
Windows TCP/IP Remote Code Execution Vulnerability
Github link:
https://github.com/Skac44/CVE-2024-38063
Windows TCP/IP Remote Code Execution Vulnerability
Github link:
https://github.com/Skac44/CVE-2024-38063
GitHub
GitHub - Skac44/CVE-2024-38063: Windows Vulnerability that allows the implementation of unauthorised activity over the network:…
Windows Vulnerability that allows the implementation of unauthorised activity over the network: remote execution of Windows TCP/IP remote code. - Skac44/CVE-2024-38063
CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/Kamal-Hegazi/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/Kamal-Hegazi/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass
GitHub
GitHub - Kamal-Hegazi/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass: CVE‑2025‑29927 is a critical vulnerability (CVSS…
CVE‑2025‑29927 is a critical vulnerability (CVSS 9.1) in Next.js that allows attackers to bypass middleware‑based security checks. - Kamal-Hegazi/CVE-2025-29927-Next.js-Middleware-Authorization-Bypass
CVE-2025-30397
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-30397
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-30397
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-30397: CVE-2025-30397
CVE-2025-30397. Contribute to B1ack4sh/Blackash-CVE-2025-30397 development by creating an account on GitHub.