CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Github link:
https://github.com/rsherstnev/CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Github link:
https://github.com/rsherstnev/CVE-2014-6271
GitHub
GitHub - rsherstnev/CVE-2014-6271: This is my implementation of shellshock exploit
This is my implementation of shellshock exploit. Contribute to rsherstnev/CVE-2014-6271 development by creating an account on GitHub.
CVE-2025-53652
None
Github link:
https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
None
Github link:
https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
GitHub
GitHub - pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis: CVE-2025-53652: Jenkins Git Parameter Analysis
CVE-2025-53652: Jenkins Git Parameter Analysis. Contribute to pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis development by creating an account on GitHub.
CVE-2025-32429
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.
Github link:
https://github.com/amir-othman/CVE-2025-32429
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.
Github link:
https://github.com/amir-othman/CVE-2025-32429
GitHub
GitHub - amir-othman/CVE-2025-32429: Proof-of-Concept exploit for CVE-2025-32429 (SQL Injection in PHP PDO prepared statements)…
Proof-of-Concept exploit for CVE-2025-32429 (SQL Injection in PHP PDO prepared statements) – for educational and security research purposes only - amir-othman/CVE-2025-32429
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/frankfm-labs/bricks-rce-writeup
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/frankfm-labs/bricks-rce-writeup
GitHub
GitHub - frankfm-labs/bricks-rce-writeup: cve-2024-25600-report
cve-2024-25600-report. Contribute to frankfm-labs/bricks-rce-writeup development by creating an account on GitHub.
CVE-2025-7404
None
Github link:
https://github.com/mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection
None
Github link:
https://github.com/mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection
GitHub
GitHub - mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection: CVE-2025-7404 exploit.
CVE-2025-7404 exploit. Contribute to mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection development by creating an account on GitHub.
CVE-2023-42931
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.
Github link:
https://github.com/tageniu/CVE-2023-42931
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.
Github link:
https://github.com/tageniu/CVE-2023-42931
GitHub
GitHub - tageniu/CVE-2023-42931: The exploit targets a LPE works on macOS 14.0-14.1.2, 13.0-13.6.2, 12.0-12.7.1
The exploit targets a LPE works on macOS 14.0-14.1.2, 13.0-13.6.2, 12.0-12.7.1 - tageniu/CVE-2023-42931
CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/sahbaazansari/CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/sahbaazansari/CVE-2025-29927
GitHub
GitHub - sahbaazansari/CVE-2025-29927: The POC for m6.fr website
The POC for m6.fr website. Contribute to sahbaazansari/CVE-2025-29927 development by creating an account on GitHub.