CVE-2025-27533
None
Github link:
https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ
None
Github link:
https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ
GitHub
GitHub - absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ: exploit for CVE-2025-27533, a Denial of Service (DoS) vulnerability…
exploit for CVE-2025-27533, a Denial of Service (DoS) vulnerability in Apache ActiveMQ - absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ
CVE-2017-8917
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Github link:
https://github.com/xcalts/CVE-2017-8917
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Github link:
https://github.com/xcalts/CVE-2017-8917
GitHub
GitHub - xcalts/CVE-2017-8917: A timed-based SQLi approach to CVE-2017-8917
A timed-based SQLi approach to CVE-2017-8917. Contribute to xcalts/CVE-2017-8917 development by creating an account on GitHub.
CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
Github link:
https://github.com/Fauzan-Aldi/CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
Github link:
https://github.com/Fauzan-Aldi/CVE-2022-21661
GitHub
GitHub - Fauzan-Aldi/CVE-2022-21661: A Python PoC for CVE-2022-21661, adapted from z92g's Go PoC, designed to demonstrate the vulnerability…
A Python PoC for CVE-2022-21661, adapted from z92g's Go PoC, designed to demonstrate the vulnerability in a more accessible scripting environment. - Fauzan-Aldi/CVE-2022-21661
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/vigilante-1337/CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/vigilante-1337/CVE-2025-3248
GitHub
GitHub - vigilante-1337/CVE-2025-3248: CVE-2025-3248: A critical flaw has been discovered in Langflow that allows malicious actors…
CVE-2025-3248: A critical flaw has been discovered in Langflow that allows malicious actors to execute arbitrary Python code on the target system. This can lead to full remote code execution withou...
CVE-2025-24085
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Github link:
https://github.com/pxx917144686/12345
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Github link:
https://github.com/pxx917144686/12345
CVE-2025-2294
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Github link:
https://github.com/Yucaerin/CVE-2025-2294
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Github link:
https://github.com/Yucaerin/CVE-2025-2294
GitHub
GitHub - Yucaerin/CVE-2025-2294: Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion - Yucaerin/CVE-2025-2294
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/Z3R0-0x30/CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/Z3R0-0x30/CVE-2021-4034
GitHub
GitHub - Z3R0-0x30/CVE-2021-4034: This contains single-file exploit for cve-2021-4034 which is a Polkit Local Privilege Escalation.…
This contains single-file exploit for cve-2021-4034 which is a Polkit Local Privilege Escalation. Use it wisely! - Z3R0-0x30/CVE-2021-4034
CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Github link:
https://github.com/Z3R0-0x30/CVE-2015-3306
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
Github link:
https://github.com/Z3R0-0x30/CVE-2015-3306
GitHub
GitHub - Z3R0-0x30/CVE-2015-3306: This contains single-file exploit for ProFTPd 1.3.5 mod_copy (CVE-2015-3306) vulnerability, especially…
This contains single-file exploit for ProFTPd 1.3.5 mod_copy (CVE-2015-3306) vulnerability, especially for TryHackMe Kenobi Lab. - Z3R0-0x30/CVE-2015-3306
CVE-2025-31258
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
Github link:
https://github.com/BODE987/CVE-2025-31258-PoC
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
Github link:
https://github.com/BODE987/CVE-2025-31258-PoC
GitHub
GitHub - BODE987/CVE-2025-31258-PoC: 1day practice - Escape macOS sandbox (partial) using RemoteViewServices
1day practice - Escape macOS sandbox (partial) using RemoteViewServices - BODE987/CVE-2025-31258-PoC
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/maliqto/PoC-CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/maliqto/PoC-CVE-2025-24813
GitHub
GitHub - maliqto/PoC-CVE-2025-24813: PoC para o CVE-2025-24813
PoC para o CVE-2025-24813. Contribute to maliqto/PoC-CVE-2025-24813 development by creating an account on GitHub.