CVE-2025-32463.zip
2.7 KB
CVE-2025-32463
Author: muhammedkayag
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/muhammedkayag/CVE-2025-32463
Author: muhammedkayag
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/muhammedkayag/CVE-2025-32463
CVE-2024-48990.zip
2.3 KB
CVE-2024-48990
Author: Mr-DJ
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
GitHub Link:
https://github.com/Mr-DJ/CVE-2024-48990
Author: Mr-DJ
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
GitHub Link:
https://github.com/Mr-DJ/CVE-2024-48990
CVE-2025-26794.zip
8.5 KB
CVE-2025-26794
Author: XploitGh0st
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
GitHub Link:
https://github.com/XploitGh0st/CVE-2025-26794-exploit
Author: XploitGh0st
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
GitHub Link:
https://github.com/XploitGh0st/CVE-2025-26794-exploit
CVE-2021-29447.zip
7.3 KB
CVE-2021-29447
Author: 0xricksanchez
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
GitHub Link:
https://github.com/0xricksanchez/CVE-2021-29447
Author: 0xricksanchez
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
GitHub Link:
https://github.com/0xricksanchez/CVE-2021-29447