CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/MGunturG/CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/MGunturG/CVE-2025-32463
GitHub
GitHub - MGunturG/CVE-2025-32463: Local Privilege Escalation to Root via Sudo chroot in Linux
Local Privilege Escalation to Root via Sudo chroot in Linux - GitHub - MGunturG/CVE-2025-32463: Local Privilege Escalation to Root via Sudo chroot in Linux
CVE-2022-44136
Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
Github link:
https://github.com/Ch35h1r3c47/CVE-2022-44136-poc
Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
Github link:
https://github.com/Ch35h1r3c47/CVE-2022-44136-poc
GitHub
GitHub - Ch35h1r3c47/CVE-2022-44136-poc: Zenar CMS 9.3 suffers from an unrestricted file upload vulnerability in its file management…
Zenar CMS 9.3 suffers from an unrestricted file upload vulnerability in its file management module, allowing authenticated attackers (with minimal privileges) to upload arbitrary files, includi...
CVE-2021-32099
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
Github link:
https://github.com/magicrc/CVE-2021-32099
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
Github link:
https://github.com/magicrc/CVE-2021-32099
GitHub
GitHub - magicrc/CVE-2021-32099: PoC for CVE-2021-32099
PoC for CVE-2021-32099. Contribute to magicrc/CVE-2021-32099 development by creating an account on GitHub.
CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Github link:
https://github.com/mrmtwoj/CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Github link:
https://github.com/mrmtwoj/CVE-2025-25257
GitHub
GitHub - mrmtwoj/CVE-2025-25257: CVE‑2025‑25257 is a critical pre-authentication SQL injection vulnerability affecting Fortinet…
CVE‑2025‑25257 is a critical pre-authentication SQL injection vulnerability affecting Fortinet FortiWeb’s - mrmtwoj/CVE-2025-25257
CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Github link:
https://github.com/TheStingR/CVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Github link:
https://github.com/TheStingR/CVE-2025-25257
GitHub
GitHub - TheStingR/CVE-2025-25257: Public PoC for CVE-2025-25257: FortiWeb pre-auth SQLi to RCE
Public PoC for CVE-2025-25257: FortiWeb pre-auth SQLi to RCE - TheStingR/CVE-2025-25257
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/x00byte/PutScanner
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/x00byte/PutScanner
GitHub
GitHub - x00byte/PutScanner: A tool that identifies writable web directories in Apache Tomcat via HTTP PUT method [CVE-2025-24813]
A tool that identifies writable web directories in Apache Tomcat via HTTP PUT method [CVE-2025-24813] - x00byte/PutScanner
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/00xCanelo/CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/00xCanelo/CVE-2025-49113
GitHub
GitHub - 00xCanelo/CVE-2025-49113: 💥 Python Exploit for CVE-2025-49113 | Roundcube Webmail RCE via PHP Object Injection
💥 Python Exploit for CVE-2025-49113 | Roundcube Webmail RCE via PHP Object Injection - 00xCanelo/CVE-2025-49113
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/00xCanelo/CVE-2025-27591-PoC
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/00xCanelo/CVE-2025-27591-PoC
GitHub
GitHub - 00xCanelo/CVE-2025-27591-PoC: 🔥 Local Privilege Escalation Exploit for CVE-2025-27591 | Abuses world-writable log dir…
🔥 Local Privilege Escalation Exploit for CVE-2025-27591 | Abuses world-writable log dir in Below to gain root via /etc/passwd injection - 00xCanelo/CVE-2025-27591-PoC
CVE-2024-47575
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Github link:
https://github.com/AnnnNix/CVE-2024-47575
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Github link:
https://github.com/AnnnNix/CVE-2024-47575
GitHub
GitHub - AnnnNix/CVE-2024-47575: PoC for CVE-2024-47575
PoC for CVE-2024-47575. Contribute to AnnnNix/CVE-2024-47575 development by creating an account on GitHub.
CVE-2025-32023
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
Github link:
https://github.com/shayantrix/POC-CVE-2025-32023
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
Github link:
https://github.com/shayantrix/POC-CVE-2025-32023
GitHub
GitHub - shayantrix/POC-CVE-2025-32023: This is a reference to https://github.com/leesh3288/CVE-2025-32023, a bit modified.
This is a reference to https://github.com/leesh3288/CVE-2025-32023, a bit modified. - shayantrix/POC-CVE-2025-32023
CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Github link:
https://github.com/Perimora/cve_2022_0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
Github link:
https://github.com/Perimora/cve_2022_0492
GitHub
GitHub - Perimora/cve_2022_0492: PoC for CVE-2022-0492
PoC for CVE-2022-0492. Contribute to Perimora/cve_2022_0492 development by creating an account on GitHub.