CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/toohau/CVE-2025-32462-32463-Detection-Script-
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/toohau/CVE-2025-32462-32463-Detection-Script-
GitHub
GitHub - toohau/CVE-2025-32462-32463-Detection-Script-: Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux…
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros - toohau/CVE-2025-32462-32463-Detection-Script-
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/morgenm/sudo-chroot-CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/morgenm/sudo-chroot-CVE-2025-32463
GitHub
GitHub - morgenm/sudo-chroot-CVE-2025-32463: Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc)
Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/sentilaso1/CVE-2025-24813-Apache-Tomcat-RCE-PoC
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/sentilaso1/CVE-2025-24813-Apache-Tomcat-RCE-PoC
GitHub
GitHub - sentilaso1/CVE-2025-24813-Apache-Tomcat-RCE-PoC: Proof of Concept for CVE-2025-24813, a Remote Code Execution vulnerability…
Proof of Concept for CVE-2025-24813, a Remote Code Execution vulnerability in Apache Tomcat. This PoC exploits unsafe deserialization via crafted session files uploaded through HTTP PUT requests, a...
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/krill-x7/CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/krill-x7/CVE-2011-2523
GitHub
GitHub - krill-x7/CVE-2011-2523: Python exploit for vsftpd 2.3.4 - Backdoor Command Execution
Python exploit for vsftpd 2.3.4 - Backdoor Command Execution - GitHub - krill-x7/CVE-2011-2523: Python exploit for vsftpd 2.3.4 - Backdoor Command Execution
CVE-2025-24201
None
Github link:
https://github.com/The-Maxu/CVE-2025-24201-WebKit-Vulnerability-Detector-PoC-
None
Github link:
https://github.com/The-Maxu/CVE-2025-24201-WebKit-Vulnerability-Detector-PoC-
GitHub
GitHub - The-Maxu/CVE-2025-24201-WebKit-Vulnerability-Detector-PoC-: CVE-2025-24201 WebKit Vulnerability Detector (PoC)
CVE-2025-24201 WebKit Vulnerability Detector (PoC) - The-Maxu/CVE-2025-24201-WebKit-Vulnerability-Detector-PoC-
CVE-2025-34085
An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.
Github link:
https://github.com/ill-deed/CVE-2025-34085-Multi-target
An unrestricted file upload vulnerability in the WordPress Simple File List plugin prior to version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.
Github link:
https://github.com/ill-deed/CVE-2025-34085-Multi-target
GitHub
GitHub - ill-deed/CVE-2025-34085-Multi-target: Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress…
Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets. - ill-deed/CVE-2025-3...
CVE-2025-22457
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-22457
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-22457
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-22457: CVE-2025-22457
CVE-2025-22457. Contribute to B1ack4sh/Blackash-CVE-2025-22457 development by creating an account on GitHub.
CVE-2022-46689
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
Github link:
https://github.com/daviszhto/overwrite
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
Github link:
https://github.com/daviszhto/overwrite
GitHub
daviszhto/overwrite
Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689. - daviszhto/overwrite
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/BridgerAlderson/CVE-2025-27591-PoC
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/BridgerAlderson/CVE-2025-27591-PoC
GitHub
GitHub - BridgerAlderson/CVE-2025-27591-PoC: CVE-2025-27591 is a privilege escalation vulnerability that affected the Below service…
CVE-2025-27591 is a privilege escalation vulnerability that affected the Below service before version 0.9.0 - BridgerAlderson/CVE-2025-27591-PoC
CVE-2025-31125
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
Github link:
https://github.com/harshgupptaa/Path-Transversal-CVE-2025-31125-
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
Github link:
https://github.com/harshgupptaa/Path-Transversal-CVE-2025-31125-
GitHub
GitHub - harshgupptaa/Path-Transversal-CVE-2025-31125-: Vite is a frontend tooling framework for javascript. Vite exposes content…
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the ...