CVE-2016-4631
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
Github link:
https://github.com/l3onkers/FuxiOS
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
Github link:
https://github.com/l3onkers/FuxiOS
GitHub
GitHub - l3onkers/FuxiOS: 🎯 FuxiOS.py v2.0 - CVE-2016-4631 Exploit PoC modernizado
🎯 FuxiOS.py v2.0 - CVE-2016-4631 Exploit PoC modernizado - l3onkers/FuxiOS
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Github link:
https://github.com/mohammadamin382/dirtycow-lab
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Github link:
https://github.com/mohammadamin382/dirtycow-lab
GitHub
GitHub - mohammadamin382/dirtycow-lab: Educational PoC for Dirty COW (CVE-2016-5195) with logging, ptrace fallback, and binary…
Educational PoC for Dirty COW (CVE-2016-5195) with logging, ptrace fallback, and binary payload support. - mohammadamin382/dirtycow-lab
CVE-2023-46818
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Github link:
https://github.com/vulnerk0/CVE-2023-46818
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Github link:
https://github.com/vulnerk0/CVE-2023-46818
GitHub
GitHub - vulnerk0/CVE-2023-46818: Python PoC for CVE-2023-46818
Python PoC for CVE-2023-46818. Contribute to vulnerk0/CVE-2023-46818 development by creating an account on GitHub.
CVE-2025-30406
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
Github link:
https://github.com/mchklt/CVE-2025-30406
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
Github link:
https://github.com/mchklt/CVE-2025-30406
GitHub
GitHub - mchklt/CVE-2025-30406: CVE-2025-30406 ViewState Exploit PoC
CVE-2025-30406 ViewState Exploit PoC. Contribute to mchklt/CVE-2025-30406 development by creating an account on GitHub.
CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Github link:
https://github.com/f1shh/CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Github link:
https://github.com/f1shh/CVE-2025-48384
GitHub
GitHub - f1shh/CVE-2025-48384: test for CVE-2025-48384
test for CVE-2025-48384. Contribute to f1shh/CVE-2025-48384 development by creating an account on GitHub.
CVE-2015-6668
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.
Github link:
https://github.com/NoTrustedx/Job-Manager-Disclosure
The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference.
Github link:
https://github.com/NoTrustedx/Job-Manager-Disclosure
GitHub
GitHub - NoTrustedx/Job-Manager-Disclosure: CVE-2015-6668, relacionada con el plugin WP Job Manager para WordPress (versiones ≤…
CVE-2015-6668, relacionada con el plugin WP Job Manager para WordPress (versiones ≤ 0.7.25). - NoTrustedx/Job-Manager-Disclosure
CVE-2025-46018
None
Github link:
https://github.com/niranjangaire1995/CVE-2025-46018-CSC-Pay-Mobile-App-Payment-Authentication-Bypass
None
Github link:
https://github.com/niranjangaire1995/CVE-2025-46018-CSC-Pay-Mobile-App-Payment-Authentication-Bypass
GitHub
GitHub - niranjangaire1995/CVE-2025-46018-CSC-Pay-Mobile-App-Payment-Authentication-Bypass: Disclosure of CVE-2025-46018: A Bluetooth…
Disclosure of CVE-2025-46018: A Bluetooth-based payment bypass vulnerability in CSC Pay Mobile App v2.19.4" - niranjangaire1995/CVE-2025-46018-CSC-Pay-Mobile-App-Payment-Authentication-Bypass
CVE-2024-8517
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
Github link:
https://github.com/saadhassan77/SPIP-BigUp-Unauthenticated-RCE-Exploit-CVE-2024-8517
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
Github link:
https://github.com/saadhassan77/SPIP-BigUp-Unauthenticated-RCE-Exploit-CVE-2024-8517
GitHub
GitHub - saadhassan77/SPIP-BigUp-Unauthenticated-RCE-Exploit-CVE-2024-8517: This Python exploit targets a critical unauthenticated…
This Python exploit targets a critical unauthenticated Remote Code Execution (RCE) vulnerability in the BigUp plugin of SPIP CMS (≤ 4.3.1, 4.2.15, 4.1.17). It abuses the bigup_retrouver_fichiers pa...
CVE-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
Github link:
https://github.com/captain-woof/cve-2017-12629
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
Github link:
https://github.com/captain-woof/cve-2017-12629
GitHub
GitHub - captain-woof/cve-2017-12629: Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting…
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListene...
CVE-2024-27804
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
Github link:
https://github.com/a0zhar/QuarkPoC
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
Github link:
https://github.com/a0zhar/QuarkPoC
GitHub
GitHub - a0zhar/QuarkPoC: iOS Application w/Implementation of CVE-2024-27804
iOS Application w/Implementation of CVE-2024-27804 - a0zhar/QuarkPoC
CVE-2020-21365
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
Github link:
https://github.com/andrei2308/CVE-2020-21365-PoC
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
Github link:
https://github.com/andrei2308/CVE-2020-21365-PoC
GitHub
GitHub - andrei2308/CVE-2020-21365-PoC: PoC for directory traversal and exposure on wkhtmltopdf 12.0.5
PoC for directory traversal and exposure on wkhtmltopdf 12.0.5 - andrei2308/CVE-2020-21365-PoC
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Github link:
https://github.com/Nosie12/fire-wall-server
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Github link:
https://github.com/Nosie12/fire-wall-server
GitHub
GitHub - Nosie12/fire-wall-server: Python-based simulated firewall to detect and block Spring4Shell (CVE-2022-22965) exploit attempts.…
Python-based simulated firewall to detect and block Spring4Shell (CVE-2022-22965) exploit attempts. This project filters HTTP requests by identifying malicious payload patterns using a custom firew...
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Github link:
https://github.com/osungjinwoo/CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Github link:
https://github.com/osungjinwoo/CVE-2022-22965
GitHub
GitHub - osungjinwoo/CVE-2022-22965: Spring4Shell (POC)
Spring4Shell (POC). Contribute to osungjinwoo/CVE-2022-22965 development by creating an account on GitHub.
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/Dlodlos/CVE-2025-32463-lab
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/Dlodlos/CVE-2025-32463-lab
GitHub
GitHub - Dlodlos/CVE-2025-32463-lab: Explore the CVE-2025-32463 lab environment for testing the sudo vulnerability. Ideal for security…
Explore the CVE-2025-32463 lab environment for testing the sudo vulnerability. Ideal for security researchers. 🐱💻🔍 - Dlodlos/CVE-2025-32463-lab