CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/TopskiyPavelQwertyGang/Review.CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/TopskiyPavelQwertyGang/Review.CVE-2021-3156
GitHub
GitHub - TopskiyPavelQwertyGang/Review.CVE-2021-3156: CVE-2021-3156-Exploit-Demo
CVE-2021-3156-Exploit-Demo. Contribute to TopskiyPavelQwertyGang/Review.CVE-2021-3156 development by creating an account on GitHub.
CVE-2025-24071
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Github link:
https://github.com/TH-SecForge/CVE-2025-24071
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Github link:
https://github.com/TH-SecForge/CVE-2025-24071
GitHub
GitHub - TH-SecForge/CVE-2025-24071: Security Vulnerability Report: CVE-2025-24071 - Windows File Explorer Spoofing Vulnerability
Security Vulnerability Report: CVE-2025-24071 - Windows File Explorer Spoofing Vulnerability - TH-SecForge/CVE-2025-24071
CVE-2025-29972
Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
Github link:
https://github.com/TH-SecForge/CVE-2025-29972
Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
Github link:
https://github.com/TH-SecForge/CVE-2025-29972
GitHub
GitHub - TH-SecForge/CVE-2025-29972: CVE-2025-29927 - Critical Security Vulnerability in Next.js
CVE-2025-29927 - Critical Security Vulnerability in Next.js - TH-SecForge/CVE-2025-29972
CVE-2024-10914
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/TH-SecForge/CVE-2024-10914
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/TH-SecForge/CVE-2024-10914
GitHub
GitHub - TH-SecForge/CVE-2024-10914: CVE-2024-10914 is a critical command injection vulnerability affecting several legacy D-Link…
CVE-2024-10914 is a critical command injection vulnerability affecting several legacy D-Link Network Attached Storage (NAS) devices. - TH-SecForge/CVE-2024-10914
CVE-2011-0762
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Github link:
https://github.com/Freitandrey/CVE-2011-0762
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Github link:
https://github.com/Freitandrey/CVE-2011-0762
GitHub
GitHub - Freitandrey/CVE-2011-0762: Script que corrigi o exploit da CVE que foi publicado no exploit-db
Script que corrigi o exploit da CVE que foi publicado no exploit-db - Freitandrey/CVE-2011-0762
CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/thetowsif/CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/thetowsif/CVE-2022-26134
GitHub
GitHub - thetowsif/CVE-2022-26134: Atlassian's Confluence Server and Data Center editions (Vulnerable Version > 7.18.1)
Atlassian's Confluence Server and Data Center editions (Vulnerable Version > 7.18.1) - thetowsif/CVE-2022-26134
CVE-2025-48129
Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Privilege Escalation. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
Github link:
https://github.com/Nxploited/CVE-2025-48129
Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Privilege Escalation. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
Github link:
https://github.com/Nxploited/CVE-2025-48129
GitHub
GitHub - Nxploited/CVE-2025-48129: WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light Plugin <= 2.4.37…
WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light Plugin <= 2.4.37 is vulnerable to Privilege Escalation - GitHub - Nxploited/CVE-2025-48129: WordPress Spreadsh...
CVE-2025-5840
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely.
Github link:
https://github.com/haxerr9/CVE-2025-5840
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely.
Github link:
https://github.com/haxerr9/CVE-2025-5840
GitHub
GitHub - haxerr9/CVE-2025-5840: CVE-2025-5840 Exploit Written In Python By haxerr9
CVE-2025-5840 Exploit Written In Python By haxerr9 - haxerr9/CVE-2025-5840
CVE-2025-5419
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/lacelruz/CVE-2025-5419
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Github link:
https://github.com/lacelruz/CVE-2025-5419
GitHub
GitHub - lacelruz/CVE-2025-5419: Out-of-Bounds Read/Write in Chrome V8 — Heap Corruption → RCE
Out-of-Bounds Read/Write in Chrome V8 — Heap Corruption → RCE - lacelruz/CVE-2025-5419
CVE-2025-32756
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-32756
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.8, FortiNDR versions 7.6.0, 7.4.0 through 7.4.7, 7.2.0 through 7.2.4, 7.0.0 through 7.0.6, FortiCamera versions 2.1.0 through 2.1.3, 2.0 all versions, 1.1 all versions, allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-32756
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-32756: CVE-2025-32756-POC
CVE-2025-32756-POC. Contribute to B1ack4sh/Blackash-CVE-2025-32756 development by creating an account on GitHub.
CVE-2021-36934
Windows Elevation of Privilege Vulnerability
Github link:
https://github.com/Ap3x369/Why-so-Serious-SAM
Windows Elevation of Privilege Vulnerability
Github link:
https://github.com/Ap3x369/Why-so-Serious-SAM
GitHub
GitHub - Ap3x369/Why-so-Serious-SAM: PoC malware that uses exploit CVE-2021-36934 (improper ACLs on shadow copies) using a fileless…
PoC malware that uses exploit CVE-2021-36934 (improper ACLs on shadow copies) using a fileless red team method on Windows 10/11 with LOLBins, extracting SYSTEM and SAM hives for local NTLM hashes. ...
CVE-2024-40453
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
Github link:
https://github.com/BwithE/CVE-2024-40453
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
Github link:
https://github.com/BwithE/CVE-2024-40453
GitHub
GitHub - BwithE/CVE-2024-40453: CVE-2024-40453 - Squirrelly v9.0.0 RCE. Poc
CVE-2024-40453 - Squirrelly v9.0.0 RCE. Poc. Contribute to BwithE/CVE-2024-40453 development by creating an account on GitHub.
CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/theopaid/CVE-2023-27163-Request-Baskets
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/theopaid/CVE-2023-27163-Request-Baskets
GitHub
GitHub - theopaid/CVE-2023-27163-Request-Baskets: PoC for CVE-2023-27163
PoC for CVE-2023-27163. Contribute to theopaid/CVE-2023-27163-Request-Baskets development by creating an account on GitHub.
CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Github link:
https://github.com/JoshuaProvoste/CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Github link:
https://github.com/JoshuaProvoste/CVE-2025-22870
GitHub
GitHub - JoshuaProvoste/CVE-2025-22870: PoC CVE-2025-22870 (SSRF)
PoC CVE-2025-22870 (SSRF). Contribute to JoshuaProvoste/CVE-2025-22870 development by creating an account on GitHub.
CVE-2024-51482
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
Github link:
https://github.com/BwithE/CVE-2024-51482
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
Github link:
https://github.com/BwithE/CVE-2024-51482
GitHub
GitHub - BwithE/CVE-2024-51482: CVE-2024-51482 ZoneMinder v1.37.* <= 1.37.64 poc
CVE-2024-51482 ZoneMinder v1.37.* <= 1.37.64 poc. Contribute to BwithE/CVE-2024-51482 development by creating an account on GitHub.
CVE-2025-24252
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-24252
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-24252
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-24252: CVE-2025-24252
CVE-2025-24252. Contribute to B1ack4sh/Blackash-CVE-2025-24252 development by creating an account on GitHub.
CVE-2021-36934
Windows Elevation of Privilege Vulnerability
Github link:
https://github.com/P1rat3R00t/Why-so-Serious-SAM
Windows Elevation of Privilege Vulnerability
Github link:
https://github.com/P1rat3R00t/Why-so-Serious-SAM
GitHub
GitHub - P1rat3R00t/Why-so-Serious-SAM: PoC malware that uses exploit CVE-2021-36934 (improper ACLs on shadow copies) using a fileless…
PoC malware that uses exploit CVE-2021-36934 (improper ACLs on shadow copies) using a fileless red team method on Windows 10/11 with LOLBins, extracting SYSTEM and SAM hives for local NTLM hashes. ...
CVE-2021-30047
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Github link:
https://github.com/AndreyFreitass/CVE-2021-30047
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Github link:
https://github.com/AndreyFreitass/CVE-2021-30047
GitHub
GitHub - AndreyFreitass/CVE-2021-30047: Script de ataque de "Denial of Service" no protocolo de rede FTP
Script de ataque de "Denial of Service" no protocolo de rede FTP - AndreyFreitass/CVE-2021-30047
CVE-2025-21333
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-21333
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-21333
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-21333: CVE-2025-21333
CVE-2025-21333. Contribute to B1ack4sh/Blackash-CVE-2025-21333 development by creating an account on GitHub.
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Github link:
https://github.com/brunoh6/web-threat-mitigation
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Github link:
https://github.com/brunoh6/web-threat-mitigation
GitHub
GitHub - brunoh6/web-threat-mitigation: Hands-on lab on detecting and mitigating web app threats using OWASP ZAP, Burp Suite, and…
Hands-on lab on detecting and mitigating web app threats using OWASP ZAP, Burp Suite, and ModSecurity WAF (with OWASP CRS). Case study: Spring4Shell (CVE-2022-22965). Local Docker-based setup. - br...