CVE-2017-5941.zip
1.9 KB
CVE-2017-5941
Author: cybersploit-tech
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
GitHub Link:
https://github.com/cybersploit-tech/RCE-NodeJs
Author: cybersploit-tech
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
GitHub Link:
https://github.com/cybersploit-tech/RCE-NodeJs
CVE-2025-32463.zip
1.2 KB
CVE-2025-32463
Author: cyberajju
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/cyberajju/CVE-2025-32463
Author: cyberajju
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/cyberajju/CVE-2025-32463
CVE-2025-21298.zip
3 KB
CVE-2025-21298
Author: Arkha-Corvus
Windows OLE Remote Code Execution Vulnerability
GitHub Link:
https://github.com/Arkha-Corvus/LetsDefend-SOC336-Windows-OLE-Zero-Click-RCE-Exploitation-Detected-CVE-2025-21298-
Author: Arkha-Corvus
Windows OLE Remote Code Execution Vulnerability
GitHub Link:
https://github.com/Arkha-Corvus/LetsDefend-SOC336-Windows-OLE-Zero-Click-RCE-Exploitation-Detected-CVE-2025-21298-
CVE-2025-6202
Author: demining
None
GitHub Link:
https://github.com/demining/Phoenix-Rowhammer-Attack-CVE-2025-6202
Author: demining
None
GitHub Link:
https://github.com/demining/Phoenix-Rowhammer-Attack-CVE-2025-6202
CVE-2025-27817.zip
47.3 KB
CVE-2025-27817
Author: oriolrius
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL...
Author: oriolrius
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL...
CVE-2022-22965.zip
630 B
CVE-2022-22965
Author: Toph404
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
GitHub Link:
https://github.com/Toph404/telstra-cyber-analyst-job-simulation
Author: Toph404
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
GitHub Link:
https://github.com/Toph404/telstra-cyber-analyst-job-simulation
CVE-2017-12542.zip
2.2 KB
CVE-2017-12542
Author: VijayShankar22
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
GitHub Link:
https://github.com/VijayShankar22/CVE-2017-12542
Author: VijayShankar22
A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
GitHub Link:
https://github.com/VijayShankar22/CVE-2017-12542
CVE-2025-59489.zip
501 B
CVE-2025-59489
Author: AdriianFdz
None
GitHub Link:
https://github.com/AdriianFdz/Exploit-CVE-2025-59489
Author: AdriianFdz
None
GitHub Link:
https://github.com/AdriianFdz/Exploit-CVE-2025-59489