CVE-2024-0204
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Github link:
https://github.com/ibrahmsql/CVE-2024-0204
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Github link:
https://github.com/ibrahmsql/CVE-2024-0204
GitHub
GitHub - ibrahmsql/CVE-2024-0204: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass
Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass - ibrahmsql/CVE-2024-0204
CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resultin
Github link:
https://github.com/ibrahmsql/CVE-2025-31161
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." A race condition exists in the AWS4-HMAC (compatible with S3) authorization method of the HTTP component of the FTP server. The server first verifies the existence of the user by performing a call to login_user_pass() with no password requirement. This will authenticate the session through the HMAC verification process and up until the server checks for user verification once more. The vulnerability can be further stabilized, eliminating the need for successfully triggering a race condition, by sending a mangled AWS4-HMAC header. By providing only the username and a following slash (/), the server will successfully find a username, which triggers the successful anypass authentication process, but the server will fail to find the expected SignedHeaders entry, resultin
Github link:
https://github.com/ibrahmsql/CVE-2025-31161
GitHub
GitHub - ibrahmsql/CVE-2025-31161: CrushFTP 11.3.1 - Authentication Bypass
CrushFTP 11.3.1 - Authentication Bypass. Contribute to ibrahmsql/CVE-2025-31161 development by creating an account on GitHub.
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/ibrahmsql/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/ibrahmsql/CVE-2024-4577
GitHub
GitHub - ibrahmsql/CVE-2024-4577: CVE-2024-4577.py
CVE-2024-4577.py. Contribute to ibrahmsql/CVE-2024-4577 development by creating an account on GitHub.
CVE-2025-33073
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Github link:
https://github.com/joaozixx/CVE-2025-33073
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
Github link:
https://github.com/joaozixx/CVE-2025-33073
CVE-2023-1698
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
Github link:
https://github.com/ibrahmsql/CVE-2023-1698
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
Github link:
https://github.com/ibrahmsql/CVE-2023-1698
GitHub
GitHub - ibrahmsql/CVE-2023-1698: CVE-2023-1698 exploit with golang
CVE-2023-1698 exploit with golang . Contribute to ibrahmsql/CVE-2023-1698 development by creating an account on GitHub.
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/Yuri08loveElaina/CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/Yuri08loveElaina/CVE-2025-49113
GitHub
GitHub - Yuri08loveElaina/CVE-2025-49113: Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution…
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload....
CVE-2025-32433
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Github link:
https://github.com/Yuri08loveElaina/CVE-2025-32433-Erlang-OTP-SSH-Pre-Auth-RCE-exploit
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
Github link:
https://github.com/Yuri08loveElaina/CVE-2025-32433-Erlang-OTP-SSH-Pre-Auth-RCE-exploit
GitHub
GitHub - Yuri08loveElaina/CVE-2025-32433-Erlang-OTP-SSH-Pre-Auth-RCE-exploit: Erlang/OTP is a set of libraries for the Erlang programming…
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated r...
CVE-2025-2783
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
Github link:
https://github.com/byteReaper77/CVE-2025-2783-SandboxEscape
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
Github link:
https://github.com/byteReaper77/CVE-2025-2783-SandboxEscape
GitHub
GitHub - byteReaper77/CVE-2025-2783: This project is a research-oriented and educational simulation designed to demonstrate the…
This project is a research-oriented and educational simulation designed to demonstrate the concept of a sandbox escape vulnerability within Google Chrome (version 134.0.6998.177), leveraging impr...
CVE-2016-3088
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Github link:
https://github.com/HeArtE4t3r/CVE-2016-3088
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Github link:
https://github.com/HeArtE4t3r/CVE-2016-3088
GitHub
GitHub - HeArtE4t3r/CVE-2016-3088: A Python-based Exploit Script for CVE-2016-3088
A Python-based Exploit Script for CVE-2016-3088. Contribute to HeArtE4t3r/CVE-2016-3088 development by creating an account on GitHub.
CVE-2025-49125
None
Github link:
https://github.com/detectrespondrepeat/CVE-2025-49125-Authentication-Bypass
None
Github link:
https://github.com/detectrespondrepeat/CVE-2025-49125-Authentication-Bypass
GitHub
GitHub - detectrespondrepeat/CVE-2025-49125-Authentication-Bypass: Authentication Bypass via Alternate Path Vulnerability (CWE…
Authentication Bypass via Alternate Path Vulnerability (CWE-288) - detectrespondrepeat/CVE-2025-49125-Authentication-Bypass
CVE-2025-5287
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/RootHarpy/CVE-2025-5287
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/RootHarpy/CVE-2025-5287
GitHub
GitHub - RootHarpy/CVE-2025-5287: Unauthenticated SQL Injection exploit for WordPress Likes and Dislikes Plugin ≤ 1.0.0
Unauthenticated SQL Injection exploit for WordPress Likes and Dislikes Plugin ≤ 1.0.0 - RootHarpy/CVE-2025-5287
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/5kr1pt/WriteUp-Roundcube_CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/5kr1pt/WriteUp-Roundcube_CVE-2025-49113
GitHub
GitHub - 5kr1pt/WriteUp-Roundcube_CVE-2025-49113: Explicação+ WriteUp do Lab Tryhackme
Explicação+ WriteUp do Lab Tryhackme. Contribute to 5kr1pt/WriteUp-Roundcube_CVE-2025-49113 development by creating an account on GitHub.
CVE-2021-30047
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Github link:
https://github.com/Andreyft7/CVE-2021-30047
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Github link:
https://github.com/Andreyft7/CVE-2021-30047
GitHub
GitHub - Andreyft7/CVE-2021-30047: Scrip de "Denial of Service" no protocolo de rede FTP
Scrip de "Denial of Service" no protocolo de rede FTP - Andreyft7/CVE-2021-30047
CVE-2025-4123
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/DesDoTvl/CVE-2025-4123grafana
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
Github link:
https://github.com/DesDoTvl/CVE-2025-4123grafana
GitHub
GitHub - DesDoTvl/CVE-2025-4123grafana: Escaner para encontrar vulnerabilidad CVE-2025-4123 grafana
Escaner para encontrar vulnerabilidad CVE-2025-4123 grafana - DesDoTvl/CVE-2025-4123grafana
CVE-2017-0143
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
Github link:
https://github.com/Mafiosohack/offensive-security-lab-1
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
Github link:
https://github.com/Mafiosohack/offensive-security-lab-1
GitHub
GitHub - Mafiosohack/offensive-security-lab-1: A hands-on vulnerability assessment and exploitation of a Windows 7 VM using the…
A hands-on vulnerability assessment and exploitation of a Windows 7 VM using the EternalBlue (CVE-2017-0143) exploit. Includes scanning, exploitation with Metasploit, post-exploitation, and remedia...
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/ynsmroztas/CVE-2025-3248-Langflow-RCE
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/ynsmroztas/CVE-2025-3248-Langflow-RCE
GitHub
GitHub - ynsmroztas/CVE-2025-3248-Langflow-RCE: CVE-2025-3248 Langflow RCE Exploit
CVE-2025-3248 Langflow RCE Exploit. Contribute to ynsmroztas/CVE-2025-3248-Langflow-RCE development by creating an account on GitHub.