CVE-2025-1302
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode.**Note:**This is caused by an incomplete fix for [CVE-2024-21534](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).
Github link:
https://github.com/abrewer251/CVE-2025-1302_jsonpath-plus_RCE
Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode.**Note:**This is caused by an incomplete fix for [CVE-2024-21534](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).
Github link:
https://github.com/abrewer251/CVE-2025-1302_jsonpath-plus_RCE
Learn more about npm with Snyk Open Source Vulnerability Database
Remote Code Execution (RCE) in jsonpath-plus | CVE-2024-21534 | Snyk
Critical severity (9.3) Remote Code Execution (RCE) in jsonpath-plus | CVE-2024-21534
CVE-2021-1675
Windows Print Spooler Elevation of Privilege Vulnerability
Github link:
https://github.com/CameraShutterBug/PrintNightmare
Windows Print Spooler Elevation of Privilege Vulnerability
Github link:
https://github.com/CameraShutterBug/PrintNightmare
GitHub
CameraShutterBug/PrintNightmare
C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527 - CameraShutterBug/PrintNightmare
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Github link:
https://github.com/rsherstnev/CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Github link:
https://github.com/rsherstnev/CVE-2014-6271
GitHub
GitHub - rsherstnev/CVE-2014-6271: This is my implementation of shellshock exploit
This is my implementation of shellshock exploit. Contribute to rsherstnev/CVE-2014-6271 development by creating an account on GitHub.
CVE-2025-53652
None
Github link:
https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
None
Github link:
https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
GitHub
GitHub - pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis: CVE-2025-53652: Jenkins Git Parameter Analysis
CVE-2025-53652: Jenkins Git Parameter Analysis. Contribute to pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis development by creating an account on GitHub.
CVE-2025-32429
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.
Github link:
https://github.com/amir-othman/CVE-2025-32429
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.
Github link:
https://github.com/amir-othman/CVE-2025-32429
GitHub
GitHub - amir-othman/CVE-2025-32429: Proof-of-Concept exploit for CVE-2025-32429 (SQL Injection in PHP PDO prepared statements)…
Proof-of-Concept exploit for CVE-2025-32429 (SQL Injection in PHP PDO prepared statements) – for educational and security research purposes only - amir-othman/CVE-2025-32429
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/frankfm-labs/bricks-rce-writeup
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/frankfm-labs/bricks-rce-writeup
GitHub
GitHub - frankfm-labs/bricks-rce-writeup: cve-2024-25600-report
cve-2024-25600-report. Contribute to frankfm-labs/bricks-rce-writeup development by creating an account on GitHub.
CVE-2025-7404
None
Github link:
https://github.com/mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection
None
Github link:
https://github.com/mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection
GitHub
GitHub - mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection: CVE-2025-7404 exploit.
CVE-2025-7404 exploit. Contribute to mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection development by creating an account on GitHub.