CVE-2023-46818.zip
2.7 KB
CVE-2023-46818
Author: zs1n
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled.
GitHub Link:
https://github.com/zs1n/CVE-2023-46818
Author: zs1n
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled.
GitHub Link:
https://github.com/zs1n/CVE-2023-46818
CVE-2025-24204.zip
256.9 KB
CVE-2025-24204
Author: bale170501
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
GitHub Link:
https://github.com/bale170501/decrypted
Author: bale170501
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
GitHub Link:
https://github.com/bale170501/decrypted
CVE-2025-32433.zip
70.9 KB
CVE-2025-32433
Author: dollarboysushil
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE
Author: dollarboysushil
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE
CVE-2021-21707.zip
1.3 KB
CVE-2021-21707
Author: useru1k
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
GitHub Link:
https://github.com/useru1k/php-8.1.0-dev-exploit
Author: useru1k
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
GitHub Link:
https://github.com/useru1k/php-8.1.0-dev-exploit
CVE-2025-21333.zip
24.9 KB
CVE-2025-21333
Author: pradip022
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/pradip022/CVE-2025-21333-POC
Author: pradip022
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/pradip022/CVE-2025-21333-POC
CVE-2021-21707.zip
1.3 KB
CVE-2021-21707
Author: useru1k
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
GitHub Link:
https://github.com/useru1k/php-8.1.0-dev-exploit
Author: useru1k
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
GitHub Link:
https://github.com/useru1k/php-8.1.0-dev-exploit
CVE-2025-21333.zip
24.9 KB
CVE-2025-21333
Author: pradip022
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/pradip022/CVE-2025-21333-POC
Author: pradip022
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/pradip022/CVE-2025-21333-POC
CVE-2025-32433.zip
70.9 KB
CVE-2025-32433
Author: dollarboysushil
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE
Author: dollarboysushil
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/dollarboysushil/CVE-2025-32433-Erlang-OTP-SSH-Unauthenticated-RCE