CVE-2021-38163
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.
Github link:
https://github.com/purpleteam-ru/CVE-2021-38163
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable.
Github link:
https://github.com/purpleteam-ru/CVE-2021-38163
GitHub
GitHub - purpleteam-ru/CVE-2021-38163: CVE-2021-38163 - SAP NetWeaver AS Java Desynchronization Vulnerability
CVE-2021-38163 - SAP NetWeaver AS Java Desynchronization Vulnerability - purpleteam-ru/CVE-2021-38163
CVE-2018-19422
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
Github link:
https://github.com/Drew-Alleman/CVE-2018-19422
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
Github link:
https://github.com/Drew-Alleman/CVE-2018-19422
GitHub
GitHub - Drew-Alleman/CVE-2018-19422: Subrion File Upload Bypass to RCE and Custom File Upload (Authenticated)
Subrion File Upload Bypass to RCE and Custom File Upload (Authenticated) - Drew-Alleman/CVE-2018-19422
CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/tvasari/CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/tvasari/CVE-2024-23897
GitHub
GitHub - tvasari/CVE-2024-23897: Jenkins CLI arbitrary read (CVE-2024-23897 applies to versions below 2.442 and LTS 2.426.3)
Jenkins CLI arbitrary read (CVE-2024-23897 applies to versions below 2.442 and LTS 2.426.3) - tvasari/CVE-2024-23897
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/meli0dasH4ck3r/cve-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/meli0dasH4ck3r/cve-2024-25600
GitHub
GitHub - meli0dasH4ck3r/cve-2024-25600: PoC for CVE-2024-25600
PoC for CVE-2024-25600. Contribute to meli0dasH4ck3r/cve-2024-25600 development by creating an account on GitHub.
CVE-2023-40931
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
Github link:
https://github.com/G4sp4rCS/CVE-2023-40931-POC
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
Github link:
https://github.com/G4sp4rCS/CVE-2023-40931-POC
GitHub
GitHub - G4sp4rCS/CVE-2023-40931-POC: CVE-2023-40931 Proof of Concept made for HTB MONITORED
CVE-2023-40931 Proof of Concept made for HTB MONITORED - G4sp4rCS/CVE-2023-40931-POC
CVE-2025-44228
None
Github link:
https://github.com/Karitosmuan/Office-Exploit-Cve2025-Xml-Doc-Docx-Rce-Builder-Fud
None
Github link:
https://github.com/Karitosmuan/Office-Exploit-Cve2025-Xml-Doc-Docx-Rce-Builder-Fud
CVE-2025-44228
None
Github link:
https://github.com/Kariaoston/Lnk-Exploit-FileBinder-Certificate-Spoofer-Reg-Doc-Cve-Rce
None
Github link:
https://github.com/Kariaoston/Lnk-Exploit-FileBinder-Certificate-Spoofer-Reg-Doc-Cve-Rce
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/vedpakhare/vsftpd-234-vuln-report
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/vedpakhare/vsftpd-234-vuln-report
GitHub
GitHub - vedpakhare/vsftpd-234-vuln-report: Vulnerability assessment and exploitation of vsftpd 2.3.4 (CVE-2011-2523) using Metasploit.…
Vulnerability assessment and exploitation of vsftpd 2.3.4 (CVE-2011-2523) using Metasploit. Full report and proof of root access included. - vedpakhare/vsftpd-234-vuln-report
CVE-2025-12654
None
Github link:
https://github.com/ThoristKaw/Anydesk-Exploit-CVE-2025-12654-RCE-Builder
None
Github link:
https://github.com/ThoristKaw/Anydesk-Exploit-CVE-2025-12654-RCE-Builder