CVE-2025-24054
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Github link:
https://github.com/moften/CVE-2025-24054
  
  External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Github link:
https://github.com/moften/CVE-2025-24054
GitHub
  
  GitHub - moften/CVE-2025-24054: Vulnerabilidad NTLM (CVE-2025-24054) explotada para robo de hashes
  Vulnerabilidad NTLM (CVE-2025-24054) explotada para robo de hashes - moften/CVE-2025-24054
  CVE-2021-38003
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Github link:
https://github.com/caffeinedoom/CVE-2021-38003
  
  Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Github link:
https://github.com/caffeinedoom/CVE-2021-38003
GitHub
  
  GitHub - caffeinedoom/CVE-2021-38003: Write Up & Exploitation For CVE-2021-38003
  Write Up & Exploitation For CVE-2021-38003. Contribute to caffeinedoom/CVE-2021-38003 development by creating an account on GitHub.
  CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094
  
  Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094
GitHub
  
  GitHub - laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094: It was determined that malicious code was discovered…
  It was determined that malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. #    It was determined that only certain operating systems and operating system ver...
  CVE-2024-53677
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
This issue affects Apache Struts: from 2.0.0 before 6.4.0.
Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.
You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067
Github link:
https://github.com/WhoisBulud/CVE-2024-53677
  File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
This issue affects Apache Struts: from 2.0.0 before 6.4.0.
Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.
You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067
Github link:
https://github.com/WhoisBulud/CVE-2024-53677
CVE-2025-24085
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Github link:
https://github.com/windz3r0day/CVE-2025-24085
  A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Github link:
https://github.com/windz3r0day/CVE-2025-24085
CVE-2023-38840
Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.
Github link:
https://github.com/windingacqui/bw-dump
  Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.
Github link:
https://github.com/windingacqui/bw-dump
CVE-2024-0012
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .
The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Github link:
https://github.com/Regent8SH/PanOsExploitMultitool
  
  An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .
The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.
Cloud NGFW and Prisma Access are not impacted by this vulnerability.
Github link:
https://github.com/Regent8SH/PanOsExploitMultitool
Palo Alto Networks Product Security Assurance
  
  CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
  A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privil...
  CVE-2025-12654
None
Github link:
https://github.com/Laertharaz/Anydesk-Exploit-CVE-2025-12654-RCE-Builder
  None
Github link:
https://github.com/Laertharaz/Anydesk-Exploit-CVE-2025-12654-RCE-Builder
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Github link:
https://github.com/hendrewna/CVE-2025-46801
  Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Github link:
https://github.com/hendrewna/CVE-2025-46801
CVE-2021-34527
Windows Print Spooler Remote Code Execution Vulnerability
Github link:
https://github.com/AUSK1LL9/CVE-2021-34527
  
  Windows Print Spooler Remote Code Execution Vulnerability
Github link:
https://github.com/AUSK1LL9/CVE-2021-34527
GitHub
  
  GitHub - AUSK1LL9/CVE-2021-34527: CVE-2021-34527 is a critical remote code execution and local privilege escalation vulnerability…
  CVE-2021-34527 is a critical remote code execution and local privilege escalation vulnerability dubbed "PrintNightmare." - AUSK1LL9/CVE-2021-34527
  CVE-2022-31813
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Github link:
https://github.com/dodiorne/cve-2022-31813
  
  Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.
Github link:
https://github.com/dodiorne/cve-2022-31813
GitHub
  
  GitHub - dodiorne/cve-2022-31813: tester for cve-2022-31813
  tester for cve-2022-31813. Contribute to dodiorne/cve-2022-31813 development by creating an account on GitHub.
  CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/Saptaktdk/go-get-RCE
  Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/Saptaktdk/go-get-RCE
CVE-2024-21762
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Github link:
https://github.com/abrewer251/CVE-2024-21762_FortiNet_PoC
  
  A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Github link:
https://github.com/abrewer251/CVE-2024-21762_FortiNet_PoC
GitHub
  
  GitHub - abrewer251/CVE-2024-21762_FortiNet_PoC: Proof-of-concept scanner targeting CVE-2024-21762 in FortiOS SSL VPN’s /remot…
  Proof-of-concept scanner targeting CVE-2024-21762 in FortiOS SSL VPN’s /remote/hostcheck_validate endpoint with reverse shell payload delivery. - abrewer251/CVE-2024-21762_FortiNet_PoC
  