CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/issamjr/CVE-2025-49113-Scanner
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/issamjr/CVE-2025-49113-Scanner
GitHub
GitHub - issamjr/CVE-2025-49113-Scanner: A powerful Python scanner to detect CVE-2025-49113 vulnerability in Roundcube Webmail.…
A powerful Python scanner to detect CVE-2025-49113 vulnerability in Roundcube Webmail. Developed by Issam Junior (@issamiso). - issamjr/CVE-2025-49113-Scanner
CVE-2025-26909
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.
Github link:
https://github.com/issamjr/CVE-2025-26909-Scanner
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.
Github link:
https://github.com/issamjr/CVE-2025-26909-Scanner
GitHub
GitHub - issamjr/CVE-2025-26909-Scanner: Advanced scanner and PoC for CVE-2025-26909 in Hide My WP Ghost
Advanced scanner and PoC for CVE-2025-26909 in Hide My WP Ghost - issamjr/CVE-2025-26909-Scanner
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-3248
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-3248: CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python…
CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage - B1ack4sh/Blackash-CVE-2025-3248
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/byteReaper77/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/byteReaper77/CVE-2024-4577
GitHub
GitHub - byteReaper77/CVE-2024-4577: Exploit (C) CVE-2024-4577 on PHP CGI
Exploit (C) CVE-2024-4577 on PHP CGI . Contribute to byteReaper77/CVE-2024-4577 development by creating an account on GitHub.
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/0-d3y/langflow-rce-exploit
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/0-d3y/langflow-rce-exploit
GitHub
GitHub - 0-d3y/langflow-rce-exploit: Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ]
Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ] - 0-d3y/langflow-rce-exploit
CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/nfoltc/CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/nfoltc/CVE-2025-49132
GitHub
GitHub - nfoltc/CVE-2025-49132: Check a list of Pterodactyl panels for vulnerabilities from a file.
Check a list of Pterodactyl panels for vulnerabilities from a file. - nfoltc/CVE-2025-49132
CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/dennisec/Mass-CVE-2025-3248
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
Github link:
https://github.com/dennisec/Mass-CVE-2025-3248
GitHub
GitHub - dennisec/Mass-CVE-2025-3248: Mass-CVE-2025-3248
Mass-CVE-2025-3248. Contribute to dennisec/Mass-CVE-2025-3248 development by creating an account on GitHub.
CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-1094
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-1094
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-1094: CVE-2025-1094
CVE-2025-1094. Contribute to B1ack4sh/Blackash-CVE-2025-1094 development by creating an account on GitHub.
CVE-2020-1048
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.
Github link:
https://github.com/talsim/printDemon2system
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070.
Github link:
https://github.com/talsim/printDemon2system
GitHub
GitHub - talsim/printDemon2system: PrintDemon (CVE-2020-1048) Privilege Escalation
PrintDemon (CVE-2020-1048) Privilege Escalation. Contribute to talsim/printDemon2system development by creating an account on GitHub.
CVE-2025-26466
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Github link:
https://github.com/mrowkoob/CVE-2025-26466-msf
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Github link:
https://github.com/mrowkoob/CVE-2025-26466-msf
GitHub
GitHub - mrowkoob/CVE-2025-26466-msf: CVE-2025-26466 - SSH Ping DoS Ruby module for Metasploit Framework
CVE-2025-26466 - SSH Ping DoS Ruby module for Metasploit Framework - mrowkoob/CVE-2025-26466-msf
CVE-2023-33538
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
Github link:
https://github.com/mrowkoob/CVE-2023-33538-msf
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
Github link:
https://github.com/mrowkoob/CVE-2023-33538-msf
GitHub
GitHub - mrowkoob/CVE-2023-33538-msf: CVE-2023-33538 - TP-Link Command Injection Ruby module for Metasploit Framework
CVE-2023-33538 - TP-Link Command Injection Ruby module for Metasploit Framework - GitHub - mrowkoob/CVE-2023-33538-msf: CVE-2023-33538 - TP-Link Command Injection Ruby module for Metasploit Framework
CVE-2025-4322
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-4322
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-4322
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-4322: CVE-2025-4322 – Unauthenticated Privilege Escalation via Password Update "Account Takeover"…
CVE-2025-4322 – Unauthenticated Privilege Escalation via Password Update "Account Takeover" 🔥 - B1ack4sh/Blackash-CVE-2025-4322
CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/qiaojojo/CVE-2025-49132_poc
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/qiaojojo/CVE-2025-49132_poc
GitHub
GitHub - qiaojojo/CVE-2025-49132_poc: Pterodactyl翼龙面板CVE-2025-49132批量检测☝️🤓
Pterodactyl翼龙面板CVE-2025-49132批量检测☝️🤓. Contribute to qiaojojo/CVE-2025-49132_poc development by creating an account on GitHub.