CVE-2025-27817
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products.
Since Apache Kafka 3.9.1/4.0.0, we have added a system
Github link:
https://github.com/iSee857/CVE-2025-27817
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products.
Since Apache Kafka 3.9.1/4.0.0, we have added a system
Github link:
https://github.com/iSee857/CVE-2025-27817
GitHub
GitHub - iSee857/CVE-2025-27817: Apache Kafka客户端未对用户输入进行严格验证和限制,未经身份验证的攻击者可通过构造恶意配置读取环境变量或磁盘任意内容,或向非预期位置发送请求,提升REST API的文件系统/环境/URL访问权限。
Apache Kafka客户端未对用户输入进行严格验证和限制,未经身份验证的攻击者可通过构造恶意配置读取环境变量或磁盘任意内容,或向非预期位置发送请求,提升REST API的文件系统/环境/URL访问权限。 - iSee857/CVE-2025-27817
CVE-2021-29447
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Github link:
https://github.com/Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
Github link:
https://github.com/Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7
GitHub
GitHub - Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7: POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated XXE…
POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated XXE Injection. - GitHub - Tea-On/CVE-2021-29447-Authenticated-XXE-WordPress-5.6-5.7: POC to exploit WordPress 5.6-5.7 (PHP 8+) Authenticated...
CVE-2025-41646
None
Github link:
https://github.com/cyberre124/CVE-2025-41646---Critical-Authentication-Bypass-
None
Github link:
https://github.com/cyberre124/CVE-2025-41646---Critical-Authentication-Bypass-
GitHub
GitHub - GreenForceNetworks/CVE-2025-41646---Critical-Authentication-Bypass-: CVE-2025-41646 - Critical Authentication bypass
CVE-2025-41646 - Critical Authentication bypass. Contribute to GreenForceNetworks/CVE-2025-41646---Critical-Authentication-Bypass- development by creating an account on GitHub.
CVE-2025-20281
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Github link:
https://github.com/ill-deed/Cisco-CVE-2025-20281-illdeed
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Github link:
https://github.com/ill-deed/Cisco-CVE-2025-20281-illdeed
GitHub
GitHub - ill-deed/Cisco-CVE-2025-20281-illdeed: Unauthenticated Remote Code Execution exploit for CVE-2025-20281 in Cisco ISE ERS…
Unauthenticated Remote Code Execution exploit for CVE-2025-20281 in Cisco ISE ERS API. Execute commands or launch reverse shells as root — no authentication required. - ill-deed/Cisco-CVE-2025-2028...
CVE-2024-4040
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
Github link:
https://github.com/ill-deed/CrushFTP-CVE-2024-4040-illdeed
VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.
Github link:
https://github.com/ill-deed/CrushFTP-CVE-2024-4040-illdeed
GitHub
GitHub - ill-deed/CrushFTP-CVE-2024-4040-illdeed: Exploit for CVE-2024-4040 – Authentication bypass in CrushFTP via CrushAuth cookie…
Exploit for CVE-2024-4040 – Authentication bypass in CrushFTP via CrushAuth cookie and AWS-style header spoofing. Stealthy Python PoC with secure token generation, SSL bypass, and improved output. ...
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/RickGeex/CVE-2025-5777-CitrixBleed
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/RickGeex/CVE-2025-5777-CitrixBleed
GitHub
GitHub - RickGeex/CVE-2025-5777-CitrixBleed: CitrixBleed-2 (CVE-2025-5777) – proof-of-concept exploit for NetScaler ADC/Gateway…
CitrixBleed-2 (CVE-2025-5777) – proof-of-concept exploit for NetScaler ADC/Gateway “memory bleed” - RickGeex/CVE-2025-5777-CitrixBleed
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/idobarel/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/idobarel/CVE-2025-5777
GitHub
GitHub - idobarel/CVE-2025-5777: CitrixBleed2 poc
CitrixBleed2 poc. Contribute to idobarel/CVE-2025-5777 development by creating an account on GitHub.