CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/GongWook/CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/GongWook/CVE-2025-24813
GitHub
GitHub - GongWook/CVE-2025-24813: POC
POC. Contribute to GongWook/CVE-2025-24813 development by creating an account on GitHub.
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Github link:
https://github.com/Antoine-MANTIS/POC-Bash-CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Github link:
https://github.com/Antoine-MANTIS/POC-Bash-CVE-2021-3560
GitHub
GitHub - Antoine-MANTIS/POC-Bash-CVE-2021-3560: POC Bash -- CVE-2021-3560
POC Bash -- CVE-2021-3560. Contribute to Antoine-MANTIS/POC-Bash-CVE-2021-3560 development by creating an account on GitHub.
CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Github link:
https://github.com/rvizx/CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Github link:
https://github.com/rvizx/CVE-2024-9264
GitHub
GitHub - rvizx/CVE-2024-9264: Authenticated RCE in Grafana (v11.0) via SQL Expressions - PoC Exploit
Authenticated RCE in Grafana (v11.0) via SQL Expressions - PoC Exploit - rvizx/CVE-2024-9264
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Github link:
https://github.com/bidaoui4905/CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Github link:
https://github.com/bidaoui4905/CVE-2018-10933
GitHub
GitHub - bidaoui4905/CVE-2018-10933: LibSSH authentification bypass
LibSSH authentification bypass. Contribute to bidaoui4905/CVE-2018-10933 development by creating an account on GitHub.
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/SpongeBob-369/cve-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/SpongeBob-369/cve-2025-32463
GitHub
GitHub - SpongeBob-369/cve-2025-32463: cve-2025-32463's demo
cve-2025-32463's demo. Contribute to SpongeBob-369/cve-2025-32463 development by creating an account on GitHub.
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Chocapikk/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Chocapikk/CVE-2025-5777
GitHub
GitHub - Chocapikk/CVE-2025-5777: CitrixBleed 2 (CVE-2025-5777)
CitrixBleed 2 (CVE-2025-5777). Contribute to Chocapikk/CVE-2025-5777 development by creating an account on GitHub.
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT
GitHub
GitHub - K3ysTr0K3R/CVE-2025-32463-EXPLOIT: A PoC exploit for CVE-2025-32463 - Sudo Privilege Escalation
A PoC exploit for CVE-2025-32463 - Sudo Privilege Escalation - K3ysTr0K3R/CVE-2025-32463-EXPLOIT
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/abrewer251/CVE-2025-32463_Sudo_PoC
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/abrewer251/CVE-2025-32463_Sudo_PoC
GitHub
GitHub - abrewer251/CVE-2025-32463_Sudo_PoC: PoC for CVE-2025-32463: Local privilege escalation in sudo via --chroot. Exploits…
PoC for CVE-2025-32463: Local privilege escalation in sudo via --chroot. Exploits NSS module injection through crafted chroot environments. Designed for security researchers and lab-only environmen...
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity
GitHub
GitHub - Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity: Repository
Repository. Contribute to Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity development by creating an account on GitHub.
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/win3zz/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/win3zz/CVE-2025-5777
GitHub
GitHub - win3zz/CVE-2025-5777: CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC…
CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices - win3zz/CVE-2025-5777
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/susancodes55/CVE-2025-32463-sudo-poc
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/susancodes55/CVE-2025-32463-sudo-poc
CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Github link:
https://github.com/fishyyh/CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Github link:
https://github.com/fishyyh/CVE-2025-48384
GitHub
GitHub - fishyyh/CVE-2025-48384: for CVE-2025-48384 test
for CVE-2025-48384 test. Contribute to fishyyh/CVE-2025-48384 development by creating an account on GitHub.