CVE-2025-29927.zip
2.3 KB
CVE-2025-29927
Author: Bongni
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/Bongni/CVE-2025-29927
Author: Bongni
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/Bongni/CVE-2025-29927
CVE-2008-5161.zip
5.3 KB
CVE-2008-5161
Author: talha3117
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
GitHub Link:
https://github.com/talha3117/OpenSSH-4.7p1-CVE-2008-5161-Exploit
Author: talha3117
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
GitHub Link:
https://github.com/talha3117/OpenSSH-4.7p1-CVE-2008-5161-Exploit
CVE-2025-32463.zip
724 B
CVE-2025-32463
Author: 0x3c4dfa1
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/0x3c4dfa1/CVE-2025-32463
Author: 0x3c4dfa1
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/0x3c4dfa1/CVE-2025-32463
CVE-2025-32463.zip
11.8 KB
CVE-2025-32463
Author: ricardomaia
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/ricardomaia/CVE-2025-32463
Author: ricardomaia
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/ricardomaia/CVE-2025-32463
CVE-2025-32463.zip
60.3 KB
CVE-2025-32463
Author: shazed-x
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/shazed-x/CVE-2025-32463
Author: shazed-x
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/shazed-x/CVE-2025-32463
CVE-2023-21554.zip
6.5 KB
CVE-2023-21554
Author: shootweb
Microsoft Message Queuing Remote Code Execution Vulnerability
GitHub Link:
https://github.com/shootweb/CVE-2023-21554
Author: shootweb
Microsoft Message Queuing Remote Code Execution Vulnerability
GitHub Link:
https://github.com/shootweb/CVE-2023-21554