CVE-2025-6019
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
Github link:
https://github.com/dreysanox/CVE-2025-6019_Poc
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
Github link:
https://github.com/dreysanox/CVE-2025-6019_Poc
GitHub
GitHub - dreysanox/CVE-2025-6019_Poc: Exploit for CVE-2025-6019
Exploit for CVE-2025-6019. Contribute to dreysanox/CVE-2025-6019_Poc development by creating an account on GitHub.
CVE-2025-6543
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/abrewer251/CVE-2025-6543_CitrixNetScaler_PoC
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/abrewer251/CVE-2025-6543_CitrixNetScaler_PoC
GitHub
GitHub - abrewer251/CVE-2025-6543_CitrixNetScaler_PoC: Multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler…
Multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler devices. Supports SNMP and SSH enumeration with optional CSV reporting and exploit stubs. - abrewer251/CVE-2025-6543_...
CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/uxieltc/CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/uxieltc/CVE-2025-49132
GitHub
GitHub - uxieltc/CVE-2025-49132: Check a list of Pterodactyl panels for vulnerabilities from a file.
Check a list of Pterodactyl panels for vulnerabilities from a file. - uxieltc/CVE-2025-49132
CVE-2025-27817
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products.
Since Apache Kafka 3.9.1/4.0.0, we have added a system
Github link:
https://github.com/iSee857/CVE-2025-27817
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products.
Since Apache Kafka 3.9.1/4.0.0, we have added a system
Github link:
https://github.com/iSee857/CVE-2025-27817
GitHub
GitHub - iSee857/CVE-2025-27817: Apache Kafka客户端未对用户输入进行严格验证和限制,未经身份验证的攻击者可通过构造恶意配置读取环境变量或磁盘任意内容,或向非预期位置发送请求,提升REST API的文件系统/环境/URL访问权限。
Apache Kafka客户端未对用户输入进行严格验证和限制,未经身份验证的攻击者可通过构造恶意配置读取环境变量或磁盘任意内容,或向非预期位置发送请求,提升REST API的文件系统/环境/URL访问权限。 - iSee857/CVE-2025-27817
CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Github link:
https://github.com/Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Github link:
https://github.com/Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7
GitHub
GitHub - Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7: POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated XXE…
POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated XXE Injection. - GitHub - Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7: POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated...
CVE-2025-41646
None
Github link:
https://github.com/cyberre124/CVE-2025-41646---Critical-Authentication-Bypass-
None
Github link:
https://github.com/cyberre124/CVE-2025-41646---Critical-Authentication-Bypass-
GitHub
GitHub - GreenForceNetwork/CVE-2025-41646---Critical-Authentication-Bypass-: CVE-2025-41646 - Critical Authentication bypass
CVE-2025-41646 - Critical Authentication bypass. Contribute to GreenForceNetwork/CVE-2025-41646---Critical-Authentication-Bypass- development by creating an account on GitHub.
CVE-2025-20281
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Github link:
https://github.com/ill-deed/Cisco-CVE-2025-20281-illdeed
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Github link:
https://github.com/ill-deed/Cisco-CVE-2025-20281-illdeed
GitHub
GitHub - ill-deed/Cisco-CVE-2025-20281-illdeed: Unauthenticated Remote Code Execution exploit for CVE-2025-20281 in Cisco ISE ERS…
Unauthenticated Remote Code Execution exploit for CVE-2025-20281 in Cisco ISE ERS API. Execute commands or launch reverse shells as root — no authentication required. - ill-deed/Cisco-CVE-2025-2028...
CVE-2024-4040
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
Github link:
https://github.com/ill-deed/CrushFTP-CVE-2024-4040-illdeed
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
Github link:
https://github.com/ill-deed/CrushFTP-CVE-2024-4040-illdeed
GitHub
GitHub - ill-deed/CrushFTP-CVE-2024-4040-illdeed: Exploit for CVE-2024-4040 – Authentication bypass in CrushFTP via CrushAuth cookie…
Exploit for CVE-2024-4040 – Authentication bypass in CrushFTP via CrushAuth cookie and AWS-style header spoofing. Stealthy Python PoC with secure token generation, SSL bypass, and improved output. ...