CVE-2023-30258.zip
1.5 KB
CVE-2023-30258
Author: abdullohqurbon0v
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
GitHub Link:
https://github.com/abdullohqurbon0v/CVE-2023-30258-Exploit-For-Magnus-Billing-System
Author: abdullohqurbon0v
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
GitHub Link:
https://github.com/abdullohqurbon0v/CVE-2023-30258-Exploit-For-Magnus-Billing-System
CVE-2025-32433.zip
696.5 KB
CVE-2025-32433
Author: iteride
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/iteride/CVE-2025-32433
Author: iteride
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/iteride/CVE-2025-32433
CVE-2025-29306.zip
3.6 KB
CVE-2025-29306
Author: amalpvatayam67
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
GitHub Link:
https://github.com/amalpvatayam67/day06-foxcms-rce
Author: amalpvatayam67
An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
GitHub Link:
https://github.com/amalpvatayam67/day06-foxcms-rce
CVE-2020-1938.zip
72.7 KB
CVE-2020-1938
Author: Joshua8821
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web app...
Author: Joshua8821
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web app...
👍1
CVE-2024-43630.zip
54.1 KB
CVE-2024-43630
Author: QuasarBinary
Windows Kernel Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/QuasarBinary/CVE-2024-43630-POC
Author: QuasarBinary
Windows Kernel Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/QuasarBinary/CVE-2024-43630-POC
CVE-2025-3248.zip
3.1 KB
CVE-2025-3248
Author: wand3rlust
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
GitHub Link:
https://github.com/wand3rlust/CVE-2025-3248
Author: wand3rlust
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
GitHub Link:
https://github.com/wand3rlust/CVE-2025-3248
CVE-2018-14009.zip
1.5 MB
CVE-2018-14009
Author: pablocaraballofernandez
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
GitHub Link:
https://github.com/pablocaraballofernandez/IDE-TryHackME-Spanish-Walkthrough-
Author: pablocaraballofernandez
Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.
GitHub Link:
https://github.com/pablocaraballofernandez/IDE-TryHackME-Spanish-Walkthrough-
CVE-2025-29927.zip
152.4 KB
CVE-2025-29927
Author: adjscent
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927
Author: adjscent
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/adjscent/vulnerable-nextjs-14-CVE-2025-29927
CVE-2010-1240.zip
182.4 KB
CVE-2010-1240
Author: 12345qwert123456
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
GitHub Link:
https://github.com/12345qwert123456/CVE-2010-1240
Author: 12345qwert123456
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arbitrary local program that was specified in a PDF document, as demonstrated by a text field that claims that the Open button will enable the user to read an encrypted message.
GitHub Link:
https://github.com/12345qwert123456/CVE-2010-1240
CVE-2018-13379.zip
5.6 KB
CVE-2018-13379
Author: kh4sh3i
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
GitHub Link:
https://github.com/kh4sh3i/CVE-2018-13379
Author: kh4sh3i
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
GitHub Link:
https://github.com/kh4sh3i/CVE-2018-13379
CVE-2025-25257.zip
2.3 KB
CVE-2025-25257
Author: segfault-it
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
GitHub Link:
https://github.com/segfault-it/CVE-2025-25257
Author: segfault-it
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
GitHub Link:
https://github.com/segfault-it/CVE-2025-25257
CVE-2018-13379.zip
5.6 KB
CVE-2018-13379
Author: kh4sh3i
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
GitHub Link:
https://github.com/kh4sh3i/CVE-2018-13379
Author: kh4sh3i
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
GitHub Link:
https://github.com/kh4sh3i/CVE-2018-13379
CVE-2025-25257.zip
2.3 KB
CVE-2025-25257
Author: segfault-it
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
GitHub Link:
https://github.com/segfault-it/CVE-2025-25257
Author: segfault-it
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability CWE-89 in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
GitHub Link:
https://github.com/segfault-it/CVE-2025-25257
CVE-2025-34152.zip
5 KB
CVE-2025-34152
Author: kh4sh3i
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
GitHub Link:
https://github.com/kh4sh3i/CVE-2025-34152
Author: kh4sh3i
An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP service. Unlike other injection points, this vector allows remote compromise without triggering visible configuration changes.
GitHub Link:
https://github.com/kh4sh3i/CVE-2025-34152