CVE-2015-8562
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Github link:
https://github.com/Anonydra/joomla-1.5-3.4.5-rce
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Github link:
https://github.com/Anonydra/joomla-1.5-3.4.5-rce
GitHub
GitHub - Anonydra/joomla-1.5-3.4.5-rce: Modified PoC exploit demonstrating remote code execution via object injection vulnerability…
Modified PoC exploit demonstrating remote code execution via object injection vulnerability in Joomla! 1.5.0 through 3.4.5 (CVE-2015-8562). - Anonydra/joomla-1.5-3.4.5-rce
CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
Github link:
https://github.com/AdityaBhatt3010/TryHackMe-Room-Walkthrough-Billing
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
Github link:
https://github.com/AdityaBhatt3010/TryHackMe-Room-Walkthrough-Billing
GitHub
GitHub - AdityaBhatt3010/TryHackMe-Room-Walkthrough-Billing: A detailed semi-professional walkthrough of TryHackMe's Billing room…
A detailed semi-professional walkthrough of TryHackMe's Billing room exploiting CVE-2023-30258 and escalating via fail2ban misconfig - AdityaBhatt3010/TryHackMe-Room-Walkthrough-Billing
CVE-2017-0143
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
Github link:
https://github.com/Cedric-Martz/EthernalBlue_report
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
Github link:
https://github.com/Cedric-Martz/EthernalBlue_report
GitHub
GitHub - Cedric-Martz/EthernalBlue_report: This is a security assessment report regarding the EthernalBlue vulnerability (CVE-2017…
This is a security assessment report regarding the EthernalBlue vulnerability (CVE-2017-0143). - Cedric-Martz/EthernalBlue_report
CVE-2025-24016
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.
Github link:
https://github.com/guinea-offensive-security/Wazuh-RCE
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). If an attacker manages to inject an unsanitized dictionary in DAPI request/response, they can forge an unhandled exception (`__unhandled_exc__`) to evaluate arbitrary python code. The vulnerability can be triggered by anybody with API access (compromised dashboard or Wazuh servers in the cluster) or, in certain configurations, even by a compromised agent. Version 4.9.1 contains a fix.
Github link:
https://github.com/guinea-offensive-security/Wazuh-RCE
GitHub
GitHub - guinea-offensive-security/Wazuh-RCE: Wazuh 8.4 CVE-2025-24016
Wazuh 8.4 CVE-2025-24016. Contribute to guinea-offensive-security/Wazuh-RCE development by creating an account on GitHub.
CVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.
Github link:
https://github.com/SystemVll/CVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.
Github link:
https://github.com/SystemVll/CVE-2025-48827
GitHub
GitHub - SystemVll/CVE-2025-48827: This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication…
This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication bypass vulnerability affecting vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 when running on PHP 8.1 or lat...
CVE-2025-49493
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
Github link:
https://github.com/SystemVll/CVE-2025-49493
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
Github link:
https://github.com/SystemVll/CVE-2025-49493
GitHub
GitHub - SystemVll/CVE-2025-49493: This is a Python-based exploit for **CVE-2025-49493**, which affects Akamai CloudTest versions…
This is a Python-based exploit for **CVE-2025-49493**, which affects Akamai CloudTest versions before 60 2025.06.02 (12988). The vulnerability allows for XML External Entity (XXE) injection through...
CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/mickhacking/thank-u-next
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/mickhacking/thank-u-next
GitHub
GitHub - mickhacking/thank-u-next: CVE-2025-29927 PoC | Auth Bypass Exploit | Python Tool using httpx | Middleware Vulnerability…
CVE-2025-29927 PoC | Auth Bypass Exploit | Python Tool using httpx | Middleware Vulnerability | Ethical Hacking Toolkit - mickhacking/thank-u-next
CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Github link:
https://github.com/X3RX3SSec/CVE-2023-5360
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
Github link:
https://github.com/X3RX3SSec/CVE-2023-5360
GitHub
GitHub - X3RX3SSec/CVE-2023-5360: Royal Elementor Addons - Unauthenticated Remote Code Execution
Royal Elementor Addons - Unauthenticated Remote Code Execution - X3RX3SSec/CVE-2023-5360
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/dbarquero/cve-2025-32463-lab
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/dbarquero/cve-2025-32463-lab
GitHub
GitHub - dbarquero/cve-2025-32463-lab: Educational Docker lab to simulate privilege escalation via CVE-2025-32463
Educational Docker lab to simulate privilege escalation via CVE-2025-32463 - dbarquero/cve-2025-32463-lab
❤1
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/dollarboysushil/Linux-Privilege-Escalation-CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/dollarboysushil/Linux-Privilege-Escalation-CVE-2025-27591
GitHub
GitHub - dollarboysushil/Linux-Privilege-Escalation-CVE-2025-27591: CVE-2025-27591 is a known privilege escalation vulnerability…
CVE-2025-27591 is a known privilege escalation vulnerability in the Below service (version < v0.9.0) - dollarboysushil/Linux-Privilege-Escalation-CVE-2025-27591
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/DarksBlackSk/CVE-2025-27591-Proof-Of-Concept
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/DarksBlackSk/CVE-2025-27591-Proof-Of-Concept
GitHub
GitHub - DarksBlackSk/CVE-2025-27591-Proof-Of-Concept: CVE-2025-27591
CVE-2025-27591. Contribute to DarksBlackSk/CVE-2025-27591-Proof-Of-Concept development by creating an account on GitHub.
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/SleepNotF0und/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/SleepNotF0und/CVE-2025-5777
GitHub
GitHub - SleepNotF0und/CVE-2025-5777: CVE-2025-5777 (CitrixBleed 2) - [Citrix NetScaler ADC] [Citrix Gateway]
CVE-2025-5777 (CitrixBleed 2) - [Citrix NetScaler ADC] [Citrix Gateway] - SleepNotF0und/CVE-2025-5777
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/9Insomnie/CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/9Insomnie/CVE-2025-32463
GitHub
GitHub - 9Insomnie/CVE-2025-32463: CVE-2025-32463 漏洞概念验证
CVE-2025-32463 漏洞概念验证. Contribute to 9Insomnie/CVE-2025-32463 development by creating an account on GitHub.