CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/RickGeex/CVE-2025-5777-CitrixBleed
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/RickGeex/CVE-2025-5777-CitrixBleed
GitHub
GitHub - RickGeex/CVE-2025-5777-CitrixBleed: CitrixBleed-2 (CVE-2025-5777) – proof-of-concept exploit for NetScaler ADC/Gateway…
CitrixBleed-2 (CVE-2025-5777) – proof-of-concept exploit for NetScaler ADC/Gateway “memory bleed” - RickGeex/CVE-2025-5777-CitrixBleed
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/idobarel/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/idobarel/CVE-2025-5777
GitHub
GitHub - idobarel/CVE-2025-5777: CitrixBleed2 poc
CitrixBleed2 poc. Contribute to idobarel/CVE-2025-5777 development by creating an account on GitHub.
CVE-2025-0411
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-0411
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-0411
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-0411: CVE-2025-0411
CVE-2025-0411. Contribute to B1ack4sh/Blackash-CVE-2025-0411 development by creating an account on GitHub.
CVE-2023-27350
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
Github link:
https://github.com/Royall-Researchers/CVE-2023-27350
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
Github link:
https://github.com/Royall-Researchers/CVE-2023-27350
GitHub
GitHub - Royall-Researchers/CVE-2023-27350: Papercut Vulnerability, Affected Versions are PaperCut MF or NG version 8.0 or later…
Papercut Vulnerability, Affected Versions are PaperCut MF or NG version 8.0 or later (excluding patched versions) on all OS platforms. - GitHub - Royall-Researchers/CVE-2023-27350: Papercut Vulner...
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/nocerainfosec/cve-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/nocerainfosec/cve-2025-5777
GitHub
GitHub - nocerainfosec/cve-2025-5777: Memory disclosure vulnerability in Citrix NetScaler ADC and Gateway when configured as a…
Memory disclosure vulnerability in Citrix NetScaler ADC and Gateway when configured as a Gateway (VPN virtual server, ICA proxy, CVPN, RDP Proxy). - nocerainfosec/cve-2025-5777
CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Github link:
https://github.com/ruizii/CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Github link:
https://github.com/ruizii/CVE-2024-9264
GitHub
GitHub - ruizii/CVE-2024-9264: Grafana RCE
Grafana RCE. Contribute to ruizii/CVE-2024-9264 development by creating an account on GitHub.
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/Zin0D/CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/Zin0D/CVE-2024-36991
GitHub
GitHub - Zin0D/CVE-2024-36991: Exploit for CVE-2024-36991 , written by me, enumerates a handfull of things, not all, cause not…
Exploit for CVE-2024-36991 , written by me, enumerates a handfull of things, not all, cause not needed. - Zin0D/CVE-2024-36991
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/RaR1991/citrix_bleed_2
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/RaR1991/citrix_bleed_2
GitHub
GitHub - RaR1991/citrix_bleed_2: Citrix Bleed 2 PoC Scanner (CVE-2025-5777)
Citrix Bleed 2 PoC Scanner (CVE-2025-5777). Contribute to RaR1991/citrix_bleed_2 development by creating an account on GitHub.
CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Github link:
https://github.com/ShadowLance2/Apache-Druid-CVE-2021-25646-Exploit
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Github link:
https://github.com/ShadowLance2/Apache-Druid-CVE-2021-25646-Exploit
GitHub
GitHub - ShadowLance2/Apache-Druid-CVE-2021-25646-Exploit: Exploit for Apache Druid Embedded Javascript Remote Code Execution (CVE…
Exploit for Apache Druid Embedded Javascript Remote Code Execution (CVE-2021-25646), Python. - ShadowLance2/Apache-Druid-CVE-2021-25646-Exploit
CVE-2025-4403
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user-supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-4403
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user-supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-4403
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-4403: CVE-2025-4403
CVE-2025-4403. Contribute to B1ack4sh/Blackash-CVE-2025-4403 development by creating an account on GitHub.