CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.

Github link:
https://github.com/JoshuaProvoste/CVE-2025-22870

CVE-2024-51482

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.

Github link:
https://github.com/BwithE/CVE-2024-51482

CVE-2025-24252

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt process memory.

Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-24252

CVE-2021-36934

Windows Elevation of Privilege Vulnerability

Github link:
https://github.com/P1rat3R00t/Why-so-Serious-SAM

CVE-2021-30047

VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.

Github link:
https://github.com/AndreyFreitass/CVE-2021-30047

CVE-2025-21333

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-21333

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Github link:
https://github.com/brunoh6/web-threat-mitigation

CVE-2025-27817

None

Github link:
https://github.com/kk12-30/CVE-2025-27817

CVE-2025-24035

None

Github link:
https://github.com/MSeymenD/cve-2025-24035-rds-websocket-dos-test

CVE-2025-5287

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Github link:
https://github.com/RandomRobbieBF/CVE-2025-5287

CVE-2025-5701

The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Github link:
https://github.com/RandomRobbieBF/CVE-2025-5701

CVE-2024-8232

None

Github link:
https://github.com/z3usx01/CVE-2024-8232

CVE-2021-29447

Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.

Github link:
https://github.com/magicrc/CVE-2021-29447

CVE-2025-21420

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability

Github link:
https://github.com/moiz-2x/CVE-2025-21420_POC

CVE-2024-49138

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Github link:
https://github.com/onixgod/SOC335-Event-ID-313-CVE-2024-49138-Exploitation-Detected--Lest-Defend-Writeup

CVE-2025-5288

None

Github link:
https://github.com/Nxploited/CVE-2025-5288

CVE-2025-24071

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Github link:
https://github.com/DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure-

CVE-2021-4034

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Github link:
https://github.com/BugVex/Poison-HTB-Report

CVE-2025-33053

None

Github link:
https://github.com/DevBuiHieu/CVE-2025-33053-Proof-Of-Concept

CVE-2017-8291

None

Github link:
https://github.com/hkcfs/PIL-CVE-2017-8291