CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/KaiHT-Ladiant/CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/KaiHT-Ladiant/CVE-2025-32463
GitHub
GitHub - KaiHT-Ladiant/CVE-2025-32463: CVE-2025-32463 - Sudo Chroot Privilege Escalation Exploit
CVE-2025-32463 - Sudo Chroot Privilege Escalation Exploit - KaiHT-Ladiant/CVE-2025-32463
CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/b4sh0xf/PoC-CVE-2025-29927
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Github link:
https://github.com/b4sh0xf/PoC-CVE-2025-29927
GitHub
GitHub - b4sh0xf/PoC-CVE-2025-29927: → poc for CVE-2025-29927
→ poc for CVE-2025-29927. Contribute to b4sh0xf/PoC-CVE-2025-29927 development by creating an account on GitHub.
CVE-2021-43857
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
Github link:
https://github.com/ProwlSec/gerapy-cve-2021-43857
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
Github link:
https://github.com/ProwlSec/gerapy-cve-2021-43857
GitHub
GitHub - ProwlSec/gerapy-cve-2021-43857: Proof of Concept exploit for CVE‑2021‑43857: Authenticated Remote Code Execution in Gerapy…
Proof of Concept exploit for CVE‑2021‑43857: Authenticated Remote Code Execution in Gerapy (<0.9.8). Updated and automated version of the original Exploit‑DB PoC for educational and authoriz...
CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/alexandermoro/cve-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/alexandermoro/cve-2001-1473
GitHub
GitHub - alexandermoro/cve-2001-1473: cve 2001 1473 poc
cve 2001 1473 poc. Contribute to alexandermoro/cve-2001-1473 development by creating an account on GitHub.
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Github link:
https://github.com/spidoman/CVE-2023-22809-automated-python-exploits
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Github link:
https://github.com/spidoman/CVE-2023-22809-automated-python-exploits
GitHub
GitHub - spidoman/CVE-2023-22809-automated-python-exploits: automatically exploit the sudoedit vulnerability fo CVE-2023-22809
automatically exploit the sudoedit vulnerability fo CVE-2023-22809 - spidoman/CVE-2023-22809-automated-python-exploits
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/y4ney/CVE-2025-32463-lab
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/y4ney/CVE-2025-32463-lab
GitHub
GitHub - y4ney/CVE-2025-32463-lab: 本项目基于 Docker 搭建了一个用于复现和测试 sudo 本地权限提升漏洞 CVE-2025-32463 的实验环境。
本项目基于 Docker 搭建了一个用于复现和测试 sudo 本地权限提升漏洞 CVE-2025-32463 的实验环境。 - y4ney/CVE-2025-32463-lab
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/joidiego/Detection-struts-cve-2017-5638-detector
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/joidiego/Detection-struts-cve-2017-5638-detector
GitHub
joidiego/Detection-struts-cve-2017-5638-detector
Real-time anomaly detection system for Apache Struts CVE-2017-5638 exploit using streaming analytics, 3-gram byte analysis, and Count-Min Sketch. Detects RCE attacks without signatures, with &l...
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/below0day/Honeypot-Logs-CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/below0day/Honeypot-Logs-CVE-2025-5777
GitHub
GitHub - below0day/Honeypot-Logs-CVE-2025-5777: CitrixBleed 2 NetScaler honeypot logs
CitrixBleed 2 NetScaler honeypot logs. Contribute to below0day/Honeypot-Logs-CVE-2025-5777 development by creating an account on GitHub.