CVE-2025-29306.zip
3.6 KB
CVE-2025-29306
Author: amalpvatayam67
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
GitHub Link:
https://github.com/amalpvatayam67/day06-foxcms-rce
Author: amalpvatayam67
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
GitHub Link:
https://github.com/amalpvatayam67/day06-foxcms-rce
CVE-2020-1938.zip
72.7 KB
CVE-2020-1938
Author: Joshua8821
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web app...
Author: Joshua8821
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web app...
👍1
CVE-2024-43630.zip
54.1 KB
CVE-2024-43630
Author: QuasarBinary
Windows Kernel Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/QuasarBinary/CVE-2024-43630-POC
Author: QuasarBinary
Windows Kernel Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/QuasarBinary/CVE-2024-43630-POC
CVE-2025-3248.zip
3.1 KB
CVE-2025-3248
Author: wand3rlust
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
GitHub Link:
https://github.com/wand3rlust/CVE-2025-3248
Author: wand3rlust
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
GitHub Link:
https://github.com/wand3rlust/CVE-2025-3248
CVE-2018-14009.zip
1.5 MB
CVE-2018-14009
Author: pablocaraballofernandez
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
GitHub Link:
https://github.com/pablocaraballofernandez/IDE-TryHackME-Spanish-Walkthrough-
Author: pablocaraballofernandez
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
GitHub Link:
https://github.com/pablocaraballofernandez/IDE-TryHackME-Spanish-Walkthrough-
CVE-2025-29927.zip
152.4 KB
CVE-2025-29927
Author: adjscent
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927
Author: adjscent
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927
CVE-2010-1240.zip
182.4 KB
CVE-2010-1240
Author: 12345qwert123456
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
GitHub Link:
https://github.com/12345qwert123456/CVE-2010-1240
Author: 12345qwert123456
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
GitHub Link:
https://github.com/12345qwert123456/CVE-2010-1240
CVE-2018-13379.zip
5.6 KB
CVE-2018-13379
Author: kh4sh3i
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
GitHub Link:
https://github.com/kh4sh3i/CVE-2018-13379
Author: kh4sh3i
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
GitHub Link:
https://github.com/kh4sh3i/CVE-2018-13379
CVE-2025-25257.zip
2.3 KB
CVE-2025-25257
Author: segfault-it
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
GitHub Link:
https://github.com/segfault-it/CVE-2025-25257
Author: segfault-it
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
GitHub Link:
https://github.com/segfault-it/CVE-2025-25257
CVE-2018-13379.zip
5.6 KB
CVE-2018-13379
Author: kh4sh3i
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
GitHub Link:
https://github.com/kh4sh3i/CVE-2018-13379
Author: kh4sh3i
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
GitHub Link:
https://github.com/kh4sh3i/CVE-2018-13379
CVE-2025-25257.zip
2.3 KB
CVE-2025-25257
Author: segfault-it
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
GitHub Link:
https://github.com/segfault-it/CVE-2025-25257
Author: segfault-it
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
GitHub Link:
https://github.com/segfault-it/CVE-2025-25257
CVE-2025-34152.zip
5 KB
CVE-2025-34152
Author: kh4sh3i
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
GitHub Link:
https://github.com/kh4sh3i/CVE-2025-34152
Author: kh4sh3i
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
GitHub Link:
https://github.com/kh4sh3i/CVE-2025-34152
CVE-2018-7600.zip
19.2 KB
CVE-2018-7600
Author: nika0x38
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
GitHub Link:
https://github.com/nika0x38/CVE-2018-7600
Author: nika0x38
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
GitHub Link:
https://github.com/nika0x38/CVE-2018-7600
CVE-2020-0796.zip
407.3 KB
CVE-2020-0796
Author: Jagadeesh7532
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
GitHub Link:
https://github.com/Jagadeesh7532/-CVE-2020-0796-SMBGhost-Windows-10-SMBv3-Remote-Code-Execution-Vulnerability
Author: Jagadeesh7532
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
GitHub Link:
https://github.com/Jagadeesh7532/-CVE-2020-0796-SMBGhost-Windows-10-SMBv3-Remote-Code-Execution-Vulnerability
CVE-2023-1545.zip
552.1 KB
CVE-2023-1545
Author: lineeralgebra
SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
GitHub Link:
https://github.com/lineeralgebra/CVE-2023-1545-POC
Author: lineeralgebra
SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
GitHub Link:
https://github.com/lineeralgebra/CVE-2023-1545-POC