CVE-2024-9707
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Github link:
https://github.com/Nxploited/CVE-2024-9707-Poc
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
Github link:
https://github.com/Nxploited/CVE-2024-9707-Poc
GitHub
GitHub - Nxploited/CVE-2024-9707-Poc: he Hunk Companion Plugin for WordPress: Vulnerable to Unauthorized Plugin Installation/Activation…
he Hunk Companion Plugin for WordPress: Vulnerable to Unauthorized Plugin Installation/Activation (Versions Up to and Including 1.8.4) - Nxploited/CVE-2024-9707-Poc
CVE-2024-35250
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Github link:
https://github.com/Brentlyw/GiveMeKernel
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Github link:
https://github.com/Brentlyw/GiveMeKernel
GitHub
GitHub - 0xROOTPLS/GiveMeKernel: CVE-2024-35250 PoC - Optimized & Condensed Form of Varwara's PoC
CVE-2024-35250 PoC - Optimized & Condensed Form of Varwara's PoC - 0xROOTPLS/GiveMeKernel
CVE-2023-46805
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Github link:
https://github.com/rxwx/pulse-meter
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Github link:
https://github.com/rxwx/pulse-meter
GitHub
GitHub - rxwx/pulse-meter: Parses the System Snapshot from an Ivanti Connect Secure applicance to identify possible IOCs related…
Parses the System Snapshot from an Ivanti Connect Secure applicance to identify possible IOCs related to CVE-2023-46805, CVE-2024-21887 and CVE-2025-0282. - rxwx/pulse-meter