CVE-2025-24799.zip
7.2 KB
CVE-2025-24799
Author: airbus-cert
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.
GitHub Link:
https://github.com/airbus-cert/CVE-2025-24799-scanner
Author: airbus-cert
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.
GitHub Link:
https://github.com/airbus-cert/CVE-2025-24799-scanner
CVE-2023-5612.zip
7.3 KB
CVE-2023-5612
Author: mad3E7cat
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
GitHub Link:
https://github.com/mad3E7cat/CVE-2023-5612
Author: mad3E7cat
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
GitHub Link:
https://github.com/mad3E7cat/CVE-2023-5612
CVE-2024-1709.zip
6.9 KB
CVE-2024-1709
Author: Teexo
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
GitHub Link:
https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit
Author: Teexo
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
GitHub Link:
https://github.com/Teexo/ScreenConnect-CVE-2024-1709-Exploit
CVE-2025-3248.zip
3.1 KB
CVE-2025-3248
Author: wand3rlust
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
GitHub Link:
https://github.com/wand3rlust/CVE-2025-3248
Author: wand3rlust
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
GitHub Link:
https://github.com/wand3rlust/CVE-2025-3248
CVE-2025-29927.zip
152.4 KB
CVE-2025-29927
Author: adjscent
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927
Author: adjscent
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927
CVE-2010-1240.zip
182.4 KB
CVE-2010-1240
Author: 12345qwert123456
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
GitHub Link:
https://github.com/12345qwert123456/CVE-2010-1240
Author: 12345qwert123456
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
GitHub Link:
https://github.com/12345qwert123456/CVE-2010-1240
CVE-2021-22600.zip
4.2 KB
CVE-2021-22600
Author: Chinmay1743
A double free bug in packetsetring() in net/packet/afpacket.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
GitHub Link:
https://github.com/Chinmay1743/afpacket.c
Author: Chinmay1743
A double free bug in packetsetring() in net/packet/afpacket.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
GitHub Link:
https://github.com/Chinmay1743/afpacket.c
CVE-2025-29306.zip
3.6 KB
CVE-2025-29306
Author: amalpvatayam67
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
GitHub Link:
https://github.com/amalpvatayam67/day06-foxcms-rce
Author: amalpvatayam67
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
GitHub Link:
https://github.com/amalpvatayam67/day06-foxcms-rce
CVE-2020-1938
Author: Joshua8821
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to pr
GitHub Link:
https://github.com/Joshua8821/CNVD
Author: Joshua8821
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to pr
GitHub Link:
https://github.com/Joshua8821/CNVD
CVE-2023-30258.zip
1.5 KB
CVE-2023-30258
Author: abdullohqurbon0v
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
GitHub Link:
https://github.com/abdullohqurbon0v/CVE-2023-30258-Exploit-For-Magnus-Billing-System
Author: abdullohqurbon0v
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
GitHub Link:
https://github.com/abdullohqurbon0v/CVE-2023-30258-Exploit-For-Magnus-Billing-System
CVE-2025-32433.zip
89.9 KB
CVE-2025-32433
Author: iteride
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/iteride/CVE-2025-32433
Author: iteride
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/iteride/CVE-2025-32433
CVE-2018-9995
Author: jameseyes
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
GitHub Link:
https://github.com/jameseyes/DVRC
Author: jameseyes
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
GitHub Link:
https://github.com/jameseyes/DVRC