CVE-2025-32429
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.
Github link:
https://github.com/amir-othman/CVE-2025-32429
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.
Github link:
https://github.com/amir-othman/CVE-2025-32429
GitHub
GitHub - amir-othman/CVE-2025-32429: Proof-of-Concept exploit for CVE-2025-32429 (SQL Injection in PHP PDO prepared statements)…
Proof-of-Concept exploit for CVE-2025-32429 (SQL Injection in PHP PDO prepared statements) – for educational and security research purposes only - amir-othman/CVE-2025-32429
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/frankfm-labs/bricks-rce-writeup
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/frankfm-labs/bricks-rce-writeup
GitHub
GitHub - frankfm-labs/bricks-rce-writeup: cve-2024-25600-report
cve-2024-25600-report. Contribute to frankfm-labs/bricks-rce-writeup development by creating an account on GitHub.
CVE-2025-7404
None
Github link:
https://github.com/mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection
None
Github link:
https://github.com/mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection
GitHub
GitHub - mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection: CVE-2025-7404 exploit.
CVE-2025-7404 exploit. Contribute to mind2hex/CVE-2025-7404-CalibreWeb-0.6.24-BlindCommandInjection development by creating an account on GitHub.
CVE-2023-42931
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.
Github link:
https://github.com/tageniu/CVE-2023-42931
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A process may gain admin privileges without proper authentication.
Github link:
https://github.com/tageniu/CVE-2023-42931
GitHub
GitHub - tageniu/CVE-2023-42931: The exploit targets a LPE works on macOS 14.0-14.1.2, 13.0-13.6.2, 12.0-12.7.1
The exploit targets a LPE works on macOS 14.0-14.1.2, 13.0-13.6.2, 12.0-12.7.1 - tageniu/CVE-2023-42931
CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/sahbaazansari/CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/sahbaazansari/CVE-2025-29927
GitHub
GitHub - sahbaazansari/CVE-2025-29927: The POC for m6.fr website
The POC for m6.fr website. Contribute to sahbaazansari/CVE-2025-29927 development by creating an account on GitHub.
CVE-2025-53770
None
Github link:
https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
None
Github link:
https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
GitHub
GitHub - bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE: An activity to train analysis skills and…
An activity to train analysis skills and reporting - bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
CVE-2023-34362
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
Github link:
https://github.com/Naveenbana5250/CVE-2023-34362-Defense-Package
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
Github link:
https://github.com/Naveenbana5250/CVE-2023-34362-Defense-Package
GitHub
GitHub - Naveenbana5250/CVE-2023-34362-Defense-Package: Threat-Informed Detection & Mitigation Package for MOVEit Transfer Vulnerability
Threat-Informed Detection & Mitigation Package for MOVEit Transfer Vulnerability - Naveenbana5250/CVE-2023-34362-Defense-Package
CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/j3r1ch0123/CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/j3r1ch0123/CVE-2025-32462
GitHub
GitHub - j3r1ch0123/CVE-2025-32462: The vulnerability was found by Rich Mirch. More details on it here: https://cxsecurity.com/issue/WLB…
The vulnerability was found by Rich Mirch. More details on it here: https://cxsecurity.com/issue/WLB-2025070022 - j3r1ch0123/CVE-2025-32462
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Github link:
https://github.com/itmaniac/dheat_dos_attack_poc
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Github link:
https://github.com/itmaniac/dheat_dos_attack_poc
GitHub
GitHub - itmaniac/dheat_dos_attack_poc: POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001)
POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) - itmaniac/dheat_dos_attack_poc
CVE-2022-35411
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
Github link:
https://github.com/CSpanias/rpc-rce.py
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
Github link:
https://github.com/CSpanias/rpc-rce.py
GitHub
GitHub - CSpanias/rpc-rce.py: Exploit for CVE-2022-35411 — Unauthenticated RCE in rpc.py (<= 0.6.0)
Exploit for CVE-2022-35411 — Unauthenticated RCE in rpc.py (<= 0.6.0) - CSpanias/rpc-rce.py