CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.
Github link:
https://github.com/Eros-Adrian-Figueroa-Cortes/CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.
Github link:
https://github.com/Eros-Adrian-Figueroa-Cortes/CVE-2023-48795
GitHub
GitHub - Eros-Adrian-Figueroa-Cortes/CVE-2023-48795: Python tool to identify SSH servers potentially vulnerable to CVE-2023-48795…
Python tool to identify SSH servers potentially vulnerable to CVE-2023-48795 (Terrapin) by analyzing OpenSSH version banners via netcat. Useful for internal audits, penetration testing, and vulnera...
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Github link:
https://github.com/korden-c/CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Github link:
https://github.com/korden-c/CVE-2025-46801
CVE-2025-4918
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
Github link:
https://github.com/korden-c/CVE-2025-4918
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
Github link:
https://github.com/korden-c/CVE-2025-4918
GitHub
GitHub - korden-c/CVE-2025-4918: CVE-2025-4918 – Out-of-Bounds Memory Corruption in Mozilla Firefox
CVE-2025-4918 – Out-of-Bounds Memory Corruption in Mozilla Firefox - korden-c/CVE-2025-4918
CVE-2013-4786
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Github link:
https://github.com/tallperennial/CosmicRakp
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Github link:
https://github.com/tallperennial/CosmicRakp
GitHub
GitHub - tallperennial/CosmicRakp: CVE-2013-4786 Go exploitation tool
CVE-2013-4786 Go exploitation tool. Contribute to tallperennial/CosmicRakp development by creating an account on GitHub.
CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/kk12-30/CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/kk12-30/CVE-2025-4123
GitHub
GitHub - kk12-30/CVE-2025-4123: CVE-2025-4123
CVE-2025-4123. Contribute to kk12-30/CVE-2025-4123 development by creating an account on GitHub.
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resultin
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resultin
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-31161
GitHub
GitHub - 0xgh057r3c0n/CVE-2025-31161: 🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit
🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit - 0xgh057r3c0n/CVE-2025-31161
CVE-2019-25137
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
Github link:
https://github.com/dact91/CVE-2019-25137-RCE
Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
Github link:
https://github.com/dact91/CVE-2019-25137-RCE
GitHub
GitHub - dact91/CVE-2019-25137-RCE: CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered
CVE-2019-25137 is an Umbraco RCE vulnerability, the script within this repo is slightly altered - dact91/CVE-2019-25137-RCE
CVE-2023-50564
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Github link:
https://github.com/glynzr/CVE-2023-50564
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Github link:
https://github.com/glynzr/CVE-2023-50564
GitHub
GitHub - glynzr/CVE-2023-50564: Pluck v4.7.18 - Remote Code Execution (RCE)
Pluck v4.7.18 - Remote Code Execution (RCE). Contribute to glynzr/CVE-2023-50564 development by creating an account on GitHub.
CVE-2024-42009
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Github link:
https://github.com/DaniTheHack3r/CVE-2024-42009-PoC
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
Github link:
https://github.com/DaniTheHack3r/CVE-2024-42009-PoC
GitHub
GitHub - DaniTheHack3r/CVE-2024-42009-PoC: CVE-2024-42009 Proof of Concept
CVE-2024-42009 Proof of Concept. Contribute to DaniTheHack3r/CVE-2024-42009-PoC development by creating an account on GitHub.
CVE-2021-24086
Windows TCP/IP Denial of Service Vulnerability
Github link:
https://github.com/personnumber3377/windows_tcpip_fuzz
Windows TCP/IP Denial of Service Vulnerability
Github link:
https://github.com/personnumber3377/windows_tcpip_fuzz
GitHub
GitHub - personnumber3377/windows_tcpip_fuzz: This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This…
This is my attempt at fuzzing the tcpip.sys driver in windows via using scapy. This is inspired by this vulnerability here: https://doar-e.github.io/blog/2021/04/15/reverse-engineering-tcpipsys-mec...
CVE-2023-20963
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
Github link:
https://github.com/black7024/BadParcel
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519
Github link:
https://github.com/black7024/BadParcel
GitHub
GitHub - black7024/BadParcel: CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch)
CVE-2023-20963 PoC (Android WorkSource parcel/unparcel logic mismatch) - black7024/BadParcel