CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Github link:
https://github.com/Disnaming/CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Github link:
https://github.com/Disnaming/CVE-2022-34169
GitHub
Disnaming/CVE-2022-34169
A PoC for CVE-2022-34169, for the SU_PWN challenge from SUCTF 2025 - Disnaming/CVE-2022-34169
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Github link:
https://github.com/aulauniversal/CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Github link:
https://github.com/aulauniversal/CVE-2023-44487
GitHub
GitHub - aulauniversal/CVE-2023-44487: RapidResetClient
RapidResetClient. Contribute to aulauniversal/CVE-2023-44487 development by creating an account on GitHub.
CVE-2022-40684
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Github link:
https://github.com/AKboss1221/fortigate-belsen-leak
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Github link:
https://github.com/AKboss1221/fortigate-belsen-leak
CVE-2024-55591
None
Github link:
https://github.com/souzatyler/fortios-auth-bypass-check-CVE-2024-55591
None
Github link:
https://github.com/souzatyler/fortios-auth-bypass-check-CVE-2024-55591
GitHub
GitHub - souzatyler/fortios-auth-bypass-check-CVE-2024-55591: Checks for authentication bypass vulnerability inFortinet's FortiOS…
Checks for authentication bypass vulnerability inFortinet's FortiOS, potentially exploited by remote attackers. - souzatyler/fortios-auth-bypass-check-CVE-2024-55591
CVE-2023-46805
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Github link:
https://github.com/Hexastrike/Ivanti-Secure-Connect-Logs-Parser
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Github link:
https://github.com/Hexastrike/Ivanti-Secure-Connect-Logs-Parser
GitHub
GitHub - Hexastrike/Ivanti-Connect-Secure-Logs-Parser: A Python script for examining Ivanti Secure Connect (ICS) event logs, designed…
A Python script for examining Ivanti Secure Connect (ICS) event logs, designed to support investigations into vulnerabilities CVE-2025-0282, CVE-2023-46805, and CVE-2024-21887. - Hexastrike/Ivanti-...
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/AzrDll/CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/AzrDll/CVE-2024-6387
GitHub
GitHub - AzrDll/CVE-2024-6387: This is an altered PoC for d0rb/CVE-2024-6387. This takes glibc addresses and trys to exploit the…
This is an altered PoC for d0rb/CVE-2024-6387. This takes glibc addresses and trys to exploit the CVE through them. - AzrDll/CVE-2024-6387
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/ZacharyZcR/CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/ZacharyZcR/CVE-2021-44228
GitHub
GitHub - ZacharyZcR/CVE-2021-44228: 调试环境
调试环境. Contribute to ZacharyZcR/CVE-2021-44228 development by creating an account on GitHub.
CVE-2024-9796
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Github link:
https://github.com/viniciuslazzari/CVE-2024-9796
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Github link:
https://github.com/viniciuslazzari/CVE-2024-9796
GitHub
GitHub - viniciuslazzari/CVE-2024-9796: Vulnerable website to the CVE-2024-9796
Vulnerable website to the CVE-2024-9796. Contribute to viniciuslazzari/CVE-2024-9796 development by creating an account on GitHub.