CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/cyberleelawat/ExploitVeer
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/cyberleelawat/ExploitVeer
GitHub
GitHub - cyberleelawat/ExploitVeer: An advanced, powerful, and easy-to-use tool designed to detect and exploit CVE-2025-5777 (CitrixBleed…
An advanced, powerful, and easy-to-use tool designed to detect and exploit CVE-2025-5777 (CitrixBleed 2). This script not only identifies the vulnerability but also helps in demonstrating its impac...
CVE-2016-6210
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Github link:
https://github.com/KiPhuong/cve-2016-6210
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Github link:
https://github.com/KiPhuong/cve-2016-6210
GitHub
GitHub - KiPhuong/cve-2016-6210: PoC of cve-2016-6210
PoC of cve-2016-6210. Contribute to KiPhuong/cve-2016-6210 development by creating an account on GitHub.
CVE-2025-47812
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-47812
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-47812
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-47812: CVE-2025-47812
CVE-2025-47812. Contribute to B1ack4sh/Blackash-CVE-2025-47812 development by creating an account on GitHub.
CVE-2025-30065
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code
Users are recommended to upgrade to version 1.15.1, which fixes the issue.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-30065
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code
Users are recommended to upgrade to version 1.15.1, which fixes the issue.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-30065
GitHub
GitHub - B1ack4sh/Blackash-CVE-2025-30065: CVE-2025-30065
CVE-2025-30065. Contribute to B1ack4sh/Blackash-CVE-2025-30065 development by creating an account on GitHub.
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/incommatose/CVE-2025-27591-PoC
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/incommatose/CVE-2025-27591-PoC
GitHub
GitHub - incommatose/CVE-2025-27591-PoC: A Proof of Concept for CVE-2025-27591, a local privilege escalation in Below < v0.9.0
A Proof of Concept for CVE-2025-27591, a local privilege escalation in Below < v0.9.0 - incommatose/CVE-2025-27591-PoC
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/Maalfer/Sudo-CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/Maalfer/Sudo-CVE-2021-3156
GitHub
GitHub - Maalfer/Sudo-CVE-2021-3156: Exploit para explotar la vulnerabilidad CVE-2021-3156.
Exploit para explotar la vulnerabilidad CVE-2021-3156. - Maalfer/Sudo-CVE-2021-3156
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/MGunturG/CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/MGunturG/CVE-2025-32463
GitHub
GitHub - MGunturG/CVE-2025-32463: Local Privilege Escalation to Root via Sudo chroot in Linux
Local Privilege Escalation to Root via Sudo chroot in Linux - GitHub - MGunturG/CVE-2025-32463: Local Privilege Escalation to Root via Sudo chroot in Linux
CVE-2022-44136
Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
Github link:
https://github.com/Ch35h1r3c47/CVE-2022-44136-poc
Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
Github link:
https://github.com/Ch35h1r3c47/CVE-2022-44136-poc
GitHub
GitHub - Ch35h1r3c47/CVE-2022-44136-poc: Zenar CMS 9.3 suffers from an unrestricted file upload vulnerability in its file management…
Zenar CMS 9.3 suffers from an unrestricted file upload vulnerability in its file management module, allowing authenticated attackers (with minimal privileges) to upload arbitrary files, includi...
CVE-2021-32099
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
Github link:
https://github.com/magicrc/CVE-2021-32099
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
Github link:
https://github.com/magicrc/CVE-2021-32099
GitHub
GitHub - magicrc/CVE-2021-32099: PoC for CVE-2021-32099
PoC for CVE-2021-32099. Contribute to magicrc/CVE-2021-32099 development by creating an account on GitHub.
CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Github link:
https://github.com/mrmtwoj/CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Github link:
https://github.com/mrmtwoj/CVE-2025-25257
GitHub
GitHub - mrmtwoj/CVE-2025-25257: CVE‑2025‑25257 is a critical pre-authentication SQL injection vulnerability affecting Fortinet…
CVE‑2025‑25257 is a critical pre-authentication SQL injection vulnerability affecting Fortinet FortiWeb’s - mrmtwoj/CVE-2025-25257
CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Github link:
https://github.com/TheStingR/CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Github link:
https://github.com/TheStingR/CVE-2025-25257
GitHub
GitHub - TheStingR/CVE-2025-25257: Public PoC for CVE-2025-25257: FortiWeb pre-auth SQLi to RCE
Public PoC for CVE-2025-25257: FortiWeb pre-auth SQLi to RCE - TheStingR/CVE-2025-25257
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/x00byte/PutScanner
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/x00byte/PutScanner
GitHub
GitHub - x00byte/PutScanner: A tool that identifies writable web directories in Apache Tomcat via HTTP PUT method [CVE-2025-24813]
A tool that identifies writable web directories in Apache Tomcat via HTTP PUT method [CVE-2025-24813] - x00byte/PutScanner