CVE-2015-3224
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
Github link:
https://github.com/Sic4rio/CVE-2015-3224
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
Github link:
https://github.com/Sic4rio/CVE-2015-3224
GitHub
GitHub - Sic4rio/CVE-2015-3224: Ruby on Rails Web Console Exploit (CVE-2015-3224)
Ruby on Rails Web Console Exploit (CVE-2015-3224). Contribute to Sic4rio/CVE-2015-3224 development by creating an account on GitHub.
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/orange0Mint/CitrixBleed-2-CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/orange0Mint/CitrixBleed-2-CVE-2025-5777
GitHub
GitHub - orange0Mint/CitrixBleed-2-CVE-2025-5777: CitrixBleed-2 Checker & Poc automatic exploit and check token.
CitrixBleed-2 Checker & Poc automatic exploit and check token. - orange0Mint/CitrixBleed-2-CVE-2025-5777
CVE-2025-20281
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-20281
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-20281
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-20281: CVE-2025-20281
CVE-2025-20281. Contribute to B1ack4sh/Blackash-CVE-2025-20281 development by creating an account on GitHub.
CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/MAAYTHM/CVE-2025-32462_32463-Lab
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/MAAYTHM/CVE-2025-32462_32463-Lab
GitHub
GitHub - MAAYTHM/CVE-2025-32462_32463-Lab: Docker PoC for CVE-2025-32462 & CVE-2025-32463 (sudo), based on Stratascale CRU research.
Docker PoC for CVE-2025-32462 & CVE-2025-32463 (sudo), based on Stratascale CRU research. - MAAYTHM/CVE-2025-32462_32463-Lab
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/GongWook/CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/GongWook/CVE-2025-24813
GitHub
GitHub - GongWook/CVE-2025-24813: POC
POC. Contribute to GongWook/CVE-2025-24813 development by creating an account on GitHub.
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Github link:
https://github.com/Antoine-MANTIS/POC-Bash-CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Github link:
https://github.com/Antoine-MANTIS/POC-Bash-CVE-2021-3560
GitHub
GitHub - Antoine-MANTIS/POC-Bash-CVE-2021-3560: POC Bash -- CVE-2021-3560
POC Bash -- CVE-2021-3560. Contribute to Antoine-MANTIS/POC-Bash-CVE-2021-3560 development by creating an account on GitHub.
CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Github link:
https://github.com/rvizx/CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Github link:
https://github.com/rvizx/CVE-2024-9264
GitHub
GitHub - rvizx/CVE-2024-9264: Authenticated RCE in Grafana (v11.0) via SQL Expressions - PoC Exploit
Authenticated RCE in Grafana (v11.0) via SQL Expressions - PoC Exploit - rvizx/CVE-2024-9264
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Github link:
https://github.com/bidaoui4905/CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Github link:
https://github.com/bidaoui4905/CVE-2018-10933
GitHub
GitHub - bidaoui4905/CVE-2018-10933: LibSSH authentification bypass
LibSSH authentification bypass. Contribute to bidaoui4905/CVE-2018-10933 development by creating an account on GitHub.
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/SpongeBob-369/cve-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/SpongeBob-369/cve-2025-32463
GitHub
GitHub - SpongeBob-369/cve-2025-32463: cve-2025-32463's demo
cve-2025-32463's demo. Contribute to SpongeBob-369/cve-2025-32463 development by creating an account on GitHub.
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Chocapikk/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Chocapikk/CVE-2025-5777
GitHub
GitHub - Chocapikk/CVE-2025-5777: CitrixBleed 2 (CVE-2025-5777)
CitrixBleed 2 (CVE-2025-5777). Contribute to Chocapikk/CVE-2025-5777 development by creating an account on GitHub.
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT
GitHub
K3ysTr0K3R/CVE-2025-32463-EXPLOIT
Contribute to K3ysTr0K3R/CVE-2025-32463-EXPLOIT development by creating an account on GitHub.
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/abrewer251/CVE-2025-32463_Sudo_PoC
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/abrewer251/CVE-2025-32463_Sudo_PoC
GitHub
GitHub - abrewer251/CVE-2025-32463_Sudo_PoC: PoC for CVE-2025-32463: Local privilege escalation in sudo via --chroot. Exploits…
PoC for CVE-2025-32463: Local privilege escalation in sudo via --chroot. Exploits NSS module injection through crafted chroot environments. Designed for security researchers and lab-only environmen...
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity
GitHub
GitHub - Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity: Repository
Repository. Contribute to Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity development by creating an account on GitHub.