CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/theopaid/CVE-2023-27163-Request-Baskets
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/theopaid/CVE-2023-27163-Request-Baskets
GitHub
GitHub - theopaid/CVE-2023-27163-Request-Baskets: PoC for CVE-2023-27163
PoC for CVE-2023-27163. Contribute to theopaid/CVE-2023-27163-Request-Baskets development by creating an account on GitHub.
CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Github link:
https://github.com/JoshuaProvoste/CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Github link:
https://github.com/JoshuaProvoste/CVE-2025-22870
GitHub
GitHub - JoshuaProvoste/CVE-2025-22870: PoC CVE-2025-22870 (SSRF)
PoC CVE-2025-22870 (SSRF). Contribute to JoshuaProvoste/CVE-2025-22870 development by creating an account on GitHub.
CVE-2024-51482
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
Github link:
https://github.com/BwithE/CVE-2024-51482
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
Github link:
https://github.com/BwithE/CVE-2024-51482
GitHub
GitHub - BwithE/CVE-2024-51482: CVE-2024-51482 ZoneMinder v1.37.* <= 1.37.64 poc
CVE-2024-51482 ZoneMinder v1.37.* <= 1.37.64 poc. Contribute to BwithE/CVE-2024-51482 development by creating an account on GitHub.
CVE-2025-24252
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-24252
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-24252
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-24252: CVE-2025-24252
CVE-2025-24252. Contribute to B1ack4sh/Blackash-CVE-2025-24252 development by creating an account on GitHub.
CVE-2021-36934
Windows Elevation of Privilege Vulnerability
Github link:
https://github.com/P1rat3R00t/Why-so-Serious-SAM
Windows Elevation of Privilege Vulnerability
Github link:
https://github.com/P1rat3R00t/Why-so-Serious-SAM
GitHub
GitHub - P1rat3R00t/Why-so-Serious-SAM: PoC malware that uses exploit CVE-2021-36934 (improper ACLs on shadow copies) using a fileless…
PoC malware that uses exploit CVE-2021-36934 (improper ACLs on shadow copies) using a fileless red team method on Windows 10/11 with LOLBins, extracting SYSTEM and SAM hives for local NTLM hashes. ...
CVE-2021-30047
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Github link:
https://github.com/AndreyFreitass/CVE-2021-30047
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Github link:
https://github.com/AndreyFreitass/CVE-2021-30047
GitHub
GitHub - AndreyFreitass/CVE-2021-30047: Script de ataque de "Denial of Service" no protocolo de rede FTP
Script de ataque de "Denial of Service" no protocolo de rede FTP - AndreyFreitass/CVE-2021-30047
CVE-2025-21333
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-21333
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-21333
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-21333: CVE-2025-21333
CVE-2025-21333. Contribute to B1ack4sh/Blackash-CVE-2025-21333 development by creating an account on GitHub.
CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Github link:
https://github.com/brunoh6/web-threat-mitigation
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Github link:
https://github.com/brunoh6/web-threat-mitigation
GitHub
GitHub - brunoh6/web-threat-mitigation: Hands-on lab on detecting and mitigating web app threats using OWASP ZAP, Burp Suite, and…
Hands-on lab on detecting and mitigating web app threats using OWASP ZAP, Burp Suite, and ModSecurity WAF (with OWASP CRS). Case study: Spring4Shell (CVE-2022-22965). Local Docker-based setup. - br...
CVE-2025-5287
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/RandomRobbieBF/CVE-2025-5287
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/RandomRobbieBF/CVE-2025-5287
GitHub
GitHub - RandomRobbieBF/CVE-2025-5287: Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection - RandomRobbieBF/CVE-2025-5287
CVE-2025-5701
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Github link:
https://github.com/RandomRobbieBF/CVE-2025-5701
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Github link:
https://github.com/RandomRobbieBF/CVE-2025-5701
GitHub
GitHub - RandomRobbieBF/CVE-2025-5701: HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update
HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update - RandomRobbieBF/CVE-2025-5701
CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Github link:
https://github.com/magicrc/CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Github link:
https://github.com/magicrc/CVE-2021-29447
GitHub
GitHub - magicrc/CVE-2021-29447: PoC for CVE-2021-29447
PoC for CVE-2021-29447. Contribute to magicrc/CVE-2021-29447 development by creating an account on GitHub.
CVE-2025-21420
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
Github link:
https://github.com/moiz-2x/CVE-2025-21420_POC
Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
Github link:
https://github.com/moiz-2x/CVE-2025-21420_POC
GitHub
GitHub - moiz-2x/CVE-2025-21420_POC: Proof of Concept CVE-2025-21420 (Windows Disk Cleanup Tool EoP)
Proof of Concept CVE-2025-21420 (Windows Disk Cleanup Tool EoP) - moiz-2x/CVE-2025-21420_POC
CVE-2024-49138
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Github link:
https://github.com/onixgod/SOC335-Event-ID-313-CVE-2024-49138-Exploitation-Detected--Lest-Defend-Writeup
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Github link:
https://github.com/onixgod/SOC335-Event-ID-313-CVE-2024-49138-Exploitation-Detected--Lest-Defend-Writeup
GitHub
GitHub - onixgod/SOC335-Event-ID-313-CVE-2024-49138-Exploitation-Detected--Lest-Defend-Writeup: In this lab I walked through an…
In this lab I walked through an end-to-end intrusion that began with an external RDP break-in, used a brand-new CLFS privilege-escalation exploit (CVE-2024–49138), and ended with SYSTEM-level cloud...
CVE-2025-24071
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Github link:
https://github.com/DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
Github link:
https://github.com/DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-
GitHub
GitHub - DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-: CVE-2025-24071: NTLMv2 Hash Disclosure via .library-ms File
CVE-2025-24071: NTLMv2 Hash Disclosure via .library-ms File - DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/BugVex/Poison-HTB-Report
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/BugVex/Poison-HTB-Report
GitHub
GitHub - BugVex/Poison-HTB-Report: Privilege Escalation on HTB "Poison" using PwnKit (CVE-2021-4034)
Privilege Escalation on HTB "Poison" using PwnKit (CVE-2021-4034) - BugVex/Poison-HTB-Report