Automatic monitor github cve using Github Actions
Last generated: 2025-08-01 03:11:31.693668
| CVE | Name | Description | Date |
|---|---|---|---|
| CVE-2525-25748 | huyvo2910/CVE-2525-25748-Cross-Site-Request-Forgery-CSRF-Vulnerability-in-HotelDruid-3.0.7 | Cross-Site Request Forgery (CSRF) Vulnerability in HotelDruid 3.0.7 (CVE-2025-25748) | 2025-03-07T12:07:41Z |
| CVE-2025-7620 | Yuri08loveElaina/cve_2025_7620 | no description | 2025-07-14T05:47:32Z |
| CVE-2025-7606 | sunhuiHi666/CVE-2025-7606 | no description | 2025-07-14T01:59:00Z |
| CVE-2025-7605 | sunhuiHi666/CVE-2025-7605 | no description | 2025-07-14T01:58:40Z |
| CVE-2025-7340 | Nxploited/CVE-2025-7340 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload | 2025-07-14T23:27:47Z |
| CVE-2025-6970 | RandomRobbieBF/CVE-2025-6970 | Events Manager <= 7.0.3 - Unauthenticated SQL Injection via orderby Parameter |
2025-07-09T20:44:47Z |
| CVE-2025-6934 | Nxploited/CVE-2025-6934 | Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation | 2025-07-01T13:05:24Z |
| CVE-2025-6934 | MrjHaxcore/CVE-2025-6934 | CVE-2025-6934 POC | 2025-07-02T14:23:48Z |
| CVE-2025-6907 | byteReaper77/cve-2025-6907 | a standalone C-based SQL Injection exploit targeting the CVE‑2025‑6907 vulnerability in the CODE_PROJECT service. | 2025-07-04T12:54:16Z |
| CVE-2025-6860 | byteReaper77/CVE-2025-6860 | A proof‑of‑concept command‑line tool in C for detecting the SQL injection vulnerability . | 2025-06-29T22:25:42Z |
| CVE-2025-6759 | olljanat/TestCitrixException | Minimal tool to test CVE-2025-6759 mitigation | 2025-07-09T11:19:47Z |
| CVE-2025-666666 | anderruiz/CVE-2025-666666 | Successful exploit for D | 2025-04-04T05:06:22Z |
| CVE-2025-6586 | d0n601/CVE-2025-6586 | Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload | 2025-06-25T05:13:08Z |
| CVE-2025-6554 | gmh5225/CVE-2025-6554-2 | no description | 2025-07-05T04:10:06Z |
| CVE-2025-6554 | PwnToday/CVE-2025-6554 | no description | 2025-07-07T09:10:31Z |
| CVE-2025-6554 | windz3r0day/CVE-2025-6554 | no description | 2025-07-04T11:42:42Z |
| CVE-2025-6554 | ghostn4444/POC-CVE-2025-6554 | no description | 2025-07-09T04:20:12Z |
| CVE-2025-6554 | 9Insomnie/CVE-2025-6554 | CVE-2025-6554 漏洞概念验证 | 2025-07-10T03:56:55Z |
| CVE-2025-6543 | grupooruss/Citrix-cve-2025-6543 | Script para determinar si Citrix es vulnerable al CVE-2025-6543 | 2025-06-26T15:05:43Z |
| CVE-2025-6543 | seabed-atavism/CVE-2025-6543 | Citrix Bleed 2 PoC | 2025-06-30T07:47:12Z |
| CVE-2025-6543 | abrewer251/CVE-2025-6543_CitrixNetScaler_PoC | Multi-host, multi-port scanner and auditor for CVE-2025-6543-affected NetScaler devices. Supports SNMP and SSH enumeration with optional CSV reporting and exploit stubs. | 2025-07-03T20:02:39Z |
| CVE-2025-6514 | ChaseHCS/CVE-2025-6514 | Documentation for CVE-2025-6514. MCP-Remote RCE. | 2025-07-11T15:46:24Z |
| CVE-2025-6335 | jujubooom/CVE-2025-6335 | cve报告 | 2025-06-13T13:14:02Z |
| CVE-2025-6220 | d0n601/CVE-2025-6220 | Ultimate Addons for Contact Form 7 <= 3.5.12 - Authenticated (Administrator+) Arbitrary File Upload via 'save_options' | 2025-06-17T22:34:49Z |
| CVE-2025-6218 | speinador/CVE-2025-6218_WinRAR | no description | 2025-06-27T00:11:03Z |
| CVE-2025-6218 | ignis-sec/CVE-2025-6218 | A simple proof of concept for WinRAR Path Traversal - RCE - CVE-2025-6218 | 2025-06-29T19:06:53Z |
| CVE-2025-6218 | skimask1690/CVE-2025-6218-POC | Proof of Concept for CVE-2025-6218, demonstrating the exploitation of a vulnerability in WinRAR versions 7.11 and under, involving improper handling of archive extraction paths. | 2025-07-01T05:34:57Z |
| CVE-2025-6218 | mulwareX/CVE-2025-6218-POC | RARLAB WinRAR Directory Traversal Remote Code Execution | 2025-07-03T04:52:14Z |
| CVE-2025-6218 | absholi7ly/CVE-2025-6218-WinRAR-Directory-Traversal-RCE | CVE-2025-6218 is a directory traversal vulnerability in WinRAR that allows an attacker to place files outside the intended extraction directory when a user extracts a specially crafted | 2025-07-10T01:37:39Z |
| CVE-2025-6169 | Yuri08loveElaina/CVE_2025_6169 | The WIMP website co-construction management platform from HAMASTAR Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 2025-06-16T07:07:12Z |
| CVE-2025-6083 | Yuri08loveElaina/CVE_2025_6083 | In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id filter. This issue may allow users to search data across the entire table instead of being restricted to their specific owner_id. | 2025-06-15T09:42:47Z |
| CVE-2025-6070 | Yuri08loveElaina/CVE_2025_6070 | The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server | 2025-06-15T10:04:00Z |
| CVE-2025-6065 | Yuri08loveElaina/CVE_2025_6065 | Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server | 2025-06-15T09:25:26Z |
| CVE-2025-6058 | Nxploited/CVE-2025-6058 | WPBookit <= 1.0.4 - Unauthenticated Arbitrary File Upload | 2025-07-12T16:25:47Z |
| CVE-2025-6058 | JayVillain/Scan-CVE-2025-6058 | no description | 2025-07-13T05:05:41Z |
| CVE-2025-6019 | guinea-offensive-security/CVE-2025-6019 | no description | 2025-06-19T02:42:21Z |
| CVE-2025-6019 | And-oss/CVE-2025-6019-exploit | exploit | 2025-06-20T10:47:38Z |
| CVE-2025-6019 | neko205-mx/CVE-2025-6019_Exploit | no description | 2025-06-29T11:53:21Z |
| CVE-2025-6019 | dreysanox/CVE-2025-6019_Poc | Exploit for CVE-2025-6019 | 2025-07-03T12:45:55Z |
| CVE-2025-6018 | iamgithubber/CVE-2025-6018-19-exploit | no description | 2025-07-03T10:03:54Z |
| CVE-2025-5964 | byteReaper77/CVE-2025-5964- | C PoC language for emulating path traversal vulnerability (CVE-2025-5964) in M-Files25.6.14925.0 | 2025-06-17T01:28:38Z |
| CVE-2025-5961 | d0n601/CVE-2025-5961 | Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload | 2025-06-10T01:48:53Z |
| CVE-2025-5961 | Nxploited/CVE-2025-5961 | Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload | 2025-07-04T10:57:59Z |
| CVE-2025-5840 | haxerr9/CVE-2025-5840 | CVE-2025-5840 Exploit Written In Python By haxerr9 | 2025-06-08T14:55:11Z |
| CVE-2025-5815 | RootHarpy/CVE-2025-5815-Nuclei-Template | CVE-2025-5815: An unauthenticated vulnerability in the WordPress Traffic Monitor plugin (≤ 3.2.2) allowing remote attackers to disable bot logging via an exposed AJAX action without requiring authentication. | 2025-06-13T07:21:24Z |
| CVE-2025-5777 | mingshenhk/CitrixBleed-2-CVE-2025-5777-PoC- | 详细讲解CitrixBleed 2 — CVE-2025-5777(越界泄漏)PoC 和检测套件 | 2025-06-30T11:02:46Z |
| CVE-2025-5777 | nocerainfosec/cve-2025-5777 | Memory disclosure vulnerability in Citrix NetScaler ADC and Gateway when configured as a Gateway (VPN virtual server, ICA proxy, CVPN, RDP Proxy). | 2025-07-05T23:56:36Z |
| CVE-2025-5777 | idobarel/CVE-2025-5777 | CitrixBleed2 poc | 2025-07-05T11:49:53Z |
| CVE-2025-5777 | orange0Mint/CitrixBleed-2-CVE-2025-5777 | CitrixBleed-2 Checker & Poc automatic exploit and check token. | 2025-07-06T14:50:49Z |
| CVE-2025-5777 | RaR1991/citrix_bleed_2 | Citrix Bleed 2 PoC Scanner (CVE-2025-5777) | 2025-07-06T10:55:22Z |
| CVE-2025-5777 | win3zz/CVE-2025-5777 | CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices | 2025-07-08T14:12:45Z |
| CVE-2025-5777 | Chocapikk/CVE-2025-5777 | CitrixBleed 2 (CVE-2025-5777) | 2025-07-08T10:27:16Z |
| CVE-2025-5777 | FrenzisRed/CVE-2025-5777 | CitrixBleed2 powershell version | 2025-07-09T07:09:36Z |
| CVE-2025-5777 | bughuntar/CVE-2025-5777 | CVE-2025-5777 Citrix NetScaler Memory Leak Exploit (CitrixBleed 2) | 2025-07-10T07:15:07Z |
| CVE-2025-5777 | 0xgh057r3c0n/CVE-2025-5777 | Citrix NetScaler Memory Leak PoC | 2025-07-10T18:48:21Z |
| CVE-2025-5777 | RickGeex/CVE-2025-5777-CitrixBleed | CitrixBleed-2 (CVE-2025-5777) – proof-of-concept exploit for NetScaler ADC/Gateway “memory bleed” | 2025-07-04T21:13:37Z |
| CVE-2025-5777 | SleepNotF0und/CVE-2025-5777 | CVE-2025-5777 (CitrixBleed 2) - [Citrix NetScaler ADC] [Citrix Gateway] | 2025-07-15T05:02:11Z |
| CVE-2025-5777 | B1ack4sh/Blackash-CVE-2025-5777 | CVE-2025-5777 | 2025-07-16T15:12:05Z |
| CVE-2025-5755 | cyberajju/cve-2025-5755 | no description | 2025-07-09T07:30:36Z |
| CVE-2025-5701 | Nxploited/CVE-2025-5701 | WordPress HyperComments Plugin <= 1.2.2 is vulnerable to Privilege Escalation | 2025-06-05T15:27:18Z |
| CVE-2025-5701 | RandomRobbieBF/CVE-2025-5701 | HyperComments <= 1.2.2 - Unauthenticated (Subscriber+) Arbitrary Options Update | 2025-06-12T08:27:35Z |
| CVE-2025-5640 | mbanyamer/PX4-Military-UAV-Autopilot-1.12.3-Stack-Buffer-Overflow-Exploit-CVE-2025-5640- | no description | 2025-06-21T11:52:01Z |
| CVE-2025-5419 | itsShotgun/chrome_v8_cve_checker | Checks if your Chrome version is vulnerable to CVE-2025-5419, from the browser | 2025-06-14T01:48:21Z |
| CVE-2025-53964 | tigr78/CVE-2025-53964 | no description | 2025-07-16T21:35:19Z |
| CVE-2025-53833 | B1ack4sh/Blackash-CVE-2025-53833 | CVE-2025-53833 | 2025-07-15T11:31:29Z |
| CVE-2025-53547 | DVKunion/CVE-2025-53547-POC | CVE-2025-53547 one of poc code | 2025-07-09T09:03:47Z |
| CVE-2025-5349 | olimpiofreitas/CVE-2025-5349-Scanner | no description | 2025-07-15T15:02:10Z |
| CVE-2025-5329 | sahici/CVE-2025-5329 | USOM Tarafından resmi yayın beklenmektedir. | 2025-05-30T09:41:09Z |
| CVE-2025-5319 | sahici/CVE-2025-5319 | USOM Tarafından resmi yayın beklenmektedir. | 2025-05-30T09:40:46Z |
| CVE-2025-5309 | issamjr/CVE-2025-5309-Scanner | 🚨 CVE-2025-5309 Multi-Method SSTI Scanner - BeyondTrust Detection Tool by Issam | 2025-06-24T16:38:25Z |
| CVE-2025-5288 | Nxploited/CVE-2025-5288 | Wordpress REST API - Custom API Generator For Cross Platform And Import Export In WP 1.0.0 - 2.0.3 - Missing Authorization to Unauthenticated Privilege Escalation | 2025-06-12T19:59:38Z |
| CVE-2025-5287 | Nxploited/CVE-2025-5287 | WordPress Likes and Dislikes Plugin <= 1.0.0 is vulnerable to SQL Injection | 2025-05-28T12:35:00Z |
| CVE-2025-5287 | wiseep/CVE-2025-5287 | Wordpress likes and dislikes add-on - SQL Injection | 2025-05-31T11:22:47Z |
| CVE-2025-5287 | RandomRobbieBF/CVE-2025-5287 | Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection | 2025-06-12T08:34:40Z |
| CVE-2025-5287 | RootHarpy/CVE-2025-5287 | Unauthenticated SQL Injection exploit for WordPress Likes and Dislikes Plugin ≤ 1.0.0 | 2025-06-16T22:25:25Z |
| CVE-2025-52689 | UltimateHG/CVE-2025-52689-PoC | no description | 2025-07-14T09:18:51Z |
| CVE-2025-52688 | joelczk/CVE-2025-52688 | no description | 2025-07-16T11:38:48Z |
| CVE-2025-52488 | SystemVll/CVE-2025-52488 | This exploit targets a vulnerability in DNN (formerly DotNetNuke) versions 6.0.0 to before 10.0.1 that allows attackers to disclose NTLM hashes through Unicode path normalization attacks. | 2025-07-14T01:44:07Z |
| CVE-2025-52357 | wrathfulDiety/CVE-2025-52357 | Proof of Concept and Security Advisory for XSS vulnerability in the FD602GW-DX-R410 fiber router’s admin console (firmware V2.2.14). Includes details, impact, and mitigation guidance. | 2025-06-12T18:09:33Z |
| CVE-2025-5222 | berkley4/icu-74-debian | Debian build files for icu 74.2 with a patch to fix CVE-2025-5222 | 2025-06-25T18:01:59Z |
| CVE-2025-52097 | rwilsonecs/CVE-2025-52097 | Public Disclosure of CVE-2025-52097 | 2025-07-11T19:18:29Z |
| CVE-2025-5196 | Nouvexr/Wing-FTP-Server-7.4.4-RCE-Authenticated | Wing FTP Server provides an administrative Lua scripting console accessible via its web interface. Authenticated administrators are able to execute arbitrary Lua code with insufficient sandboxing. CVE-2025-5196 | 2025-05-23T18:48:00Z |
| CVE-2025-51046 | 0xMesh-X/CVE-2025-51046 | PoC and technical advisory for CVE-2025-51046 – An unauthenticated RCE vulnerability in SourceCodester Online Student Clearance System 1.0 caused by improper file upload validation in edit-photo.php. | 2025-06-25T17:44:20Z |
| CVE-2025-5058 | d0n601/CVE-2025-5058 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image Task | 2025-05-21T18:30:01Z |
| CVE-2025-5054 | daryllundy/cve-2025-5054 | no description | 2025-06-06T03:13:19Z |
| CVE-2025-50000 | adiivascu/CVE-2025-50000 | CVE-2025-50000 reported first by adrian ivascu, reported on march 27; VERY IMPORTANT INSTRUCTION - change the user name of the Copilot user into TEST | 2025-03-27T07:02:42Z |
| CVE-2025-49619 | cristibtz/CVE-2025-49619 | This script exploits CVE-2025-49619 in Skyvern to execute a reverse shell command. | 2025-06-09T10:09:43Z |
| CVE-2025-49596 | ashiqrehan-21/MCP-Inspector-CVE-2025-49596 | MCP-Inspector-vulncheck is a Python script that checks if an MCP Inspector server is vulnerable to CVE-2025-49596. It tests whether the /sse endpoint responds to unauthenticated requests, indicating a potential security flaw. The script is simple to use and provides clear output on whether the target server is likely vulnerable or patched. | 2025-07-03T16:12:27Z |
| CVE-2025-49493 | MuhammadWaseem29/CVE-2025-49493-Poc | no description | 2025-07-01T20:54:16Z |
| CVE-2025-49493 | B1ack4sh/Blackash-CVE-2025-49493 | CVE-2025-49493 | 2025-07-05T13:32:26Z |
| CVE-2025-49493 | SystemVll/CVE-2025-49493 | This is a Python-based exploit for CVE-2025-49493, which affects Akamai CloudTest versions before 60 2025.06.02 (12988). The vulnerability allows for XML External Entity (XXE) injection through the SOAP service endpoint. | 2025-07-14T02:05:27Z |
| CVE-2025-49223 | louay-075/CVE-2025-49223-BillboardJS-PoC | CVE-2025-49223 - Prototype Pollution in Billboard.js | 2025-06-04T08:52:16Z |
| CVE-2025-492030 | ImTheCopilotNow/CVE-2025-492030 | no description | 2025-04-09T20:47:08Z |
| CVE-2025-492026 | ImTheCopilotNow/CVE-2025-492026 | no description | 2025-04-09T20:35:00Z |
| CVE-2025-492025 | ImTheCopilotNow/CVE-2025-492025 | no description | 2025-04-09T20:34:00Z |
| CVE-2025-49144 | Vr00mm/CVE-2025-49144 | PoC CVE-2025-49144 | 2025-06-24T16:01:42Z |
| CVE-2025-49144 | assad12341/notepad-v8.8.1-LPE-CVE- | CVE-2025-49144 * Notepad++ v8.8.1 * SYSTEM-level POC | 2025-06-26T18:17:23Z |
| CVE-2025-49144 | TheTorjanCaptain/CVE-2025-49144_PoC | CVE-2025-49144 PoC for security researchers to test and try. | 2025-06-25T19:23:57Z |
| CVE-2025-49144 | b0ySie7e/Notepad-8.8.1_CVE-2025-49144 | Proof of Concept (PoC) that exploits the CVE-2025-49144 vulnerability in the Notepad++ 8.8.1 installer. | 2025-06-29T00:11:25Z |
| CVE-2025-49144 | timsonner/CVE-2025-49144-Research | no description | 2025-07-02T04:03:48Z |
| CVE-2025-49144 | tristanvandermeer/CVE-2025-49144-Test | A test attack for CVE-2025-49144 | 2025-06-26T20:34:55Z |
| CVE-2025-49132 | Zen-kun04/CVE-2025-49132 | A script that gives you the credentials of a Pterodactyl panel vulnerable to CVE-2025-49132 | 2025-06-22T13:08:34Z |
| CVE-2025-49132 | qiaojojo/CVE-2025-49132_poc | Pterodactyl翼龙面板CVE-2025-49132批量检测☝️🤓 | 2025-06-23T20:51:18Z |
| CVE-2025-49132 | 63square/CVE-2025-49132 | PoCs for CVE-2025-49132 | 2025-06-24T19:41:41Z |
| CVE-2025-49132 | nfoltc/CVE-2025-49132 | Check a list of Pterodactyl panels for vulnerabilities from a file. | 2025-06-23T00:38:26Z |
| CVE-2025-49132 | uxieltc/CVE-2025-49132 | Check a list of Pterodactyl panels for vulnerabilities from a file. | 2025-07-04T03:55:17Z |
| CVE-2025-49132 | melonlonmeo/CVE-2025-49132 | Poc - CVE-2025-49132 | 2025-06-25T18:05:16Z |
| CVE-2025-49125 | detectrespondrepeat/CVE-2025-49125-Authentication-Bypass | Authentication Bypass via Alternate Path Vulnerability (CWE-288) | 2025-06-16T16:50:06Z |
| CVE-2025-49125 | gregk4sec/CVE-2025-49125 | Tomcat CVE | 2025-06-03T03:04:52Z |
| CVE-2025-49113 | Ademking/CVE-2025-49113-nuclei-template | CVE-2025-49113 - Roundcube <= 1.6.10 Post-Auth RCE via PHP Object Deserialization | 2025-06-04T02:32:44Z |
| CVE-2025-49113 | rasool13x/exploit-CVE-2025-49113 | no description | 2025-06-05T20:46:41Z |
| CVE-2025-49113 | fearsoff-org/CVE-2025-49113 | no description | 2025-06-04T15:49:43Z |
| CVE-2025-49113 | hakaioffsec/CVE-2025-49113-exploit | Proof of Concept demonstrating Remote Code Execution through insecure deserialization in Roundcube (CVE-2025-49113). | 2025-06-06T06:31:13Z |
| CVE-2025-49113 | SyFi/CVE-2025-49113 | CVE-2025-49113 exploit | 2025-06-06T05:12:34Z |
| CVE-2025-49113 | rxerium/CVE-2025-49113 | Detection for CVE-2025-49113 | 2025-06-03T19:04:17Z |
| CVE-2025-49113 | BiiTts/Roundcube-CVE-2025-49113 | Proof-of-concept to CVE-2025-49113 | 2025-06-10T15:21:25Z |
| CVE-2025-49113 | Yuri08loveElaina/CVE-2025-49113 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. | 2025-06-15T13:48:53Z |
| CVE-2025-49113 | B1ack4sh/Blackash-CVE-2025-49113 | CVE-2025-49113 | 2025-06-17T13:01:16Z |
| CVE-2025-49113 | 5kr1pt/Roundcube_CVE-2025-49113 | Explicação + Lab no THM | 2025-06-17T18:26:23Z |
| CVE-2025-49113 | punitdarji/roundcube-cve-2025-49113 | no description | 2025-06-18T19:10:00Z |
| CVE-2025-49113 | issamjr/CVE-2025-49113-Scanner | A powerful Python scanner to detect CVE-2025-49113 vulnerability in Roundcube Webmail. Developed by Issam Junior (@issamiso). | 2025-06-22T16:13:40Z |
| CVE-2025-49029 | Nxploited/CVE-2025-49029 | WordPress Custom Login And Signup Widget Plugin <= 1.0 is vulnerable to Arbitrary Code Execution | 2025-07-01T15:54:44Z |
| CVE-2025-48988 | Samb102/POC-CVE-2025-48988-CVE-2025-48976 | no description | 2025-06-20T09:15:36Z |
| CVE-2025-48976 | nankuo/CVE-2025-48976_CVE-2025-48988 | CVE-2025-48976_CVE-2025-48988 | 2025-06-23T05:41:22Z |
| CVE-2025-48828 | ill-deed/vBulletin-CVE-2025-48828-Multi-target | Batch RCE scanner for vulnerable vBulletin instances using replaceAdTemplate exploit. | 2025-06-25T20:06:09Z |
| CVE-2025-48827 | 0xgh057r3c0n/CVE-2025-48827 | Critical Unauthenticated API Access in vBulletin | 2025-05-29T20:50:34Z |
| CVE-2025-48827 | wiseep/CVE-2025-48827 | Vbullettin RCE - CVE-2025-48827 | 2025-05-31T15:23:51Z |
| CVE-2025-48827 | SystemVll/CVE-2025-48827 | This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication bypass vulnerability affecting vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 when running on PHP 8.1 or later. The vulnerability allows unauthenticated attackers to invoke protected API methods remotely. | 2025-07-14T02:17:46Z |
| CVE-2025-48799 | Wh04m1001/CVE-2025-48799 | no description | 2025-07-08T15:26:04Z |
| CVE-2025-48708 | B1tBreaker/CVE-2025-48708 | CVE-2025-48708 Ghostscript PDF lack of argument sanitization leading to password leakage | 2025-05-25T12:52:55Z |
| CVE-2025-48703 | trh4ckn0n/CVE-2025-48703 | Remote code exec cent os web panel by trhacknon | 2025-06-25T20:52:19Z |
| CVE-2025-48703 | Skynoxk/CVE-2025-48703 | Remote Code execution in CentOS web panel | 2025-06-26T14:19:36Z |
| CVE-2025-4866 | bloodcode-spasov/ble-cve2025-attack-new-version | # android-ble-cve-2025-4866 🔐 PoC za CVE-2025-4866 — Android BLE ranjivost (javna verzija) 📡 Iskorišćavanje slabosti u BLE autorizaciji na Android uređajima (public PoC only). 👨💻 Razvijeno od strane BloodCode Labs — 2025. | 2025-07-08T14:22:25Z |
| CVE-2025-48466 | shipcod3/CVE-2025-48466 | Modbus Packet Injection on Advantech WISE 4060LAN / IoT Gateway for door control | 2025-06-17T14:06:57Z |
| CVE-2025-48461 | joelczk/CVE-2025-48461 | no description | 2025-06-24T03:16:47Z |
| CVE-2025-48384 | acheong08/CVE-2025-48384 | Breaking git with a carriage return and cloning RCE | 2025-07-08T21:56:17Z |
| CVE-2025-48384 | ppd520/CVE-2025-48384 | no description | 2025-07-09T19:01:20Z |
| CVE-2025-48384 | liamg/CVE-2025-48384 | PoC for CVE-2025-48384 | 2025-07-09T16:18:19Z |
| CVE-2025-48384 | liamg/CVE-2025-48384-submodule | no description | 2025-07-09T16:07:04Z |
| CVE-2025-48384 | fishyyh/CVE-2025-48384-POC | no description | 2025-07-09T13:13:44Z |
| CVE-2025-48384 | kallydev/cve-2025-48384-hook | no description | 2025-07-09T13:07:14Z |
| CVE-2025-48384 | fishyyh/CVE-2025-48384 | for CVE-2025-48384 test | 2025-07-09T09:11:19Z |
| CVE-2025-48384 | vinieger/vinieger-CVE-2025-48384-Dockerfile | PoC dockerfile image for CVE-2025-48384 | 2025-07-11T11:10:17Z |
| CVE-2025-48384 | p1026/CVE-2025-48384 | no description | 2025-07-11T06:26:48Z |
| CVE-2025-48384 | testdjshan/CVE-2025-48384 | CVE-2025-48384 | 2025-07-10T08:39:57Z |
| CVE-2025-48384 | greatyy/CVE-2025-48384-p | no description | 2025-07-10T07:42:15Z |
| CVE-2025-48384 | NigelX/CVE-2025-48384 | 漏洞测试 | 2025-07-10T02:39:00Z |
| CVE-2025-48384 | ECHO6789/CVE-2025-48384-submodule | no description | 2025-07-15T12:26:53Z |
| CVE-2025-48384 | altm4n/cve-2025-48384 | no description | 2025-07-10T13:45:53Z |
| CVE-2025-48384 | altm4n/cve-2025-48384-hub | no description | 2025-07-10T13:46:16Z |
| CVE-2025-48384 | nguyentranbaotran/cve-2025-48384-poc | no description | 2025-07-16T03:59:12Z |
| CVE-2025-48384 | admin-ping/CVE-2025-48384-RCE | no description | 2025-07-17T01:22:23Z |
| CVE-2025-4822 | sahici/CVE-2025-4822 | USOM Tarafından resmi yayın beklenmektedir. | 2025-05-16T13:18:32Z |
| CVE-2025-48129 | Nxploited/CVE-2025-48129 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light Plugin <= 2.4.37 is vulnerable to Privilege Escalation | 2025-06-09T01:31:11Z |
| CVE-2025-4784 | sahici/CVE-2025-4784 | USOM Tarafından resmi yayın beklenmektedir. | 2025-05-15T16:47:09Z |
| CVE-2025-47827 | Zedeldi/CVE-2025-47827 | PoC and vulnerability report for CVE-2025-47827. | 2025-05-20T10:42:11Z |
| CVE-2025-47812 | 0xcan1337/CVE-2025-47812-poC | Simple exploit for Wing FTP Server RCE (CVE-2025-47812) to run commands and get a reverse shell. For educational use only. | 2025-07-01T18:20:04Z |
| CVE-2025-47812 | 0xgh057r3c0n/CVE-2025-47812 | Wing FTP Server RCE via Lua Injection | 2025-07-02T21:51:39Z |
| CVE-2025-47812 | ill-deed/WingFTP-CVE-2025-47812-illdeed | Remote Command Execution exploit for Wing FTP Server (CVE-2025-47812) | 2025-07-04T16:22:22Z |
| CVE-2025-47812 | pevinkumar10/CVE-2025-47812 | Exploit for CVE-2025-47812 with custom psudo shell and robust error handling. | 2025-07-07T13:20:48Z |
| CVE-2025-47812 | 4m3rr0r/CVE-2025-47812-poc | Wing FTP Server Remote Code Execution (RCE) Exploit (CVE-2025-47812) | 2025-07-01T12:02:38Z |
| CVE-2025-47812 | rxerium/CVE-2025-47812 | Detection for CVE-2025-47812 | 2025-07-16T06:33:06Z |
| CVE-2025-47810 | ptrstr/CVE-2025-47810 | PunkBuster LPI to NT AUTHORITY\SYSTEM | 2025-02-15T21:18:39Z |
| CVE-2025-47646 | Nxploited/CVE-2025-47646 | WordPress PSW Front-end Login & Registration Plugin <= 1.12 is vulnerable to Broken Authentication | 2025-05-16T05:44:32Z |
| CVE-2025-47646 | RootHarpy/CVE-2025-47646 | PoC for CVE-2025-47646 - WordPress PSW Front-end Login Registration Plugin ≤ 1.12 Unauthenticated Privilege Escalation | 2025-05-20T10:07:42Z |
| CVE-2025-47577 | Yucaerin/CVE-2025-47577 | WordPress TI WooCommerce Wishlist Plugin <= 2.9.2 Arbitrary File Upload | 2025-05-30T18:55:14Z |
| CVE-2025-47577 | sug4r-wr41th/CVE-2025-47577 | TI WooCommerce Wishlist (WordPress plugin) <= 2.9.2 CVE-2025-47577 PoC | 2025-06-25T19:54:27Z |
| CVE-2025-47550 | d0n601/CVE-2025-47550 | Instantio - Wordpress Plugin <= 3.3.16 - Authenticated (Admin+) Arbitrary File Upload via ins_options_save | 2025-05-07T22:15:35Z |
| CVE-2025-47549 | d0n601/CVE-2025-47549 | Ultimate Before After Image Slider & Gallery – BEAF <= 4.6.10 - Authenticated (Admin+) Arbitrary File Upload via beaf_options_save | 2025-05-07T22:09:58Z |
| CVE-2025-47539 | Nxploited/CVE-2025-47539 | Eventin <= 4.0.26 - Missing Authorization to Unauthenticated Privilege Escalation | 2025-05-17T21:02:31Z |
| CVE-2025-47423 | Haluka92/CVE-2025-47423 | no description | 2025-05-07T04:44:38Z |
| CVE-2025-47256 | SexyShoelessGodofWar/CVE-2025-47256 | Stack overflow in LibXMP | 2025-05-05T12:55:07Z |
| CVE-2025-47226 | koyomihack00/CVE-2025-47226 | This CVE - PoC about information on the CVEs I found. | 2025-05-03T15:34:21Z |
| CVE-2025-47181 | encrypter15/CVE-2025-47181 | no description | 2025-05-23T17:46:57Z |
| CVE-2025-47175 | mbanyamer/mbanyamer-Microsoft-PowerPoint-Use-After-Free-Remote-Code-Execution-RCE | This repository contains a Proof of Concept (PoC) exploit for the CVE-2025-47175 vulnerability found in Microsoft PowerPoint. The vulnerability is a Use-After-Free (UAF) bug that allows an attacker to execute arbitrary code by tricking a user into opening a specially crafted PPTX file. | 2025-07-02T12:17:25Z |
| CVE-2025-4688 | sahici/CVE-2025-4688 | USOM Tarafından resmi yayın beklenmektedir. | 2025-05-15T16:46:44Z |
| CVE-2025-4686 | sahici/CVE-2025-4686 | USOM Tarafından resmi yayın beklenmektedir. | 2025-05-15T16:46:12Z |
| CVE-2025-46822 | d3sca/CVE-2025-46822 | Unauthenticated Arbitrary File Read via Absolute Path | 2025-05-23T10:26:34Z |
| CVE-2025-46816 | Guilhem7/CVE-2025-46816 | POC for exploit of goshs | 2025-06-04T17:58:58Z |
| CVE-2025-46731 | singetu0096/CVE-2025-46731 | no description | 2025-05-06T02:26:55Z |
| CVE-2025-46721 | justinas/nosurf-cve-2025-46721 | no description | 2025-04-30T13:53:32Z |
| CVE-2025-46701 | gregk4sec/CVE-2025-46701 | Tomcat CVE-2025-46701 PoC | 2025-04-29T00:47:12Z |
| CVE-2025-46657 | nov-1337/CVE-2025-46657 | no description | 2025-04-27T02:15:37Z |
| CVE-2025-4664 | Leviticus-Triage/ChromSploit-Framework | Advanced AI-Powered Exploitation Framework - CVE-2025-4664 & CVE-2025-2783 & CVE-2025-2857 & CVE-2025-30397 - | 2025-05-26T12:51:16Z |
| CVE-2025-4664 | speinador/CVE-2025-4664 | no description | 2025-05-25T19:34:26Z |
| CVE-2025-4664 | amalmurali47/cve-2025-4664 | PoC and Setup for CVE-2025-4664 | 2025-06-29T19:37:19Z |
| CVE-2025-4660 | NetSPI/CVE-2025-4660 | PoC for CVE-2025-4660 demonstrating exploitation of the Forescout SecureConnector on Windows | 2025-07-03T10:56:41Z |
| CVE-2025-4632 | MantisToboggan-git/CVE-2025-4632-POC | no description | 2025-06-04T16:14:54Z |
| CVE-2025-4631 | Nxploited/CVE-2025-4631 | Profitori 2.0.6.0 - 2.1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation | 2025-05-31T12:00:22Z |
| CVE-2025-46271 | 1Altruist/CVE-2025-46271-Reverse-Shell-PoC | no description | 2025-05-07T19:21:17Z |
| CVE-2025-46206 | Landw-hub/CVE-2025-46206 | no description | 2025-06-03T04:10:19Z |
| CVE-2025-46204 | spbavarva/CVE-2025-46204 | PoC of CVE-2025-46204 | 2025-05-29T19:34:43Z |
| CVE-2025-46203 | spbavarva/CVE-2025-46203 | PoC of CVE-2025-46203 | 2025-05-29T15:27:14Z |
| CVE-2025-46181 | shemkumar/CVE-2025-46181-XSS | no description | 2025-06-14T07:08:06Z |
| CVE-2025-46178 | SacX-7/CVE-2025-46178 | no description | 2025-06-06T13:47:35Z |
| CVE-2025-46173 | pruthuraut/CVE-2025-46173 | poc for the CVE-2025-46173 | 2025-05-26T06:41:52Z |
| CVE-2025-46171 | oiyl/CVE-2025-46171 | Writeup of a Denial of Service vulnerability in the vBulletin 3.8.7 friends list. | 2025-06-17T15:29:38Z |
| CVE-2025-46157 | morphine009/CVE-2025-46157 | no description | 2025-06-13T15:31:38Z |
| CVE-2025-46142 | AugustusSploits/CVE-2025-46142 | no description | 2025-06-06T17:13:13Z |
| CVE-2025-4611 | x6vrn/CVE-2025-4611-PoC | PoC for CVE-2025-4611 | 2025-05-23T07:19:31Z |
| CVE-2025-46080 | yggcwhat/CVE-2025-46080 | Details | 2025-04-16T08:29:18Z |
| CVE-2025-46078 | yggcwhat/CVE-2025-46078 | Vulnerability Description | 2025-04-15T13:01:32Z |
| CVE-2025-46047 | J0ey17/CVE-2025-46047 | PoC for Silverpeas <= 6.4.2 Username Enumeration | 2025-04-14T10:51:21Z |
| CVE-2025-46041 | binneko/CVE-2025-46041 | no description | 2025-06-08T11:35:33Z |
| CVE-2025-4603 | d0n601/CVE-2025-4603 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Deletion | 2025-05-12T19:34:30Z |
| CVE-2025-4602 | d0n601/CVE-2025-4602 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Read | 2025-05-12T19:33:41Z |
| CVE-2025-4601 | Yucaerin/CVE-2025-4601 | RH - Real Estate WordPress Theme <= 4.4.0 - Authenticated (Subscriber+) Privilege Escalation | 2025-06-10T17:58:05Z |
| CVE-2025-45960 | pracharapol/CVE-2025-45960 | no description | 2025-06-23T00:20:43Z |
| CVE-2025-45781 | ahmetumitbayram/CVE-2025-45781-Kemal-Framework-Path-Traversal-Vulnerability-PoC | Path Traversal Vulnerability on Kemal Framework 1.6.0 | 2025-04-04T12:29:23Z |
| CVE-2025-4578 | RandomRobbieBF/CVE-2025-4578 | File Provider <= 1.2.3 - Unauthenticated SQL Injection | 2025-07-10T11:28:21Z |
| CVE-2025-45778 | Smarttfoxx/CVE-2025-45778 | A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary javascript or HTML code via injecting a crafted payload into the "Description" text field when creating a new project. | 2025-07-11T02:15:43Z |
| CVE-2025-45710 | partywavesec/CVE-2025-45710 | CVE-2025-45710 | 2025-06-23T15:16:57Z |
| CVE-2025-45620 | weedl/CVE-2025-45620 | no description | 2025-06-17T13:58:43Z |
| CVE-2025-45619 | weedl/CVE-2025-45619 | CVE proof of concept regarding the CVE-2025-45619 vulnerabillity. | 2025-06-17T13:40:48Z |
| CVE-2025-45467 | zgsnj123/CVE-2025-45467 | no description | 2025-06-24T06:58:40Z |
| CVE-2025-45466 | zgsnj123/CVE-2025-45466 | It is the details of CVE-2025-45466 | 2025-06-24T06:12:49Z |
| CVE-2025-45407 | yallasec/CVE-2025-45407 | CVE-2025-45407: Multiple XSS Vulnerabilities in DiscoveryNG v6.0.8 Hotfix 2 Discovered by: YallaSec Security Research Team CVE ID: CVE-2025-45407 Date Published: July 2025 | 2025-07-03T10:44:34Z |
| CVE-2025-45250 | xp3s/CVE-2025-45250 | CVE-2025-45250 POC | 2025-05-06T14:22:11Z |
| CVE-2025-45250 | Anike-x/CVE-2025-45250 | no description | 2025-05-07T14:17:31Z |
| CVE-2025-4524 | ptrstr/CVE-2025-4524 | CVE-2025-4524 - Unauthenticated madara-core Wordpress theme LFI | 2025-05-05T03:28:17Z |
| CVE-2025-44998 | l8BL/CVE-2025-44998 | TinyFileManger XSS Vulnerability | 2025-05-23T06:40:16Z |
| CVE-2025-44608 | mr-xmen786/CVE-2025-44608 | CVE-2025-44608 | 2025-06-25T17:29:27Z |
| CVE-2025-44603 | Moulish2004/CVE-2025-44603-CSRF-Leads_to_Create_FakeUsers | CSRF can create fake users by tricking an authenticated user into submitting a malicious request. The web app trusts the session, allowing unauthorized account creation, leading to privilege escalation or spam. Mitigation includes CSRF tokens, Same Site cookies, and authentication checks like CAPTCHAs. | 2025-02-28T06:31:12Z |
| CVE-2025-4428 | xie-22/CVE-2025-4428 | Ivanti EPMM Pre-Auth RCE Chain | 2025-05-16T00:42:08Z |
| CVE-2025-4427 | watchtowrlabs/watchTowr-vs-Ivanti-EPMM-CVE-2025-4427-CVE-2025-4428 | no description | 2025-05-15T13:59:39Z |
| CVE-2025-44203 | IvanT7D3/CVE-2025-44203 | CVE-2025-44203 - HotelDruid 3.0.0/3.0.7 - Sensitive Information Disclosure, DoS | 2025-06-18T18:22:49Z |
| CVE-2025-44148 | barisbaydur/CVE-2025-44148 | A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary JavaScript code via a crafted URL, which is then reflected in the server's response and executed in the context of the user's browser session. | 2025-06-02T17:02:06Z |
| CVE-2025-44137 | mheranco/CVE-2025-44137 | no description | 2025-07-14T10:10:37Z |
| CVE-2025-44136 | mheranco/CVE-2025-44136 | no description | 2025-07-14T09:53:04Z |
| CVE-2025-44108 | harish0x/CVE-2025-44108-SXSS | no description | 2025-05-22T05:10:00Z |
| CVE-2025-44039 | Yashodhanvivek/CP-XR-DE21-S--4G-Router-Vulnerabilities | This report is for CVE-2025-44039 reserved for Router UART vulnerability assigned to Discoverer Yashodhan Vivek Mandke. Please download the report pdf in this repositoy | 2025-05-02T21:20:47Z |
| CVE-2025-4403 | Yucaerin/CVE-2025-4403 | Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function | 2025-05-10T16:10:37Z |
| CVE-2025-4403 | B1ack4sh/Blackash-CVE-2025-4403 | CVE-2025-4403 | 2025-07-06T10:17:33Z |
| CVE-2025-43929 | 0xBenCantCode/CVE-2025-43929 | High severity vulnerability in KiTTY allowing for local executables to be ran without user confirmation under certain circumstances. | 2025-04-20T03:19:51Z |
| CVE-2025-43921 | 0NYX-MY7H/CVE-2025-43921 | no description | 2025-04-20T15:36:06Z |
| CVE-2025-43920 | 0NYX-MY7H/CVE-2025-43920 | no description | 2025-04-20T15:35:10Z |
| CVE-2025-43919 | 0NYX-MY7H/CVE-2025-43919 | no description | 2025-04-20T15:33:56Z |
| CVE-2025-43919 | cybersecplayground/CVE-2025-43919-POC | A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw. | 2025-04-22T04:55:42Z |
| CVE-2025-4389 | Yucaerin/CVE-2025-4389 | Crawlomatic Multipage Scraper Post Generator <= 2.6.8.1 - Unauthenticated Arbitrary File Upload | 2025-05-26T19:33:31Z |
| CVE-2025-43865 | pouriam23/Pre-render-data-spoofing-on-React-Router-framework-mode-CVE-2025-43865 | no description | 2025-04-27T11:30:16Z |
| CVE-2025-43864 | pouriam23/DoS-via-cache-poisoning-by-forcing-SPA-mode-CVE-2025-43864- | no description | 2025-04-27T10:02:15Z |
| CVE-2025-4336 | d0n601/CVE-2025-4336 | eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file Task | 2025-05-05T19:16:57Z |
| CVE-2025-4334 | Nxploited/CVE-2025-4334 | Simple User Registration <= 6.3 - Unauthenticated Privilege Escalation | 2025-06-26T11:43:30Z |
| CVE-2025-4322 | IndominusRexes/CVE-2025-4322-Exploit | no description | 2025-05-20T08:49:27Z |
| CVE-2025-4322 | Yucaerin/CVE-2025-4322 | Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover | 2025-05-22T15:12:25Z |
| CVE-2025-4322 | B1ack4sh/Blackash-CVE-2025-4322 | CVE-2025-4322 – Unauthenticated Privilege Escalation via Password Update "Account Takeover" 🔥 | 2025-06-23T21:08:48Z |
| CVE-2025-4275 | NikolajSchlej/Hydroph0bia | Binaries, drivers, PoCs and other stuff on Hydroph0bia vulnerability (CVE-2025-4275) | 2025-06-10T11:24:13Z |
| CVE-2025-4190 | Nxploited/CVE-2025-4190 | CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload | 2025-05-07T10:56:03Z |
| CVE-2025-4190 | GadaLuBau1337/CVE-2025-4190 | no description | 2025-05-15T15:51:15Z |
| CVE-2025-4172026 | NotItsSixtyN3in/CVE-2025-4172026 | no description | 2025-04-17T15:25:31Z |
| CVE-2025-4172025 | NotItsSixtyN3in/CVE-2025-4172025 | no description | 2025-04-17T15:36:50Z |
| CVE-2025-41646 | GreenForceNetwork/CVE-2025-41646---Critical-Authentication-Bypass- | CVE-2025-41646 - Critical Authentication bypass | 2025-07-04T07:31:34Z |
| CVE-2025-4162030 | NotItsSixtyN3in/CVE-2025-4162030 | no description | 2025-04-16T20:41:14Z |
| CVE-2025-4162029 | NotItsSixtyN3in/CVE-2025-4162029 | no description | 2025-04-16T20:39:56Z |
| CVE-2025-4162028 | NotItsSixtyN3in/CVE-2025-4162028 | no description | 2025-04-16T20:39:14Z |
| CVE-2025-4162027 | NotItsSixtyN3in/CVE-2025-4162027 | no description | 2025-04-16T20:38:29Z |
| CVE-2025-4162026 | NotItsSixtyN3in/CVE-2025-4162026 | no description | 2025-04-16T20:37:48Z |
| CVE-2025-4162025 | NotItsSixtyN3in/CVE-2025-4162025 | no description | 2025-04-16T20:32:52Z |
| CVE-2025-4123 | NightBloodz/CVE-2025-4123 | Script to exploit Grafana CVE-2025-4123: XSS and Full-Read SSRF | 2025-05-22T15:34:03Z |
| CVE-2025-4123 | kk12-30/CVE-2025-4123 | CVE-2025-4123 | 2025-05-23T13:33:10Z |
| CVE-2025-4123 | imbas007/CVE-2025-4123-template | no description | 2025-06-03T06:24:32Z |
| CVE-2025-4123 | ynsmroztas/CVE-2025-4123-Exploit-Tool-Grafana- | CVE-2025-4123 - Grafana Tool | 2025-06-04T12:42:01Z |
| CVE-2025-4123 | B1ack4sh/Blackash-CVE-2025-4123 | CVE-2025-4123 | 2025-06-06T20:24:49Z |
| CVE-2025-4123 | DesDoTvl/CVE-2025-4123grafana | Escaner para encontrar vulnerabilidad CVE-2025-4123 grafana | 2025-06-17T11:35:48Z |
| CVE-2025-4123 | punitdarji/Grafana-cve-2025-4123 | no description | 2025-06-21T14:36:30Z |
| CVE-2025-4102025 | ImTheCopilotNow/CVE-2025-4102025 | no description | 2025-04-10T23:16:19Z |
| CVE-2025-4094 | starawneh/CVE-2025-4094 | CVE-2025-4094 – WordPress Digits Plugin < 8.4.6.1 - OTP Authentication Bypass | 2025-05-15T04:27:04Z |
| CVE-2025-4094 | POCPioneer/CVE-2025-4094-POC | WordPress Plugin Digits < 8.4.6.1 - OTP Auth Bypass via Bruteforce (CVE-2025-4094) | 2025-05-15T13:13:03Z |
| CVE-2025-40775 | AlexSvobo/nhi-zero-trust-bypass | Demonstrates a real-world zero-trust bypass by exploiting BIND CVE-2025-40775 to disrupt DNS, break secret rotation, and expose static credentials in a cloud-native lab. | 2025-05-23T00:41:43Z |
| CVE-2025-40634 | hacefresko/CVE-2025-40634 | Exploit for stack-based buffer overflow found in the conn-indicator binary in the TP-Link Archer AX50 router | 2025-05-20T17:54:36Z |
| CVE-2025-3969 | Stuub/CVE-2025-3969-Exploit | CVE-2025-3969: Exploit PoC (OS CMD injection, Web Shell, Interactive Shell) | 2025-05-05T09:39:12Z |
| CVE-2025-39601 | Nxploited/CVE-2025-39601 | WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability | 2025-04-16T14:52:41Z |
| CVE-2025-39538 | Nxploited/CVE-2025-39538 | WordPress WP-Advanced-Search <= 3.3.9.3 - Arbitrary File Upload Vulnerability | 2025-04-30T17:28:33Z |
| CVE-2025-39507 | TheCyberFairy/cve-lfi-lab | A hands on lab investigating CVE-2025-39507 from a Tier 1 SOC analyst perspective. Includes log review in Microsoft Sentinel, IP analysis, real world screenshots, and a simple breakdown of a local file inclusion vulnerability in a WordPress plugin. | 2025-06-09T19:28:29Z |
| CVE-2025-39436 | Nxploited/CVE-2025-39436 | WordPress I Draw Plugin <= 1.0 is vulnerable to Arbitrary File Upload | 2025-04-19T19:56:51Z |
| CVE-2025-3914 | LvL23HT/PoC-CVE-2025-3914-Aeropage-WordPress-File-Upload | CVE-2025-3914-PoC - The Aeropage Sync for Airtable WordPress plugin (≤ v3.2.0) is vulnerable to authenticated arbitrary file uploads due to insufficient file type validation in the aeropage_media_downloader function. | 2025-04-27T15:03:57Z |
| CVE-2025-3855 | L4zyFox/RISE-Ultimate_Project_Manager_e_CRM | CVE-2025-3855 - RISE Ultimate Project Manager - IDOR | 2025-04-11T19:25:35Z |
| CVE-2025-38089 | keymaker-arch/NFSundown | PoC for CVE-2025-38089 | 2025-07-02T08:40:57Z |
| CVE-2025-38001 | 0xdevil/CVE-2025-38001 | CVE-2025-38001: Linux HFSC Eltree Use-After-Free - Debian 12 PoC | 2025-07-11T18:34:08Z |
| CVE-2025-37899 | SeanHeelan/o3_finds_cve-2025-37899 | Artefacts for blog post on finding CVE-2025-37899 with o3 | 2025-05-22T10:36:18Z |
| CVE-2025-37899 | vett3x/SMB-LINUX-CVE-2025-37899 | no description | 2025-06-09T09:01:57Z |
| CVE-2025-3776 | Nxploited/CVE-2025-3776 | WordPress Verification SMS with TargetSMS Plugin <= 1.5 is vulnerable to Remote Code Execution (RCE) | 2025-04-24T01:19:01Z |
| CVE-2025-3605 | Nxploited/CVE-2025-3605 | WordPress Frontend Login and Registration Blocks Plugin <= 1.0.7 is vulnerable to Privilege Escalation | 2025-05-09T21:45:31Z |
| CVE-2025-3605 | GadaLuBau1337/CVE-2025-3605 | no description | 2025-05-15T16:08:46Z |
| CVE-2025-36041 | byteReaper77/CVE-2025-36041 | Exploit (C) of the CVE-2025-36041 vulnerability in IBM MQ | 2025-06-19T22:44:04Z |
| CVE-2025-3604 | Nxploited/CVE-2025-3604 | Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover | 2025-05-06T01:48:53Z |
| CVE-2025-3568 | shellkraft/CVE-2025-3568 | A security vulnerability has been identified in Krayin CRM <=2.1.0 that allows a low-privileged user to escalate privileges by tricking an admin into opening a malicious SVG file. | 2025-04-17T12:08:52Z |
| CVE-2025-3515 | Professor6T9/CVE-2025-3515 | CVE‑2025‑3515 — Drag and Drop Multiple File Upload for Contact Form 7 | 2025-06-22T21:00:10Z |
| CVE-2025-3419 | Yucaerin/CVE-2025-3419 | The Eventin plugin (<= 4.0.26) for WordPress contains an unauthenticated arbitrary file read vulnerability | 2025-06-05T18:44:28Z |
| CVE-2025-34085 | MrjHaxcore/CVE-2025-34085 | Simple File List – Unauthenticated RCE Exploit (CVE-2025-34085) | 2025-07-10T01:09:39Z |
| CVE-2025-34085 | ill-deed/CVE-2025-34085-Multi-target | Multi-target unauthenticated RCE scanner for CVE-2025-34085 affecting WordPress Simple File List plugin. Uploads, renames, and triggers PHP webshells across large target sets. | 2025-07-13T01:27:49Z |
| CVE-2025-34077 | MrjHaxcore/CVE-2025-34077 | WordPress Pie Register ≤ 3.7.1.4 - Admin Privilege Escalation (Unauthenticated) | 2025-07-09T22:37:15Z |
| CVE-2025-34028 | tinkerlev/commvault-cve2025-34028-check | Commvault CVE-2025-34028 endpoint scanner using Nmap NSE. For ethical testing and configuration validation. | 2025-04-24T16:30:11Z |
| CVE-2025-34028 | watchtowrlabs/watchTowr-vs-Commvault-PreAuth-RCE-CVE-2025-34028 | no description | 2025-04-17T08:16:58Z |
| CVE-2025-34028 | becrevex/Commvault-CVE-2025-34028 | Commvault Remote Code Execution (CVE-2025-34028) NSE | 2025-05-06T06:16:13Z |
| CVE-2025-34028 | Mattb709/CVE-2025-34028-PoC-Commvault-RCE | Proof-of-Concept (PoC) for CVE-2025-34028, a Remote Code Execution vulnerability in Commvault Command Center. This Python script scans single or multiple targets, executes commands, and reports vulnerable hosts. | 2025-05-06T16:44:41Z |
| CVE-2025-33073 | mverschu/CVE-2025-33073 | PoC Exploit for the NTLM reflection SMB flaw. | 2025-06-13T12:15:14Z |
| CVE-2025-33073 | obscura-cert/CVE-2025-33073 | no description | 2025-06-28T18:17:28Z |
| CVE-2025-33053 | DevBuiHieu/CVE-2025-33053-Proof-Of-Concept | CVE-2025-33053 Proof Of Concept (PoC) | 2025-06-12T06:48:55Z |
| CVE-2025-33053 | TheTorjanCaptain/CVE-2025-33053-Checker-PoC | CVE-2025-33053 Checker and PoC | 2025-06-18T10:08:45Z |
| CVE-2025-33053 | kra1t0/CVE-2025-33053-WebDAV-RCE-PoC-and-C2-Concept | Proof-of-Concept for CVE-2025-33053 Exploiting WebDAV with .url file delivery to demonstrate realistic remote code execution. Includes a decoy PDF payload and a video-only showcase of potential command-and-control capabilities. | 2025-06-18T19:39:41Z |
| CVE-2025-32965 | yusufdalbudak/CVE-2025-32965-xrpl-js-poc | CVE Kodu: CVE-2025-32965 Zafiyet Türü: Supply Chain Attack (CWE-506: Embedded Malicious Code) Hedef: xrpl.js kütüphanesinin 4.2.1–4.2.4 ve 2.14.2 versiyonları Etki: Kullanıcının cüzdan seed/secret verisinin saldırgana gönderilmesi | 2025-04-23T09:26:08Z |
| CVE-2025-3292029 | itssixtyn3in/CVE-2025-3292029 | no description | 2025-03-30T03:38:08Z |
| CVE-2025-3292028 | itssixtyn3in/CVE-2025-3292028 | no description | 2025-03-30T02:25:15Z |
| CVE-2025-3292027 | itssixtyn3in/CVE-2025-3292027 | no description | 2025-03-30T02:23:43Z |
| CVE-2025-3292026 | itssixtyn3in/CVE-2025-3292026 | no description | 2025-03-29T21:14:02Z |
| CVE-2025-3292025 | itssixtyn3in/CVE-2025-3292025 | no description | 2025-03-29T17:26:31Z |
| CVE-2025-32873 | Apollo-R3bot/django-vulnerability-CVE-2025-32873 | Django Security Issue (CVE-2025-32873) | 2025-06-03T09:16:38Z |
| CVE-2025-3282025 | itssixtyn3in/CVE-2025-3282025 | no description | 2025-03-28T04:28:22Z |
| CVE-2025-32756 | exfil0/CVE-2025-32756-POC | Designed for Demonstration of Deep Exploitation. | 2025-05-18T09:46:15Z |
| CVE-2025-32756 | alm6no5/CVE-2025-32756-POC | no description | 2025-06-09T11:45:35Z |
| CVE-2025-32756 | B1ack4sh/Blackash-CVE-2025-32756 | CVE-2025-32756-POC | 2025-06-08T11:09:16Z |
| CVE-2025-32756 | becrevex/CVE-2025-32756 | CVE-2025-32756: NSE Scanning for RCE in vulnerable FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera nodes | 2025-06-09T20:52:49Z |
| CVE-2025-32756 | kn0x0x/CVE-2025-32756-POC | Proof of Concept for CVE-2025-32756 - A critical stack-based buffer overflow vulnerability affecting multiple Fortinet products. | 2025-06-05T14:16:31Z |
| CVE-2025-3272025 | itssixtyn3in/CVE-2025-3272025 | no description | 2025-03-28T04:18:11Z |
| CVE-2025-32711 | daryllundy/cve-2025-32711 | no description | 2025-06-27T22:18:36Z |
| CVE-2025-32710 | Sincan2/RCE-CVE-2025-32710 | Windows Remote Desktop Services Vulnerability Allows Remote Code Execution | 2025-06-18T06:31:36Z |
| CVE-2025-32682 | Nxploited/CVE-2025-32682 | WordPress MapSVG Lite Plugin <= 8.5.34 is vulnerable to Arbitrary File Upload | 2025-04-18T10:18:44Z |
| CVE-2025-32641 | Nxploited/CVE-2025-32641 | Anant Addons for Elementor <= 1.1.5 CSRF to Arbitrary Plugin Installation vulnerability | 2025-04-11T11:03:44Z |
| CVE-2025-32583 | Nxploited/CVE-2025-32583 | WordPress PDF 2 Post Plugin <= 2.4.0 is vulnerable to Remote Code Execution (RCE) +Subscriber | 2025-05-10T21:21:08Z |
| CVE-2025-32583 | GadaLuBau1337/CVE-2025-32583 | no description | 2025-05-16T11:21:27Z |
| CVE-2025-32579 | Nxploited/CVE-2025-32579 | WordPress Sync Posts Plugin <= 1.0 is vulnerable to Arbitrary File Upload | 2025-04-14T15:11:32Z |
| CVE-2025-3248 | xuemian168/CVE-2025-3248 | A vulnerability scanner for CVE-2025-3248 in Langflow applications. 用于扫描 Langflow 应用中 CVE-2025-3248 漏洞的工具。 | 2025-04-10T11:45:57Z |
| CVE-2025-3248 | PuddinCat/CVE-2025-3248-POC | POC of CVE-2025-3248, RCE of LangFlow | 2025-04-10T14:04:29Z |
| CVE-2025-3248 | verylazytech/CVE-2025-3248 | no description | 2025-04-16T14:00:02Z |
| CVE-2025-3248 | Praison001/CVE-2025-3248 | Scanner and exploit for CVE-2025-3248 | 2025-05-05T18:10:44Z |
| CVE-2025-3248 | vigilante-1337/CVE-2025-3248 | CVE-2025-3248: A critical flaw has been discovered in Langflow that allows malicious actors to execute arbitrary Python code on the target system. This can lead to full remote code execution without authentication, potentially giving attackers control over the server. | 2025-05-13T16:08:37Z |
| CVE-2025-3248 | Vip3rLi0n/CVE-2025-3248 | Perform Remote Code Execution using vulnerable API endpoint. | 2025-05-27T03:01:16Z |
| CVE-2025-3248 | tiemio/RCE-CVE-2025-3248 | This Python script exploits CVE-2025-3248 to execute arbitrary commands or spawn a reverse shell on a vulnerable system. Authentication is required to use this exploit. | 2025-05-31T22:25:35Z |
| CVE-2025-3248 | ynsmroztas/CVE-2025-3248-Langflow-RCE | CVE-2025-3248 Langflow RCE Exploit | 2025-06-17T09:06:20Z |
| CVE-2025-3248 | 0xgh057r3c0n/CVE-2025-3248 | Exploit for Langflow AI Remote Code Execution (Unauthenticated) | 2025-06-18T19:27:52Z |
| CVE-2025-3248 | imbas007/CVE-2025-3248 | no description | 2025-06-18T03:42:57Z |
| CVE-2025-3248 | zapstiko/CVE-2025-3248 | CVE-2025-3248 — Langflow RCE Exploit | 2025-06-19T06:30:29Z |
| CVE-2025-3248 | dennisec/Mass-CVE-2025-3248 | Mass-CVE-2025-3248 | 2025-06-23T09:36:39Z |
| CVE-2025-3248 | dennisec/CVE-2025-3248 | CVE-2025-3248 | 2025-06-23T09:30:48Z |
| CVE-2025-3248 | 0-d3y/langflow-rce-exploit | Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ] | 2025-06-23T01:23:09Z |
| CVE-2025-3248 | B1ack4sh/Blackash-CVE-2025-3248 | CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage | 2025-06-22T15:49:32Z |
| CVE-2025-3248 | issamjr/CVE-2025-3248-Scanner | Powerful unauthenticated RCE scanner for CVE-2025-3248 affecting Langflow < 1.3.0 | 2025-06-22T16:30:27Z |
| CVE-2025-3248 | ill-deed/Langflow-CVE-2025-3248-Multi-target | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | 2025-06-25T03:40:58Z |
| CVE-2025-3248 | r0otk3r/CVE-2025-3248 | no description | 2025-07-06T01:49:50Z |
| CVE-2025-32463 | 4f-kira/CVE-2025-32463 | no description | 2025-07-01T13:29:02Z |
| CVE-2025-32463 | neko205-mx/CVE-2025-32463_Exploit | no description | 2025-07-02T08:53:44Z |
| CVE-2025-32463 | kh4sh3i/CVE-2025-32463 | Local Privilege Escalation to Root via Sudo chroot in Linux | 2025-07-02T07:20:20Z |
| CVE-2025-32463 | SysMancer/CVE-2025-32463 | no description | 2025-07-02T01:57:33Z |
| CVE-2025-32463 | Adonijah01/cve-2025-32463-lab | no description | 2025-07-01T23:41:25Z |
| CVE-2025-32463 | K1tt3h/CVE-2025-32463-POC | CVE-2025-32463 Proof of concept | 2025-07-01T13:48:05Z |
| CVE-2025-32463 | Mikivirus0/sudoinjection | Sudo Local Privilege Escalation CVE-2025-32463 (Best For Cases Where the shell is not stable to spawn a new root shell) | 2025-07-03T04:24:54Z |
| CVE-2025-32463 | robbert1978/CVE-2025-32463_POC | no description | 2025-07-02T18:26:29Z |
| CVE-2025-32463 | zhaduchanhzz/CVE-2025-32463_POC | no description | 2025-07-02T14:29:49Z |
| CVE-2025-32463 | CIA911/sudo_patch_CVE-2025-32463 | Mr.CIA's manual patching guide for CVE-2025-32463 (Sudo local privilege escalation) on Kali Linux and Ubuntu WSL. | 2025-07-03T19:04:11Z |
| CVE-2025-32463 | san8383/CVE-2025-32463 | no description | 2025-07-03T11:55:29Z |
| CVE-2025-32463 | 0xAkarii/CVE-2025-32463 | no description | 2025-07-03T11:58:12Z |
| CVE-2025-32463 | junxian428/CVE-2025-32463 | Linux distributions: Affects Ubuntu, Debian, Fedora, CentOS, SUSE, Amazon Linux, and others shipping sudo v1.9.14–1.9.17 | 2025-07-05T15:55:49Z |
| CVE-2025-32463 | B1ack4sh/Blackash-CVE-2025-32463 | CVE-2025-32463 | 2025-07-04T22:28:47Z |
| CVE-2025-32463 | pevinkumar10/CVE-2025-32463 | Exploit for Local Privilege Escalation in Sudo via Malicious nsswitch.conf with sudo -R. (CVE-2025-32463) | 2025-07-02T11:47:58Z |
| CVE-2025-32463 | ill-deed/CVE-2025-32463_illdeed | Privilege escalation exploit for CVE-2025-32463 using a malicious NSS module injected via sudo -R. This version creates a stealth payload called illdeed, granting root access through a controlled chroot environment. | 2025-07-04T13:02:46Z |
| CVE-2025-32463 | nflatrea/CVE-2025-32463 | Sudo chroot privileged escalation PoC | 2025-07-03T10:31:44Z |
| CVE-2025-32463 | K3ysTr0K3R/CVE-2025-32463-EXPLOIT | A PoC exploit for CVE-2025-32463 - Sudo Privilege Escalation | 2025-07-06T21:15:17Z |
| CVE-2025-32463 | Chocapikk/CVE-2025-32463-lab | no description | 2025-07-06T12:32:09Z |
| CVE-2025-32463 | cyberpoul/CVE-2025-32463-POC | 🛡️ Proof of Concept (PoC) for CVE-2025-32463 — Local privilege escalation in sudo (versions 1.9.14 to 1.9.17). This exploit abuses the --chroot option and a malicious nsswitch.conf to execute arbitrary code as root. |
2025-07-04T19:49:59Z |
| CVE-2025-32463 | FreeDurok/CVE-2025-32463-PoC | Proof of Concept for CVE-2025-32463 Local privilege escalation exploit targeting sudo -R on vulnerable Linux systems. For educational and authorized security testing only. | 2025-07-06T09:45:40Z |
| CVE-2025-32463 | mirchr/CVE-2025-32463-sudo-chwoot | PoC for CVE-2025-32463 - Sudo chroot Elevation of Privilege Vulnerability | 2025-07-03T20:40:10Z |
| CVE-2025-32463 | abrewer251/CVE-2025-32463_Sudo_PoC | PoC for CVE-2025-32463: Local privilege escalation in sudo via --chroot. Exploits NSS module injection through crafted chroot environments. Designed for security researchers and lab-only environments. | 2025-07-08T18:05:30Z |
| CVE-2025-32463 | lowercasenumbers/CVE-2025-32463_sudo_chroot | no description | 2025-07-08T13:26:01Z |
| CVE-2025-32463 | 0xb0rn3/CVE-2025-32463-EXPLOIT | no description | 2025-07-09T19:10:50Z |
| CVE-2025-32463 | SpongeBob-369/cve-2025-32463 | # cve-2025-32463 - Local Privilege Escalation to Root via Sudo chroot in Linux | 2025-07-08T12:16:25Z |
| CVE-2025-32463 | morgenm/sudo-chroot-CVE-2025-32463 | Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) | 2025-07-11T15:51:21Z |
| CVE-2025-32463 | pr0v3rbs/CVE-2025-32463_chwoot | Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463 | 2025-07-01T11:26:15Z |
| CVE-2025-32463 | zinzloun/CVE-2025-32463 | # CVE-2025-32463 – Sudo EoP Exploit (PoC) with precompiled .so | 2025-07-04T13:13:31Z |
| CVE-2025-32463 | dbarquero/cve-2025-32463-lab | Educational Docker lab to simulate privilege escalation via CVE-2025-32463 | 2025-07-14T23:16:18Z |
| CVE-2025-32463 | MohamedKarrab/CVE-2025-32463 | Privilege escalation to root using sudo chroot, NO NEED for gcc installed. | 2025-07-14T23:07:56Z |
| CVE-2025-32463 | Floodnut/CVE-2025-32463 | no description | 2025-07-16T16:55:44Z |
| CVE-2025-32463 | krypton-0x00/CVE-2025-32463-Chwoot-POC | no description | 2025-07-16T11:21:12Z |
| CVE-2025-32462 | Hacksparo/CVE-2025-32462 | POC script for CVE-2025-32462 a vulnerability in sudo | 2025-07-01T16:23:11Z |
| CVE-2025-32462 | cybersentinelx1/CVE-2025-32462-Exploit | CVE-2025-32462 Exploit | 2025-07-03T15:53:18Z |
| CVE-2025-32462 | CryingN/CVE-2025-32462 | A easy sudo poc by cryingn. | 2025-07-03T07:59:37Z |
| CVE-2025-32462 | mylovem313/CVE-2025-32462 | CVE-2025-32462 exploit code | 2025-07-03T22:34:04Z |
| CVE-2025-32462 | MAAYTHM/CVE-2025-32462_32463-Lab | Docker PoC for CVE-2025-32462 & CVE-2025-32463 (sudo), based on Stratascale CRU research. | 2025-07-07T11:04:29Z |
| CVE-2025-32462 | cyberpoul/CVE-2025-32462-POC | 🔓 Local privilege escalation PoC for CVE-2025-32462 (sudo -h bypass) – gain root via misconfigured sudoers | 2025-07-04T20:04:34Z |
| CVE-2025-32462 | SpongeBob-369/cve-2025-32462 | cve-2025-32462' demo | 2025-07-05T08:58:30Z |
| CVE-2025-32462 | toohau/CVE-2025-32462-32463-Detection-Script- | Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros | 2025-07-11T07:47:13Z |
| CVE-2025-32433 | Epivalent/CVE-2025-32433-detection | no description | 2025-04-18T09:56:23Z |
| CVE-2025-32433 | LemieOne/CVE-2025-32433 | Missing Authentication for Critical Function (CWE-306)-Exploit | 2025-04-18T10:53:19Z |
| CVE-2025-32433 | ekomsSavior/POC_CVE-2025-32433 | no description | 2025-04-18T02:32:41Z |
| CVE-2025-32433 | ProDefense/CVE-2025-32433 | CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 | 2025-04-18T00:35:11Z |
| CVE-2025-32433 | m0usem0use/erl_mouse | python script to find vulnerable targets of CVE-2025-32433 | 2025-04-18T20:59:45Z |
| CVE-2025-32433 | 0xPThree/cve-2025-32433 | no description | 2025-04-19T15:13:24Z |
| CVE-2025-32433 | darses/CVE-2025-32433 | Security research on Erlang/OTP SSH CVE-2025-32433. | 2025-04-18T10:30:52Z |
| CVE-2025-32433 | teamtopkarl/CVE-2025-32433 | Erlang/OTP SSH 远程代码执行漏洞 | 2025-04-18T15:06:12Z |
| CVE-2025-32433 | omer-efe-curkus/CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC | The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. | 2025-04-18T21:11:44Z |
| CVE-2025-32433 | meloppeitreet/CVE-2025-32433-Remote-Shell | Go-based exploit for CVE-2025-32433 | 2025-04-19T18:32:34Z |
| CVE-2025-32433 | 0x7556/CVE-2025-32433 | CVE-2025-32433 Erlang/OTP SSH RCE Exploit SSH远程代码执行漏洞EXP | 2025-04-25T15:31:21Z |
| CVE-2025-32433 | tobiasGuta/Erlang-OTP-CVE-2025-32433 | This Python script exploits the CVE-2025-32433 vulnerability in certain versions of the Erlang SSH daemon. | 2025-04-23T20:12:50Z |
| CVE-2025-32433 | MrDreamReal/CVE-2025-32433 | CVE-2025-32433 Summary and Attack Overview | 2025-04-27T02:18:55Z |
| CVE-2025-32433 | Know56/CVE-2025-32433 | CVE-2025-32433 is a vuln of ssh | 2025-04-28T20:04:49Z |
| CVE-2025-32433 | C9b3rD3vi1/Erlang-OTP-SSH-CVE-2025-32433 | Exploit Erlang/OTP SSH CVE-2025-32433 in a lab setup. | 2025-04-29T21:15:30Z |
| CVE-2025-32433 | bilalz5-github/Erlang-OTP-SSH-CVE-2025-32433 | CVE-2025-32433 – Erlang/OTP SSH vulnerability allowing pre-auth RCE | 2025-05-02T02:06:58Z |
| CVE-2025-32433 | vigilante-1337/CVE-2025-32433 | A critical flaw has been discovered in Erlang/OTP's SSH server allows unauthenticated attackers to gain remote code execution. One malformed SSH handshake bypasses authentication and exploits improper handling of SSH protocol messages. | 2025-05-03T13:32:34Z |
| CVE-2025-32433 | exa-offsec/ssh_erlangotp_rce | Exploitation module for CVE-2025-32433 (Erlang/OTP) | 2025-04-18T21:07:07Z |
| CVE-2025-32433 | becrevex/CVE-2025-32433 | Erlang OTP SSH NSE Discovery Script | 2025-04-25T15:57:40Z |
| CVE-2025-32433 | abrewer251/CVE-2025-32433_Erlang-OTP_PoC | This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers | 2025-04-29T19:02:15Z |
| CVE-2025-32433 | ODST-Forge/CVE-2025-32433_PoC | This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers | 2025-04-29T21:06:37Z |
| CVE-2025-32433 | ps-interactive/lab_CVE-2025-32433 | CVE lab to accompany CVE course for CVE-2025-32433 | 2025-04-24T13:22:06Z |
| CVE-2025-32433 | Yuri08loveElaina/CVE_2025_32433_exploit | Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling | 2025-06-15T12:56:59Z |
| CVE-2025-32433 | Yuri08loveElaina/CVE-2025-32433-Erlang-OTP-SSH-Pre-Auth-RCE-exploit | Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling | 2025-06-15T12:42:24Z |
| CVE-2025-32433 | B1ack4sh/Blackash-CVE-2025-32433 | CVE-2025-32433 Erlang SSH Library Exploit 🛑 | 2025-06-09T10:04:13Z |
| CVE-2025-32432 | Sachinart/CVE-2025-32432 | This repository contains a proof-of-concept exploit script for CVE-2025-32432, a pre-authentication Remote Code Execution (RCE) vulnerability affecting CraftCMS versions 4.x and 5.x. The vulnerability exists in the asset transform generation feature of CraftCMS. | 2025-04-27T08:50:52Z |
| CVE-2025-32432 | Chocapikk/CVE-2025-32432 | CraftCMS RCE Checker (CVE-2025-32432) | 2025-04-26T23:33:58Z |
| CVE-2025-32432 | CTY-Research-1/CVE-2025-32432-PoC | no description | 2025-06-01T15:19:08Z |
| CVE-2025-32432 | B1ack4sh/Blackash-CVE-2025-32432 | CVE-2025-32432 | 2025-07-16T09:23:42Z |
| CVE-2025-3243 | TeneBrae93/CVE-2025-3243 | A proof-of-concept exploit for CVE-2025-32433, a critical vulnerability in Erlang's SSH library that allows pre-authenticated code execution via malformed SSH_MSG_CHANNEL_REQUEST packets. | 2025-04-24T19:31:49Z |
| CVE-2025-32421 | zeroc00I/CVE-2025-32421 | no description | 2025-05-26T13:13:17Z |
| CVE-2025-32407 | diegovargasj/CVE-2025-32407 | CVE-2025-32407 PoC | 2025-05-14T18:50:28Z |
| CVE-2025-32395 | ruiwenya/CVE-2025-32395 | CVE-2025-32395-POC | 2025-04-18T09:10:33Z |
| CVE-2025-32375 | theGEBIRGE/CVE-2025-32375 | This repository includes everything needed to run a PoC exploit for CVE-2025-32375 in a Docker environment. It runs the latest vulnerable version of BentoML (1.4.7). | 2025-05-03T19:04:22Z |
| CVE-2025-32259 | HossamEAhmed/wp-ulike-cve-2025-32259-poc | In affected versions of the WP ULike plugin, there is no proper authorization check before allowing certain AJAX actions or vote manipulations. This allows unauthenticated users to interact with the plugin in ways only logged-in users should be able to — potentially skewing votes or injecting misleading data. | 2025-05-18T02:09:39Z |
| CVE-2025-32206 | Nxploited/CVE-2025-32206 | WordPress Processing Projects Plugin <= 1.0.2 is vulnerable to Arbitrary File Upload | 2025-04-11T13:45:53Z |
| CVE-2025-32140 | Nxploited/CVE-2025-32140 | WordPress WP Remote Thumbnail Plugin <= 1.3.2 is vulnerable to Arbitrary File Upload | 2025-04-22T16:29:25Z |
| CVE-2025-32118 | Nxploited/CVE-2025-32118 | WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.13 - Remote Code Execution (RCE) vulnerability | 2025-04-05T07:14:39Z |
| CVE-2025-32023 | leesh3288/CVE-2025-32023 | PoC & Exploit for CVE-2025-32023 / PlaidCTF 2025 "Zerodeo" | 2025-07-06T18:09:11Z |
| CVE-2025-32023 | B1ack4sh/Blackash-CVE-2025-32023 | CVE-2025-32023 | 2025-07-09T21:34:22Z |
| CVE-2025-32023 | LordBheem/CVE-2025-32023 | Exploit for CVE-2025-32023 | 2025-07-10T09:08:08Z |
| CVE-2025-32013 | Mohith-T/CVE-2025-32013 | Security Advisory and PoC for CVE-2025-32013 | 2025-04-08T21:59:56Z |
| CVE-2025-31864 | DoTTak/CVE-2025-31864 | PoC of CVE-2025-31864 | 2025-04-03T00:38:12Z |
| CVE-2025-31710 | Skorpion96/unisoc-su | A method for CVE-2025-31710 and to connect to cmd_skt to obtain a root shell on unisoc unpatched models | 2025-06-06T14:31:13Z |
| CVE-2025-31651 | gregk4sec/CVE-2025-31651 | CVE Discovered by Greg K | 2025-04-08T06:24:01Z |
| CVE-2025-31650 | tunahantekeoglu/CVE-2025-31650 | CVE-2025-31650 PoC | 2025-04-30T11:10:56Z |
| CVE-2025-31650 | absholi7ly/TomcatKiller-CVE-2025-31650 | A tool designed to detect the vulnerability CVE-2025-31650 in Apache Tomcat (versions 10.1.10 to 10.1.39) | 2025-04-30T02:20:58Z |
| CVE-2025-31650 | sattarbug/Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool | no description | 2025-05-02T01:28:24Z |
| CVE-2025-31650 | assad12341/Dos-exploit- | CVE-2025-31650 | 2025-06-13T14:27:34Z |
| CVE-2025-31650 | assad12341/DOS-exploit | CVE-2025-31650 | 2025-06-13T14:26:45Z |
| CVE-2025-31650 | obscura-cert/CVE-2025-31650 | no description | 2025-06-28T18:12:07Z |
| CVE-2025-31650 | B1gN0Se/Tomcat-CVE-2025-31650 | no description | 2025-07-02T02:20:40Z |
| CVE-2025-31644 | mbadanoiu/CVE-2025-31644 | CVE-2025-31644: Command Injection in Appliance mode in F5 BIG-IP | 2025-05-11T08:03:35Z |
| CVE-2025-31486 | iSee857/CVE-2025-31486-PoC | Vite任意文件读取漏洞批量检测脚本CVE-2025-31486 | 2025-04-07T08:56:22Z |
| CVE-2025-31486 | Ly4j/CVE-2025-31486 | CVE-2025-31486 poc | 2025-04-11T09:35:25Z |
| CVE-2025-31336 | coleleavitt/AAMVA-PDF417-Vulnerability-Research | Research into systemic PDF417 validation vulnerabilities in AAMVA-compliant ID systems (CVE-2025-31336, CVE-2025-31337, scr1841160) | 2025-03-28T22:16:54Z |
| CVE-2025-31324 | rxerium/CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. | 2025-04-25T15:22:59Z |
| CVE-2025-31324 | redrays-io/CVE-2025-31324 | CVE-2025-31324, SAP Exploit | 2025-04-27T11:39:26Z |
| CVE-2025-31324 | moften/CVE-2025-31324-NUCLEI | Nuclei template for cve-2025-31324 (SAP) | 2025-04-28T01:43:22Z |
| CVE-2025-31324 | ODST-Forge/CVE-2025-31324_PoC | Proof-of-Concept for CVE-2025-31324: Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader | 2025-04-28T20:32:21Z |
| CVE-2025-31324 | Alizngnc/SAP-CVE-2025-31324 | SAP NetWeaver Unauthenticated Remote Code Execution | 2025-04-28T13:19:54Z |
| CVE-2025-31324 | Pengrey/CVE-2025-31324 | Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader | 2025-04-29T09:46:53Z |
| CVE-2025-31324 | abrewer251/CVE-2025-31324_PoC_SAP | Proof-of-Concept for CVE-2025-31324: Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader | 2025-04-29T00:16:06Z |
| CVE-2025-31324 | respondiq/jsp-webshell-scanner | 🔍 A simple Bash script to detect malicious JSP webshells, including those used in exploits of SAP NetWeaver CVE-2025-31324. | 2025-04-30T15:38:35Z |
| CVE-2025-31324 | nullcult/CVE-2025-31324-File-Upload | A totally unauthenticated file-upload endpoint in Visual Composer lets anyone drop arbitrary files (e.g., a JSP web-shell) onto the server. | 2025-04-30T13:39:30Z |
| CVE-2025-31324 | BlueOWL-overlord/Burp_CVE-2025-31324 | Python-based Burp Suite extension is designed to detect the presence of CVE-2025-31324 | 2025-04-30T06:34:12Z |
| CVE-2025-31324 | rf-peixoto/sap_netweaver_cve-2025-31324- | Research Purposes only | 2025-05-06T16:58:35Z |
| CVE-2025-31324 | JonathanStross/CVE-2025-31324 | A Python-based security scanner for identifying the CVE-2025-31324 vulnerability in SAP Visual Composer systems, and detecting known Indicators of Compromise (IOCs) such as malicious .jsp. | 2025-04-30T22:31:53Z |
| CVE-2025-31324 | moften/CVE-2025-31324 | SAP PoC para CVE-2025-31324 | 2025-04-28T01:32:39Z |
| CVE-2025-31324 | nairuzabulhul/nuclei-template-cve-2025-31324-check | sap-netweaver-cve-2025-31324-check | 2025-05-08T00:57:36Z |
| CVE-2025-31324 | NULLTRACE0X/CVE-2025-31324 | no description | 2025-05-07T06:23:09Z |
| CVE-2025-31324 | sug4r-wr41th/CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader 7.50 CVE-2025-31324 PoC | 2025-05-10T18:52:46Z |
| CVE-2025-31324 | Onapsis/Onapsis_CVE-2025-31324_Scanner_Tools | no description | 2025-04-27T16:40:45Z |
| CVE-2025-31324 | Onapsis/Onapsis-Mandiant-CVE-2025-31324-Vuln-Compromise-Assessment | CVE-2025-31324 & CVE-2025-42999 vulnerability and compromise assessment tool | 2025-05-01T18:44:20Z |
| CVE-2025-31258 | wh1te4ever/CVE-2025-31258-PoC | 1day practice - Escape macOS sandbox (partial) using RemoteViewServices | 2025-05-12T23:51:04Z |
| CVE-2025-31200 | zhuowei/apple-positional-audio-codec-invalid-header | looking into CVE-2025-31200 - can't figure it out yet | 2025-04-21T05:38:06Z |
| CVE-2025-31200 | JGoyd/CVE-2025-31200-iOS-AudioConverter-RCE | Public disclosure of CVE-2025-31200 – Zero-click RCE in iOS 18.X via AudioConverterService and malicious audio file. | 2025-05-17T23:03:56Z |
| CVE-2025-31161 | Immersive-Labs-Sec/CVE-2025-31161 | Proof of Concept for CVE-2025-31161 / CVE-2025-2825 | 2025-04-08T15:37:28Z |
| CVE-2025-31161 | llussiess/CVE-2025-31161 | no description | 2025-04-09T14:38:42Z |
| CVE-2025-31161 | TX-One/CVE-2025-31161 | CrushFTP CVE-2025-31161 Exploit Tool 🔓 | 2025-04-21T23:57:07Z |
| CVE-2025-31161 | SUPRAAA-1337/Nuclei_CVE-2025-31161_CVE-2025-2825 | Official Nuclei template for CVE-2025-31161 (formerly CVE-2025-2825) | 2025-04-24T10:25:26Z |
| CVE-2025-31161 | SUPRAAA-1337/CVE-2025-31161_exploit | CVE-2025-31161 python exploit | 2025-04-24T22:09:24Z |
| CVE-2025-31161 | 0xgh057r3c0n/CVE-2025-31161 | 🛡️ CVE-2025-31161 - CrushFTP User Creation Authentication Bypass Exploit | 2025-05-23T21:04:20Z |
| CVE-2025-31161 | B1ack4sh/Blackash-CVE-2025-31161 | CVE-2025-31161 | 2025-06-06T09:14:28Z |
| CVE-2025-31161 | ibrahmsql/CVE-2025-31161 | CrushFTP 11.3.1 - Authentication Bypass | 2025-06-15T10:35:40Z |
| CVE-2025-31137 | pouriam23/vulnerability-in-Remix-React-Router-CVE-2025-31137- | no description | 2025-04-23T10:37:35Z |
| CVE-2025-31131 | MuhammadWaseem29/CVE-2025-31131 | YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | 2025-04-04T15:31:15Z |
| CVE-2025-31131 | B1ack4sh/Blackash-CVE-2025-31131 | CVE-2025-31131 | 2025-06-07T09:18:08Z |
| CVE-2025-31129 | cwm1123/CVE-2025-31129 | no description | 2025-04-01T13:41:45Z |
| CVE-2025-31125 | sunhuiHi666/CVE-2025-31125 | Vite 任意文件读取漏洞POC | 2025-04-01T14:24:44Z |
| CVE-2025-31125 | 0xgh057r3c0n/CVE-2025-31125 | Vite WASM Import Path Traversal 🛡️ | 2025-05-07T07:45:10Z |
| CVE-2025-31125 | harshgupptaa/Path-Transversal-CVE-2025-31125- | Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11. | 2025-07-13T16:42:41Z |
| CVE-2025-31033 | Nxploited/CVE-2025-31033 | WordPress Buddypress Humanity Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) | 2025-04-10T10:47:29Z |
| CVE-2025-3102 | rhz0d/CVE-2025-3102 | Wordpress SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation | 2025-04-14T16:07:50Z |
| CVE-2025-3102 | Nxploited/CVE-2025-3102 | Wordpress SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation | 2025-04-14T10:20:47Z |
| CVE-2025-3102 | itsismarcos/vanda-CVE-2025-3102 | EXPLOIT CVE-2025-3102 | 2025-04-12T04:22:58Z |
| CVE-2025-3102 | dennisec/CVE-2025-3102 | no description | 2025-04-20T13:59:57Z |
| CVE-2025-3102 | SUPRAAA-1337/CVE-2025-3102-exploit | Exploitation of an authorization bypass vulnerability in the SureTriggers plugin for WordPress versions <= 1.0.78, allowing unauthenticated attackers to create new WordPress users. | 2025-04-25T23:28:10Z |
| CVE-2025-3102 | SUPRAAA-1337/CVE-2025-3102 | Detects the version of the SureTriggers WordPress plugin from exposed asset URLs and compares it to determine if it's vulnerable (<= 1.0.78). | 2025-04-25T11:56:45Z |
| CVE-2025-3102 | SUPRAAA-1337/CVE-2025-3102_v2 | Checks the SureTriggers WordPress plugin's readme.txt file for the Stable tag version. If the version is less than or equal to 1.0.78, it is considered vulnerable.0.78). | 2025-04-25T12:13:44Z |
| CVE-2025-3102 | 0xgh057r3c0n/CVE-2025-3102 | SureTriggers <= 1.0.78 - Authorization Bypass Exploit | 2025-06-03T08:34:25Z |
| CVE-2025-3102 | baribut/CVE-2025-3102 | The SureTriggers WordPress plugin contains a critical authentication bypass vulnerability (CVE-2025-3102) that affects all versions up to and including 1.0.78. | 2025-06-06T20:31:58Z |
| CVE-2025-30967 | Anton-ai111/CVE-2025-30967 | CVE-2025-30967 | 2025-04-16T13:06:50Z |
| CVE-2025-30921 | DoTTak/CVE-2025-30921 | PoC of CVE-2025-30921 | 2025-04-03T00:29:18Z |
| CVE-2025-30911 | Nxploited/CVE-2025-30911 | WordPress RomethemeKit For Elementor Plugin <= 1.5.4 is vulnerable to Remote Code Execution (RCE) | 2025-04-04T08:13:24Z |
| CVE-2025-30772 | Nxploited/CVE-2025-30772 | WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability | 2025-03-28T10:29:12Z |
| CVE-2025-30727 | HExploited/CVE-2025-30727-Exploit | no description | 2025-04-16T18:48:54Z |
| CVE-2025-30712 | jamesb5959/CVE-2025-30712-_PoC | This is for testing. | 2025-06-25T19:56:34Z |
| CVE-2025-30567 | Oyst3r1ng/CVE-2025-30567 | Unauthorized Arbitrary File Download in WordPress WP01 | 2025-03-26T14:37:34Z |
| CVE-2025-30567 | realcodeb0ss/CVE-2025-30567-PoC | CVE-2025-30567 - WordPress WP01 < Path traversal | 2025-04-03T22:52:06Z |
| CVE-2025-3054 | frogchung/CVE-2025-3054-Exploit | no description | 2025-06-05T09:57:03Z |
| CVE-2025-3047 | murataydemir/AWS-SAM-CLI-Vulnerabilities | Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) | 2025-04-02T14:28:44Z |
| CVE-2025-30406 | W01fh4cker/CVE-2025-30406 | Exploit for CVE-2025-30406 | 2025-04-24T07:55:22Z |
| CVE-2025-30400 | encrypter15/CVE-2025-30400 | no description | 2025-05-23T15:39:02Z |
| CVE-2025-30397 | mbanyamer/CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free- | Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397) | 2025-05-31T12:20:36Z |
| CVE-2025-30349 | natasaka/CVE-2025-30349 | Horde IMP (through 6.2.27) vulnerability – obfuscation via HTML encoding – XSS payload | 2025-03-27T20:22:45Z |
| CVE-2025-30216 | oliviaisntcringe/CVE-2025-30216-PoC | PoC | 2025-03-26T13:03:33Z |
| CVE-2025-30208 | YuanBenSir/CVE-2025-30208_POC | CVE-2025-30208 任意文件读取漏洞快速验证 | 2025-03-26T19:06:44Z |
| CVE-2025-30208 | marino-admin/Vite-CVE-2025-30208-Scanner | CVE-2025-30208-EXP 任意文件读取 | 2025-03-26T20:10:20Z |
| CVE-2025-30208 | xaitx/CVE-2025-30208 | CVE-2025-30208 检测工具。python script && nuclei template | 2025-03-26T17:14:11Z |
| CVE-2025-30208 | kk12-30/CVE-2025-30208 | CVE-2025-30208漏洞验证工具 | 2025-03-26T17:18:46Z |
| CVE-2025-30208 | On1onss/CVE-2025-30208-LFI | This exploit is for educational and ethical security testing purposes only. The use of this exploit against targets without prior mutual consent is illegal, and the developer disclaims any liability for misuse or damage caused by this exploit. | 2025-03-27T12:36:41Z |
| CVE-2025-30208 | keklick1337/CVE-2025-30208-ViteVulnScanner | CVE-2025-30208 ViteVulnScanner | 2025-03-28T12:17:36Z |
| CVE-2025-30208 | sadhfdw129/CVE-2025-30208-Vite | CVE-2025-30208 - Vite脚本 | 2025-03-28T09:50:48Z |
| CVE-2025-30208 | ThumpBo/CVE-2025-30208-EXP | CVE-2025-30208-EXP | 2025-03-26T15:42:31Z |
| CVE-2025-30208 | iSee857/CVE-2025-30208-PoC | Vite-CVE-2025-30208动态检测脚本,支持默认路径,自定义路径动态检测 | 2025-03-27T06:22:18Z |
| CVE-2025-30208 | 0xshaheen/CVE-2025-30208 | no description | 2025-04-02T04:26:21Z |
| CVE-2025-30208 | 4m3rr0r/CVE-2025-30208-PoC | CVE-2025-30208 - Vite Arbitrary File Read PoC | 2025-04-03T11:46:19Z |
| CVE-2025-30208 | sumeet-darekar/CVE-2025-30208 | mass scan for CVE-2025-30208 | 2025-04-02T05:52:24Z |
| CVE-2025-30208 | lilil3333/Vite-CVE-2025-30208-EXP | Vite-CVE-2025-30208-EXP单目标检测,支持自定义读取路径,深度检索 | 2025-04-05T04:59:49Z |
| CVE-2025-30208 | 4xura/CVE-2025-30208 | A PoC of the exploit script for the Arbitrary File Read vulnerability of Vite /@fs/ Path Traversal in the transformMiddleware (CVE-2025-30208). | 2025-03-27T12:55:01Z |
| CVE-2025-30208 | jackieya/ViteVulScan | 针对CVE-2025-30208和CVE-2025-31125的漏洞利用 | 2025-03-31T13:43:45Z |
| CVE-2025-30208 | xuemian168/CVE-2025-30208 | 全网首发 CVE-2025-31125 CVE-2025-30208 CVE-2025-32395 Vite Scanner | 2025-03-26T10:26:12Z |
| CVE-2025-30208 | imbas007/CVE-2025-30208-template | CVE-2025-30208 vite file read nuclei template | 2025-04-21T01:33:14Z |
| CVE-2025-30208 | r0ngy40/CVE-2025-30208-Series | Analysis of the Reproduction of CVE-2025-30208 Series Vulnerabilities | 2025-04-24T10:53:23Z |
| CVE-2025-30208 | nkuty/CVE-2025-30208-31125-31486-32395 | no description | 2025-05-29T17:23:04Z |
| CVE-2025-30208 | HaGsec/CVE-2025-30208 | POC | 2025-06-06T08:21:13Z |
| CVE-2025-30208 | B1ack4sh/Blackash-CVE-2025-30208 | CVE-2025-30208 | 2025-06-25T19:04:04Z |
| CVE-2025-30208 | TH-SecForge/CVE-2025-30208 | CVE‑2025‑30208 is a medium-severity arbitrary file read vulnerability in the Vite development server (a popular frontend build tool) | 2025-06-29T15:33:13Z |
| CVE-2025-30208 | ThemeHackers/CVE-2025-30208 | CVE‑2025‑30208 is a medium-severity arbitrary file read vulnerability in the Vite development server (a popular frontend build tool) | 2025-06-27T10:13:24Z |
| CVE-2025-30208 | gonn4cry/CVE-2025-30208 | CVE-2025-30208 | 2025-07-10T02:26:17Z |
| CVE-2025-30144 | tibrn/CVE-2025-30144 | no description | 2025-03-21T18:48:28Z |
| CVE-2025-30066 | OS-pedrogustavobilro/test-changed-files | Test CVE-2025-30066 | 2025-03-17T09:39:34Z |
| CVE-2025-30066 | Checkmarx/Checkmarx-CVE-2025-30066-Detection-Tool | no description | 2025-03-18T14:33:29Z |
| CVE-2025-30065 | bjornhels/CVE-2025-30065 | PoC | 2025-04-04T10:37:32Z |
| CVE-2025-30065 | ron-imperva/CVE-2025-30065-PoC | CVE-2025-30065 PoC | 2025-04-05T09:43:27Z |
| CVE-2025-30065 | mouadk/parquet-rce-poc-CVE-2025-30065 | no description | 2025-04-07T21:38:24Z |
| CVE-2025-30065 | h3st4k3r/CVE-2025-30065 | After reviewing the provided Proof of Concept (PoC) for CVE-2025-30065, it appears that the vulnerability exploits the deserialization mechanism in Apache Parquet's handling of Avro schemas, particularly through the use of the default property to instantiate arbitrary classes. | 2025-04-04T08:45:24Z |
| CVE-2025-30065 | ThreatRadarAI/TRAI-001-Critical-RCE-Vulnerability-in-Apache-Parquet-CVE-2025-30065-Simulation | A CVSS 10.0-rated vulnerability in the parquet-avro Java module allows remote code execution via unsafe deserialization when parsing schemas. Tracked as CVE-2025-30065, this flaw affects Apache Parquet ≤ 1.15.0. All users must upgrade to version 1.15.1 immediately to mitigate exploitation risks. | 2025-04-21T15:28:28Z |
| CVE-2025-30065 | F5-Labs/parquet-canary-exploit-rce-poc-CVE-2025-30065 | no description | 2025-04-23T21:11:08Z |
| CVE-2025-29972 | ThemeHackers/CVE-2025-29972 | CVE-2025-29927 Proof of Concept | 2025-03-25T17:59:06Z |
| CVE-2025-29972 | TH-SecForge/CVE-2025-29972 | CVE-2025-29927 - Critical Security Vulnerability in Next.js | 2025-06-09T06:46:53Z |
| CVE-2025-2995 | huynguyen12536/CVE-2025-2995 | no description | 2025-05-31T03:11:50Z |
| CVE-2025-29927 | websecnl/CVE-2025-29927-PoC-Exploit | Proof-of-Concept for Authorization Bypass in Next.js Middleware | 2025-03-23T19:41:05Z |
| CVE-2025-29927 | aydinnyunus/CVE-2025-29927 | CVE-2025-29927 Proof of Concept | 2025-03-23T12:13:35Z |
| CVE-2025-29927 | Ademking/CVE-2025-29927 | Next.js Middleware Authorization Bypass | 2025-03-22T18:42:27Z |
| CVE-2025-29927 | lirantal/vulnerable-nextjs-14-CVE-2025-29927 | no description | 2025-03-23T09:22:35Z |
| CVE-2025-29927 | serhalp/test-cve-2025-29927 | Verify Next.js CVE-2025-29927 on Netlify not vulnerable | 2025-03-22T15:58:02Z |
| CVE-2025-29927 | fourcube/nextjs-middleware-bypass-demo | Demo for Next.js middleware bypass - CVE-2025-29927 | 2025-03-24T08:07:03Z |
| CVE-2025-29927 | strobes-security/nextjs-vulnerable-app | CVE-2025-29927 lab | 2025-03-24T05:05:11Z |
| CVE-2025-29927 | ticofookfook/poc-nextjs-CVE-2025-29927 | no description | 2025-03-23T16:04:50Z |
| CVE-2025-29927 | 6mile/nextjs-CVE-2025-29927 | A Nuclei template to detect CVE-2025-29927 the Next.js authentication bypass vulnerability | 2025-03-23T08:11:09Z |
| CVE-2025-29927 | MuhammadWaseem29/CVE-2025-29927-POC | Authorization Bypass in Next.js Middleware | 2025-03-23T21:42:09Z |
| CVE-2025-29927 | RoyCampos/CVE-2025-29927 | CVE-2025-29927 Exploit Checker | 2025-03-24T05:07:02Z |
| CVE-2025-29927 | lem0n817/CVE-2025-29927 | no description | 2025-03-24T15:25:22Z |
| CVE-2025-29927 | arvion-agent/next-CVE-2025-29927 | CVE-2025-29927 Authorization Bypass in Next.js Middleware | 2025-03-24T13:23:46Z |
| CVE-2025-29927 | azu/nextjs-cve-2025-29927-poc | Next.js PoC for CVE-2025-29927 | 2025-03-23T08:37:25Z |
| CVE-2025-29927 | alihussainzada/CVE-2025-29927-PoC | PoC for CVE-2025-29927: Next.js Middleware Bypass Vulnerability. Demonstrates how x-middleware-subrequest can bypass authentication checks. Includes Docker setup for testing. | 2025-03-25T10:30:55Z |
| CVE-2025-29927 | jeymo092/cve-2025-29927 | no description | 2025-03-25T09:06:00Z |
| CVE-2025-29927 | ricsirigu/CVE-2025-29927 | A deliberately Next.js app, vulnerable to CVE-2025-29927, Authorization Bypass | 2025-03-24T19:13:35Z |
| CVE-2025-29927 | 0xPb1/Next.js-CVE-2025-29927 | no description | 2025-03-25T07:15:36Z |
| CVE-2025-29927 | Oyst3r1ng/CVE-2025-29927 | Next.js Middleware Auth Bypass | 2025-03-24T13:27:13Z |
| CVE-2025-29927 | elshaheedy/CVE-2025-29927-Sigma-Rule | Sigma Rule for CVE-2025–29927 Detection | 2025-03-24T23:13:43Z |
| CVE-2025-29927 | tobiasGuta/CVE-2025-29927-POC | Nuclei Template: CVE-2025-29927 - Next.js Middleware Authentication Bypass | 2025-03-24T21:47:28Z |
| CVE-2025-29927 | 0xWhoknows/CVE-2025-29927 | Async Python scanner for Next.js CVE-2025-29927. Uses aiohttp & aiofiles to efficiently process large URL lists, detect vulnerabilities, and save results. Features connection pooling, caching, and chunked processing for fast performance | 2025-03-24T19:18:20Z |
| CVE-2025-29927 | lediusa/CVE-2025-29927 | New nuclei CVE | 2025-03-24T14:21:06Z |
| CVE-2025-29927 | kuzushiki/CVE-2025-29927-test | CVE-2025-29927の検証 | 2025-03-24T16:27:17Z |
| CVE-2025-29927 | TheresAFewConors/CVE-2025-29927-Testing | PowerShell script to test if a web app is vulnerable to CVE-2025-29927 | 2025-03-25T11:39:14Z |
| CVE-2025-29927 | 0xPThree/next.js_cve-2025-29927 | no description | 2025-03-25T13:21:15Z |
| CVE-2025-29927 | yugo-eliatrope/test-cve-2025-29927 | no description | 2025-03-26T00:47:44Z |
| CVE-2025-29927 | maronnjapan/claude-create-CVE-2025-29927 | no description | 2025-03-25T22:36:14Z |
| CVE-2025-29927 | 0xcucumbersalad/cve-2025-29927 | no description | 2025-03-25T15:33:05Z |
| CVE-2025-29927 | aleongx/CVE-2025-29927 | Next.js Acceso no autorizado CVE-2025-29927 | 2025-03-26T19:08:14Z |
| CVE-2025-29927 | Slvignesh05/CVE-2025-29927 | A touch of security | 2025-03-26T16:24:15Z |
| CVE-2025-29927 | kOaDT/poc-cve-2025-29927 | This repository contains a proof of concept (POC) and an exploit script for CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to bypass authorization checks implemented in middleware. | 2025-03-26T00:12:41Z |
| CVE-2025-29927 | Eve-SatOrU/POC-CVE-2025-29927 | CVE-2025-29927 Proof of Concept | 2025-03-24T11:42:14Z |
| CVE-2025-29927 | nicknisi/next-attack | A demo of the CVE-2025-29927 vulnerability for a NebraskaJS lightning talk | 2025-03-26T23:36:30Z |
| CVE-2025-29927 | c0dejump/CVE-2025-29927-check | script to check cve "CVE-2025-29927" while waiting to add it to HExHTTP | 2025-03-25T18:02:18Z |
| CVE-2025-29927 | Nekicj/CVE-2025-29927-exploit | next.js CVE-2025-29927 vulnerability exploit | 2025-03-27T08:42:03Z |
| CVE-2025-29927 | aleongx/CVE-2025-29927_Scanner | Este script verifica la vulnerabilidad CVE-2025-29927 en servidores Next.js, probando múltiples cargas en la cabecera x-middleware-subrequest para detectar accesos no autorizados. | 2025-03-27T07:41:26Z |
| CVE-2025-29927 | jmbowes/NextSecureScan | Next.js CVE-2025-29927 Vulnerability Scanner | 2025-03-27T04:36:01Z |
| CVE-2025-29927 | yuzu-juice/CVE-2025-29927_demo | This repository is for educational and research purposes. | 2025-03-28T02:31:58Z |
| CVE-2025-29927 | nocomp/CVE-2025-29927-scanner | python script for evaluate if you are vulnerable or not to next.js CVE-2025-29927 | 2025-03-27T14:11:09Z |
| CVE-2025-29927 | m2hcz/m2hcz-Next.js-security-flaw-CVE-2025-29927---PoC-exploit | no description | 2025-03-27T11:48:35Z |
| CVE-2025-29927 | w2hcorp/CVE-2025-29927-PoC | Here is a simple but effective exploit for CVE-2025-29927. | 2025-03-29T02:12:22Z |
| CVE-2025-29927 | ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927 | This script scans a list of URLs to detect if they are using Next.js and determines whether they are vulnerable to CVE-2025-29927. It optionally attempts exploitation using a wordlist. | 2025-03-29T04:13:06Z |
| CVE-2025-29927 | takumade/ghost-route | Ghost Route detects if a Next JS site is vulnerable to the corrupt middleware bypass bug (CVE-2025-29927) | 2025-03-25T06:14:15Z |
| CVE-2025-29927 | t3tra-dev/cve-2025-29927-demo | Next.js における認可バイパスの脆弱性 CVE-2025-29927 を再現するデモです。 | 2025-03-23T16:41:47Z |
| CVE-2025-29927 | 0x0Luk/0xMiddleware | CVE-2025-29927: Next.js Middleware Exploit | 2025-03-28T07:31:36Z |
| CVE-2025-29927 | KaztoRay/CVE-2025-29927-Research | CVE-2025-29927에 대한 설명 및 리서치 | 2025-03-27T12:50:38Z |
| CVE-2025-29927 | dante01yoon/CVE-2025-29927 | Next.js CVE-2025-29927 demonstration | 2025-03-29T08:49:38Z |
| CVE-2025-29927 | Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927 | no description | 2025-03-30T12:24:15Z |
| CVE-2025-29927 | ayato-shitomi/WebLab_CVE-2025-29927 | Next.js Auth Bypass Lab ‐ CVE-2025-29927 | 2025-03-30T03:52:42Z |
| CVE-2025-29927 | iSee857/CVE-2025-29927 | Next.Js 权限绕过漏洞(CVE-2025-29927) | 2025-03-24T09:27:03Z |
| CVE-2025-29927 | nyctophile0969/CVE-2025-29927 | no description | 2025-04-01T19:23:52Z |
| CVE-2025-29927 | BilalGns/CVE-2025-29927 | Next.js CVE-2025-29927 güvenlik açığı hakkında | 2025-04-01T19:11:30Z |
| CVE-2025-29927 | fahimalshihab/NextBypass | Next.js Middleware Authorization Bypass Tool (CVE-2025-29927) | 2025-04-03T18:02:25Z |
| CVE-2025-29927 | alastair66/CVE-2025-29927 | Next.js Middleware Bypass Vulnerability | 2025-04-01T15:30:21Z |
| CVE-2025-29927 | Gokul-Krishnan-V-R/cve-2025-29927 | Next.js and the corrupt middleware...TRY TO HACK IT..! | 2025-04-02T16:55:40Z |
| CVE-2025-29927 | Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927 | A basic proof of concept of the CVE-2025-29927 vulnerability that allows to bypass the middleware scripts. | 2025-04-02T05:19:35Z |
| CVE-2025-29927 | sn1p3rt3s7/NextJS_CVE-2025-29927 | no description | 2025-04-04T12:50:43Z |
| CVE-2025-29927 | Heimd411/CVE-2025-29927-PoC | no description | 2025-03-27T10:06:07Z |
| CVE-2025-29927 | pixilated730/NextJS-Exploit- | CVE-2025-29927 | 2025-04-07T10:54:08Z |
| CVE-2025-29927 | gotr00t0day/CVE-2025-29927 | Next.js Middleware Bypass Scanne | 2025-04-06T20:59:10Z |
| CVE-2025-29927 | YEONDG/nextjs-cve-2025-29927 | vulnerable-nextjs-14-CVE-2025-29927 | 2025-04-06T04:55:21Z |
| CVE-2025-29927 | Balajih4kr/cve-2025-29927 | CVE-2025-29927 is a critical vulnerability in Next.js, a popular React-based web framework. The flaw exists in how the middleware feature handles certain internal headers — specifically, the x-middleware-subrequest header | 2025-04-05T17:02:51Z |
| CVE-2025-29927 | ValGrace/middleware-auth-bypass | CVE-2025-29927 ~ a poc of the next.js middleware authentication bypass | 2025-04-08T08:10:07Z |
| CVE-2025-29927 | l1uk/nextjs-middleware-exploit | Research on Next.js middleware vulnerability (CVE-2025-29927) allowing authorization bypass and potential exploits. | 2025-04-09T14:54:30Z |
| CVE-2025-29927 | pickovven/vulnerable-nextjs-14-CVE-2025-29927 | no description | 2025-04-08T23:25:24Z |
| CVE-2025-29927 | goncalocsousa1/CVE-2025-29927 | no description | 2025-04-08T09:29:48Z |
| CVE-2025-29927 | AnonKryptiQuz/NextSploit | NextSploit is a command-line tool designed to detect and exploit CVE-2025-29927, a security flaw in Next.js | 2025-03-28T11:09:25Z |
| CVE-2025-29927 | furmak331/CVE-2025-29927 | Critical vulnerability in next.js : Bypass middleware authentication | 2025-03-25T02:20:36Z |
| CVE-2025-29927 | ethanol1310/POC-CVE-2025-29927- | POC CVE-2025-29927 | 2025-04-13T08:23:11Z |
| CVE-2025-29927 | UNICORDev/exploit-CVE-2025-29927 | Exploit for CVE-2025-29927 (Next.js) - Authorization Bypass | 2025-04-14T15:12:13Z |
| CVE-2025-29927 | mhamzakhattak/CVE-2025-29927 | no description | 2025-04-16T10:28:16Z |
| CVE-2025-29927 | Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation | Simulates CVE-2025-29927, a critical Next.js vulnerability allowing attackers to bypass middleware authorization by exploiting the internal x-middleware-subrequest HTTP header. Demonstrates unauthorized access to protected routes and provides mitigation strategies. | 2025-04-16T07:33:54Z |
| CVE-2025-29927 | Grand-Moomin/Vuln-Next.js-CVE-2025-29927 | no description | 2025-04-18T00:47:47Z |
| CVE-2025-29927 | pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927- | no description | 2025-04-21T12:50:09Z |
| CVE-2025-29927 | kh4sh3i/CVE-2025-29927 | CVE-2025-29927: Next.js Middleware Bypass Vulnerability | 2025-04-23T08:19:58Z |
| CVE-2025-29927 | EQSTLab/CVE-2025-29927 | Next.js middleware bypass exploit | 2025-04-25T08:51:52Z |
| CVE-2025-29927 | darklotuskdb/nextjs-CVE-2025-29927-hunter | Next.js CVE-2025-29927 Hunter | 2025-04-11T20:42:09Z |
| CVE-2025-29927 | Hirainsingadia/CVE-2025-29927 | Next js middlewareauth Bypass | 2025-04-28T07:13:51Z |
| CVE-2025-29927 | rubbxalc/CVE-2025-29927 | no description | 2025-04-29T10:44:45Z |
| CVE-2025-29927 | olimpiofreitas/CVE-2025-29927_scanner | no description | 2025-05-03T14:00:11Z |
| CVE-2025-29927 | moften/CVE-2025-29927 | Next.js Auth Bypass PoC Edge Runtime Env Leak via Middleware Bug | 2025-05-06T21:47:49Z |
| CVE-2025-29927 | hed1ad/CVE-2025-29927 | CVE-2025-29927 | 2025-04-28T11:14:24Z |
| CVE-2025-29927 | EarthAngel666/x-middleware-exploit | x-middleware exploit for next.js CVE-2023–46298 cache poisoning and CVE-2025-29927 bypass | 2025-05-08T01:26:30Z |
| CVE-2025-29927 | enochgitgamefied/NextJS-CVE-2025-29927 | no description | 2025-04-16T22:39:55Z |
| CVE-2025-29927 | 0xpr4bin/vulnerable-next_js_cve-2025-29927 | no description | 2025-04-30T06:29:48Z |
| CVE-2025-29927 | HoumanPashaei/CVE-2025-29927 | This is a CVE-2025-29927 Scanner. | 2025-04-29T08:01:08Z |
| CVE-2025-29927 | enochgitgamefied/NextJS-CVE-2025-29927-Docker-Lab | no description | 2025-05-23T10:49:41Z |
| CVE-2025-29927 | sagsooz/CVE-2025-29927 | 🔐 Python-based smart scanner for CVE-2025-29927 — Next.js middleware authentication bypass vulnerability. Detects meta refresh, keyword-based redirects, and more. | 2025-05-26T08:47:01Z |
| CVE-2025-29927 | SugiB3o/vulnerable-nextjs-14-CVE-2025-29927 | vulnerable-nextjs-14-CVE-2025-29927 | 2025-05-29T16:06:36Z |
| CVE-2025-29927 | B1ack4sh/Blackash-CVE-2025-29927 | CVE-2025-29927 | 2025-06-07T19:04:38Z |
| CVE-2025-29927 | amitlttwo/Next.JS-CVE-2025-29927 | no description | 2025-06-12T07:07:40Z |
| CVE-2025-29927 | KamalideenAK/poc-cve-2025-29927 | no description | 2025-06-15T15:10:03Z |
| CVE-2025-29927 | mickhacking/Thank-u-Next | CVE-2025-29927 PoC - Auth Bypass Exploit - Python Tool using httpx - Middleware Vulnerability - Ethical Hacking Toolkit | 2025-07-14T18:57:41Z |
| CVE-2025-29824 | encrypter15/CVE-2025-29824 | no description | 2025-05-14T01:45:50Z |
| CVE-2025-29810 | aleongx/CVE-2025-29810-check | Para verificar si tu entorno podría ser vulnerable al CVE-2025-29810, necesitamos hacer algunas comprobaciones básicas, como: Versión del sistema operativo y nivel de parche. Presencia de la actualización de seguridad de abril de 2025 de Microsoft. Verificar el rol de Active Directory Domain Services. | 2025-04-09T18:14:31Z |
| CVE-2025-29775 | ethicalPap/CVE-2025-29775 | no description | 2025-04-17T02:32:30Z |
| CVE-2025-29722 | cypherdavy/CVE-2025-29722 | Cross Site Request Forgery (CSRF) in Commercify v1.0 | 2025-04-15T12:47:18Z |
| CVE-2025-29712 | SteamPunk424/CVE-2025-29712-TAKASHI-Wireless-Instant-Router-And-Repeater-WebApp-Authenticated-Stored-XSS | An XSS Vulnerability Discovered for The TAKASHI Wireless Instant Router and Repeater | 2025-03-09T16:40:33Z |
| CVE-2025-29711 | SteamPunk424/CVE-2025-29711-TAKASHI-Wireless-Instant-Router-And-Repeater-WebApp-Incorrect-Access-Control | This takes advatage of the web applications poor session management on the takashi router and repeater. | 2025-03-05T18:11:59Z |
| CVE-2025-29705 | yxzrw/CVE-2025-29705 | CVE-2025-29705 | 2025-04-10T15:56:06Z |
| CVE-2025-29632 | OHnogood/CVE-2025-29632 | the information for the vulnerability covered by CVE-2025-29632 | 2025-05-29T06:28:09Z |
| CVE-2025-29628 | mselbrede/gardyn | CVE-2025-29628, CVE-2025-29629, CVE-2025-29630, CVE-2025-29631 | 2025-07-04T15:49:12Z |
| CVE-2025-29602 | harish0x/CVE-2025-29602 | no description | 2025-04-01T13:01:25Z |
| CVE-2025-29529 | Yoshik0xF6/CVE-2025-29529 | SQLi ITC Multiplan v3.7.4.1002 (CVE-2025-29529) | 2025-04-22T18:09:52Z |
| CVE-2025-29471 | skraft9/CVE-2025-29471 | no description | 2025-06-13T01:55:56Z |
| CVE-2025-2945 | abrewer251/CVE-2025-2945_PoC | pgAdmin Proof of Concept | 2025-06-03T18:17:24Z |
| CVE-2025-29448 | Abdullah4eb/CVE-2025-29448 | unauthenticated booking logic flaw in Easy!Appointments v1.5.1 causing denial of service. | 2025-05-05T12:11:18Z |
| CVE-2025-29384 | Otsmane-Ahmed/cve-2025-29384-poc | no description | 2025-03-18T01:00:12Z |
| CVE-2025-29306 | somatrasss/CVE-2025-29306 | no description | 2025-03-25T08:12:35Z |
| CVE-2025-29306 | verylazytech/CVE-2025-29306 | no description | 2025-04-17T08:44:10Z |
| CVE-2025-29306 | inok009/FOXCMS-CVE-2025-29306-POC | no description | 2025-04-22T09:00:33Z |
| CVE-2025-29306 | Mattb709/CVE-2025-29306-PoC-FoxCMS-RCE | Proof-of-Concept (PoC) for CVE-2025-29306, a Remote Code Execution vulnerability in FoxCMS. This Python script scans single or multiple targets, executes commands, and reports vulnerable hosts. | 2025-04-25T03:45:43Z |
| CVE-2025-29306 | congdong007/CVE-2025-29306_poc | no description | 2025-05-10T13:14:54Z |
| CVE-2025-29279 | 0xBl4nk/CVE-2025-29279 | POC | 2025-04-15T22:54:20Z |
| CVE-2025-29278 | 0xBl4nk/CVE-2025-29278 | POC | 2025-04-15T23:03:27Z |
| CVE-2025-29277 | 0xBl4nk/CVE-2025-29277 | POC | 2025-04-15T23:08:52Z |
| CVE-2025-29276 | 0xBl4nk/CVE-2025-29276 | POC | 2025-04-15T23:13:30Z |
| CVE-2025-29275 | 0xBl4nk/CVE-2025-29275 | POC | 2025-04-15T23:22:40Z |
| CVE-2025-29094 | FraMarcuccio/CVE-2025-29094-Multiple-Stored-Cross-Site-Scripting-XSS | This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0. | 2025-05-23T13:09:36Z |
| CVE-2025-29093 | FraMarcuccio/CVE-2025-29093-Arbitrary-File-Upload | This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0 | 2025-05-23T12:55:46Z |
| CVE-2025-2907 | Yucaerin/CVE-2025-2907 | Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update | 2025-05-26T03:02:05Z |
| CVE-2025-29018 | b1tm4r/CVE-2025-29018 | no description | 2025-03-28T09:01:36Z |
| CVE-2025-29017 | b1tm4r/CVE-2025-29017 | no description | 2025-03-28T09:00:31Z |
| CVE-2025-29015 | b1tm4r/CVE-2025-29015 | no description | 2025-02-18T08:54:27Z |
| CVE-2025-28915 | Pei4AN/CVE-2025-28915 | no description | 2025-03-14T09:30:47Z |
| CVE-2025-28915 | Nxploited/CVE-2025-28915 | WordPress ThemeEgg ToolKit plugin <= 1.2.9 - Arbitrary File Upload vulnerability | 2025-03-12T03:23:32Z |
| CVE-2025-2857 | RimaRuer/CVE-2025-2857-Exploit | no description | 2025-03-28T21:01:44Z |
| CVE-2025-28355 | abbisQQ/CVE-2025-28355 | It was identified that the https://github.com/Volmarg/personal-management-system application is vulnerable to CSRF attacks. | 2025-04-18T07:43:41Z |
| CVE-2025-28346 | Shubham03007/CVE-2025-28346 | Code-projects Ticket Booking 1.0 is vulnerable to SQL Injection via the > Email parameter | 2025-04-11T16:28:57Z |
| CVE-2025-2825 | WOOOOONG/CVE-2025-2825 | no description | 2025-04-03T01:13:28Z |
| CVE-2025-2825 | punitdarji/crushftp-CVE-2025-2825 | no description | 2025-04-04T08:57:02Z |
| CVE-2025-2825 | ghostsec420/ShatteredFTP | Shattered is a tool and POC for the new CrushedFTP vulns, CVE Exploit Script: CVE-2025-2825 vs CVE-2025-31161 | 2025-04-11T10:54:05Z |
| CVE-2025-28121 | pruthuraut/CVE-2025-28121 | no description | 2025-04-19T07:10:13Z |
| CVE-2025-2812 | sahici/CVE-2025-2812 | CVE-2025-2812 SQL Injection | 2025-04-24T21:22:24Z |
| CVE-2025-28074 | mLniumm/CVE-2025-28074 | no description | 2025-05-07T15:22:20Z |
| CVE-2025-28073 | mLniumm/CVE-2025-28073 | no description | 2025-05-07T15:17:38Z |
| CVE-2025-2807 | Nxploited/CVE-2025-2807 | Wordpress - Motors Plugin <= 1.4.64 - Arbitrary Plugin Installation Vulnerability | 2025-04-08T10:24:42Z |
| CVE-2025-28062 | Thvt0ne/CVE-2025-28062 | proof of concept | 2025-04-29T11:37:18Z |
| CVE-2025-28009 | beardenx/CVE-2025-28009 | SQL Injection in Dietiqa App v1.0.20 (CVE-2025-28009) – Unauthenticated remote data access via vulnerable parameter. | 2025-04-17T02:04:59Z |
| CVE-2025-27893 | NastyCrow/CVE-2025-27893 | no description | 2025-03-10T17:53:58Z |
| CVE-2025-27840 | em0gi/CVE-2025-27840 | Expanded version of the code shown at RootedCON redone in python - CVE-2025-27840 | 2025-03-09T16:15:47Z |
| CVE-2025-27840 | demining/Bluetooth-Attacks-CVE-2025-27840 | Bitcoin Cryptanalysis: CVE-2025-27840 Vulnerability in ESP32 Microcontrollers Puts Billions of IoT Devices at Risk via Wi-Fi & Bluetooth | 2025-03-30T16:12:10Z |
| CVE-2025-27840 | ladyg00se/CVE-2025-27840-WIP | A Work-In-Progress for CVE-2025-27840 | 2025-04-08T14:27:06Z |
| CVE-2025-2783 | bronsoneaver/CVE-2025-2783 | no description | 2025-03-28T20:33:42Z |
| CVE-2025-2783 | Alchemist3dot14/CVE-2025-2783 | Simulated PoC for CVE-2025-2783 — a sandbox escape vulnerability in Chrome's Mojo IPC. Includes phishing delivery, memory fuzzing, IPC simulation, and logging. Safe for red team demos, detection engineering, and educational use. | 2025-04-06T03:49:01Z |
| CVE-2025-2783 | byteReaper77/CVE-2025-2783 | This project is a research-oriented and educational simulation designed to demonstrate the concept of a sandbox escape vulnerability within Google Chrome (version 134.0.6998.177), leveraging improper handle , validation via Mojo IPC. | 2025-06-15T23:30:35Z |
| CVE-2025-27817 | kk12-30/CVE-2025-27817 | CVE-2025-27817 | 2025-06-12T02:31:58Z |
| CVE-2025-27817 | iSee857/CVE-2025-27817 | Apache Kafka客户端未对用户输入进行严格验证和限制,未经身份验证的攻击者可通过构造恶意配置读取环境变量或磁盘任意内容,或向非预期位置发送请求,提升REST API的文件系统/环境/URL访问权限。 | 2025-07-04T01:47:31Z |
| CVE-2025-27636 | akamai/CVE-2025-27636-Apache-Camel-PoC | no description | 2025-03-09T09:42:11Z |
| CVE-2025-27636 | enochgitgamefied/CVE-2025-27636-Practical-Lab | no description | 2025-05-14T05:34:03Z |
| CVE-2025-27607 | Barsug/msgspec-python313-pre | CVE-2025-27607 fix | 2025-03-14T11:41:48Z |
| CVE-2025-27591 | obamalaolu/CVE-2025-27591 | CVE-2025-27591 | 2025-07-12T21:17:40Z |
| CVE-2025-27591 | DarksBlackSk/CVE-2025-27591 | CVE-2025-27591 | 2025-07-15T05:14:41Z |
| CVE-2025-27591 | dollarboysushil/Linux-Privilege-Escalation-CVE-2025-27591 | CVE-2025-27591 is a known privilege escalation vulnerability in the Below service (version < v0.9.0) | 2025-07-15T05:48:00Z |
| CVE-2025-27591 | rvizx/CVE-2025-27591 | Below v0.8.1 - Local Privilege Escalation (CVE-2025-27591) - PoC Exploit | 2025-07-12T22:50:59Z |
| CVE-2025-27591 | BridgerAlderson/CVE-2025-27591-PoC | CVE-2025-27591 is a privilege escalation vulnerability that affected the Below service before version 0.9.0 | 2025-07-13T08:41:06Z |
| CVE-2025-27590 | fatkz/CVE-2025-27590 | no description | 2025-05-31T13:39:00Z |
| CVE-2025-27580 | TrustStackSecurity/CVE-2025-27580 | Exploit for CVE-2025-27580: A predictable token vulnerability in NIH BRICS through 14.0.0-67 allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators. | 2025-06-06T14:23:59Z |
| CVE-2025-27558 | Atlas-ghostshell/CVE-2025-27558_Patching | Patching CVE-2025-27558 vulnerability that had affected my linux image. | 2025-06-25T10:25:16Z |
| CVE-2025-27533 | absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ | exploit for CVE-2025-27533, a Denial of Service (DoS) vulnerability in Apache ActiveMQ | 2025-05-09T02:43:53Z |
| CVE-2025-2748 | xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC | PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS | 2025-05-09T18:49:58Z |
| CVE-2025-27415 | jiseoung/CVE-2025-27415-PoC | Nuxt3 Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability | 2025-07-14T07:10:37Z |
| CVE-2025-27363 | zhuowei/CVE-2025-27363-proof-of-concept | no description | 2025-03-23T23:30:37Z |
| CVE-2025-27363 | ov3rf1ow/CVE-2025-27363 | no description | 2025-05-26T07:46:27Z |
| CVE-2025-27210 | absholi7ly/CVE-2025-27210_NodeJS_Path_Traversal_Exploit | (PoC) CVE-2025-27210, a precise Path Traversal vulnerability affecting Node.js applications running on Microsoft Windows. This vulnerability leverages the specific way Windows handles reserved device file names | 2025-07-16T05:33:08Z |
| CVE-2025-27152 | andreglock/axios-ssrf | Demonstration of CVE-2025-27152 | 2025-03-30T08:36:48Z |
| CVE-2025-27152 | davidblakecoe/axios-CVE-2025-27152-PoC | Axios CVE-2025-27152 PoC | 2025-06-06T21:21:08Z |
| CVE-2025-27007 | absholi7ly/CVE-2025-27007-OttoKit-exploit | exploiting CVE-2025-27007, a critical unauthenticated privilege escalation vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin | 2025-05-07T04:43:39Z |
| CVE-2025-26909 | issamjr/CVE-2025-26909-Scanner | Advanced scanner and PoC for CVE-2025-26909 in Hide My WP Ghost | 2025-06-22T15:58:02Z |
| CVE-2025-26892 | Nxploited/CVE-2025-26892 | WordPress Celestial Aura Theme <= 2.2 is vulnerable to Arbitrary File Upload | 2025-06-09T23:30:34Z |
| CVE-2025-26865 | mbadanoiu/CVE-2025-26865 | CVE-2025-26865: FreeMarker Server-Side Template Injection via the "ecommerce" plugin in Apache OfBiz | 2025-04-11T16:18:19Z |
| CVE-2025-26794 | ishwardeepp/CVE-2025-26794-Exim-Mail-SQLi | no description | 2025-03-05T07:34:50Z |
| CVE-2025-26794 | OscarBataille/CVE-2025-26794 | CVE-2025-26794: Blind SQL injection in Exim 4.98 (SQLite DBM)- exploit writeup | 2025-02-22T14:14:59Z |
| CVE-2025-26633 | sandsoncosta/CVE-2025-26633 | no description | 2025-04-08T19:29:28Z |
| CVE-2025-26529 | NightBloodz/moodleTestingEnv | Environment used to find Moodle CVE-2025-26529 | 2025-04-04T17:46:13Z |
| CVE-2025-26529 | Astroo18/PoC-CVE-2025-26529 | SSRF to XSS - XSS to RCE Moodle | 2025-04-12T23:17:40Z |
| CVE-2025-26529 | exfil0/UNISA_CVE-2025-26529 | This repository contains a comprehensive Proof-of-Concept (PoC) scanner and exploitation framework targeting CVE-2025-26529, a critical XSS vulnerability in vulnerable Moodle instances. | 2025-05-03T20:34:54Z |
| CVE-2025-26466 | jhonnybonny/CVE-2025-26466 | OpenSSH server 9.5p1 - 9.9p1 DoS (PoC) | 2025-02-18T21:21:01Z |
| CVE-2025-26466 | rxerium/CVE-2025-26466 | The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption | 2025-02-18T16:59:09Z |
| CVE-2025-26466 | mrowkoob/CVE-2025-26466-msf | CVE-2025-26466 - SSH Ping DoS Ruby module for Metasploit Framework | 2025-06-23T13:00:11Z |
| CVE-2025-26465 | dolutech/patch-manual-CVE-2025-26465-e-CVE-2025-26466 | Patch Manual para a correção das CVE-2025-26465-e-CVE-2025-26466, para sistemas sem update do OpenSSH | 2025-02-21T09:19:54Z |
| CVE-2025-26465 | rxerium/CVE-2025-26465 | MitM attack allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it | 2025-02-18T16:53:27Z |
| CVE-2025-26443 | Pazhanivelmani/ManagedProvisioning-A10_r33_CVE-2025-26443 | no description | 2025-06-19T12:13:19Z |
| CVE-2025-26417 | uthrasri/CVE-2025-26417 | no description | 2025-03-17T09:20:55Z |
| CVE-2025-26326 | azurejoga/CVE-2025-26326 | Critical security vulnerability in NVDA remote connection add-ons. | 2025-02-25T21:04:45Z |
| CVE-2025-26319 | dorattias/CVE-2025-26319 | no description | 2025-02-02T08:02:48Z |
| CVE-2025-26319 | YuoLuo/CVE-2025-26319 | no description | 2025-03-13T08:06:45Z |
| CVE-2025-26318 | Frozenka/CVE-2025-26318 | POC CVE-2025-26318 | 2024-10-22T12:13:33Z |
| CVE-2025-26264 | DRAGOWN/CVE-2025-26264 | CVE-2025-26264 - GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise. | 2025-02-26T18:11:16Z |
| CVE-2025-26263 | DRAGOWN/CVE-2025-26263 | CVE-2025-26263 - GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less, is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process. | 2025-02-26T17:40:40Z |
| CVE-2025-26244 | JaRm222/CVE-2025-26244 | The graph functionality of DeimosC2 v1.1.0-Beta is vulnerable to Stored Cross-Site Scripting (XSS), allowing the theft of session cookie and unauthorized access to the C2 server. | 2025-04-16T18:24:09Z |
| CVE-2025-26240 | Habuon/CVE-2025-26240 | POC for CVE-2025-26240 | 2025-03-12T14:09:01Z |
| CVE-2025-26206 | xibhi/CVE-2025-26206 | no description | 2025-02-24T05:53:46Z |
| CVE-2025-26202 | A17-ba/CVE-2025-26202-Details | CVE-2025-26202 | 2025-03-01T12:05:27Z |
| CVE-2025-2620 | Otsmane-Ahmed/CVE-2025-2620-poc | no description | 2025-03-22T15:26:15Z |
| CVE-2025-26199 | tansique-17/CVE-2025-26199 | Public Disclosure | 2025-06-19T04:47:29Z |
| CVE-2025-26198 | tansique-17/CVE-2025-26198 | Public Disclosure | 2025-06-18T18:19:42Z |
| CVE-2025-26159 | godBADTRY/CVE-2025-26159 | This script decodes, filters, and extracts cookies as part of the exploitation of CVE-2025-26159. | 2025-02-04T11:37:04Z |
| CVE-2025-26125 | ZeroMemoryEx/CVE-2025-26125 | (0day) Local Privilege Escalation in IObit Malware Fighter | 2025-01-08T05:50:07Z |
| CVE-2025-26056 | rohan-pt/CVE-2025-26056 | no description | 2025-03-07T18:22:34Z |
| CVE-2025-26055 | rohan-pt/CVE-2025-26055 | CVE Description | 2025-03-07T18:21:29Z |
| CVE-2025-26054 | rohan-pt/CVE-2025-26054 | CVE-2025-26054 | 2025-03-07T18:21:57Z |
| CVE-2025-26014 | vigilante-1337/CVE-2025-26014 | A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. The manipulation of the argument path from read.py file leads to os command injection. The attack can be launched remotely. | 2025-04-29T08:50:56Z |
| CVE-2025-25968 | padayali-JD/CVE-2025-25968 | no description | 2025-02-19T05:12:03Z |
| CVE-2025-25967 | padayali-JD/CVE-2025-25967 | no description | 2025-02-25T15:02:52Z |
| CVE-2025-25965 | Sudo-Sakib/CVE-2025-25965 | CVE-2025-25965 is a newly discovered CSRF vulnerability in the Phpgurukul Online Banquet Booking System v1.2, allowing remote attackers to change a user’s email address without their consent by exploiting an authenticated session. | 2025-02-15T16:03:11Z |
| CVE-2025-25964 | Sudo-Sakib/CVE-2025-25964 | A critical SQL Injection vulnerability (CVE-2025-25964) discovered in the School Information Management System v1.0 | 2025-02-15T15:22:34Z |
| CVE-2025-2594 | ubaydev/CVE-2025-2594 | User Registration & Membership <= 4.1.2 - Authentication Bypass | 2025-04-02T07:46:54Z |
| CVE-2025-25763 | Oyst3r1ng/CVE-2025-25763 | no description | 2025-03-17T05:58:51Z |
| CVE-2025-25749 | huyvo2910/CVE-2025-25749-Weak-Password-Policy-in-HotelDruid-3.0.7 | no description | 2025-03-07T12:18:47Z |
| CVE-2025-25747 | huyvo2910/CVE-2025-25747-HotelDruid-3-0-7-Reflected-XSS | no description | 2025-03-07T11:55:11Z |
| CVE-2025-25706 | Cotherm/CVE-2025-25706 | no description | 2025-03-31T21:54:24Z |
| CVE-2025-25705 | Cotherm/CVE-2025-25705 | no description | 2025-03-31T21:50:02Z |
| CVE-2025-25650 | AbhijithAJ/Dorset_SmartLock_Vulnerability | This repository is for Dorset_SmartLock_vulnerability. CVE-2025-25650 is suggested by MITRE which is yet to confirm. | 2025-03-16T07:22:46Z |
| CVE-2025-2563 | ubaydev/CVE-2025-2563 | CVE-2025-2563 PoC | 2025-03-29T12:03:12Z |
| CVE-2025-25621 | armaansidana2003/CVE-2025-25621 | no description | 2025-03-05T21:43:06Z |
| CVE-2025-25620 | armaansidana2003/CVE-2025-25620 | no description | 2025-03-05T21:35:35Z |
| CVE-2025-25618 | armaansidana2003/CVE-2025-25618 | no description | 2025-03-05T21:33:11Z |
| CVE-2025-25617 | armaansidana2003/CVE-2025-25617 | no description | 2025-03-05T21:30:54Z |
| CVE-2025-25616 | armaansidana2003/CVE-2025-25616 | no description | 2025-03-05T21:28:04Z |
| CVE-2025-25615 | armaansidana2003/CVE-2025-25615 | no description | 2025-03-05T21:24:40Z |
| CVE-2025-25614 | armaansidana2003/CVE-2025-25614 | no description | 2025-03-05T21:10:43Z |
| CVE-2025-25612 | secmuzz/CVE-2025-25612 | CVE-2025-25612 | 2025-03-04T15:40:18Z |
| CVE-2025-25599 | Certitude-Consulting/CVE-2025-25599 | Proof of Concept for CVE-2025-25599 | 2025-01-16T12:16:14Z |
| CVE-2025-25461 | RoNiXxCybSeC0101/CVE-2025-25461 | SeedDMS Stored Cross Site Scripting(XSS) | 2025-02-26T04:16:08Z |
| CVE-2025-25460 | RoNiXxCybSeC0101/CVE-2025-25460 | Cross Site Scripting Vulnerability in Flatpress CMS | 2025-02-22T03:48:56Z |
| CVE-2025-2539 | verylazytech/CVE-2025-2539 | File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read | 2025-05-26T12:06:24Z |
| CVE-2025-2539 | RootHarpy/CVE-2025-2539 | Unauthenticated Arbitrary File Read exploit for WordPress File Away Plugin ≤ 3.9.9.0.1 | 2025-06-04T07:27:26Z |
| CVE-2025-2539 | Yucaerin/CVE-2025-2539 | CVE-2025-2539 - WordPress File Away <= 3.9.9.0.1 - Arbitrary File Read | 2025-06-09T15:11:13Z |
| CVE-2025-2539 | d4rkh0rse/CVE-2025-2539 | no description | 2025-06-21T06:51:44Z |
| CVE-2025-25369 | lkasjkasj/CVE-2025-25369 | CVE-2025-25369 | 2025-02-26T12:19:26Z |
| CVE-2025-25340 | l00neyhacker/CVE-2025-25340 | no description | 2025-03-10T22:05:22Z |
| CVE-2025-25339 | l00neyhacker/CVE-2025-25339 | no description | 2025-03-10T22:04:18Z |
| CVE-2025-25338 | l00neyhacker/CVE-2025-25338 | no description | 2025-03-10T22:03:45Z |
| CVE-2025-25337 | l00neyhacker/CVE-2025-25337 | no description | 2025-03-10T22:02:56Z |
| CVE-2025-25335 | l00neyhacker/CVE-2025-25335 | no description | 2025-03-10T22:01:33Z |
| CVE-2025-25296 | math-x-io/CVE-2025-25296-POC | Proof of Concept (POC) for the CVE-2025-25296 vulnerability affecting Label Studio versions prior to 1.16.0 | 2025-03-01T02:08:01Z |
| CVE-2025-25279 | numanturle/CVE-2025-25279 | no description | 2025-02-24T19:03:17Z |
| CVE-2025-25257 | 0xbigshaq/CVE-2025-25257 | FortiWeb CVE-2025-25257 exploit | 2025-07-11T12:09:02Z |
| CVE-2025-25257 | watchtowrlabs/watchTowr-vs-FortiWeb-CVE-2025-25257 | no description | 2025-07-10T17:08:25Z |
| CVE-2025-25257 | B1ack4sh/Blackash-CVE-2025-25257 | CVE-2025-25257 | 2025-07-12T16:05:43Z |
| CVE-2025-25257 | imbas007/CVE-2025-25257 | no description | 2025-07-12T15:14:01Z |
| CVE-2025-25257 | adilburaksen/CVE-2025-25257-Exploit-Tool | Tool for detecting and exploiting CVE-2025-25257 in Fortinet FortiWeb. | 2025-07-12T14:44:47Z |
| CVE-2025-25257 | 0xgh057r3c0n/CVE-2025-25257 | PoC for CVE-2025-25257, a critical unauthenticated SQL injection in FortiWeb. Exploits SQLi via the Authorization header to write a webshell and gain RCE. No login required. Fully automated. | 2025-07-15T10:00:07Z |
| CVE-2025-25163 | RandomRobbieBF/CVE-2025-25163 | Plugin A/B Image Optimizer <= 3.3 - Authenticated (Subscriber+) Arbitrary File Download | 2025-02-18T10:25:40Z |
| CVE-2025-25163 | RootHarpy/CVE-2025-25163-Nuclei-Template | This repository features a Nuclei template specifically designed to detect the Path Traversal vulnerability (CVE-2025-25163) in the Plugin A/B Image Optimizer for WordPress. This vulnerability poses a critical security risk, allowing unauthorized access to sensitive server files. | 2025-02-19T03:57:35Z |
| CVE-2025-25101 | Nxploited/CVE-2025-25101 | WordPress Munk Sites plugin <= 1.0.7 - CSRF to Arbitrary Plugin Installation vulnerability | 2025-03-14T02:44:39Z |
| CVE-2025-25064 | yelang123/Zimbra10_SQL_Injection | Zimbra 10 SQL Injection (CVE-2025-25064) Analysis Article | 2025-02-15T04:16:28Z |
| CVE-2025-25062 | rhburt/CVE-2025-25062 | Backdrop CMS 1.29.2 - Privilege Escalation via Stored XSS + CSRF | 2024-12-14T20:25:33Z |
| CVE-2025-25014 | davidxbors/CVE-2025-25014 | no description | 2025-05-24T14:40:13Z |
| CVE-2025-24985 | airbus-cert/cve-2025-24985 | Detection of malicious VHD files for CVE-2025-24985 | 2025-04-02T15:30:25Z |
| CVE-2025-24971 | be4zad/CVE-2025-24971 | CVE-2025-24971 exploit | 2025-02-20T16:59:27Z |
| CVE-2025-24963 | 0xdeviner/CVE-2025-24963 | no description | 2025-04-23T08:01:49Z |
| CVE-2025-24893 | iSee857/CVE-2025-24893-PoC | XWiki SolrSearchMacros 远程代码执行漏洞PoC(CVE-2025-24893) | 2025-02-25T07:11:51Z |
| CVE-2025-24893 | Artemir7/CVE-2025-24893-EXP | no description | 2025-05-05T04:10:48Z |
| CVE-2025-24813 | imbas007/CVE-2025-24813-apache-tomcat | Nuclei Template CVE-2025–24813 | 2025-03-17T22:39:38Z |
| CVE-2025-24813 | issamjr/CVE-2025-24813-Scanner | CVE-2025-24813 - Apache Tomcat Vulnerability Scanner | 2025-03-17T03:58:34Z |
| CVE-2025-24813 | charis3306/CVE-2025-24813 | CVE-2025-24813利用工具 | 2025-03-16T11:59:59Z |
| CVE-2025-24813 | N0c1or/CVE-2025-24813_POC | CVE-2025-24813_POC | 2025-03-14T03:11:40Z |
| CVE-2025-24813 | FY036/cve-2025-24813_poc | cve-2025-24813验证脚本 | 2025-03-14T07:41:40Z |
| CVE-2025-24813 | absholi7ly/POC-CVE-2025-24813 | his repository contains an automated Proof of Concept (PoC) script for exploiting CVE-2025-24813, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met. | 2025-03-14T07:36:58Z |
| CVE-2025-24813 | gregk4sec/CVE-2025-24813 | Security Researcher | 2025-03-14T05:39:33Z |
| CVE-2025-24813 | michael-david-fry/Apache-Tomcat-Vulnerability-POC-CVE-2025-24813 | Apache Tomcat Vulnerability POC (CVE-2025-24813) | 2025-03-19T14:32:01Z |
| CVE-2025-24813 | msadeghkarimi/CVE-2025-24813-Exploit | Apache Tomcat Remote Code Execution (RCE) Exploit - CVE-2025-24813 | 2025-03-18T08:42:12Z |
| CVE-2025-24813 | n0n-zer0/Spring-Boot-Tomcat-CVE-2025-24813 | POC for CVE-2025-24813 using Spring-Boot | 2025-03-20T22:52:00Z |
| CVE-2025-24813 | Alaatk/CVE-2025-24813-POC | CVE-2025-24813 Apache Tomcat RCE Proof of Concept (PoC) | 2025-03-21T18:05:27Z |
| CVE-2025-24813 | tonyarris/CVE-2025-24813-PoC | A PoC for CVE-2025-24813 | 2025-03-22T15:16:41Z |
| CVE-2025-24813 | beyond-devsecops/CVE-2025-24813 | Session Exploit | 2025-03-24T17:47:10Z |
| CVE-2025-24813 | u238/Tomcat-CVE_2025_24813 | A playground to test the RCE exploit for tomcat CVE-2025-24813 | 2025-03-24T18:47:40Z |
| CVE-2025-24813 | AlperenY-cs/CVE-2025-24813 | Create lab for CVE-2025-24813 | 2025-03-28T09:44:28Z |
| CVE-2025-24813 | B1gN0Se/Tomcat-CVE-2025-24813 | no description | 2025-03-31T19:01:28Z |
| CVE-2025-24813 | iSee857/CVE-2025-24813-PoC | Apache Tomcat 远程代码执行漏洞批量检测脚本(CVE-2025-24813) | 2025-03-13T10:00:03Z |
| CVE-2025-24813 | AsaL1n/CVE-2025-24813 | simple exp for CVE-2025-24813 | 2025-04-05T09:07:13Z |
| CVE-2025-24813 | horsehacks/CVE-2025-24813-checker | Hello researchers, I have a checker for the recent vulnerability CVE-2025-24813-checker. | 2025-04-07T22:43:56Z |
| CVE-2025-24813 | Heimd411/CVE-2025-24813-noPoC | no description | 2025-04-07T16:17:06Z |
| CVE-2025-24813 | La3B0z/CVE-2025-24813-POC | CVE-2025-24813-POC JSP Web Shell Uploader | 2025-04-06T19:36:48Z |
| CVE-2025-24813 | MuhammadWaseem29/CVE-2025-24813 | no description | 2025-04-05T18:57:08Z |
| CVE-2025-24813 | GadaLuBau1337/CVE-2025-24813 | no description | 2025-04-08T14:52:37Z |
| CVE-2025-24813 | f8l124/CVE-2025-24813-POC | A simple, easy-to-use POC for CVE-2025-42813 (Apache Tomcat versions below 9.0.99). | 2025-04-09T15:20:32Z |
| CVE-2025-24813 | Franconyu/Poc_for_CVE-2025-24813 | CVE-2025-24813 poc | 2025-04-10T14:49:14Z |
| CVE-2025-24813 | manjula-aw/CVE-2025-24813 | This repository contains a shell script based POC on Apache Tomcat CVE-2025-24813. It allow you to easily test the vulnerability on any version of Apache Tomcat | 2025-03-30T09:39:45Z |
| CVE-2025-24813 | Mattb709/CVE-2025-24813-PoC-Apache-Tomcat-RCE | A Python proof-of-concept exploit for CVE-2025-24813 - Unauthenticated RCE in Apache Tomcat (v9.0.0-9.0.98/10.1.0-10.1.34/11.0.0-11.0.2) via malicious Java object deserialization. Includes safe detection mode and custom payload support. | 2025-04-12T17:38:02Z |
| CVE-2025-24813 | Mattb709/CVE-2025-24813-Scanner | CVE-2025-24813-Scanner is a Python-based vulnerability scanner that detects Apache Tomcat servers vulnerable to CVE-2025-24813, an arbitrary file upload vulnerability leading to remote code execution (RCE) via insecure PUT method handling and jsessionid exploitation. | 2025-04-12T19:12:39Z |
| CVE-2025-24813 | ps-interactive/lab-cve-2025-24813 | Resources for teh Apache Tomcat CVE lab | 2025-03-19T19:55:02Z |
| CVE-2025-24813 | Erosion2020/CVE-2025-24813-vulhub | CVE-2025-24813的vulhub环境的POC脚本 | 2025-04-18T11:03:33Z |
| CVE-2025-24813 | hakankarabacak/CVE-2025-24813 | Proof of Concept (PoC) script for CVE-2025-24813, vulnerability in Apache Tomcat. | 2025-04-27T13:50:24Z |
| CVE-2025-24813 | Eduardo-hardvester/CVE-2025-24813 | Remote Code Execution (RCE) vulnerability in Apache Tomcat. | 2025-05-10T15:58:12Z |
| CVE-2025-24813 | fatkz/CVE-2025-24813 | no description | 2025-05-11T19:50:11Z |
| CVE-2025-24813 | maliqto/PoC-CVE-2025-24813 | PoC para o CVE-2025-24813 | 2025-05-15T12:28:50Z |
| CVE-2025-24813 | mbanyamer/Apache-Tomcat---Remote-Code-Execution-via-Session-Deserialization-CVE-2025-24813- | Apache Tomcat - Remote Code Execution via Session Deserialization (CVE-2025-24813) | 2025-05-25T13:34:18Z |
| CVE-2025-24813 | x1ongsec/CVE-2025-24813 | tomcat CVE-2025-24813 反序列化RCE环境 | 2025-06-21T14:20:44Z |
| CVE-2025-24813 | yaleman/cve-2025-24813-poc | no description | 2025-07-03T00:31:30Z |
| CVE-2025-24813 | GongWook/CVE-2025-24813 | POC | 2025-07-07T07:17:31Z |
| CVE-2025-24813 | sentilaso1/CVE-2025-24813-Apache-Tomcat-RCE-PoC | Proof of Concept for CVE-2025-24813, a Remote Code Execution vulnerability in Apache Tomcat. This PoC exploits unsafe deserialization via crafted session files uploaded through HTTP PUT requests, allowing attackers to execute arbitrary code remotely on vulnerable Tomcat servers. | 2025-07-12T02:40:44Z |
| CVE-2025-24801 | r1beirin/CVE-2025-24801 | no description | 2025-04-19T01:59:30Z |
| CVE-2025-24801 | fatkz/CVE-2025-24801 | CVE-2025-24801 Exploit | 2025-05-05T23:22:18Z |
| CVE-2025-24799 | realcodeb0ss/CVE-2025-24799-PoC | no description | 2025-03-31T15:48:12Z |
| CVE-2025-24799 | MuhammadWaseem29/CVE-2025-24799 | no description | 2025-04-03T16:55:11Z |
| CVE-2025-24799 | MatheuZSecurity/Exploit-CVE-2025-24799 | CVE-2025-24799 Exploit: GLPI - Unauthenticated SQL Injection | 2025-04-15T04:57:39Z |
| CVE-2025-24799 | galletitaconpate/CVE-2025-24799 | no description | 2025-05-22T20:49:43Z |
| CVE-2025-24797 | Alainx277/CVE-2025-24797 | Meshtastic buffer overflow vulnerability - CVE-2025-24797 | 2025-04-16T19:04:44Z |
| CVE-2025-2476 | McTavishSue/CVE-2025-2476 | Use After Free (CWE-416) | 2025-03-20T13:44:52Z |
| CVE-2025-24752 | bartfroklage/CVE-2025-24752-POC | POC for CVE-2025-24752. | 2025-03-01T08:25:38Z |
| CVE-2025-24752 | Sachinart/essential-addons-for-elementor-xss-poc | Hi, I am Chirag Artani. This is the POC of Reflected XSS in Essential Addons for Elementor Affecting 2+ Million Sites - CVE-2025-24752 | 2025-02-26T09:28:45Z |
| CVE-2025-24659 | DoTTak/CVE-2025-24659 | PoC of CVE-2025-24659 | 2025-01-31T01:01:49Z |
| CVE-2025-24587 | DoTTak/CVE-2025-24587 | PoC of CVE-2025-24587 | 2025-01-31T00:54:20Z |
| CVE-2025-24514 | KimJuhyeong95/cve-2025-24514 | no description | 2025-06-11T20:04:09Z |
| CVE-2025-24271 | moften/CVE-2025-24271 | Vulnerabilidad en AirPlay expone información sensible en dispositivos Apple | 2025-04-30T19:59:56Z |
| CVE-2025-24252 | apwlq/AirBorne-PoC | poc for CVE-2025-24252 & CVE-2025-24132 | 2025-05-06T14:18:09Z |
| CVE-2025-24252 | cakescats/airborn-IOS-CVE-2025-24252 | iOS Airborne vulnerabilities log artifact extractor from LogArchive CVE-2025-24252 | 2025-05-10T23:50:40Z |
| CVE-2025-24252 | ekomsSavior/AirBorne-PoC | poc for CVE-2025-24252 & CVE-2025-24132 | 2025-04-29T22:12:52Z |
| CVE-2025-24252 | B1ack4sh/Blackash-CVE-2025-24252 | CVE-2025-24252 | 2025-06-11T10:27:37Z |
| CVE-2025-24203 | BlueDiamond2021/iOS-CVE-2025-24203-Paths | Random paths for use with CVE-2025-24203 | 2025-05-10T19:12:52Z |
| CVE-2025-24203 | GeoSn0w/CVE-2025-24203-iOS-Exploit-With-Error-Logging | Slightly improved exploit of the CVE-2025-24203 iOS vulnerability by Ian Beer of Google Project Zero | 2025-05-12T16:02:21Z |
| CVE-2025-24203 | pxx917144686/iDevice_ZH | CVE-2025-24203漏洞 | 2025-05-25T05:34:30Z |
| CVE-2025-24203 | jailbreakdotparty/dirtyZero | Basic customization app using CVE-2025-24203. Patched in iOS 18.4. | 2025-05-09T07:18:55Z |
| CVE-2025-24201 | The-Maxu/CVE-2025-24201-WebKit-Vulnerability-Detector-PoC- | CVE-2025-24201 WebKit Vulnerability Detector (PoC) | 2025-07-11T14:01:00Z |
| CVE-2025-24200 | McTavishSue/CVE-2025-24200 | CVE-2025-24200 - Incorrect Authorization | 2025-02-11T15:05:25Z |
| CVE-2025-24132 | Feralthedogg/CVE-2025-24132-Scanner | no description | 2025-05-14T14:20:09Z |
| CVE-2025-24118 | jprx/CVE-2025-24118 | An XNU kernel race condition bug | 2025-01-30T00:10:44Z |
| CVE-2025-24118 | rawtips/-CVE-2025-24118 | no description | 2025-02-01T22:20:18Z |
| CVE-2025-24104 | ifpdz/CVE-2025-24104 | no description | 2025-01-24T10:41:12Z |
| CVE-2025-24104 | missaels235/POC-CVE-2025-24104-Py | no description | 2025-05-18T18:11:27Z |
| CVE-2025-24085 | bronsoneaver/CVE-2025-24085 | CVE-2025-24085: Incorrect Default Permissions (CWE-276) | 2025-01-30T11:08:45Z |
| CVE-2025-24085 | apt-007/12345 | CVE-2025-24085漏洞 和 Schemeshare漏洞 | 2025-05-13T15:55:24Z |
| CVE-2025-24076 | mbanyamer/CVE-2025-24076 | no description | 2025-06-06T21:35:57Z |
| CVE-2025-24071 | FOLKS-iwd/CVE-2025-24071-msfvenom | metasploit module for the CVE-2025-24071 | 2025-03-18T14:43:28Z |
| CVE-2025-24071 | shacojx/CVE-2025-24071-Exploit | Exploit CVE-2025-24071 | 2025-03-21T02:43:32Z |
| CVE-2025-24071 | 0x6rss/CVE-2025-24071_PoC | CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File | 2025-03-16T20:10:19Z |
| CVE-2025-24071 | ctabango/CVE-2025-24071_PoCExtra | Alternativa CVE-2025-24071_PoC | 2025-03-19T21:37:54Z |
| CVE-2025-24071 | aleongx/CVE-2025-24071 | Windows File Explorer Spoofing Vulnerability (CVE-2025-24071) | 2025-03-19T18:54:53Z |
| CVE-2025-24071 | Marcejr117/CVE-2025-24071_PoC | A PoC of CVE-2025-24071, A windows vulnerability that allow get NTMLv2 hashes | 2025-03-27T14:36:29Z |
| CVE-2025-24071 | rubbxalc/CVE-2025-24071 | no description | 2025-03-27T09:49:54Z |
| CVE-2025-24071 | ThemeHackers/CVE-2025-24071 | Windows File Explorer Spoofing Vulnerability (CVE-2025-24071) | 2025-03-27T08:32:38Z |
| CVE-2025-24071 | cesarbtakeda/Windows-Explorer-CVE-2025-24071 | no description | 2025-03-29T18:00:29Z |
| CVE-2025-24071 | pswalia2u/CVE-2025-24071_POC | no description | 2025-04-21T20:05:07Z |
| CVE-2025-24071 | LOOKY243/CVE-2025-24071-PoC | CVE-2025-24071 Proof Of Concept | 2025-05-27T13:20:23Z |
| CVE-2025-24071 | B1ack4sh/Blackash-CVE-2025-24071 | CVE-2025-24071 | 2025-06-09T09:05:59Z |
| CVE-2025-24071 | TH-SecForge/CVE-2025-24071 | Security Vulnerability Report: CVE-2025-24071 - Windows File Explorer Spoofing Vulnerability | 2025-06-09T06:47:14Z |
| CVE-2025-24071 | ex-cal1bur/SMB_CVE-2025-24071 | Exploited CVE-2025-24071 via SMB by hosting a .library-ms file inside a .tar archive. Using tar x from smbclient, the payload is extracted server-side without user interaction. Responder captures the NTLM hash once the target accesses the library. | 2025-05-28T00:21:32Z |
| CVE-2025-24071 | DeshanFer94/CVE-2025-24071-POC-NTLMHashDisclosure- | CVE-2025-24071: NTLMv2 Hash Disclosure via .library-ms File | 2025-06-13T05:08:22Z |
| CVE-2025-24071 | f4dee-backup/CVE-2025-24071 | Windows File Explorer Spoofing Vulnerability - CVE-2025-24071 | 2025-05-26T01:01:17Z |
| CVE-2025-24071 | Royall-Researchers/CVE-2025-24071 | no description | 2025-07-05T09:22:29Z |
| CVE-2025-24054 | xigney/CVE-2025-24054_PoC | PoC - CVE-2025-24071 / CVE-2025-24054, NTMLv2 hash'leri alınabilen bir vulnerability | 2025-04-18T11:17:48Z |
| CVE-2025-24054 | S4mma3l/CVE-2025-24054 | no description | 2025-05-01T21:57:19Z |
| CVE-2025-24054 | moften/CVE-2025-24054 | Vulnerabilidad NTLM (CVE-2025-24054) explotada para robo de hashes | 2025-05-19T19:53:11Z |
| CVE-2025-24054 | helidem/CVE-2025-24054_CVE-2025-24071-PoC | Proof of Concept for the NTLM Hash Leak via .library-ms CVE-2025-24054 / CVE-2025-24071 | 2025-04-22T13:04:41Z |
| CVE-2025-24054 | Yuri08loveElaina/CVE-2025-24054_POC | CVE 2025 24054 | 2025-06-14T06:46:00Z |
| CVE-2025-2404 | sahici/CVE-2025-2404 | USOM Tarafından resmi yayın beklenmektedir. | 2025-04-24T21:22:05Z |
| CVE-2025-24035 | MSeymenD/cve-2025-24035-rds-websocket-dos-test | 🛡️ Safe simulation for CVE-2025-24035 to test RD Gateway WebSocket handling with oversized headers. | 2025-06-12T08:51:55Z |
| CVE-2025-24016 | huseyinstif/CVE-2025-24016-Nuclei-Template | no description | 2025-02-13T06:38:43Z |
| CVE-2025-24016 | MuhammadWaseem29/CVE-2025-24016 | CVE-2025-24016: RCE in Wazuh server! Remote Code Execution | 2025-02-20T23:31:03Z |
| CVE-2025-24016 | 0xjessie21/CVE-2025-24016 | CVE-2025-24016: Wazuh Unsafe Deserialization Remote Code Execution (RCE) | 2025-02-16T11:01:12Z |
| CVE-2025-24016 | celsius026/poc_CVE-2025-24016 | no description | 2025-04-15T14:24:45Z |
| CVE-2025-24016 | cybersecplayground/CVE-2025-24016-Wazuh-Remote-Code-Execution-RCE-PoC | A critical RCE vulnerability has been identified in the Wazuh server due to unsafe deserialization in the wazuh-manager package. This bug affects Wazuh versions ≥ 4.4.0 and has been patched in version 4.9.1. | 2025-04-21T19:13:01Z |
| CVE-2025-24016 | B1ack4sh/Blackash-CVE-2025-24016 | CVE-2025-24016 | 2025-06-10T21:07:52Z |
| CVE-2025-24016 | rxerium/CVE-2025-24016 | Detection for CVE-2025-24016 - Deserialization of Untrusted Data Vulnerability in the Wazuh software | 2025-06-10T18:54:29Z |
| CVE-2025-24016 | guinea-offensive-security/Wazuh-RCE | Wazuh 8.4 CVE-2025-24016 | 2025-07-13T23:56:54Z |
| CVE-2025-24011 | Puben/CVE-2025-24011-PoC | Umbraco User Enum - CVE-2025-24011 PoC | 2025-03-21T11:41:02Z |
| CVE-2025-23968 | d0n601/CVE-2025-23968 | Arbitrary File Upload in AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o <= 1.8.4 | 2025-07-03T19:34:49Z |
| CVE-2025-23942 | Nxploited/CVE-2025-23942-poc | WP Load Gallery <= 2.1.6 - Authenticated (Author+) Arbitrary File Upload | 2025-02-25T08:26:22Z |
| CVE-2025-23922 | Nxploited/CVE-2025-23922 | WordPress iSpring Embedder plugin <= 1.0 - CSRF to Arbitrary File Upload vulnerability | 2025-03-21T09:50:00Z |
| CVE-2025-23369 | Arian91/CVE-2025-23369_SAML_bypass | bypass SAML authentication on GitHub Enterprise | 2025-02-09T04:47:09Z |
| CVE-2025-23369 | hakivvi/CVE-2025-23369 | GitHub Entreprise Server SAML authentication bypass (CVE-2025-23369) exploit | 2025-02-08T18:13:04Z |
| CVE-2025-2324565 | cydragLINUX/CVE-2025-23245655 | no description | 2025-06-14T07:02:39Z |
| CVE-2025-23167 | abhisek3122/CVE-2025-23167 | Working exploit for CVE-2025-23167 – HTTP request smuggling in vulnerable Node.js 20.x versions before 20.19.2 | 2025-07-15T17:51:09Z |
| CVE-2025-23040 | GabrieleDattile/CVE-2025-23040 | no description | 2025-01-31T21:27:42Z |
| CVE-2025-2301 | sahici/CVE-2025-2301 | USOM Tarafından resmi yayın beklenmektedir. | 2025-04-24T21:21:33Z |
| CVE-2025-22968 | CRUNZEX/CVE-2025-22968 | no description | 2025-01-05T06:51:58Z |
| CVE-2025-22964 | padayali-JD/CVE-2025-22964 | no description | 2025-01-14T18:52:01Z |
| CVE-2025-22963 | samplev45/CVE-2025-22963 | no description | 2025-07-05T06:29:54Z |
| CVE-2025-22954 | RandomRobbieBF/CVE-2025-22954 | Koha CVE-2025-22954: SQL Injection in lateissues-export.pl | 2025-03-19T10:47:09Z |
| CVE-2025-22953 | maliktawfiq/CVE-2025-22953 | EPICOR HCM Unauthenticated Blind SQL Injection CVE-2025-22953 | 2025-03-26T08:51:40Z |
| CVE-2025-2294 | Nxploited/CVE-2025-2294 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion | 2025-03-27T19:09:51Z |
| CVE-2025-2294 | mrrivaldo/CVE-2025-2294 | no description | 2025-03-31T11:51:07Z |
| CVE-2025-2294 | realcodeb0ss/CVE-2025-2294-PoC | CVE-2025-2294 < Wordpress Kubio[Plugin] - Local File Inclusion[LFI]. | 2025-04-03T23:00:09Z |
| CVE-2025-2294 | rhz0d/CVE-2025-2294 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion | 2025-04-15T19:27:16Z |
| CVE-2025-2294 | romanedutov/CVE-2025-2294 | no description | 2025-04-26T16:59:17Z |
| CVE-2025-2294 | Yucaerin/CVE-2025-2294 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion | 2025-05-13T20:16:49Z |
| CVE-2025-2294 | 0xWhoami35/CVE-2025-2294 | no description | 2025-05-24T08:35:51Z |
| CVE-2025-22870 | JoshuaProvoste/CVE-2025-22870 | PoC CVE-2025-22870 (SSRF) | 2025-06-08T00:40:42Z |
| CVE-2025-22870 | B1ack4sh/Blackash-CVE-2025-22870 | CVE-2025-22870 | 2025-07-16T21:02:22Z |
| CVE-2025-22828 | Stolichnayer/CVE-2025-22828 | Apache CloudStack vulnerability allows unauthorized access to annotations on certain resources. | 2025-01-30T19:26:38Z |
| CVE-2025-22785 | RandomRobbieBF/CVE-2025-22785 | Course Booking System <= 6.0.5 - Unauthenticated SQL Injection | 2025-01-23T10:21:22Z |
| CVE-2025-22783 | DoTTak/CVE-2025-22783 | PoC of CVE-2025-22783 | 2025-01-15T00:48:09Z |
| CVE-2025-22710 | DoTTak/CVE-2025-22710 | PoC of CVE-2025-22710 | 2025-01-16T00:35:29Z |
| CVE-2025-2266 | Nxploited/CVE-2025-2266 | Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update | 2025-03-29T19:35:57Z |
| CVE-2025-22652 | DoTTak/CVE-2025-22652 | PoC of CVE-2025-22652 | 2025-02-04T05:39:49Z |
| CVE-2025-22620 | EliahKagan/checkout-index | Reproducer for CVE-2025-22620 | 2025-01-19T05:31:13Z |
| CVE-2025-22604 | ishwardeepp/CVE-2025-22604-Cacti-RCE | no description | 2025-03-15T18:16:33Z |
| CVE-2025-22510 | DoTTak/CVE-2025-22510 | PoC of CVE-2025-22510 | 2025-01-08T01:02:02Z |
| CVE-2025-2249 | Nxploited/CVE-2025-2249 | WordPress SoJ SoundSlides Plugin <= 1.2.2 is vulnerable to Arbitrary File Upload | 2025-03-28T22:57:32Z |
| CVE-2025-22457 | N4SL1/CVE-2025-22457-PoC | CVE-2025-22457 Python and Metasploit PoC for Ivanti unauthenticated RCE | 2025-04-08T12:01:13Z |
| CVE-2025-22457 | llussiess/CVE-2025-22457 | no description | 2025-04-12T16:38:08Z |
| CVE-2025-22457 | Vinylrider/ivantiunlocker | Prevent CVE-2025-22457 and other security problems with Juniper/Ivanti Secure Connect SSL VPN | 2025-04-08T09:31:01Z |
| CVE-2025-22457 | securekomodo/CVE-2025-22457 | CVE-2025-22457: Python Exploit POC Scanner to Detect Ivanti Connect Secure RCE | 2025-04-10T03:27:30Z |
| CVE-2025-22457 | sfewer-r7/CVE-2025-22457 | PoC for CVE-2025-22457 | 2025-04-09T14:39:25Z |
| CVE-2025-22457 | TRone-ux/CVE-2025-22457 | PoC CVE-2025-22457 | 2025-05-25T22:52:53Z |
| CVE-2025-22457 | B1ack4sh/Blackash-CVE-2025-22457 | CVE-2025-22457 | 2025-07-13T10:43:52Z |
| CVE-2025-22352 | DoTTak/CVE-2025-22352 | PoC of CVE-2025-22352 | 2025-01-06T01:59:29Z |
| CVE-2025-2233 | McTavishSue/CVE-2025-2233 | Improper Verification of Cryptographic Signature (CWE-347) | 2025-03-12T08:54:24Z |
| CVE-2025-22226 | bronsoneaver/vme-escape | (including : CVE-2025-22226, CVE-2025-22225, CVE-2025-22224) | 2025-03-25T12:53:53Z |
| CVE-2025-22223 | 1ucky7/cve-2025-22223-demo-1.0.0 | cve-2025-22223 漏洞复现 | 2025-04-03T07:30:31Z |
| CVE-2025-22056 | henrymartin262/CVE-2025-22056-exploit | no description | 2025-06-04T07:36:46Z |
| CVE-2025-21756 | hoefler02/CVE-2025-21756 | Exploit for CVE-2025-21756 for Linux kernel 6.6.75. My first linux kernel exploit! | 2025-04-18T14:22:15Z |
| CVE-2025-21756 | khoatran107/cve-2025-21756 | no description | 2025-06-26T02:47:49Z |
| CVE-2025-21574 | mdriaz009/CVE-2025-21574-Exploit | no description | 2025-07-09T23:34:49Z |
| CVE-2025-21497 | Urbank-61/cve-2025-21497-lab | CSC180 final project presentation of a vulnerable CVE | 2025-04-24T17:44:05Z |
| CVE-2025-21479 | zhuowei/cheese | CVE-2025-21479 proof-of-concept, I think | 2025-06-19T19:47:52Z |
| CVE-2025-21420 | toxy4ny/edge-maradeur | Exploiting a vulnerability in Windows Disk Cleanup to elevate privileges and provide access to protected data in Edge by bypassing the security feature. CVE-2025-21420 and CVE-2025-21401. | 2025-02-20T15:10:51Z |
| CVE-2025-21420 | Network-Sec/CVE-2025-21420-PoC | We found a way to DLL sideload with cleanmgr.exe | 2025-02-17T08:59:22Z |
| CVE-2025-21420 | moiz-2x/CVE-2025-21420_POC | Proof of Concept CVE-2025-21420 (Windows Disk Cleanup Tool EoP) | 2025-06-12T17:25:21Z |
| CVE-2025-21385 | Pauloxc6/CVE-2025-21385 | The SSRF vulnerability in Microsoft Purview | 2025-01-16T00:14:12Z |
| CVE-2025-2135 | Wa1nut4/CVE-2025-2135 | no description | 2025-05-19T02:14:08Z |
| CVE-2025-2135 | sangnguyenthien/CVE-2025-2135 | no description | 2025-06-17T09:41:51Z |
| CVE-2025-21333 | aleongx/KQL_sentinel_CVE-2025-21333 | KQL para deteccion de CVE-2025-21333 en Sentinel | 2025-03-11T17:32:07Z |
| CVE-2025-21333 | MrAle98/CVE-2025-21333-POC | POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY | 2025-02-27T12:36:55Z |
| CVE-2025-21333 | B1ack4sh/Blackash-CVE-2025-21333 | CVE-2025-21333 | 2025-06-11T19:59:15Z |
| CVE-2025-21307 | git-account7/CVE-2025-21307 | CVE-2025-21307 | 2025-05-10T07:37:51Z |
| CVE-2025-21298 | ynwarcs/CVE-2025-21298 | Proof of concept & details for CVE-2025-21298 | 2025-01-20T18:16:51Z |
| CVE-2025-21298 | Dit-Developers/CVE-2025-21298 | A Critical Windows OLE Zero-Click Vulnerability | 2025-03-07T16:54:15Z |
| CVE-2025-21298 | Denyningbow/rtf-ctf-cve-2025-21298 | A safe CTF challenge demonstrating CVE-2025-21298 using RTF and OLE objects. | 2025-03-28T03:10:19Z |
| CVE-2025-21298 | mr-big-leach/CVE-2025-21298 | no description | 2025-04-13T17:18:41Z |
| CVE-2025-21293 | ahmedumarehman/CVE-2025-21293 | CVE-2025-21293 is an elevation of privilege vulnerability in Active Directory Domain Services. It allows "Network Configuration Operators" to execute code with SYSTEM privileges via Windows Performance Counters. Affected Windows versions include Windows 10, 11, and Server. Microsoft patched this in January 2025. Apply updates to mitigate risks. | 2025-03-10T20:58:13Z |
| CVE-2025-21204 | mmotti/Reset-inetpub | Restore the integrity of the parent 'inetpub' folder following security implications highlighted by CVE-2025-21204. | 2025-04-24T16:26:27Z |
| CVE-2025-2082 | Burak1320demiroz/cve-2025-2082 | no description | 2025-06-13T00:32:41Z |
| CVE-2025-20286 | rbaicba/CVE-2025-20286 | no description | 2025-06-11T20:32:53Z |
| CVE-2025-20281 | grupooruss/CVE-2025-20281-Cisco | This script checks for the presence of the CVE-2025-20281 vulnerability in Cisco Identity Services Engine (ISE) and ISE-PIC, which allows unauthenticated remote code execution (RCE) as root due to insufficient input validation in a specific API. | 2025-07-03T02:10:37Z |
| CVE-2025-20281 | ill-deed/Cisco-CVE-2025-20281-illdeed | Unauthenticated Remote Code Execution exploit for CVE-2025-20281 in Cisco ISE ERS API. Execute commands or launch reverse shells as root — no authentication required. | 2025-07-04T14:59:02Z |
| CVE-2025-20281 | B1ack4sh/Blackash-CVE-2025-20281 | CVE-2025-20281 | 2025-07-06T13:20:43Z |
| CVE-2025-20281 | abrewer251/CVE-2025-20281-2-Cisco-ISE-RCE | Unauthenticated Python PoC for CVE-2025-20281 RCE against ISE ERS API | 2025-06-27T21:07:27Z |
| CVE-2025-20124 | Yuri08loveElaina/CVE-2025-20124_and_CVE-2025-20125 | A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. | 2025-06-16T07:44:34Z |
| CVE-2025-2011 | datagoboom/CVE-2025-2011 | PoC for CVE-2025-2011 - SQLi in Depicter plugin <= 3.6.1 | 2025-05-06T20:14:09Z |
| CVE-2025-2005 | Nxploited/CVE-2025-2005 | WordPress Front End Users Plugin <= 3.2.32 is vulnerable to Arbitrary File Upload | 2025-04-02T01:50:33Z |
| CVE-2025-2005 | h4ckxel/CVE-2025-2005 | no description | 2025-04-03T17:05:46Z |
| CVE-2025-2005 | mrmtwoj/CVE-2025-2005 | WordPress FEUP Arbitrary File Upload Exploit (CVE-2025-2005) | 2025-04-06T18:14:04Z |
| CVE-2025-20029 | mbadanoiu/CVE-2025-20029 | CVE-2025-20029: Command Injection in TMSH CLI in F5 BIG-IP | 2025-02-23T18:36:11Z |
| CVE-2025-20029 | schoi1337/CVE-2025-20029-simulation | Simulated environment for CVE-2025-20029 using Docker. Includes PoC and auto-reporting. | 2025-05-01T05:46:42Z |
| CVE-2025-1974 | yoshino-s/CVE-2025-1974 | no description | 2025-03-25T13:23:01Z |
| CVE-2025-1974 | yanmarques/CVE-2025-1974 | no description | 2025-03-25T18:49:23Z |
| CVE-2025-1974 | m-q-t/ingressnightmare-detection-poc | Proof-of-Concept Tool to detect IngressNightmare (CVE-2025-1974) via (non-intrusive) active means. | 2025-03-26T15:44:43Z |
| CVE-2025-1974 | dttuss/IngressNightmare-RCE-POC | PoC for CVE-2025-1974: Critical RCE in Ingress-NGINX (<v1.12.1) via unsafe config injection. Exploitable from the pod network without credentials, enabling code execution and potential cluster takeover. Fixed in v1.12.1 and v1.11.5. For research/education only. | 2025-03-26T09:48:13Z |
| CVE-2025-1974 | hi-unc1e/CVE-2025-1974-poc | PoC of CVE-2025-1974, modified from the world-first PoC~ | 2025-03-26T16:54:37Z |
| CVE-2025-1974 | 0xBingo/CVE-2025-1974 | A minimal test tool to help detect annotation injection vulnerabilities in Kubernetes NGINX Ingress controllers. This script sends a crafted AdmissionReview request to simulate a potential exploit path from CVE-2025-1974 and checks for signs of misinterpreted annotations in controller logs. | 2025-03-27T03:28:01Z |
| CVE-2025-1974 | tuladhar/ingress-nightmare | IngressNightmare (CVE-2025-1974) | 2025-03-27T18:48:20Z |
| CVE-2025-1974 | rjhaikal/POC-IngressNightmare-CVE-2025-1974 | POC IngressNightmare (CVE-2025-1974), modified from https://github.com/yoshino-s/CVE-2025-1974 | 2025-03-28T16:57:02Z |
| CVE-2025-1974 | zulloper/CVE-2025-1974 | CVE-2025-1974 PoC 코드 | 2025-03-31T08:31:03Z |
| CVE-2025-1974 | zwxxb/CVE-2025-1974 | Poc for Ingress RCE | 2025-03-26T14:49:29Z |
| CVE-2025-1974 | sandumjacob/IngressNightmare-POCs | Worlds First Public POC for CVE-2025-1974 lol | 2025-03-24T21:51:04Z |
| CVE-2025-1974 | Rubby2001/CVE-2025-1974-go | Exploit CVE-2025-1974 with a single file. | 2025-04-10T07:25:03Z |
| CVE-2025-1974 | salt318/CVE-2025-1974 | WHS3기 가상화 취약한(CVE) Docker 환경 구성 과제 | 2025-04-27T05:07:01Z |
| CVE-2025-1974 | chhhd/CVE-2025-1974 | no description | 2025-04-26T02:30:49Z |
| CVE-2025-1974 | Esonhugh/ingressNightmare-CVE-2025-1974-exps | IngressNightmare POC. world first remote exploitation and with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-24514 - auth-url injection, CVE-2025-1097 - auth-tls-match-cn injection, CVE-2025-1098 – mirror UID injection -- all available. | 2025-03-26T06:43:36Z |
| CVE-2025-1974 | abrewer251/CVE-2025-1974_IngressNightmare_PoC | no description | 2025-05-06T23:49:22Z |
| CVE-2025-1974 | Rickerd12/exploit-cve-2025-1974 | no description | 2025-05-19T14:51:41Z |
| CVE-2025-1974 | B1ack4sh/Blackash-CVE-2025-1974 | CVE-2025-1974 | 2025-06-26T09:24:29Z |
| CVE-2025-1974 | Armand2002/Exploit-CVE-2025-1974-Lab | no description | 2025-07-14T13:46:24Z |
| CVE-2025-1793 | Usama-Figueira/-CVE-2025-1793-poc | no description | 2025-06-11T23:06:50Z |
| CVE-2025-1734 | WolfThere/cve_2025-1734 | no description | 2025-03-25T12:38:15Z |
| CVE-2025-1718 | issamjr/CVE-2025-1718-Scanner | CVE-2025-1718 - Hitachi Energy FTP Reboot Vulnerability Scanner | 2025-06-24T13:04:46Z |
| CVE-2025-1716 | shybu9/poc_CVE-2025-1716 | no description | 2025-03-04T14:07:33Z |
| CVE-2025-1661 | gbrsh/CVE-2025-1661 | HUSKY – Products Filter Professional for WooCommerce < 1.3.6.6 - Local File Inclusion PoC | 2025-03-13T13:45:18Z |
| CVE-2025-1661 | MuhammadWaseem29/CVE-2025-1661 | HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion (LFI) | 2025-03-18T19:06:40Z |
| CVE-2025-1653 | realcodeb0ss/CVE-2025-1653-poc | [WordPress uListing Plugin] <= Privilege Escalation Explo1t | 2025-03-28T23:44:02Z |
| CVE-2025-1639 | Nxploited/CVE-2025-1639 | Animation Addons for Elementor Pro <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation | 2025-03-13T10:48:05Z |
| CVE-2025-1562 | gmh5225/CVE-2025-1562 | no description | 2025-06-22T15:33:38Z |
| CVE-2025-1461 | neverendingsupport/nes-vuetify-cve-2025-1461 | no description | 2025-05-29T13:27:43Z |
| CVE-2025-1323 | p33d/cve-2025-1323 | WP-Recall Plugin SQL Injection | 2025-05-03T23:06:41Z |
| CVE-2025-1307 | Nxploited/CVE-2025-1307 | Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload | 2025-03-05T23:34:40Z |
| CVE-2025-1306 | Nxploited/CVE-2025-1306 | Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload | 2025-03-06T01:21:37Z |
| CVE-2025-1304 | Nxploited/CVE-2025-1304 | WordPress NewsBlogger Theme <= 0.2.5.1 is vulnerable to Arbitrary File Upload | 2025-05-02T11:30:50Z |
| CVE-2025-1302 | EQSTLab/CVE-2025-1302 | JSONPath-plus Remote Code Execution | 2025-02-25T08:36:28Z |
| CVE-2025-1219 | ediop3SquadALT/ediop3PHP | A PHP CVE-2025-1219 SCANNER. In bash no root. | 2025-04-02T17:50:33Z |
| CVE-2025-1097 | hakaioffsec/IngressNightmare-PoC | This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974). | 2025-03-26T18:52:20Z |
| CVE-2025-1097 | lufeirider/IngressNightmare-PoC | IngressNightmare-PoC: (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974) PoC ,One-click script 。 一键脚本 | 2025-03-30T08:32:56Z |
| CVE-2025-1094 | soltanali0/CVE-2025-1094-Exploit | WebSocket and SQL Injection Exploit Script | 2025-02-27T11:08:10Z |
| CVE-2025-1094 | shacojx/CVE-2025-1094-Exploit | CVE-2025-1094 Exploit SQL Injection to RCE via WebSocket in PostgreSQL | 2025-03-05T04:20:24Z |
| CVE-2025-1094 | ishwardeepp/CVE-2025-1094-PoC-Postgre-SQLi | no description | 2025-03-14T20:21:57Z |
| CVE-2025-1094 | B1ack4sh/Blackash-CVE-2025-1094 | CVE-2025-1094 | 2025-06-23T18:01:15Z |
| CVE-2025-1094 | aninfosec/CVE-2025-1094 | It is an input sanitization flaw caused by an encoding mismatch, allowing crafted input to bypass filters. If a server is vulnerable, an attacker can inject malicious SQL that the backend executes. | 2025-06-18T15:18:33Z |
| CVE-2025-1015 | r3m0t3nu11/CVE-2025-1015 | an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript | 2025-02-06T08:35:56Z |
| CVE-2025-0994 | rxerium/CVE-2025-0994 | Cityworks deserialization of untrusted data vulnerability Detection | 2025-02-07T14:13:08Z |
| CVE-2025-0924 | skrkcb2/CVE-2025-0924-different | no description | 2025-02-21T04:49:36Z |
| CVE-2025-0868 | aidana-gift/CVE-2025-0868 | no description | 2025-05-25T13:14:41Z |
| CVE-2025-0851 | skrkcb2/CVE-2025-0851 | no description | 2025-02-17T09:33:28Z |
| CVE-2025-0411 | iSee857/CVE-2025-0411-PoC | 7-Zip Mark-of-the-Web绕过漏洞PoC(CVE-2025-0411) | 2025-01-27T07:32:09Z |
| CVE-2025-0411 | cesarbtakeda/7-Zip-CVE-2025-0411-POC | no description | 2025-02-23T02:55:44Z |
| CVE-2025-0411 | dhmosfunk/7-Zip-CVE-2025-0411-POC | This repository contains POC scenarios as part of CVE-2025-0411 MotW bypass. | 2025-01-22T14:40:34Z |
| CVE-2025-0411 | ishwardeepp/CVE-2025-0411-MoTW-PoC | no description | 2025-02-19T04:47:59Z |
| CVE-2025-0411 | betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass | CVE-2025-0411 7-Zip Mark-of-the-Web Bypass | 2025-05-11T15:38:31Z |
| CVE-2025-0411 | B1ack4sh/Blackash-CVE-2025-0411 | CVE-2025-0411 | 2025-07-05T14:29:37Z |
| CVE-2025-0401 | CyberSecurityUP/CVE-2025-0401 | Privilege Escalation using Passwd - April Fools prank | 2025-04-01T14:23:43Z |
| CVE-2025-0401 | Darabium/Gombruc | This vulnerability is related to CVE-2025-0401, which affects all Linux systems. With the help of this bash script, you can give your user any level of access, up to and including Root access. Warning: This exploit is for educational purposes only and any exploitation of this vulnerability is risky. | 2025-04-29T09:03:49Z |
| CVE-2025-0364 | vulncheck-oss/cve-2025-0364 | CVE-2025-0364: BigAnt Server RCE Exploit | 2025-02-27T18:34:38Z |
| CVE-2025-0316 | zorvithonleon/CVE-2025-0316-Exploit | no description | 2025-06-05T18:41:12Z |
| CVE-2025-0282 | Hexastrike/Ivanti-Connect-Secure-Logs-Parser | A Python script for examining Ivanti Secure Connect (ICS) event logs, designed to support investigations into vulnerabilities CVE-2025-0282, CVE-2023-46805, and CVE-2024-21887. | 2025-01-19T09:02:37Z |
| CVE-2025-0282 | AnonStorks/CVE-2025-0282-Full-version | # CVE-2025-0282: Remote Code Execution Vulnerability in [StorkS] | 2025-01-12T11:58:40Z |
| CVE-2025-0282 | absholi7ly/CVE-2025-0282-Ivanti-exploit | CVE-2025-0282 is a critical vulnerability found in Ivanti Connect Secure, allowing Remote Command Execution (RCE) through a buffer overflow exploit. | 2025-01-11T02:06:51Z |
| CVE-2025-0282 | AdaniKamal/CVE-2025-0282 | Ivanti Connect Secure, Policy Secure & ZTA Gateways - CVE-2025-0282 | 2025-01-28T07:56:05Z |
| CVE-2025-0282 | almanatra/CVE-2025-0282 | Exploit for CVE-2025-0282: A remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways | 2025-01-22T08:14:54Z |
| CVE-2025-0282 | watchtowrlabs/CVE-2025-0282 | Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE (CVE-2025-0282) | 2025-01-15T18:27:12Z |
| CVE-2025-0282 | sfewer-r7/CVE-2025-0282 | PoC for CVE-2025-0282: A remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways | 2025-01-16T14:45:53Z |
| CVE-2025-0282 | 44xo/CVE-2025-0282 | no description | 2025-02-25T16:44:54Z |
| CVE-2025-0282 | punitdarji/Ivanti-CVE-2025-0282 | Ivanti Remote code execution | 2025-03-10T21:33:36Z |
| CVE-2025-0282 | B1ack4sh/Blackash-CVE-2025-0282 | CVE-2025-0282 | 2025-06-07T18:39:08Z |
| CVE-2025-0133 | dodiorne/cve-2025-0133 | no description | 2025-05-23T13:08:43Z |
| CVE-2025-0133 | wiseep/CVE-2025-0133 | Palo Alto - Global Protect - Reflected XSS | 2025-06-18T10:06:17Z |
| CVE-2025-0133 | ynsmroztas/-CVE-2025-0133-GlobalProtect-XSS | CVE-2025-0133 GlobalProtect XSS | 2025-06-17T17:59:08Z |
| CVE-2025-0133 | INTELEON404/CVE-2025-0133 | Reflected XSS vulnerability found in Palo Alto GlobalProtect Gateway & Portal. Attackers can inject malicious scripts via crafted requests. | 2025-06-24T10:25:32Z |
| CVE-2025-0133 | shawarkhanethicalhacker/CVE-2025-0133-exploit | no description | 2025-07-11T20:58:34Z |
| CVE-2025-0108 | FOLKS-iwd/CVE-2025-0108-PoC | This repository contains a Proof of Concept (PoC) for the CVE-2025-0108 vulnerability, which is an authentication bypass issue in Palo Alto Networks' PAN-OS software. The scripts provided here test for the vulnerability by sending a crafted HTTP request to the target systems. | 2025-02-14T13:22:37Z |
| CVE-2025-0108 | iSee857/CVE-2025-0108-PoC | Palo Alto Networks PAN-OS 身份验证绕过漏洞批量检测脚本(CVE-2025-0108) | 2025-02-13T06:39:25Z |
| CVE-2025-0108 | sohaibeb/CVE-2025-0108 | PAN-OS CVE POC SCRIPT | 2025-02-19T16:00:04Z |
| CVE-2025-0108 | becrevex/CVE-2025-0108 | NSE script that checks for CVE-2025-0108 vulnerability in Palo Alto Networks PAN-OS | 2025-02-19T16:57:58Z |
| CVE-2025-0108 | barcrange/CVE-2025-0108-Authentication-Bypass-checker | no description | 2025-02-19T06:19:33Z |
| CVE-2025-0108 | fr4nc1stein/CVE-2025-0108-SCAN | Detects an authentication bypass vulnerability in Palo Alto PAN-OS (CVE-2025-0108). | 2025-02-18T21:04:45Z |
| CVE-2025-0108 | B1ack4sh/Blackash-CVE-2025-0108 | CVE-2025-0108 | 2025-06-19T12:19:26Z |
| CVE-2025-0087 | SpiralBL0CK/CVE-2025-0087 | POC DOS | 2025-03-05T18:53:46Z |
| CVE-2025-0087 | SpiralBL0CK/CVE-2025-0087- | CVE-2025-0087 EoP full PoC | 2025-03-05T13:31:02Z |
| CVE-2025-0086 | Mahesh-970/CVE-2025-0086 | no description | 2025-03-20T06:10:23Z |
| CVE-2025-0054 | z3usx01/CVE-2025-0054 | no description | 2025-04-20T16:05:07Z |
| CVE-2025-0011 | binarywarm/kentico-xperience13-AuthBypass-CVE-2025-0011 | CVE-2025-0011 (CVE not assigned yet) | 2025-03-30T17:32:04Z |
| CVE-2024-9955 | amfg145/CVE-2024-9955-POC | Fortinet Privilege Escalation Advisory CVE-2024-9955-POC: Elevation to Domain Admin on FortiOS and FortiProxy | 2024-10-31T20:23:15Z |
| CVE-2024-9950 | 0Nightsedge0/CVE-2024-9950-PoC | Forescout SecureConnector <= 11.3.07 | 2025-01-12T03:47:28Z |
| CVE-2024-9935 | RandomRobbieBF/CVE-2024-9935 | PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download | 2024-11-18T10:14:45Z |
| CVE-2024-9935 | verylazytech/CVE-2024-9935 | PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download | 2024-12-19T08:57:30Z |
| CVE-2024-9935 | Nxploited/CVE-2024-9935 | no description | 2024-12-25T22:59:07Z |
| CVE-2024-9933 | RandomRobbieBF/CVE-2024-9933 | WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check | 2024-11-05T20:55:09Z |
| CVE-2024-9933 | Nxploited/CVE-2024-9933 | no description | 2024-12-27T11:03:42Z |
| CVE-2024-9932 | RandomRobbieBF/CVE-2024-9932 | Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload | 2024-11-05T15:00:39Z |
| CVE-2024-9932 | Nxploited/CVE-2024-9932-POC | no description | 2025-01-11T22:09:55Z |
| CVE-2024-9926 | m3ssap0/wordpress-jetpack-broken-access-control-exploit | Exploits Jetpack < 13.9.1 broken access control (CVE-2024-9926). | 2024-11-01T14:03:55Z |
| CVE-2024-9926 | m3ssap0/wordpress-jetpack-broken-access-control-vulnerable-application | WARNING: This is a vulnerable application to test the exploit for the Jetpack < 13.9.1 broken access control (CVE-2024-9926). Run it at your own risk! | 2024-10-23T19:12:55Z |
| CVE-2024-9890 | RandomRobbieBF/CVE-2024-9890 | User Toolkit <= 1.2.3 - Authenticated (Subscriber+) Authentication Bypass | 2024-11-08T12:56:55Z |
| CVE-2024-9821 | RandomRobbieBF/CVE-2024-9821 | Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass | 2024-10-11T15:35:39Z |
| CVE-2024-9796 | RandomRobbieBF/CVE-2024-9796 | WordPress WP-Advanced-Search <= 3.3.9 - Unauthenticated SQL Injection | 2024-10-18T14:30:42Z |
| CVE-2024-9796 | issamjr/CVE-2024-9796 | WordPress WP-Advanced-Search <= 3.3.9 - Unauthenticated SQL Injection | 2024-11-15T22:55:18Z |
| CVE-2024-9796 | viniciuslazzari/CVE-2024-9796 | Vulnerable website to the CVE-2024-9796 | 2025-01-19T18:40:57Z |
| CVE-2024-9756 | Nxploited/CVE-2024-9756 | Order Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload | 2025-03-11T02:04:25Z |
| CVE-2024-9707 | RandomRobbieBF/CVE-2024-9707 | Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation | 2024-10-11T06:21:38Z |
| CVE-2024-9707 | Nxploited/CVE-2024-9707-Poc | he Hunk Companion Plugin for WordPress: Vulnerable to Unauthorized Plugin Installation/Activation (Versions Up to and Including 1.8.4) | 2025-01-12T23:35:02Z |
| CVE-2024-9698 | Nxploited/CVE-2024-9698 | Crafthemes Demo Import <= 3.3 - Authenticated ( Admin+) Arbitrary File Upload in process_uploaded_files | 2025-02-24T14:41:56Z |
| CVE-2024-9680 | tdonaworth/Firefox-CVE-2024-9680 | no description | 2024-10-17T16:10:38Z |
| CVE-2024-9680 | PraiseImafidon/Version_Vulnerability_Scanner | A vulnerability scanner for Firefox and Thunderbird that checks if your versions are out of date and susceptible to CVE-2024-9680. | 2025-01-02T12:21:19Z |
| CVE-2024-9659 | zetraxz/CVE-2024-9659 | CVE-2024-9659: Unrestricted Upload of File with Dangerous Type (CWE-434) | 2024-11-25T19:16:58Z |
| CVE-2024-9593 | RandomRobbieBF/CVE-2024-9593 | Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution | 2024-10-18T09:11:03Z |
| CVE-2024-9593 | 0x4f5da2-venom/CVE-2024-9593-EXP | CVE-2024-9593 WordPress插件的远程代码执行 | 2024-11-18T08:22:44Z |
| CVE-2024-9593 | Nxploited/CVE-2024-9593-Exploit | no description | 2025-01-01T15:49:36Z |
| CVE-2024-9570 | dylvie/CVE-2024-9570_D-Link-DIR-619L-bof | Exploit for CVE-2024-9570 | 2024-10-11T16:05:06Z |
| CVE-2024-9513 | ELIZEUOPAIN/Exploit-CVE-2024-9513-NetAdmin-IAM-Allows-User-Enumeration-In-Active-Directory | no description | 2025-03-14T20:09:39Z |
| CVE-2024-9506 | bio/vue-template-compiler-patched | Patched Vue 2.7.16 template compiler with fixes for CVE‑2024‑6783 and CVE-2024-9506 | 2025-04-16T12:50:48Z |
| CVE-2024-9474 | Chocapikk/CVE-2024-9474 | PAN-OS auth bypass + RCE | 2024-11-19T17:26:27Z |
| CVE-2024-9474 | deathvu/CVE-2024-9474 | PoC for PAN-OS Exploit | 2024-11-20T22:31:50Z |
| CVE-2024-9474 | hazesecurity/CVE-2024-9474 | no description | 2024-11-20T16:42:26Z |
| CVE-2024-9474 | k4nfr3/CVE-2024-9474 | no description | 2024-11-19T22:03:13Z |
| CVE-2024-9474 | coskper-papa/PAN-OS_CVE-2024-9474 | Palo Alto Networks PAN-OS(CVE-2024-9474) POC | 2024-12-11T03:10:41Z |
| CVE-2024-9474 | aratane/CVE-2024-9474 | Palo Alto RCE Vuln | 2025-01-16T20:07:14Z |
| CVE-2024-9466 | holypryx/CVE-2024-9466 | CVE-2024-9466 poc | 2024-10-19T08:22:13Z |
| CVE-2024-9465 | mustafaakalin/CVE-2024-9465 | Checkpoint SQL Injection via Time-Based Attack (CVE-2024-9465) | 2024-10-10T08:23:31Z |
| CVE-2024-9465 | horizon3ai/CVE-2024-9465 | Proof of Concept Exploit for CVE-2024-9465 | 2024-10-09T16:22:05Z |
| CVE-2024-9465 | XiaomingX/cve-2024-9465-poc | Proof of Concept Exploit for CVE-2024-9465 | 2024-12-03T12:16:44Z |
| CVE-2024-9464 | horizon3ai/CVE-2024-9464 | Proof of Concept Exploit for CVE-2024-9464 | 2024-10-09T16:36:25Z |
| CVE-2024-9441 | adhikara13/CVE-2024-9441 | Nortek Linear eMerge E3 Pre-Auth RCE PoC (CVE-2024-9441) | 2024-10-03T11:28:46Z |
| CVE-2024-9441 | p33d/CVE-2024-9441 | no description | 2024-10-10T21:29:08Z |
| CVE-2024-9441 | XiaomingX/cve-2024-9441-poc | CVE-2024-9441是影响Linear eMerge e3系列(版本1.00-07及之前)的操作系统命令注入漏洞。未经身份验证的远程攻击者可通过HTTP请求中“forgot_password”功能的“login_id”参数,执行任意操作系统命令。 | 2024-11-22T02:04:21Z |
| CVE-2024-9441 | jk-mayne/CVE-2024-9441-Checker | A simple python script to test for CVE-2024-9441. | 2024-12-09T17:49:37Z |
| CVE-2024-9326 | ghostwirez/CVE-2024-9326-PoC | This PoC script is designed to verify the presence of CVE-2024-9326, a high SQL Injection vulnerability in PHPGurukul Online Shopping Portal v2.0. It automates the exploitation process to determine if the target web application is vulnerable, allowing security professionals to assess and confirm the flaw's existence. | 2024-11-27T14:49:54Z |
| CVE-2024-9290 | RandomRobbieBF/CVE-2024-9290 | Super Backup & Clone - Migrate for WordPress <= 2.3.3 - Unauthenticated Arbitrary File Upload | 2024-12-13T10:49:12Z |
| CVE-2024-9290 | Jenderal92/CVE-2024-9290 | The tool targets WordPress websites that use the Super Backup & Clone plugin and are vulnerable to arbitrary file upload. | 2024-12-24T00:04:17Z |
| CVE-2024-9264 | z3k0sec/File-Read-CVE-2024-9264 | File Read Proof of Concept for CVE-2024-9264 | 2024-10-20T01:13:37Z |
| CVE-2024-9264 | nollium/CVE-2024-9264 | Exploit for Grafana arbitrary file-read (CVE-2024-9264) | 2024-10-19T13:50:52Z |
| CVE-2024-9264 | PunitTailor55/Grafana-CVE-2024-9264 | no description | 2024-10-21T10:25:27Z |
| CVE-2024-9264 | z3k0sec/CVE-2024-9264-RCE-Exploit | Grafana RCE exploit (CVE-2024-9264) | 2024-10-21T03:36:05Z |
| CVE-2024-9234 | RandomRobbieBF/CVE-2024-9234 | GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload | 2024-10-17T18:48:12Z |
| CVE-2024-9234 | CallMeBatosay/CVE-2024-9234 | no description | 2024-11-07T04:56:44Z |
| CVE-2024-9234 | Nxploited/CVE-2024-9234 | no description | 2024-12-28T11:00:02Z |
| CVE-2024-9224 | RandomRobbieBF/CVE-2024-9224 | Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read | 2024-10-11T09:17:20Z |
| CVE-2024-9166 | Andrysqui/CVE-2024-9166 | A vulnerability scanner that searches for the CVE-2024-9166 vulnerability on websites, more info about this vulnerability here: https://www.tenable.com/cve/CVE-2024-9166 | 2024-09-26T23:21:06Z |
| CVE-2024-9162 | d0n601/CVE-2024-9162 | All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection | 2024-09-29T19:34:59Z |
| CVE-2024-9106 | RandomRobbieBF/CVE-2024-9106 | Wechat Social login <= 1.3.0 - Authentication Bypass | 2024-10-01T10:28:08Z |
| CVE-2024-9061 | RandomRobbieBF/CVE-2024-9061 | WP Popup Builder – Popup Forms and Marketing Lead Generation <= 1.3.5 - Unauthenticated Arbitrary Shortcode Execution via wp_ajax_nopriv_shortcode_Api_Add | 2024-10-16T07:57:48Z |
| CVE-2024-9047 | iSee857/CVE-2024-9047-PoC | WordPress File Upload插件任意文件读取漏洞(CVE-2024-9047)批量检测脚本 | 2024-12-25T05:19:17Z |
| CVE-2024-9047 | verylazytech/CVE-2024-9047 | POC - WordPress File Upload plugin, in the wfu_file_downloader.php file before version <= 4.24.11 | 2025-01-08T07:27:16Z |
| CVE-2024-9047 | Nxploited/CVE-2024-9047-Exploit | Exploit for WordPress File Upload Plugin - All versions up to 4.24.11 are vulnerable. | 2025-01-25T02:41:28Z |
| CVE-2024-9047 | user20252228/CVE-2024-9047 | CVE-2024-9047, wfu_file_downloader.php | 2025-03-16T18:05:51Z |
| CVE-2024-9014 | EQSTLab/CVE-2024-9014 | Proof-of-Concept for CVE-2024-9014 | 2024-09-26T10:34:34Z |
| CVE-2024-8963 | patfire94/CVE-2024-8963 | Ivanti Cloud Services Appliance - Path Traversal | 2024-11-13T14:12:57Z |
| CVE-2024-8949 | fa-rrel/CVE-2024-8949-POC | SourceCodester Online Eyewear Shop Remote File Inclusion Vulnerability | 2024-09-28T15:58:54Z |
| CVE-2024-8856 | ubaii/CVE-2024-8856 | WordPress WP Time Capsule Plugin Arbitrary File Upload Vulnerability | 2024-11-16T20:04:11Z |
| CVE-2024-8856 | Jenderal92/CVE-2024-8856 | This tool scans WordPress websites for vulnerabilities in the WP Time Capsule plugin related to CVE-2024-8856. It identifies plugin versions below 1.22.22 as vulnerable and logs results to vuln.txt. Simple and efficient, it helps security researchers and admins detect and address risks quickly. | 2024-11-21T04:01:27Z |
| CVE-2024-8752 | D3anSPGDMS/CVE-2024-8752 | poc of cve-2024-8752(WebIQ 2.15.9) | 2024-09-19T02:20:48Z |
| CVE-2024-8743 | siunam321/CVE-2024-8743-PoC | Proof-of-Concept script for WordPress plugin Bit File Manager version <= 6.5.7 Authenticated (Subscriber+) Limited JavaScript File Upload (CVE-2024-8743) vulnerability | 2025-01-09T08:54:56Z |
| CVE-2024-8698 | huydoppaz/CVE-2024-8698-POC | i'm noob with saml and keycloak . J4f | 2024-10-10T11:50:07Z |
| CVE-2024-8672 | Chocapikk/CVE-2024-8672 | Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution | 2024-12-02T19:59:31Z |
| CVE-2024-8529 | RandomRobbieBF/CVE-2024-8529 | LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' | 2024-10-12T20:52:32Z |
| CVE-2024-8522 | Avento/CVE-2024-8522 | LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' | 2024-09-19T07:04:12Z |
| CVE-2024-8517 | Chocapikk/CVE-2024-8517 | SPIP BigUp Plugin Unauthenticated RCE | 2024-09-06T18:17:18Z |
| CVE-2024-8504 | Chocapikk/CVE-2024-8504 | VICIdial Unauthenticated SQLi to RCE Exploit (CVE-2024-8503 and CVE-2024-8504) | 2024-09-14T06:27:11Z |
| CVE-2024-8504 | havokzero/ViciDial | CVE-2024-8504 | 2024-09-22T20:17:10Z |
| CVE-2024-8484 | RandomRobbieBF/CVE-2024-8484 | REST API TO MiniProgram <= 4.7.1 - Unauthenticated SQL Injection | 2024-09-24T13:46:02Z |
| CVE-2024-8425 | KTN1990/CVE-2024-8425 | The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads. | 2025-04-19T02:23:15Z |
| CVE-2024-8381 | bjrjk/CVE-2024-8381 | CVE-2024-8381: A SpiderMonkey Interpreter Type Confusion Bug. | 2025-01-30T11:31:51Z |
| CVE-2024-8353 | EQSTLab/CVE-2024-8353 | Proof-of-Concept for CVE-2024-8353 | 2024-09-30T17:33:59Z |
| CVE-2024-8349 | karlemilnikka/CVE-2024-8349-and-CVE-2024-8350 | Authenticated Privilege Escalation to Admin exploiting Uncanny Groups for LearnDash. | 2024-09-17T13:44:04Z |
| CVE-2024-8289 | pashayogi/CVE-2024-8289 | CVE-2024-8289 https://www.cve.org/CVERecord?id=CVE-2024-8289, Vendor wcmp Product MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution | 2025-03-11T14:05:47Z |
| CVE-2024-8277 | PolatBey/CVE-2024-8277 | CVE-2024-8277 - 0Day Auto Exploit Authentication Bypass in WooCommerce Photo Reviews Plugin | 2024-09-12T14:40:59Z |
| CVE-2024-8275 | p33d/CVE-2024-8275 | no description | 2024-09-26T07:16:21Z |
| CVE-2024-8275 | whiterose7777/CVE-2024-8275 | no description | 2024-11-11T08:53:27Z |
| CVE-2024-8190 | horizon3ai/CVE-2024-8190 | CVE-2024-8190: Ivanti Cloud Service Appliance Command Injection | 2024-09-16T15:33:46Z |
| CVE-2024-8190 | tequilasunsh1ne/ivanti_CVE_2024_8190 | no description | 2024-10-08T09:35:01Z |
| CVE-2024-8190 | flyingllama87/CVE-2024-8190-unauth | Combining CVE-2024-8963 & CVE-2024-8190 - For Unauthenticated RCE on Ivanti CSA 4.6 and below | 2025-03-04T11:34:52Z |
| CVE-2024-8176 | uthrasri/Expat_2.6.2_CVE-2024-8176 | no description | 2025-04-02T10:39:00Z |
| CVE-2024-8069 | XiaomingX/cve-2024-8069-exp-Citrix-Virtual-Apps-XEN | Citrix Virtual Apps and Desktops (XEN) Unauthenticated RCE | 2024-11-13T02:50:56Z |
| CVE-2024-8030 | codeb0ss/CVE-2024-8030-PoC | CVE-2024-8030 < GiveWP - Donation Plugin and Fundraising Platform Unauthenticated PHP Object Injection to Remote Code Execution [Exploit] | 2024-08-27T21:05:44Z |
| CVE-2024-7988 | hatvix1/CVE-2024-7988-Private-POC | CVE-2024-7988-Private-POC | 2024-11-03T13:22:45Z |
| CVE-2024-7985 | Nxploited/CVE-2024-7985-PoC | FileOrganizer <= 1.0.9 - Authenticated (Subscriber+) Arbitrary File Upload | 2025-02-15T22:57:39Z |
| CVE-2024-7971 | mistymntncop/CVE-2024-7971 | no description | 2025-04-12T23:40:52Z |
| CVE-2024-7965 | bi-zone/CVE-2024-7965 | This repository contains PoC for CVE-2024-7965. This is the vulnerability in the V8 that occurs only within ARM64. | 2024-09-16T19:04:57Z |
| CVE-2024-7965 | XiaomingX/cve-2024-7965-poc | CVE-2024-7965是Google Chrome浏览器中V8 JavaScript引擎的一个高危漏洞。该漏洞源于V8引擎在处理特定JavaScript代码时实现不当,导致堆内存损坏。攻击者可通过诱导用户访问包含特制JavaScript的恶意网页,利用此漏洞在Chrome渲染器中执行任意代码。 | 2024-11-22T02:55:33Z |
| CVE-2024-7954 | Chocapikk/CVE-2024-7954 | Unauthenticated Remote Code Execution in SPIP versions up to and including 4.2.12 | 2024-08-10T20:15:41Z |
| CVE-2024-7954 | bigb0x/CVE-2024-7954 | This exploit will attempt to execute system commands on SPIP targets. | 2024-08-28T14:54:56Z |
| CVE-2024-7954 | fa-rrel/CVE-2024-7954-RCE | Unauthenticated Remote Code Execution in SPIP versions up to and including 4.2.12 | 2024-09-01T10:59:45Z |
| CVE-2024-7954 | TheCyberguy-17/RCE_CVE-2024-7954 | no description | 2024-09-23T16:11:20Z |
| CVE-2024-7954 | MuhammadWaseem29/RCE-CVE-2024-7954 | no description | 2024-10-05T07:24:57Z |
| CVE-2024-7954 | issamjr/CVE-2024-7954 | The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request. | 2024-11-15T21:08:47Z |
| CVE-2024-7954 | zxj-hub/CVE-2024-7954POC | SPIP 4.30-alpha2、4.2.13、4.1.16之前的版本使用的porte_plume插件存在任意代码执行漏洞,远程未经身份验证的攻击者可以通过发送精心设计的HTTP 请求以SPIP用户身份执行任意PHP代码。 | 2024-12-20T15:40:35Z |
| CVE-2024-7954 | 0dayan0n/RCE_CVE-2024-7954- | The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request. (CRITICAL) | 2024-12-28T01:05:05Z |
| CVE-2024-7954 | Arthikw3b/RCE-CVE-2024-7954 | no description | 2025-02-05T16:13:39Z |
| CVE-2024-7928 | bigb0x/CVE-2024-7928 | Will attempt to retrieve DB details for FastAdmin instances | 2024-08-20T03:09:47Z |
| CVE-2024-7928 | fa-rrel/CVE-2024-7928 | CVE-2024-7928 fastadmin vulnerability POC & Scanning | 2024-08-20T12:15:48Z |
| CVE-2024-7928 | th3gokul/CVE-2024-7928 | CVE-2024-7928: FastAdmin < V1.3.4.20220530 Arbitrary File Reading Vulnerability | 2024-08-23T15:50:30Z |
| CVE-2024-7928 | wh6amiGit/CVE-2024-7928 | CVE-2024-7928 FastAdmin < V1.3.4.20220530 exploit | 2024-08-22T14:39:13Z |
| CVE-2024-7856 | l8BL/CVE-2024-7856 | Proof-of-Concept for CVE-2024-7856 | 2024-09-09T08:34:09Z |
| CVE-2024-7854 | RandomRobbieBF/CVE-2024-7854 | Woo Inquiry <= 0.1 - Unauthenticated SQL Injection | 2024-10-04T14:59:36Z |
| CVE-2024-7808 | TheUnknownSoul/CVE-2024-7808 | RCE exploit for low privileged user via CSRF in open-webui | 2024-11-07T15:42:53Z |
| CVE-2024-7703 | lfillaz/CVE-2024-7703 | This repository contains an exploit for CVE-2024-7703 in the ARMember WordPress plugin. It allows attackers with Subscriber-level access or higher to upload SVG files with malicious JavaScript, leading to Stored XSS attacks. This can result in executing scripts when the file is accessed, potentially compromising user sessions or data. | 2024-08-17T14:44:08Z |
| CVE-2024-7646 | r0binak/CVE-2024-7646 | PoC CVE-2024-7646 | 2024-08-29T19:10:08Z |
| CVE-2024-7646 | dovics/cve-2024-7646 | PoC CVE-2024-7646 | 2024-09-25T11:13:07Z |
| CVE-2024-7627 | siunam321/CVE-2024-7627-PoC | Proof-of-Concept script for WordPress plugin Bit File Manager version 6.0 - 6.5.5 Unauthenticated Remote Code Execution via Race Condition (CVE-2024-7627) vulnerability | 2025-01-08T02:32:41Z |
| CVE-2024-7593 | codeb0ss/CVE-2024-7593-PoC | CVE-2024-7593 < Ivanti vTM [Authentication Bypass] | 2024-08-26T11:03:00Z |
| CVE-2024-7593 | rxerium/CVE-2024-7593 | Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | 2024-08-28T10:02:05Z |
| CVE-2024-7593 | D3N14LD15K/CVE-2024-7593_PoC_Exploit | CVE-2024-7593 Ivanti Virtual Traffic Manager 22.2R1 / 22.7R2 Admin Panel Authentication Bypass PoC [EXPLOIT] | 2024-09-24T22:24:35Z |
| CVE-2024-7593 | skyrowalker/CVE-2024-7593 | no description | 2024-10-12T02:17:14Z |
| CVE-2024-7514 | RandomRobbieBF/CVE-2024-7514 | WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal | 2024-10-11T10:43:22Z |
| CVE-2024-7479 | PeterGabaldon/CVE-2024-7479_CVE-2024-7481 | TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006. | 2024-09-29T10:58:15Z |
| CVE-2024-7479 | fortra/CVE-2024-7479 | Proof of concept for CVE-2024-7479 | 2025-03-26T23:52:21Z |
| CVE-2024-7456 | 77Philly/CVE-2024-7456scripts | no description | 2024-11-02T02:42:27Z |
| CVE-2024-7339 | RevoltSecurities/CVE-2024-7339 | An Vulnerability detection and Exploitation tool for CVE-2024-7339 | 2024-08-05T16:26:18Z |
| CVE-2024-7313 | Wayne-Ker/CVE-2024-7313 | Custom Proof-of-Concept on XSS to Unauthorized Admin Account Creation via WordPress Plugin Shield Security < 20.0.6 | 2024-08-16T01:01:57Z |
| CVE-2024-7188 | codeb0ss/CVE-2024-7188-PoC | Mass Exploit < [CVE-2024-7188 - Bylancer Quicklancer] - SQL Injection | 2024-07-30T10:51:24Z |
| CVE-2024-7135 | RandomRobbieBF/CVE-2024-7135 | Tainacan <= 0.21.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read | 2024-10-11T10:56:59Z |
| CVE-2024-7135 | Nxploited/CVE-2024-7135 | no description | 2025-01-01T01:07:29Z |
| CVE-2024-7124 | kac89/CVE-2024-7124 | Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). | 2024-11-14T16:05:44Z |
| CVE-2024-7120 | codeb0ss/CVE-2024-7120-PoC | Mass Exploit < [CVE-2024-7120 - Raisecom] - Command Injection | 2024-08-01T17:39:45Z |
| CVE-2024-7120 | fa-rrel/CVE-2024-7120 | 2024-08-30T15:50:50Z | |
| CVE-2024-7120 | jokeir07x/CVE-2024-7120-Exploit-by-Dark-07x | no description | 2025-04-24T13:33:09Z |
| CVE-2024-7094 | nastar-id/CVE-2024-7094 | CVE-2024-7094 Vulnerability checker | 2024-08-18T09:27:54Z |
| CVE-2024-7029 | bigherocenter/CVE-2024-7029-EXPLOIT | no description | 2024-08-30T07:58:27Z |
| CVE-2024-7029 | ebrasha/CVE-2024-7029 | A PoC tool for exploiting CVE-2024-7029 in AvTech devices, enabling RCE, vulnerability scanning, and an interactive shell. | 2024-09-02T10:16:49Z |
| CVE-2024-7029 | geniuszlyy/CVE-2024-7029 | A PoC exploit for the CVE-2024-7029 vulnerability found in AvTech devices, allowing Remote Code Execution (RCE) | 2024-10-08T10:04:08Z |
| CVE-2024-7014 | hexspectrum1/CVE-2024-7014 | no description | 2025-03-06T15:38:46Z |
| CVE-2024-7014 | absholi7ly/PoC-for-CVE-2024-7014-Exploit | Proof of Concept (PoC) for CVE-2024-7014 (EvilVideo) Exploit | 2025-03-16T04:05:01Z |
| CVE-2024-6893 | codeb0ss/CVE-2024-6893-PoC | Mass Exploit < [CVE-2024-6893/CWE-611 - Journyx] - XML External Entities Injection (XXE) Exploit | 2024-08-17T22:47:45Z |
| CVE-2024-6782 | zangjiahe/CVE-2024-6782 | Calibre 远程代码执行(CVE-2024-6782)Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. | 2024-08-06T15:31:48Z |
| CVE-2024-6782 | jdpsl/CVE-2024-6782 | Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. | 2024-08-09T06:25:03Z |
| CVE-2024-6782 | R4idB0Y/CVE-2024-6782-PoC | Unauthenticated remote code execution via Calibre’s content server in Calibre <= 7.14.0. | 2024-09-15T18:45:44Z |
| CVE-2024-6782 | NketiahGodfred/CVE-2024-6782 | Calibre Remote Code Execution | 2024-12-07T13:42:45Z |
| CVE-2024-6781 | FelinaeBlanc/CVE_2024_6781 | Démonstration de l'explotation de la CVE CVE_2024_6781 | 2025-02-01T14:32:08Z |
| CVE-2024-6778 | ading2210/CVE-2024-6778-POC | A POC exploit for CVE-2024-5836 and CVE-2024-6778, allowing for a sandbox escape from a Chrome extension. | 2024-09-10T06:27:59Z |
| CVE-2024-6778 | r00tjunip3r1/POC-CVE-2024-6778 | no description | 2024-10-20T12:47:53Z |
| CVE-2024-6769 | fortra/CVE-2024-6769 | Activation cache poisoning to elevate from medium to high integrity (CVE-2024-6769) | 2024-08-29T16:40:49Z |
| CVE-2024-6768 | fortra/CVE-2024-6768 | no description | 2024-07-18T07:52:46Z |
| CVE-2024-6704 | codeb0ss/CVE-2024-6704 | CVE-2024-6704 - [Wordpress wpDiscuz_Plugin] < Unauthenticated HTML Injection Exploiter | 2024-08-03T22:33:57Z |
| CVE-2024-6694 | codeb0ss/CVE-2024-6694-PoC | CVE-2024-6694 - WP Mail SMTP < SMTP Password Exposure (Exploiter) | 2024-07-21T21:41:02Z |
| CVE-2024-6670 | sinsinology/CVE-2024-6670 | no description | 2024-08-30T17:13:14Z |
| CVE-2024-6666 | labc-dev/CVE-2024-6666 | no description | 2024-07-23T09:37:20Z |
| CVE-2024-6624 | RandomRobbieBF/CVE-2024-6624 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation | 2024-09-10T12:08:55Z |
| CVE-2024-6624 | Jenderal92/CVE-2024-6624 | This is a Python script that exploits the CVE-2024-6624 vulnerability in the JSON API User <= 3.9.3 plugin for WordPress. | 2025-02-06T11:11:07Z |
| CVE-2024-6592 | RedTeamPentesting/watchguard-sso-client | Client Implementation for the WatchGuard SSO Agent Protocol used for Security Research (CVE-2024-6592, CVE-2024-6593, CVE-2024-6594) | 2024-09-17T14:01:10Z |
| CVE-2024-6536 | apena-ba/CVE-2024-6536 | no description | 2024-07-31T14:31:56Z |
| CVE-2024-6529 | Abdurahmon3236/CVE-2024-6529 | no description | 2024-08-02T20:02:39Z |
| CVE-2024-65230 | CBaekhyunC/cve-2024-65230 | no description | 2024-01-23T10:16:43Z |
| CVE-2024-6473 | 12345qwert123456/CVE-2024-6473-PoC | Proof of concept (exploit) for CVE-2024-6473 | 2024-11-02T05:37:30Z |
| CVE-2024-6460 | Nxploited/CVE-2024-6460 | Grow by Tradedoubler < 2.0.22 - Unauthenticated LFI | 2025-01-21T14:12:29Z |
| CVE-2024-6460 | E1-Bot141/CVE-2024-6460 | 备份的CVE | 2025-01-22T11:56:50Z |
| CVE-2024-6387 | FerasAlrimali/CVE-2024-6387-POC | SSHd cve-2024-6387-poc | 2024-07-01T13:38:47Z |
| CVE-2024-6387 | getdrive/CVE-2024-6387-PoC | no description | 2024-07-01T12:51:18Z |
| CVE-2024-6387 | shyrwall/cve-2024-6387-poc | no description | 2024-07-01T12:48:36Z |
| CVE-2024-6387 | acrono/cve-2024-6387-poc | 32-bit PoC for CVE-2024-6387 — mirror of the original 7etsuo/cve-2024-6387-poc | 2024-07-01T12:16:21Z |
| CVE-2024-6387 | zgzhang/cve-2024-6387-poc | a signal handler race condition in OpenSSH's server (sshd) | 2024-07-01T10:55:29Z |
| CVE-2024-6387 | lflare/cve-2024-6387-poc | 32-bit PoC for CVE-2024-6387 "regreSSHion" -- mirror of the original 7etsuo/cve-2024-6387-poc | 2024-07-01T12:26:40Z |
| CVE-2024-6387 | passwa11/cve-2024-6387-poc | no description | 2024-07-01T14:08:23Z |
| CVE-2024-6387 | 3yujw7njai/CVE-2024-6387 | SSH RCE PoC CVE-2024-6387 | 2024-07-02T01:08:05Z |
| CVE-2024-6387 | kuffsit/check_cve_2024_6387 | no description | 2024-07-01T16:38:15Z |
| CVE-2024-6387 | jack0we/CVE-2024-6387 | no description | 2024-07-01T18:28:25Z |
| CVE-2024-6387 | TAM-K592/CVE-2024-6387 | Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, identified as CVE-2024-6387, resides in the OpenSSH server component (sshd), which is designed to listen for connections from client applications. | 2024-07-02T02:51:37Z |
| CVE-2024-6387 | teamos-hub/regreSSHion | This is a POC I wrote for CVE-2024-6387 | 2024-07-02T02:54:05Z |
| CVE-2024-6387 | muyuanlove/CVE-2024-6387fixshell | no description | 2024-07-02T02:35:24Z |
| CVE-2024-6387 | zgimszhd61/cve-2024-6387-poc | no description | 2024-07-02T01:39:10Z |
| CVE-2024-6387 | betancour/OpenSSH-Vulnerability-test | OpenSSH CVE-2024-6387 Vulnerability Checker | 2024-07-02T01:24:04Z |
| CVE-2024-6387 | oliferFord/CVE-2024-6387-SSH-RCE | no description | 2024-07-02T06:54:54Z |
| CVE-2024-6387 | HadesNull123/CVE-2024-6387_Check | RCE OpenSSH CVE-2024-6387 Check | 2024-07-02T05:21:29Z |
| CVE-2024-6387 | thegenetic/CVE-2024-6387-exploit | CVE-2024-6387 exploit | 2024-07-02T04:09:44Z |
| CVE-2024-6387 | Mufti22/CVE-2024-6387-checkher | no description | 2024-07-02T03:48:37Z |
| CVE-2024-6387 | ahlfors/CVE-2024-6387 | no description | 2024-07-02T03:42:35Z |
| CVE-2024-6387 | PrincipalAnthony/CVE-2024-6387-Updated-x64bit | Private x64 RCE exploit for CVE-2024-6387 [02.07.2024] from exploit.in | 2024-07-02T09:45:04Z |
| CVE-2024-6387 | Maikefee/CVE-2024-6387_Check.py | no description | 2024-07-02T03:27:03Z |
| CVE-2024-6387 | CiderAndWhisky/regression-scanner | Used to detect ssh servers vulnerable to CVE-2024-6387. Shameless robbery from https://github.com/bigb0x/CVE-2024-6387 using ChatGPT to translate the code to PHP. | 2024-07-02T07:42:46Z |
| CVE-2024-6387 | R4Tw1z/CVE-2024-6387 | This script, created by R4Tw1z, is designed to scan IP addresses to check if they are running a potentially vulnerable version of OpenSSH. The tool leverages multi-threading to optimize scanning performance and handle multiple IP addresses concurrently. | 2024-07-02T06:40:09Z |
| CVE-2024-6387 | shamo0/CVE-2024-6387_PoC | Script for checking CVE-2024-6387 (regreSSHion) | 2024-07-02T08:13:23Z |
| CVE-2024-6387 | paradessia/CVE-2024-6387-nmap | CVE-2024-6387-nmap | 2024-07-02T08:19:55Z |
| CVE-2024-6387 | DanWiseProgramming/CVE-2024-6387-Mitigation-Ansible-Playbook | An Ansible Playbook to mitigate the risk of RCE (CVE-2024-6387) until platforms update OpenSSH to a non-vulnerable version. | 2024-07-02T10:34:17Z |
| CVE-2024-6387 | SecWithMoh/CVE-2024-6387 | This Go program scans targets for CVE-2024-6387 in OpenSSH, categorizing servers by vulnerability status and port availability. | 2024-07-02T09:41:40Z |
| CVE-2024-6387 | ACHUX21/checker-CVE-2024-6387 | no description | 2024-07-02T12:48:27Z |
| CVE-2024-6387 | hssmo/cve-2024-6387_AImade | cve-2024-6387_AImade | 2024-07-02T12:24:25Z |
| CVE-2024-6387 | rumochnaya/openssh-cve-2024-6387.sh | openssh-cve-2024-6387.sh | 2024-07-02T11:05:07Z |
| CVE-2024-6387 | zenzue/CVE-2024-6387-Mitigation | Mitigation Guide for CVE-2024-6387 in OpenSSH | 2024-07-02T11:08:40Z |
| CVE-2024-6387 | edsonjt81/CVE-2024-6387_Check | no description | 2024-07-02T20:35:53Z |
| CVE-2024-6387 | RickGeex/CVE-2024-6387-Checker | CVE-2024-6387-Check is a streamlined and efficient tool created to detect servers operating on vulnerable versions of OpenSSH. | 2024-07-02T18:46:24Z |
| CVE-2024-6387 | BrandonLynch2402/cve-2024-6387-nuclei-template | no description | 2024-07-02T20:19:12Z |
| CVE-2024-6387 | xonoxitron/regreSSHion-checker | Quickly identifies servers vulnerable to OpenSSH 'regreSSHion' (CVE-2024-6387). | 2024-07-02T18:59:54Z |
| CVE-2024-6387 | n1cks0n/Test_CVE-2024-6387 | Test_CVE-2024-6387 is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH | 2024-07-02T18:30:28Z |
| CVE-2024-6387 | th3gokul/CVE-2024-6387 | CVE-2024-6387 : Vulnerability Detection tool for regreSSHion Remote Unauthenticated Code Execution in OpenSSH Server | 2024-07-02T17:04:52Z |
| CVE-2024-6387 | MrR0b0t19/CVE-2024-6387-Exploit-POC | no description | 2024-07-02T16:34:12Z |
| CVE-2024-6387 | xonoxitron/regreSSHion | CVE-2024-6387 (regreSSHion) Exploit (PoC), a vulnerability in OpenSSH's server (sshd) on glibc-based Linux systems. | 2024-07-02T14:41:43Z |
| CVE-2024-6387 | dawnl3ss/CVE-2024-6387 | no description | 2024-07-02T15:13:33Z |
| CVE-2024-6387 | no-one-sec/CVE-2024-6387 | 开箱即用的AK47 | 2024-07-02T15:13:09Z |
| CVE-2024-6387 | xristos8574/regreSSHion-nmap-scanner | A bash script for nmap to scan for vulnerable machines in regards to the latest CVE-2024-6387 | 2024-07-02T13:50:47Z |
| CVE-2024-6387 | k4t3pr0/CVE-2024-6387-POC | no description | 2024-07-02T10:05:43Z |
| CVE-2024-6387 | grupooruss/CVE-2024-6387 | regreSSHion vulnerability in OpenSSH CVE-2024-6387 Testing Script | 2024-07-02T21:16:45Z |
| CVE-2024-6387 | t3rry327/cve-2024-6387-poc | no description | 2024-07-03T13:21:10Z |
| CVE-2024-6387 | CognisysGroup/CVE-2024-6387-Checker | no description | 2024-07-02T21:47:02Z |
| CVE-2024-6387 | sxlmnwb/CVE-2024-6387 | Targeting a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. | 2024-07-03T06:08:32Z |
| CVE-2024-6387 | JackSparrowhk/ssh-CVE-2024-6387-poc | CVE-2024-6387_Check 是一款轻量级、高效的工具,旨在识别运行易受攻击的 OpenSSH 版本的服务器,专门针对最近发现的regreSSHion漏洞 (CVE-2024-6387)。此脚本有助于快速扫描多个 IP 地址、域名和 CIDR 网络范围,以检测潜在漏洞并确保您的基础设施安全。 | 2024-07-04T03:51:16Z |
| CVE-2024-6387 | AiGptCode/ssh_exploiter_CVE-2024-6387 | CVE-2024-6387 with auto ip scanner and auto expliot | 2024-07-02T12:57:35Z |
| CVE-2024-6387 | sms2056/CVE-2024-6387 | no description | 2024-07-04T06:10:56Z |
| CVE-2024-6387 | turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker | Welcome to the CVE-2024-6387 OpenSSH Vulnerability Checker repository! This project offers multiple scripts to check the installed version of OpenSSH on your system and determine if it is vulnerable to CVE-2024-6387. It supports various environments, including Ubuntu, Mac, and Windows. | 2024-07-04T03:56:08Z |
| CVE-2024-6387 | Symbolexe/CVE-2024-6387 | SSH Exploit for CVE-2024-6387 : RCE in OpenSSH's server, on glibc-based Linux systems | 2024-07-03T08:22:57Z |
| CVE-2024-6387 | 4lxprime/regreSSHive | rewrited SSH Exploit for CVE-2024-6387 (regreSSHion) | 2024-07-04T14:34:21Z |
| CVE-2024-6387 | lala-amber/CVE-2024-6387 | no description | 2024-07-04T13:28:53Z |
| CVE-2024-6387 | d0rb/CVE-2024-6387 | This Python script exploits a remote code execution vulnerability (CVE-2024-6387) in OpenSSH. | 2024-07-02T06:53:35Z |
| CVE-2024-6387 | SiberianHacker/CVE-2024-6387-Finder | CVE-2024-6387 SSH finder | 2024-07-05T15:15:41Z |
| CVE-2024-6387 | l0n3m4n/CVE-2024-6387 | PoC - Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (Scanner and Exploit) | 2024-07-02T18:32:46Z |
| CVE-2024-6387 | imv7/CVE-2024-6387 | no description | 2024-07-05T11:18:38Z |
| CVE-2024-6387 | 0x4D31/cve-2024-6387_hassh | HASSH fingerprints for identifying OpenSSH servers potentially vulnerable to CVE-2024-6387 (regreSSHion). | 2024-07-05T02:46:57Z |
| CVE-2024-6387 | invaderslabs/regreSSHion-CVE-2024-6387- | Provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387 | 2024-07-04T13:15:54Z |
| CVE-2024-6387 | sardine-web/CVE-2024-6387_Check | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | 2024-07-04T21:20:26Z |
| CVE-2024-6387 | bigb0x/CVE-2024-6387 | Bulk Scanning Tool for OpenSSH CVE-2024-6387, CVE-2006-5051 , CVE-2008-4109 and others. | 2024-07-01T20:45:53Z |
| CVE-2024-6387 | azurejoga/CVE-2024-6387-how-to-fix | Vulnerability remediation and mitigationCVE-2024-6387 | 2024-07-05T21:29:11Z |
| CVE-2024-6387 | dgicloud/patch_regreSSHion | Correção e Atualização do OpenSSH para CVE-2024-6387 | 2024-07-05T16:59:19Z |
| CVE-2024-6387 | sardine-web/CVE-2024-6387-template | Quick regreSSHion checker (based on software version) for nuclei CVE-2024-6387 | 2024-07-05T11:05:26Z |
| CVE-2024-6387 | devarshishimpi/CVE-2024-6387-Check | CVE-2024-6387 Checker is a fast, efficient tool for detecting OpenSSH servers vulnerable to the regreSSHion exploit. It quickly scans multiple IPs, domain names, and CIDR ranges to identify risks and help secure your infrastructure. | 2024-07-02T11:55:39Z |
| CVE-2024-6387 | asterictnl-lvdw/CVE-2024-6387 | Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) | 2024-07-08T11:27:49Z |
| CVE-2024-6387 | vkaushik-chef/regreSSHion | Chef Inspec profile for checking regreSSHion vulnerability CVE-2024-6387 | 2024-07-08T11:48:15Z |
| CVE-2024-6387 | harshinsecurity/sentinelssh | SentinelSSH is an advanced, high-performance SSH vulnerability scanner written in Go. It's specifically designed to detect the CVE-2024-6387 vulnerability in OpenSSH servers across various network environments. | 2024-07-03T10:26:23Z |
| CVE-2024-6387 | jocker2410/CVE-2024-6387_poc | no description | 2024-07-03T15:51:16Z |
| CVE-2024-6387 | dgourillon/mitigate-CVE-2024-6387 | no description | 2024-07-09T12:16:44Z |
| CVE-2024-6387 | mrmtwoj/CVE-2024-6387 | no description | 2024-07-09T14:06:02Z |
| CVE-2024-6387 | kubota/CVE-2024-6387-Vulnerability-Checker | This Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerability | 2024-07-09T21:01:15Z |
| CVE-2024-6387 | filipi86/CVE-2024-6387-Vulnerability-Checker | This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file. | 2024-07-09T17:40:19Z |
| CVE-2024-6387 | DimaMend/cve-2024-6387-poc | no description | 2024-07-10T13:27:23Z |
| CVE-2024-6387 | k4t3pr0/CVE-2024-6387-Check | Lỗ hổng thực thi mã không được xác thực từ xa trong máy chủ OpenSSH | 2024-07-12T03:28:41Z |
| CVE-2024-6387 | Passyed/regreSSHion-Fix | Fix for regreSSHion CVE-2024-6387 for Ubuntu and Debian | 2024-07-11T23:22:14Z |
| CVE-2024-6387 | Sibijo/mitigate_ssh | OpenSSH vulnerability CVE-2024-6387 | 2024-07-11T16:54:41Z |
| CVE-2024-6387 | ThemeHackers/CVE-2024-6387 | CVE-2024-6387, also known as RegreSSHion, is a high-severity vulnerability found in OpenSSH servers (sshd) running on glibc-based Linux systems. It is a regression of a previously fixed vulnerability (CVE-2006-5051), which means the issue was reintroduced in newer versions of OpenSSH. | 2024-07-11T14:37:17Z |
| CVE-2024-6387 | liqhtnd/sshd-logingracetime0 | Script to address CVE-2024-6387 by changing the LoginGraceTime in sshd. | 2024-07-04T01:02:34Z |
| CVE-2024-6387 | Jhonsonwannaa/CVE-2024-6387 | OpenSSH a publié un avis de sécurité concernant la vulnérabilité critique CVE-2024-6387. Cette vulnérabilité permet à un attaquant non authentifié d'exécuter du code arbitraire | 2024-07-14T18:00:49Z |
| CVE-2024-6387 | xaitax/CVE-2024-6387_Check | CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH | 2024-07-01T20:33:20Z |
| CVE-2024-6387 | ThatNotEasy/CVE-2024-6387 | OpenSSH RCE Massive Vulnerable Scanner | 2024-07-15T16:04:57Z |
| CVE-2024-6387 | wiggels/regresshion-check | CLI Tool to Check SSH Servers for Vulnerability to CVE-2024-6387 | 2024-07-01T22:53:32Z |
| CVE-2024-6387 | prelearn-code/CVE-2024-6387 | no description | 2024-07-25T02:32:19Z |
| CVE-2024-6387 | alex14324/ssh_poc2024 | An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server | 2024-07-31T14:19:19Z |
| CVE-2024-6387 | almogopp/OpenSSH-CVE-2024-6387-Fix | A Bash script to mitigate the CVE-2024-6387 vulnerability in OpenSSH by providing an option to upgrade to a secure version or apply a temporary workaround. This repository helps secure systems against potential remote code execution risks associated with affected OpenSSH versions. | 2024-08-20T09:57:24Z |
| CVE-2024-6387 | s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH | no description | 2024-08-19T16:45:53Z |
| CVE-2024-6387 | HadesNull123/CVE-2024-6387_Check | RCE OpenSSH CVE-2024-6387 Check and Exploit | 2024-08-26T04:40:27Z |
| CVE-2024-6387 | identity-threat-labs/Article-RegreSSHion-CVE-2024-6387 | In an era where digital security is crucial, a new vulnerability in OpenSSH, identified as CVE-2024-6387, has drawn the attention of system administrators and security professionals worldwide. Named "regreSSHion," this severe security flaw allows remote code execution (RCE) and could significant threat to the integrity of vulnerable systems. | 2024-08-29T15:00:56Z |
| CVE-2024-6387 | identity-threat-labs/CVE-2024-6387-Vulnerability-Checker | This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file. | 2024-08-28T13:28:08Z |
| CVE-2024-6387 | l-urk/CVE-2024-6387 | Proof of concept python script for regreSSHion exploit. | 2024-07-30T06:13:11Z |
| CVE-2024-6387 | YassDEV221608/CVE-2024-6387 | no description | 2024-11-24T17:12:26Z |
| CVE-2024-6387 | zql-gif/CVE-2024-6387 | no description | 2024-12-19T03:08:19Z |
| CVE-2024-6387 | awusan125/test_for6387 | test code for cve-2024-6387 | 2024-12-19T10:16:45Z |
| CVE-2024-6387 | YassDEV221608/CVE-2024-6387_PoC | no description | 2025-01-04T00:25:33Z |
| CVE-2024-6387 | AzrDll/CVE-2024-6387 | This is an altered PoC for d0rb/CVE-2024-6387. This takes glibc addresses and trys to exploit the CVE through them. | 2025-01-20T09:38:40Z |
| CVE-2024-6386 | argendo/CVE-2024-6386 | Research and PoC for CVE-2024-6386 | 2024-09-05T14:44:36Z |
| CVE-2024-6366 | Abdurahmon3236/CVE-2024-6366 | no description | 2024-08-03T10:30:49Z |
| CVE-2024-6366 | Nxploited/CVE-2024-6366-PoC | User Profile Builder <= 3.11.7 - Unauthenticated Media Upload | 2025-02-02T15:37:14Z |
| CVE-2024-6330 | RandomRobbieBF/CVE-2024-6330 | GEO my WordPress < 4.5.0.2 - Unauthenticated LFI to RCE/PHAR Deserialization | 2024-11-20T06:08:32Z |
| CVE-2024-6244 | Nxploited/CVE-2024-6244 | pz-frontend-manager < 1.0.6 - CSRF Profile Picture Exploit | 2025-02-08T20:17:15Z |
| CVE-2024-6239 | Sharkkcode/CVE_2024_6239_slide | CVE_2024_6239_slide | 2024-08-30T16:23:16Z |
| CVE-2024-6222 | Florian-Hoth/CVE-2024-6222 | Docker Extension/Dashboard RCE Vulnerability | 2024-08-06T18:20:46Z |
| CVE-2024-6205 | j3r1ch0123/CVE-2024-6205 | This is a python written PoC of a recent vulnerability in a wordpress plugin. More information on that here | 2024-07-21T04:59:31Z |
| CVE-2024-6132 | Nxploited/CVE-2024-6132 | Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload | 2025-03-11T11:20:02Z |
| CVE-2024-6095 | Abdurahmon3236/-CVE-2024-6095 | no description | 2024-09-01T13:12:20Z |
| CVE-2024-6050 | kac89/CVE-2024-6050 | Reflected XSS in SOWA OPAC | 2024-07-01T14:31:37Z |
| CVE-2024-6043 | lfillaz/CVE-2024-6043 | This Python tool exploits the CVE-2024-6043 vulnerability, which affects the SourceCodester Best House Rental Management System 1.0. The vulnerability allows remote attackers to perform SQL Injection via the admin_class.php file, specifically targeting the username parameter |
2024-08-17T20:30:28Z |
| CVE-2024-6028 | truonghuuphuc/CVE-2024-6028-Poc | CVE-2024-6028 Quiz Maker <= 6.5.8.3 - Unauthenticated SQL Injection via 'ays_questions' Parameter | 2024-06-25T13:55:27Z |
| CVE-2024-5961 | kac89/CVE-2024-5961 | Reflected XSS in 2ClickPortal | 2024-07-01T11:17:48Z |
| CVE-2024-5947 | Cappricio-Securities/CVE-2024-5947 | Deep Sea Electronics DSE855 - Authentication Bypass | 2024-07-07T14:03:49Z |
| CVE-2024-5932 | 0xb0mb3r/CVE-2024-5932-PoC | Proof-of-Concept for CVE-2024-5932 GiveWP PHP Object Injection | 2024-08-21T09:51:21Z |
| CVE-2024-5932 | EQSTLab/CVE-2024-5932 | Proof-of-Concept for CVE-2024-5932 | 2024-08-25T11:51:36Z |
| CVE-2024-5932 | OxLmahdi/cve-2024-5932 | no description | 2024-10-11T08:12:38Z |
| CVE-2024-5910 | p33d/Palo-Alto-Expedition-Remote-Code-Execution-Exploit-CVE-2024-5910-CVE-2024-9464 | no description | 2024-11-15T23:46:01Z |
| CVE-2024-5806 | watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806 | Exploit for the CVE-2024-5806 | 2024-06-24T16:28:35Z |
| CVE-2024-5806 | sec13b/CVE-2024-5806 | progress moveit cve-2024-5806 | 2025-03-08T20:51:46Z |
| CVE-2024-57972 | tania-silva/CVE-2024-57972 | no description | 2025-03-07T12:02:44Z |
| CVE-2024-57785 | s4fv4n/CVE-2024-57785 | no description | 2025-01-16T11:10:34Z |
| CVE-2024-57784 | s4fv4n/CVE-2024-57784 | no description | 2025-01-16T11:17:10Z |
| CVE-2024-57778 | KUK3N4N/CVE-2024-57778 | An issue in Orbe ONetView Roteador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200 | 2025-02-13T18:14:56Z |
| CVE-2024-57756 | l00neyhacker/CVE-2024-57756 | no description | 2025-01-23T23:38:19Z |
| CVE-2024-57754 | l00neyhacker/CVE-2024-57754 | no description | 2025-01-23T23:37:35Z |
| CVE-2024-57753 | l00neyhacker/CVE-2024-57753 | no description | 2025-01-23T23:36:49Z |
| CVE-2024-57750 | l00neyhacker/CVE-2024-57750 | no description | 2025-01-23T23:35:49Z |
| CVE-2024-57748 | l00neyhacker/CVE-2024-57748 | no description | 2025-01-23T23:31:52Z |
| CVE-2024-57746 | l00neyhacker/CVE-2024-57746 | no description | 2025-01-23T23:30:55Z |
| CVE-2024-57744 | l00neyhacker/CVE-2024-57744 | no description | 2025-01-23T23:28:44Z |
| CVE-2024-57727 | imjdl/CVE-2024-57727 | CVE-2024-57727 | 2025-01-17T15:45:51Z |
| CVE-2024-57725 | pointedsec/CVE-2024-57725 | This repository documents an unauthenticated GPON manipulation vulnerability discovered in certain Arcadyan routers. | 2025-01-04T17:48:32Z |
| CVE-2024-5764 | fin3ss3g0d/CVE-2024-5764 | CVE-2024-5764 exploitation script | 2024-11-14T20:08:45Z |
| CVE-2024-57610 | H3T76/CVE-2024-57610 | Lack of Rate Limiting in Sylius v2.0.2 | 2025-02-04T17:49:44Z |
| CVE-2024-57609 | H3T76/CVE-2024-57609 | Open Redirect Vulnerability in Kanaries | 2025-02-04T17:21:08Z |
| CVE-2024-57523 | HackWidMaddy/CVE-2024-57523. | CVE-2024-57523 - CSRF Vulnerability in Users.php - SourceCodester Packers and Movers Management System 1.0 | 2025-01-15T18:56:30Z |
| CVE-2024-57522 | HackWidMaddy/CVE-2024-57522 | CVE-2024-57522 - Stored XSS Vulnerability in Users.php - SourceCodester Packers and Movers Management System 1.0 | 2025-01-15T18:45:35Z |
| CVE-2024-57514 | rvizx/CVE-2024-57514 | no description | 2025-02-01T08:52:04Z |
| CVE-2024-57487 | aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488 | POC of CVE-2024-57487 & CVE-2024-57488 | 2025-01-10T16:06:23Z |
| CVE-2024-57484 | yogeswaran6383/CVE-2024-57484 | no description | 2025-02-18T18:56:35Z |
| CVE-2024-57430 | ahrixia/CVE-2024-57430 | CVE-2024-57430: PHPJabbers Cinema Booking System v2.0 is vulnerable to SQL injection, leading to unauthorized data access and privilege escalation. | 2025-02-04T11:14:36Z |
| CVE-2024-57429 | ahrixia/CVE-2024-57429 | CVE-2024-57429: PHPJabbers Cinema Booking System v2.0 is vulnerable to CSRF, allowing attackers to escalate privileges by forging requests on behalf of an admin. | 2025-02-04T11:14:24Z |
| CVE-2024-57428 | ahrixia/CVE-2024-57428 | CVE-2024-57428: PHPJabbers Cinema Booking System v2.0 suffers from stored XSS, enabling persistent JavaScript injection for phishing and malware attacks. | 2025-02-04T11:14:10Z |
| CVE-2024-57427 | ahrixia/CVE-2024-57427 | CVE-2024-57427: PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected XSS, allowing session hijacking and phishing attacks. | 2025-02-04T11:12:28Z |
| CVE-2024-57394 | cwjchoi01/CVE-2024-57394 | CVE-2024-57394 | 2025-04-16T13:36:40Z |
| CVE-2024-57376 | DelspoN/CVE-2024-57376 | CVE-2024-57376 exploit | 2025-05-08T00:35:08Z |
| CVE-2024-57373 | cypherdavy/CVE-2024-57373 | CSRF vulnerability in LifestyleStore v1.0, enabling unauthorized actions on behalf of users, risking data and account security | 2025-01-26T11:01:03Z |
| CVE-2024-5737 | afine-com/CVE-2024-5737 | AdmirorFrames Joomla! Extension < 5.0 - HTML Injection | 2024-06-28T10:27:35Z |
| CVE-2024-5736 | afine-com/CVE-2024-5736 | AdmirorFrames Joomla! Extension < 5.0 - Server-Side Request Forgery | 2024-06-28T10:27:08Z |
| CVE-2024-5735 | afine-com/CVE-2024-5735 | AdmirorFrames Joomla! Extension < 5.0 - Full Path Disclosure | 2024-06-28T10:15:17Z |
| CVE-2024-57241 | woshidaheike/CVE-2024-57241 | dedecms-url 重定向 | 2024-12-13T04:33:03Z |
| CVE-2024-57175 | Ajmal101/CVE-2024-57175 | no description | 2025-01-31T18:40:11Z |
| CVE-2024-57040 | absholi7ly/Poc-CVE-2024-57040 | CVE-2024-57040 is a security vulnerability found in certain TP-Link TL-WR845N router models. Specifically, it involves a "hardcoded" password for the router's root account. This means a default, unchanging password is built into the router's software. | 2025-03-18T02:49:42Z |
| CVE-2024-56924 | ipratheep/CVE-2024-56924 | no description | 2025-01-22T07:28:58Z |
| CVE-2024-56903 | DRAGOWN/CVE-2024-56903 | CVE-2024-56903 - Geovision GV-ASManager web application with the version 6.1.1.0 or less allows attackers to modify POST requests with GET in critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack. | 2025-02-02T15:04:25Z |
| CVE-2024-56902 | DRAGOWN/CVE-2024-56902 | CVE-2024-56902 - Information disclosure vulnerability in GeoVision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password. | 2025-02-02T14:16:34Z |
| CVE-2024-56901 | DRAGOWN/CVE-2024-56901 | CVE-2024-56901 - A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASManager web application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Admin accounts via a crafted POST request. | 2025-02-02T15:04:22Z |
| CVE-2024-56898 | DRAGOWN/CVE-2024-56898 | CVE-2024-56898 - Broken access control vulnerability in GeoVision GV-ASManager web application with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts. | 2025-02-02T09:20:32Z |
| CVE-2024-56889 | vigneshr232/CVE-2024-56889 | no description | 2025-02-05T08:01:43Z |
| CVE-2024-56883 | trustcves/CVE-2024-56883 | no description | 2025-02-12T13:35:23Z |
| CVE-2024-56882 | trustcves/CVE-2024-56882 | no description | 2025-02-12T13:30:52Z |
| CVE-2024-56801 | kz0xpwn/CVE-2024-56801 | no description | 2025-03-04T06:34:03Z |
| CVE-2024-56662 | nimosec/cve-2024-56662 | cve | 2024-08-13T02:37:41Z |
| CVE-2024-5655 | VulnResearcher/CVE-2024-5655-Gitlab-CSRF-GraphQL | Private exploit CVE-2024-5655 to Gitlab (Private repositories disclosure) | 2024-07-03T08:52:48Z |
| CVE-2024-56512 | absholi7ly/CVE-2024-56512-Apache-NiFi-Exploit | A tool to exploit the CVE-2024-56512 vulnerability in Apache NiFi, which allows unauthorized access to sensitive data through improperly secured APIs. | 2025-01-06T17:35:33Z |
| CVE-2024-56433 | JonnyWhatshisface/CVE-2024-56433 | CVE-2024-56433 - shadow-utils Default subordinate ID for local users creates risk of collision | 2025-01-03T13:11:25Z |
| CVE-2024-56431 | UnionTech-Software/libtheora-CVE-2024-56431-PoC | no description | 2024-12-25T03:58:50Z |
| CVE-2024-56340 | MarioTesoro/CVE-2024-56340 | IBM Cognos Analytics Path Traversal, Poc of CVE-2024-56340 | 2025-03-01T10:23:34Z |
| CVE-2024-56331 | griisemine/CVE-2024-56331 | no description | 2024-11-25T08:16:38Z |
| CVE-2024-5633 | Adikso/CVE-2024-5633 | PoC for CVE-2024-5633 | 2024-07-21T20:27:24Z |
| CVE-2024-56289 | DoTTak/CVE-2024-56289 | PoC of CVE-2024-56289 | 2025-01-06T01:58:24Z |
| CVE-2024-56278 | DoTTak/CVE-2024-56278 | PoC of CVE-2024-56278 | 2025-01-06T01:51:46Z |
| CVE-2024-56264 | Nxploited/CVE-2024-56264 | WordPress ACF City Selector plugin <= 1.14.0 - Arbitrary File Upload vulnerability | 2025-02-24T20:02:31Z |
| CVE-2024-56264 | dpakmrya/CVE-2024-56264 | no description | 2025-02-27T17:54:51Z |
| CVE-2024-56249 | Nxploited/CVE-2024-56249 | WordPress WPMasterToolKit plugin <= 1.13.1 - Arbitrary File Upload vulnerability | 2025-03-18T01:47:50Z |
| CVE-2024-56145 | Sachinart/CVE-2024-56145-craftcms-rce | CVE-2024-56145 SSTI to RCE - twig templates | 2024-12-22T11:53:04Z |
| CVE-2024-56145 | Chocapikk/CVE-2024-56145 | Unauthenticated RCE on CraftCMS when PHP register_argc_argv config setting is enabled |
2024-12-20T03:34:01Z |
| CVE-2024-56145 | rawtips/craft_cve_2024_56145_exploit.py | no description | 2025-02-03T22:33:57Z |
| CVE-2024-56145 | hmhlol/craft-cms-RCE-CVE-2024-56145 | A POC lab environment for CVE-2024-56145 CraftCMS RCE. | 2025-04-06T10:16:20Z |
| CVE-2024-56116 | ComplianceControl/CVE-2024-56116 | no description | 2024-12-16T07:44:07Z |
| CVE-2024-56115 | ComplianceControl/CVE-2024-56115 | no description | 2024-12-16T07:46:41Z |
| CVE-2024-56071 | Nxploited/CVE-2024-56071 | Simple Dashboard <= 2.0 - Unauthenticated Privilege Escalation | 2025-04-09T14:32:19Z |
| CVE-2024-56067 | RandomRobbieBF/CVE-2024-56067 | WP SuperBackup <= 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download | 2025-01-09T10:40:33Z |
| CVE-2024-56064 | RandomRobbieBF/CVE-2024-56064 | WP SuperBackup <= 2.3.3 - Unauthenticated Arbitrary File Upload | 2025-01-09T15:35:39Z |
| CVE-2024-56059 | RandomRobbieBF/CVE-2024-56059 | Partners <= 0.2.0 - Unauthenticated PHP Object Injection | 2025-01-13T12:05:21Z |
| CVE-2024-56058 | RandomRobbieBF/CVE-2024-56058 | VRPConnector <= 2.0.1 - Unauthenticated PHP Object Injection | 2025-01-13T11:27:53Z |
| CVE-2024-55988 | RandomRobbieBF/CVE-2024-55988 | Navayan CSV Export <= 1.0.9 - Unauthenticated SQL Injection | 2025-01-03T10:45:42Z |
| CVE-2024-55982 | RandomRobbieBF/CVE-2024-55982 | Share Buttons – Social Media <= 1.0.2 - Unauthenticated SQL Injection | 2025-01-03T12:23:50Z |
| CVE-2024-55981 | RandomRobbieBF/CVE-2024-55981 | Nabz Image Gallery <= v1.00 - Unauthenticated SQL Injection | 2025-01-03T12:38:29Z |
| CVE-2024-55980 | RandomRobbieBF/CVE-2024-55980 | Wr Age Verification <= 2.0.0 - Unauthenticated SQL Injection | 2025-01-02T11:11:48Z |
| CVE-2024-55978 | RandomRobbieBF/CVE-2024-55978 | Code Generator Pro <= 1.2 - Unauthenticated SQL Injection | 2025-01-02T13:21:36Z |
| CVE-2024-55976 | RandomRobbieBF/CVE-2024-55976 | Critical Site Intel <= 1.0 - Unauthenticated SQL Injection | 2025-01-03T13:32:11Z |
| CVE-2024-55972 | RandomRobbieBF/CVE-2024-55972 | eTemplates <= 0.2.1 - Unauthenticated SQL Injection | 2025-01-03T12:47:01Z |
| CVE-2024-55968 | null-event/CVE-2024-55968 | POC for DTEX LPE (CVE-2024-55968) | 2024-12-17T21:08:11Z |
| CVE-2024-55968 | Wi1DN00B/CVE-2024-55968 | Exploit POC Code for CVE-2024-55968 | 2024-12-17T21:07:59Z |
| CVE-2024-55875 | JAckLosingHeart/CVE-2024-55875 | CVE-2024-55875 - GHSA-7mj5-hjjj-8rgw - http4k first CVE | 2024-12-13T06:21:36Z |
| CVE-2024-55591 | watchtowrlabs/fortios-auth-bypass-check-CVE-2024-55591 | no description | 2025-01-16T07:26:15Z |
| CVE-2024-55591 | sysirq/fortios-auth-bypass-poc-CVE-2024-55591 | no description | 2025-01-21T12:30:21Z |
| CVE-2024-55591 | sysirq/fortios-auth-bypass-exploit-CVE-2024-55591 | no description | 2025-01-22T14:16:30Z |
| CVE-2024-55591 | amfg145/Private-CVE-2024-55591. | Private CVE-2024-55591 | 2025-01-24T12:59:37Z |
| CVE-2024-55591 | virus-or-not/CVE-2024-55591 | An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | 2025-01-24T20:29:56Z |
| CVE-2024-55591 | rawtips/CVE-2024-55591 | #PoC for CVE-2024-55591 Authentication bypass Affects: FortiOS 7.0.0 to 7.0.16 , FortiProxy 7.0.0 to 7.0.19 ,FortiProxy 7.2.0 to 7.2.12 | 2025-01-29T19:39:10Z |
| CVE-2024-55591 | watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591 | no description | 2025-01-27T06:25:53Z |
| CVE-2024-55591 | 0x7556/CVE-2024-55591 | no description | 2025-02-09T14:00:58Z |
| CVE-2024-55591 | exfil0/CVE-2024-55591-POC | A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices. | 2025-01-29T14:54:40Z |
| CVE-2024-55591 | binarywarm/exp-cmd-add-admin-vpn-CVE-2024-55591 | no description | 2025-04-11T13:52:20Z |
| CVE-2024-55587 | CSIRTTrizna/CVE-2024-55587 | no description | 2024-12-10T06:59:00Z |
| CVE-2024-55557 | partywavesec/CVE-2024-55557 | CVE-2024-55557 | 2024-12-10T20:38:03Z |
| CVE-2024-55511 | nikosecurity/CVE-2024-55511 | A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows a local attacker to cause a system crash or potentially elevate their privileges via executing a specially crafted executable. | 2025-01-20T18:23:10Z |
| CVE-2024-55504 | SyFi/CVE-2024-55504 | CVE-2024-55504 | 2025-01-19T01:58:38Z |
| CVE-2024-55503 | SyFi/CVE-2024-55503 | no description | 2024-12-05T21:48:21Z |
| CVE-2024-55457 | h13nh04ng/CVE-2024-55457-PoC | no description | 2025-01-05T09:07:46Z |
| CVE-2024-5535 | websecnl/CVE-2024-5535 | PoC - OpenSSL NPN Buffer Overread | 2025-03-15T17:00:42Z |
| CVE-2024-55347 | sahil3276/CVE-2024-55347 | Public Disclosure of CVE-2024-55347 | 2025-02-11T06:11:26Z |
| CVE-2024-5522 | truonghuuphuc/CVE-2024-5522-Poc | CVE-2024-5522 HTML5 Video Player <= 2.5.26 - Unauthenticated SQL Injection | 2024-05-31T04:41:46Z |
| CVE-2024-5522 | kryptonproject/CVE-2024-5522-PoC | no description | 2024-09-11T04:46:46Z |
| CVE-2024-5522 | geniuszlyy/CVE-2024-5522 | A PoC exploit scanner for CVE-2024-5522 vulnerability in WordPress websites | 2024-10-01T16:02:12Z |
| CVE-2024-55215 | ainrm/Jrohy-trojan-unauth-poc | CVE-2024-55215 | 2024-11-28T07:05:30Z |
| CVE-2024-55211 | micaelmaciel/CVE-2024-55211 | Cookie-based authentication vulnerability on Tk-Rt-Wr135G | 2025-04-15T20:28:33Z |
| CVE-2024-55099 | ugurkarakoc1/CVE-2024-55099-Online-Nurse-Hiring-System-v1.0-SQL-Injection-Vulnerability- | no description | 2024-12-10T19:40:26Z |
| CVE-2024-55060 | bigzooooz/CVE-2024-55060 | no description | 2025-03-12T18:05:42Z |
| CVE-2024-55040 | tcbutler320/CVE-2024-55040-Sensaphone-XSS | Public disclose of several stored XSS vulnerabilities in the Sensaphone WEB600 (CVE-2024-55040) | 2024-11-22T22:25:18Z |
| CVE-2024-54951 | Allevon412/CVE-2024-54951 | I contacted the monica development team via email on 11/20/2024. I also contacted them via LinkedIn, and other platforms in the weeks that followed. Publishing here since there was no response. | 2025-01-31T22:28:26Z |
| CVE-2024-54916 | SAHALLL/CVE-2024-54916 | no description | 2025-02-08T01:55:04Z |
| CVE-2024-54910 | KrakenEU/CVE-2024-54910 | no description | 2025-01-07T18:24:46Z |
| CVE-2024-54880 | ailenye/CVE-2024-54880 | CVE-2024-54880 | 2025-01-20T12:45:17Z |
| CVE-2024-54879 | ailenye/CVE-2024-54879 | CVE-2024-54879 | 2025-01-20T07:19:57Z |
| CVE-2024-54820 | jcarabantes/CVE-2024-54820 | Vuln disclosure for XOne app | 2024-11-17T12:31:23Z |
| CVE-2024-54819 | partywavesec/CVE-2024-54819 | CVE-2024-54819 | 2024-12-30T23:06:22Z |
| CVE-2024-54795 | MarioTesoro/CVE-2024-54795 | SpagoBI multiple stored xss | 2025-01-18T14:17:03Z |
| CVE-2024-54794 | MarioTesoro/CVE-2024-54794 | SpagoBI command injection | 2025-01-18T10:50:21Z |
| CVE-2024-54792 | MarioTesoro/CVE-2024-54792 | SpagoBI csrf | 2025-01-18T13:37:57Z |
| CVE-2024-54772 | deauther890/CVE-2024-54772 | This repo contains the exploit for CVE-2024-54772 | 2025-02-06T13:40:41Z |
| CVE-2024-54761 | nscan9/CVE-2024-54761-BigAnt-Office-Messenger-5.6.06-RCE-via-SQL-Injection | CVE-2024-54761 PoC | 2024-11-15T05:55:29Z |
| CVE-2024-54679 | hotplugin0x01/CVE-2024-54679 | CVE-2024-54679 - CyberPanel (aka Cyber Panel) Denial of Service (https://nvd.nist.gov/vuln/detail/CVE-2024-54679) | 2024-12-06T06:02:34Z |
| CVE-2024-54525 | skadz108/MyBallsItch | PoC exploit for CVE-2024-54525. | 2025-03-23T07:33:26Z |
| CVE-2024-5452 | XiaomingX/cve-2024-5452-poc | 此漏洞的根本原因是**深度差异库(deepdiff)**在反序列化用户输入时,未正确处理双下划线(dunder)属性。 PyTorch Lightning 使用 deepdiff.Delta 对象根据前端操作修改应用状态,设计目标是仅允许特定状态变量的修改。 | 2024-11-22T06:56:12Z |
| CVE-2024-5452 | skrkcb2/CVE-2024-5452 | no description | 2025-02-09T00:14:52Z |
| CVE-2024-54507 | jprx/CVE-2024-54507 | An integer type confusion in XNU | 2025-01-23T20:40:47Z |
| CVE-2024-54498 | wh1te4ever/CVE-2024-54498-PoC | Escape macOS Sandbox using sharedfilelistd exploit | 2025-01-08T09:55:44Z |
| CVE-2024-54385 | RandomRobbieBF/CVE-2024-54385 | Radio Player <= 2.0.82 - Blind Unauthenticated Server-Side Request Forgery | 2025-01-02T13:40:14Z |
| CVE-2024-54383 | pashayogi/CVE-2024-54383 | CVE-2024-54383, https://www.cve.org/CVERecord?id=CVE-2024-54383 | 2025-03-11T14:26:43Z |
| CVE-2024-54379 | RandomRobbieBF/CVE-2024-54379 | Minterpress <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | 2024-12-19T17:04:01Z |
| CVE-2024-54378 | RandomRobbieBF/CVE-2024-54378 | Quietly Insights <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | 2024-12-19T17:15:17Z |
| CVE-2024-54374 | RandomRobbieBF/CVE-2024-54374 | Sogrid <= 1.5.6 - Unauthenticated Local File Inclusion | 2025-01-03T10:08:54Z |
| CVE-2024-54369 | RandomRobbieBF/CVE-2024-54369 | Zita Site Builder <= 1.0.2 - Missing Authorization to Arbitrary Plugin Installation | 2024-12-19T15:38:41Z |
| CVE-2024-54369 | Nxploited/CVE-2024-54369-PoC | PoC: Plugin: Zita Site Builder <= 1.0.2 - Arbitrary Plugin Installation | 2025-01-18T10:52:03Z |
| CVE-2024-54363 | RandomRobbieBF/CVE-2024-54363 | Wp NssUser Register <= 1.0.0 - Unauthenticated Privilege Escalation | 2025-01-02T14:41:52Z |
| CVE-2024-54363 | Nxploited/CVE-2024-54363-Exploit | Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0. | 2025-01-16T10:18:02Z |
| CVE-2024-54330 | RandomRobbieBF/CVE-2024-54330 | Hurrakify <= 2.4 - Unauthenticated Server-Side Request Forgery | 2025-01-02T10:31:51Z |
| CVE-2024-54292 | RandomRobbieBF/CVE-2024-54292 | Appsplate <= 2.1.3 - Unauthenticated SQL Injection | 2025-01-07T17:14:57Z |
| CVE-2024-54262 | RandomRobbieBF/CVE-2024-54262 | Import Export For WooCommerce <= 1.5 - Authenticated (Subscriber+) Arbitrary File Upload | 2024-12-19T14:42:06Z |
| CVE-2024-54262 | Nxploited/CVE-2024-54262 | Exploit CVE-2024-54262: Arbitrary File Upload in Import Export for WooCommerce | 2025-01-17T11:13:36Z |
| CVE-2024-54239 | RandomRobbieBF/CVE-2024-54239 | Eyewear prescription form <= 4.0.18 - Missing Authorization to Unauthenticated Arbitrary Options Update | 2025-01-20T10:29:42Z |
| CVE-2024-5420 | K4yd0/CVE-2024-5420_XSS | no description | 2024-09-02T16:39:59Z |
| CVE-2024-5420 | fa-rrel/CVE-2024-5420-XSS | SEH utnserver Pro/ProMAX / INU-100 20.1.22 - XSS | 2024-09-02T15:29:22Z |
| CVE-2024-54160 | Jflye/CVE-2024-54160-Opensearch-HTML-And-Injection-Stored-XSS | no description | 2024-12-17T12:29:18Z |
| CVE-2024-54152 | math-x-io/CVE-2024-54152-poc | no description | 2024-12-30T01:07:48Z |
| CVE-2024-53924 | aelmosalamy/CVE-2024-53924 | A PoC of CVE-2024-53924 | 2025-04-18T13:19:39Z |
| CVE-2024-53900 | Gokul-Krishnan-V-R/CVE-2024-53900 | Mongo Vulnub Lab...Try to Hack IT.....! | 2025-04-03T17:01:32Z |
| CVE-2024-53704 | istagmbh/CVE-2024-53704 | demonstriert, wie mittels missbräuchlicher Nutzung eines Swap-Cookies eine VPN-Session übernommen werden kann. Wichtig: Dieses Projekt dient ausschliesslich zu Bildungs- und Forschungszwecken – bitte nur in Umgebungen verwenden, in denen Du explizit authorisiert bist. | 2025-02-11T20:43:23Z |
| CVE-2024-53691 | C411e/CVE-2024-53691 | CVE-2024-53691 | 2025-01-13T10:07:25Z |
| CVE-2024-53677 | cloudwafs/s2-067-CVE-2024-53677 | s2-067(CVE-2024-53677) | 2024-12-12T08:30:14Z |
| CVE-2024-53677 | yangyanglo/CVE-2024-53677 | no description | 2024-12-17T02:22:38Z |
| CVE-2024-53677 | c4oocO/CVE-2024-53677-Docker | A Docker-based environment to reproduce the CVE-2024-53677 vulnerability in Apache Struts 2. | 2024-12-17T06:42:16Z |
| CVE-2024-53677 | XiaomingX/CVE-2024-53677-S2-067 | A critical vulnerability, CVE-2024-53677, has been identified in the popular Apache Struts framework, potentially allowing attackers to execute arbitrary code remotely. This vulnerability arises from flaws in the file upload logic, which can be exploited to perform path traversal and malicious file uploads. | 2024-12-18T02:03:56Z |
| CVE-2024-53677 | dustblessnotdust/CVE-2024-53677-S2-067-thread | no description | 2024-12-18T18:42:34Z |
| CVE-2024-53677 | TAM-K592/CVE-2024-53677-S2-067 | A critical vulnerability, CVE-2024-53677, has been identified in the popular Apache Struts framework, potentially allowing attackers to execute arbitrary code remotely. This vulnerability arises from flaws in the file upload logic, which can be exploited to perform path traversal and malicious file uploads. | 2024-12-13T17:42:55Z |
| CVE-2024-53677 | Q0LT/VM-CVE-2024-53677 | Struts Vulnerability - CVE-2024-53677 | 2024-12-23T16:32:59Z |
| CVE-2024-53677 | 0xdeviner/CVE-2024-53677 | no description | 2024-12-23T14:22:44Z |
| CVE-2024-53677 | EQSTLab/CVE-2024-53677 | Proof-of-Concept for CVE-2024-46538 | 2025-01-03T02:30:53Z |
| CVE-2024-53677 | 0xPThree/struts_cve-2024-53677 | no description | 2025-01-07T11:27:09Z |
| CVE-2024-53677 | SeanRickerd/CVE-2024-53677 | Vulnerable Environment and Exploit for CVE-2024-53677 | 2025-01-10T17:47:24Z |
| CVE-2024-53677 | punitdarji/Apache-struts-cve-2024-53677 | no description | 2025-01-08T19:36:09Z |
| CVE-2024-53677 | hopsypopsy8/CVE-2024-53677-Exploitation | Apache Struts CVE-2024-53677 Exploitation | 2025-02-13T07:26:08Z |
| CVE-2024-53677 | shishirghimir/CVE-2024-53677-Exploit | no description | 2025-02-24T12:28:28Z |
| CVE-2024-53617 | ii5mai1/CVE-2024-53617 | no description | 2024-11-29T17:50:07Z |
| CVE-2024-53615 | beune/CVE-2024-53615 | CVE-2024-53615 | 2024-11-04T18:34:58Z |
| CVE-2024-5356 | droyuu/Aj-Report-sql-CVE-2024-5356-POC | no description | 2024-09-12T03:02:20Z |
| CVE-2024-53522 | Safecloudth/CVE-2024-53522 | PoC for CVE-2024-53522 affecting HOSxP XE 4 | 2025-01-02T04:13:37Z |
| CVE-2024-53476 | AbdullahAlmutawa/CVE-2024-53476 | SimplCommerce is affected by a race condition vulnerability in the checkout logic, allowing multiple users to purchase more products than are in stock via simultaneous checkout requests. | 2024-12-20T00:27:22Z |
| CVE-2024-53407 | SyFi/CVE-2024-53407 | CVE-2024-53407 | 2025-01-15T09:49:03Z |
| CVE-2024-53393 | alirezac0/CVE-2024-53393 | CVE-2024-53393 PoC | 2025-02-02T08:32:48Z |
| CVE-2024-53376 | ThottySploity/CVE-2024-53376 | CyberPanel authenticated RCE < 2.3.8 | 2024-12-15T22:40:52Z |
| CVE-2024-53375 | ThottySploity/CVE-2024-53375 | TP-Link Archer AXE75 Authenticated Command Injection | 2024-10-04T12:49:19Z |
| CVE-2024-53345 | ShadowByte1/CVE-2024-53345 | Critical 0 Day in Car Rental Management System Versions 1.0 - 1.3 | 2024-12-23T08:48:51Z |
| CVE-2024-5326 | truonghuuphuc/CVE-2024-5326-Poc | CVE-2024-5326 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update | 2024-06-01T04:23:54Z |
| CVE-2024-5326 | cve-2024/CVE-2024-5326-Poc | no description | 2024-06-14T07:12:29Z |
| CVE-2024-53259 | kota-yata/cve-2024-53259 | no description | 2024-12-04T09:27:22Z |
| CVE-2024-53255 | 0x4M3R/CVE-2024-53255 | boid CMS 2.1.1 - reflected Cross-Site Scripting (XSS) | 2024-11-26T09:41:54Z |
| CVE-2024-53027 | ladyg00se/CVE-2024-53027-WIP | Work in Progress for POC | 2025-04-08T14:34:46Z |
| CVE-2024-52940 | ebrasha/abdal-anydesk-remote-ip-detector | CVE-2024-52940 - A zero-day vulnerability in AnyDesk's "Allow Direct Connections" feature, discovered and registered by Ebrahim Shafiei (EbraSha), exposing public and private IP addresses. For details, visit the NVD, Tenable, or MITRE pages. | 2024-10-27T15:29:56Z |
| CVE-2024-52940 | MKultra6969/AnySniff | AnySniff is a tool for monitoring TCP connections of processes like AnyDesk on Windows. It uses the CVE-2024-52940 vulnerability to track open connections and log IPs, ports, and other details. | 2024-12-02T05:15:11Z |
| CVE-2024-52800 | JAckLosingHeart/GHSA-4cx5-89vm-833x-POC | GHSA-4cx5-89vm-833x/CVE-2024-52800 | 2024-11-30T06:55:07Z |
| CVE-2024-5274 | Alchemist3dot14/CVE-2024-5274-Detection | Guardian Code: A Script to Uncover CVE-2024-5274 Vulnerabilities | 2024-07-10T02:15:56Z |
| CVE-2024-5274 | mistymntncop/CVE-2024-5274 | no description | 2024-08-29T11:58:25Z |
| CVE-2024-52711 | 14mb1v45h/cyberspace-CVE-2024-52711 | POC-Proof-of-exploit CVE-2024-52711 | 2024-11-19T14:55:16Z |
| CVE-2024-52550 | Anton-ai111/CVE-2024-52550 | CVE-2024-52550 | 2025-04-15T14:30:43Z |
| CVE-2024-52475 | ubaii/CVE-2024-52475 | Broken Authentication in Wordpress plugin (Wawp Plugin < 3.0.18) | 2024-11-22T18:29:54Z |
| CVE-2024-5246 | Abdurahmon3236/CVE-2024-5246 | no description | 2024-08-02T20:56:39Z |
| CVE-2024-52433 | RandomRobbieBF/CVE-2024-52433 | My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection | 2024-11-22T08:56:58Z |
| CVE-2024-52430 | RandomRobbieBF/CVE-2024-52430 | Lis Video Gallery <= 0.2.1 - Unauthenticated PHP Object Injection | 2024-11-25T13:55:39Z |
| CVE-2024-52429 | RandomRobbieBF/CVE-2024-52429 | WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation | 2024-11-22T10:26:55Z |
| CVE-2024-52402 | Nxploited/CVE-2024-52402 | WordPress Exclusive Content Password Protect plugin <= 1.1.0 - CSRF to Arbitrary File Upload vulnerability | 2025-03-18T07:32:16Z |
| CVE-2024-52382 | RandomRobbieBF/CVE-2024-52382 | Matix Popup Builder <= 1.0.0 - Unauthenticated Arbitrary Options Update | 2024-11-21T16:19:12Z |
| CVE-2024-52380 | RandomRobbieBF/CVE-2024-52380 | Picsmize <= 1.0.0 - Unauthenticated Arbitrary File Upload | 2024-11-25T14:56:38Z |
| CVE-2024-52380 | 0xshoriful/CVE-2024-52380 | no description | 2024-11-30T02:43:11Z |
| CVE-2024-52380 | Nxploited/CVE-2024-52380-Exploit | Picsmize plugin for WordPress is vulnerable to arbitrary file uploads. | 2025-01-18T04:10:09Z |
| CVE-2024-52375 | Nxploited/CVE-2024-52375 | WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability | 2025-03-22T00:48:02Z |
| CVE-2024-52335 | cloudefence/CVE-2024-52335 | CVE-2024-52335: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89) | 2024-12-06T20:02:00Z |
| CVE-2024-52318 | TAM-K592/CVE-2024-52318 | CVE-2024-52318 - Apache Tomcat XSS Vulnerability in Generated JSPs | 2024-11-21T06:38:48Z |
| CVE-2024-52317 | TAM-K592/CVE-2024-52317 | CVE-2024-52317 - Apache Tomcat HTTP/2 Data Leakage Vulnerability | 2024-11-21T06:20:42Z |
| CVE-2024-52316 | TAM-K592/CVE-2024-52316 | CVE-2024-52316 - Apache Tomcat Authentication Bypass Vulnerability | 2024-11-20T10:22:50Z |
| CVE-2024-52302 | d3sca/CVE-2024-52302 | common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions leads to (RCE) | 2024-11-14T16:04:00Z |
| CVE-2024-52301 | Nyamort/CVE-2024-52301 | no description | 2024-11-14T18:41:31Z |
| CVE-2024-52301 | martinhaunschmid/CVE-2024-52301-Research | A bit of research around CVE-2024-52301 | 2024-11-15T19:11:35Z |
| CVE-2024-52301 | nanwinata/CVE-2024-52301 | Arbitrary Argument Injection Scanner CVE-2024-52301 | 2024-11-30T04:25:06Z |
| CVE-2024-52002 | Harshit-Mashru/iTop-CVEs-exploit | This repository contains exploits for iTOP CVE-2024-52002, 52000, 31998, 31448 that involve CSRF+XSS chaining to get RCE | 2024-12-23T19:56:56Z |
| CVE-2024-51996 | moften/CVE-2024-51996 | CVE-2024-51996 es una vulnerabilidad crítica que afecta al componente security-http del framework Symfony. | 2025-04-14T21:02:11Z |
| CVE-2024-51818 | RandomRobbieBF/CVE-2024-51818 | Fancy Product Designer <= 6.4.3 - Unauthenticated SQL Injection | 2025-01-09T10:00:30Z |
| CVE-2024-51793 | Nxploited/CVE-2024-51793 | WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability | 2025-03-24T00:38:21Z |
| CVE-2024-51788 | Nxploited/CVE-2024-51788 | CVE-2024-51788 - WordPress The Novel Design Store Directory plugin <= 4.3.0 - Unauthenticated Arbitrary File Upload Vulnerability | 2025-03-15T04:20:19Z |
| CVE-2024-51747 | l20170217b/CVE-2024-51747 | no description | 2024-11-15T03:40:49Z |
| CVE-2024-51665 | RandomRobbieBF/CVE-2024-51665 | Magical Addons For Elementor <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery | 2024-11-10T12:01:52Z |
| CVE-2024-51567 | ajayalf/CVE-2024-51567 | CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s upgrademysqlstatus endpoint, bypassing CSRF protections. | 2024-10-31T21:55:57Z |
| CVE-2024-51567 | thehash007/CVE-2024-51567-RCE-EXPLOIT | cbyerpanel rce exploit | 2024-11-07T13:52:37Z |
| CVE-2024-51567 | XiaomingX/cve-2024-51567-poc | CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s upgrademysqlstatus endpoint, bypassing CSRF protections. | 2024-11-26T02:18:24Z |
| CVE-2024-51442 | mselbrede/CVE-2024-51442 | CVE-2024-51442 write up and example config file | 2024-12-31T19:27:36Z |
| CVE-2024-51435 | bevennyamande/CVE-2024-51435 | bloodbank POCs | 2024-10-25T23:28:09Z |
| CVE-2024-51430 | BLACK-SCORP10/CVE-2024-51430 | The Online Diagnostic Lab Management System has a security problem called Cross-Site Scripting (XSS) in the Borrower section. | 2024-10-29T19:32:05Z |
| CVE-2024-51378 | refr4g/CVE-2024-51378 | Exploit for CyberPanel Pre-Auth RCE via Command Injection | 2024-10-29T23:34:27Z |
| CVE-2024-51378 | i0x29A/CVE-2024-51378 | A Python script to scan websites for the CVE-2024-51378 vulnerability. | 2025-01-03T08:05:07Z |
| CVE-2024-51378 | qnole000/CVE-2024-51378 | no description | 2025-02-12T03:48:19Z |
| CVE-2024-51358 | Kov404/CVE-2024-51358 | no description | 2024-11-02T14:55:00Z |
| CVE-2024-5124 | gogo2464/CVE-2024-5124 | no description | 2024-10-30T09:53:42Z |
| CVE-2024-5124 | XiaomingX/cve-2024-5124-poc | CVE-2024-5124 poc | 2024-12-03T03:18:48Z |
| CVE-2024-51228 | tequilasunsh1ne/CVE_2024_51228 | no description | 2024-12-23T02:36:54Z |
| CVE-2024-51179 | Lakshmirnr/CVE-2024-51179 | no description | 2024-11-08T11:47:07Z |
| CVE-2024-51144 | nitipoom-jar/CVE-2024-51144 | no description | 2024-08-21T15:31:27Z |
| CVE-2024-51136 | JAckLosingHeart/CVE-2024-51136-POC | no description | 2024-11-05T02:04:01Z |
| CVE-2024-51135 | JAckLosingHeart/CVE-2024-51135 | no description | 2024-11-09T02:57:22Z |
| CVE-2024-51132 | JAckLosingHeart/CVE-2024-51132-POC | no description | 2024-11-02T14:30:29Z |
| CVE-2024-51032 | Shree-Chandragiri/CVE-2024-51032 | A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field. | 2024-11-05T20:41:15Z |
| CVE-2024-51031 | vighneshnair7/CVE-2024-51031 | no description | 2024-11-05T20:59:14Z |
| CVE-2024-51030 | vighneshnair7/CVE-2024-51030 | no description | 2024-11-05T20:33:56Z |
| CVE-2024-51026 | BrotherOfJhonny/CVE-2024-51026_Overview | Sistema NetAdmin IAM 4 é vulnerável a Cross Site Scripting (XSS), no endpoint /BalloonSave.ashx | 2024-11-11T14:49:47Z |
| CVE-2024-50986 | riftsandroses/CVE-2024-50986 | An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file (DLL Hijacking) | 2024-11-13T03:49:07Z |
| CVE-2024-50972 | Akhlak2511/CVE-2024-50972 | no description | 2024-11-12T17:40:54Z |
| CVE-2024-50971 | Akhlak2511/CVE-2024-50971 | no description | 2024-11-12T17:36:02Z |
| CVE-2024-50970 | Akhlak2511/CVE-2024-50970 | no description | 2024-11-12T17:30:00Z |
| CVE-2024-50969 | Akhlak2511/CVE-2024-50969 | no description | 2024-11-12T17:20:07Z |
| CVE-2024-50968 | Akhlak2511/CVE-2024-50968 | no description | 2024-11-12T12:48:17Z |
| CVE-2024-50967 | 0xByteHunter/CVE-2024-50967 | DATAGERRY Broken Access Control | 2025-01-16T13:38:20Z |
| CVE-2024-50964 | fdzdev/CVE-2024-50964 | MX Server misconfiguration | 2024-11-13T07:49:09Z |
| CVE-2024-50962 | fdzdev/CVE-2024-50962 | A Cross-Site Scripting (XSS) vulnerability | 2024-11-13T07:47:38Z |
| CVE-2024-50961 | fdzdev/CVE-2024-50961 | Remote attacker can access sensitive data exposed on the URL | 2024-11-13T07:43:06Z |
| CVE-2024-50945 | AbdullahAlmutawa/CVE-2024-50945 | SimplCommerce is affected by a Broken Access Control vulnerability in the review system, allowing unauthorized users to post reviews for products they have not purchased. | 2024-12-20T00:43:18Z |
| CVE-2024-50944 | AbdullahAlmutawa/CVE-2024-50944 | Integer Overflow in Cart Logic in SimplCommerce allows remote attackers to manipulate product quantities and total prices via crafted inputs that exploit insufficient validation of the quantity parameter. | 2024-12-19T23:33:21Z |
| CVE-2024-50849 | Wh1teSnak3/CVE-2024-50849 | no description | 2024-11-15T19:51:18Z |
| CVE-2024-50848 | Wh1teSnak3/CVE-2024-50848 | no description | 2024-11-15T18:57:25Z |
| CVE-2024-5084 | Chocapikk/CVE-2024-5084 | Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution | 2024-05-27T20:04:10Z |
| CVE-2024-5084 | KTN1990/CVE-2024-5084 | WordPress Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated Arbitrary File Upload to Remote Code Execution | 2024-05-25T03:49:04Z |
| CVE-2024-5084 | k3lpi3b4nsh33/CVE-2024-5084 | no description | 2024-06-06T03:25:44Z |
| CVE-2024-5084 | WOOOOONG/CVE-2024-5084 | PoC Exploit for CVE-2024-5084 | 2024-07-03T04:24:43Z |
| CVE-2024-5084 | z1gazaga/CVE-2024-5084 | Материалы для научной работы | 2024-11-21T06:26:21Z |
| CVE-2024-5084 | Raeezrbr/CVE-2024-5084 | no description | 2024-11-30T09:15:34Z |
| CVE-2024-5084 | ModeBrutal/CVE-2024-5084-Auto-Exploit | no description | 2025-02-16T13:39:28Z |
| CVE-2024-50804 | g3tsyst3m/CVE-2024-50804 | MSI Center Pro 2.1.37.0 - CVE-2024-50804 | 2024-11-04T15:38:19Z |
| CVE-2024-50803 | Praison001/CVE-2024-50803-Redaxo | Stored XSS in mediapool feature of Redaxo | 2024-11-15T17:05:04Z |
| CVE-2024-50677 | ZumiYumi/CVE-2024-50677 | This repository presents a proof-of-concept of CVE-2024-50677 | 2024-12-06T01:04:44Z |
| CVE-2024-50657 | SAHALLL/CVE-2024-50657 | no description | 2024-11-15T05:22:27Z |
| CVE-2024-50633 | cetinpy/CVE-2024-50633 | no description | 2025-01-16T08:26:39Z |
| CVE-2024-50623 | watchtowrlabs/CVE-2024-50623 | Cleo Unrestricted file upload and download PoC (CVE-2024-50623) | 2024-12-11T14:19:55Z |
| CVE-2024-50623 | verylazytech/CVE-2024-50623 | CVE-2024-50623 POC - Cleo Unrestricted file upload and download | 2024-12-23T08:52:23Z |
| CVE-2024-50623 | iSee857/Cleo-CVE-2024-50623-PoC | Cleo 远程代码执行漏洞批量检测脚本(CVE-2024-50623) | 2024-12-31T07:43:48Z |
| CVE-2024-50623 | congdong007/CVE-2024-50623-poc | no description | 2025-04-01T22:55:08Z |
| CVE-2024-50603 | newlinesec/CVE-2024-50603 | CVE-2024-50603-nuclei-poc | 2025-01-08T12:00:38Z |
| CVE-2024-50603 | th3gokul/CVE-2024-50603 | CVE-2024-50603: Aviatrix Controller Unauthenticated Command Injection | 2025-01-12T11:20:21Z |
| CVE-2024-50526 | hatvix1/CVE-2024-50526-Private-POC | Unrestricted Upload of File with Dangerous Type | 2024-11-04T16:37:51Z |
| CVE-2024-50510 | RandomRobbieBF/CVE-2024-50510 | AR For Woocommerce <= 6.2 - Unauthenticated Arbitrary File Upload | 2024-12-16T20:15:56Z |
| CVE-2024-50509 | RandomRobbieBF/CVE-2024-50509 | Woocommerce Product Design <= 1.0.0 - Unauthenticated Arbitrary File Deletion | 2024-12-16T19:17:07Z |
| CVE-2024-50508 | RandomRobbieBF/CVE-2024-50508 | Woocommerce Product Design <= 1.0.0 - Unauthenticated Arbitrary File Download | 2024-12-16T20:00:24Z |
| CVE-2024-50507 | RandomRobbieBF/CVE-2024-50507 | DS.DownloadList <= 1.3 - Unauthenticated PHP Object Injection | 2024-12-16T19:36:26Z |
| CVE-2024-50498 | RandomRobbieBF/CVE-2024-50498 | WP Query Console <= 1.0 - Unauthenticated Remote Code Execution | 2024-11-04T22:13:45Z |
| CVE-2024-50498 | p0et08/CVE-2024-50498 | This is a exploit for CVE-2024-50498 | 2024-12-04T01:30:19Z |
| CVE-2024-50498 | Nxploited/CVE-2024-50498 | no description | 2025-01-03T22:36:43Z |
| CVE-2024-50493 | RandomRobbieBF/CVE-2024-50493 | Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload | 2024-11-10T08:17:41Z |
| CVE-2024-50492 | Nxploited/CVE-2024-50492 | ScottCart <= 1.1 - Unauthenticated Remote Code Execution | 2025-03-26T02:27:01Z |
| CVE-2024-50491 | RandomRobbieBF/CVE-2024-50491 | RSVP ME <= 1.9.9 - Unauthenticated SQL Injection | 2025-01-12T07:26:48Z |
| CVE-2024-50490 | RandomRobbieBF/CVE-2024-50490 | PegaPoll <= 1.0.2 - Unauthenticated Arbitrary Options Update | 2024-11-05T12:27:41Z |
| CVE-2024-50488 | RandomRobbieBF/CVE-2024-50488 | Token Login <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation | 2024-11-09T10:54:06Z |
| CVE-2024-50485 | RandomRobbieBF/CVE-2024-50485 | Exam Matrix <= 1.5 - Unauthenticated Privilege Escalation | 2024-11-05T13:02:28Z |
| CVE-2024-50483 | RandomRobbieBF/CVE-2024-50483 | Meetup <= 0.1 - Authentication Bypass via Account Takeover | 2024-11-05T21:38:44Z |
| CVE-2024-50482 | RandomRobbieBF/CVE-2024-50482 | Woocommerce Product Design <= 1.0.0 - Unauthenticated Arbitrary File Upload | 2024-11-05T13:19:05Z |
| CVE-2024-504781 | RandomRobbieBF/CVE-2024-50478 | 1-Click Login: Passwordless Authentication 1.4.5 - Authentication Bypass via Account Takeover | 2024-11-05T22:04:55Z |
| CVE-2024-50477 | RandomRobbieBF/CVE-2024-50477 | Stacks Mobile App Builder <= 5.2.3 - Authentication Bypass via Account Takeover | 2024-11-08T17:22:29Z |
| CVE-2024-50476 | RandomRobbieBF/CVE-2024-50476 | GRÜN spendino Spendenformular <= 1.0.1 - Unauthenticated Arbitrary Options Update | 2024-11-04T09:30:36Z |
| CVE-2024-50475 | RandomRobbieBF/CVE-2024-50475 | Signup Page <= 1.0 - Unauthenticated Arbitrary Options Update | 2024-11-04T10:46:46Z |
| CVE-2024-50473 | RandomRobbieBF/CVE-2024-50473 | Ajar in5 Embed <= 3.1.3 - Unauthenticated Arbitrary File Upload | 2024-11-09T07:46:54Z |
| CVE-2024-50450 | RandomRobbieBF/CVE-2024-50450 | WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.4 - Unauthenticated Arbitrary Shortcode Execution | 2024-11-08T11:24:16Z |
| CVE-2024-50427 | RandomRobbieBF/CVE-2024-50427 | SurveyJS: Drag & Drop WordPress Form Builder <= 1.9.136 - Authenticated (Subscriber+) Arbitrary File Upload | 2024-11-08T12:24:06Z |
| CVE-2024-50404 | C411e/CVE-2024-50404 | CVE-2024-50404 | 2025-01-13T09:47:03Z |
| CVE-2024-50395 | neko-hat/CVE-2024-50395 | no description | 2024-11-25T06:06:25Z |
| CVE-2024-50379 | yiliufeng168/CVE-2024-50379-POC | no description | 2024-12-19T02:43:18Z |
| CVE-2024-50379 | iSee857/CVE-2024-50379-PoC | Apache Tomcat(CVE-2024-50379)条件竞争致远程代码执行漏洞批量检测脚本 | 2024-12-20T05:24:10Z |
| CVE-2024-50379 | JFOZ1010/Nuclei-Template-CVE-2024-50379 | Repositorio para alojar un template de Nuclei para probar el CVE-2024-50379 (en fase de prueba) | 2024-12-20T03:43:47Z |
| CVE-2024-50379 | Alchemist3dot14/CVE-2024-50379 | CVE-2024-50379 is a critical vulnerability affecting multiple versions of Apache Tomcat, an open source web server and servlet container widely used for deploying Java-based web applications. The vulnerability arises from a Time-of-Use (TOCTOU) race condition that occurs when compiling JavaServer Pages (JSPs). | 2024-12-20T21:30:49Z |
| CVE-2024-50379 | ph0ebus/Tomcat-CVE-2024-50379-Poc | RCE through a race condition in Apache Tomcat | 2024-12-21T05:54:29Z |
| CVE-2024-50379 | SleepingBag945/CVE-2024-50379 | tomcat CVE-2024-50379/CVE-2024-56337 条件竞争文件上传exp | 2024-12-23T07:20:47Z |
| CVE-2024-50379 | dear-cell/CVE-2024-50379 | CVE-2024-50379利用 | 2024-12-23T14:11:46Z |
| CVE-2024-50379 | v3153/CVE-2024-50379-POC | no description | 2024-12-18T19:53:46Z |
| CVE-2024-50379 | bigb0x/CVE-2024-50379 | Testing the latset Apache Tomcat CVE-2024-50379 Vuln | 2024-12-25T21:50:16Z |
| CVE-2024-50379 | dragonked2/CVE-2024-50379-POC | This repository contains a Python script designed to exploit CVE-2024-50379, a vulnerability that allows attackers to upload a JSP shell to a vulnerable server and execute arbitrary commands remotely. This exploit is particularly useful when the /uploads directory is either unprotected or not present on the target server. | 2024-12-25T18:42:29Z |
| CVE-2024-50379 | lizhianyuguangming/CVE-2024-50379-exp | CVE-2024-50379-exp | 2024-12-25T02:41:31Z |
| CVE-2024-50379 | dkstar11q/CVE-2024-50379-nuclei | Testing the latset Apache Tomcat CVE-2024-50379 Vuln | 2024-12-26T00:18:56Z |
| CVE-2024-50379 | pwnosec/CVE-2024-50379 | ExploitDB CVE-2024-50379 a vulnerability that enables attackers to upload a JSP shell to a vulnerable server and execute commands remotely. The exploit is especially effective when the /uploads directory is either unprotected or missing on the target server. | 2025-01-23T10:28:40Z |
| CVE-2024-50379 | YuoLuo/tomcat_cve_2024_50379_exploit | no description | 2025-03-12T06:17:55Z |
| CVE-2024-50379 | thunww/CVE-2024-50379 | no description | 2025-03-30T17:15:44Z |
| CVE-2024-50340 | Nyamort/CVE-2024-50340 | no description | 2024-11-06T21:24:43Z |
| CVE-2024-50335 | shellkraft/CVE-2024-50335 | no description | 2024-11-07T06:19:49Z |
| CVE-2024-50251 | slavin-ayu/CVE-2024-50251-PoC | Just a local Dos bug in Linux kernel | 2024-11-12T08:08:55Z |
| CVE-2024-5009 | sinsinology/CVE-2024-5009 | Exploit for CVE-2024-5009 | 2024-07-08T12:15:29Z |
| CVE-2024-5009 | th3gokul/CVE-2024-5009 | CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation | 2024-07-09T16:56:49Z |
| CVE-2024-49699 | RandomRobbieBF/CVE-2024-49699 | ARPrice <= 4.0.3 - Authenticated (Subscriber+) PHP Object Injection | 2025-01-10T16:15:07Z |
| CVE-2024-49681 | RandomRobbieBF/CVE-2024-49681 | WP Sessions Time Monitoring Full Automatic <= 1.0.9 - Unauthenticated SQL Injection | 2024-11-09T15:24:16Z |
| CVE-2024-49668 | Nxploited/CVE-2024-49668 | WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability | 2025-03-22T22:05:30Z |
| CVE-2024-49653 | Nxploited/CVE-2024-49653 | WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability | 2025-03-22T23:25:44Z |
| CVE-2024-4956 | gmh5225/CVE-2024-4956 | Unauthenticated Path Traversal in Nexus Repository 3 | 2024-05-24T12:45:45Z |
| CVE-2024-4956 | erickfernandox/CVE-2024-4956 | Unauthenticated Path Traversal in Nexus Repository 3 | 2024-05-23T11:39:06Z |
| CVE-2024-4956 | codeb0ss/CVE-2024-4956-PoC | CVE-2024-4956 - Nexus < Exploit | 2024-05-23T16:46:28Z |
| CVE-2024-4956 | xungzzz/CVE-2024-4956 | CVE-2024-4956 Nuclei Template | 2024-05-23T08:15:08Z |
| CVE-2024-4956 | thinhap/CVE-2024-4956-PoC | no description | 2024-05-27T03:09:36Z |
| CVE-2024-4956 | banditzCyber0x/CVE-2024-4956 | Nexus Repository Manager 3 Unauthenticated Path Traversal | 2024-05-23T06:47:13Z |
| CVE-2024-4956 | eoslvs/CVE-2024-4956 | no description | 2024-05-27T13:48:15Z |
| CVE-2024-4956 | ifconfig-me/CVE-2024-4956-Bulk-Scanner | [CVE-2024-4956] Nexus Repository Manager 3 Unauthenticated Path Traversal Bulk Scanner | 2024-05-26T06:50:48Z |
| CVE-2024-4956 | GoatSecurity/CVE-2024-4956 | CVE-2024-4956 : Nexus Repository Manager 3 poc exploit | 2024-05-28T15:05:31Z |
| CVE-2024-4956 | TypicalModMaker/CVE-2024-4956 | Proof-Of-Concept (POC) for CVE-2024-4956 | 2024-05-28T21:20:53Z |
| CVE-2024-4956 | Praison001/CVE-2024-4956-Sonatype-Nexus-Repository-Manager | Exploit for CVE-2024-4956 affecting all previous Sonatype Nexus Repository 3.x OSS/Pro versions up to and including 3.68.0 | 2024-05-30T08:04:27Z |
| CVE-2024-4956 | verylazytech/CVE-2024-4956 | POC - CVE-2024–4956 - Nexus Repository Manager 3 Unauthenticated Path Traversal | 2024-06-09T10:57:29Z |
| CVE-2024-4956 | Cappricio-Securities/CVE-2024-4956 | Sonatype Nexus Repository Manager 3 (LFI) | 2024-06-03T02:49:20Z |
| CVE-2024-4956 | fin3ss3g0d/CVE-2024-4956 | CVE-2024-4956 Python exploitation utility | 2024-06-05T15:37:39Z |
| CVE-2024-4956 | JolyIrsb/CVE-2024-4956 | no description | 2024-08-14T16:41:01Z |
| CVE-2024-4956 | UMASANKAR-MG/Path-Traversal-CVE-2024-4956 | no description | 2024-09-26T15:05:41Z |
| CVE-2024-4956 | An00bRektn/shirocrack | Simple hash cracker for Apache Shiro hashes written in Golang. Useful for exploiting CVE-2024-4956. | 2024-10-04T19:54:05Z |
| CVE-2024-4956 | XiaomingX/cve-2024-4956 | CVE-2024-4956 Python exploitation utility | 2024-12-12T04:05:10Z |
| CVE-2024-4956 | art-of-defence/CVE-2024-4956 | Detection and exploitation scripts for CVE-2024-4956 | 2025-03-26T13:27:33Z |
| CVE-2024-49379 | OHDUDEOKNICE/CVE-2024-49379 | CVE-2024-49379 PoC | 2024-11-16T19:05:28Z |
| CVE-2024-49369 | Quantum-Sicarius/CVE-2024-49369 | no description | 2024-11-29T08:14:03Z |
| CVE-2024-49368 | Aashay221999/CVE-2024-49368 | Explorations of CVE-2024-49368 + Exploit Development | 2024-11-12T03:50:46Z |
| CVE-2024-49328 | RandomRobbieBF/CVE-2024-49328 | WP REST API FNS <= 1.0.0 - Privilege Escalation | 2024-11-06T16:25:59Z |
| CVE-2024-49328 | Nxploited/CVE-2024-49328-exploit | no description | 2025-01-11T18:22:25Z |
| CVE-2024-49203 | CSIRTTrizna/CVE-2024-49203 | no description | 2024-10-08T12:42:59Z |
| CVE-2024-49138 | bananoname/CVE-2024-49138-POC | no description | 2025-01-21T01:50:34Z |
| CVE-2024-49138 | MrAle98/CVE-2024-49138-POC | POC exploit for CVE-2024-49138 | 2025-01-15T00:43:37Z |
| CVE-2024-49138 | DeividasTerechovas/SOC335-CVE-2024-49138-Exploitation-Detected | no description | 2025-03-14T11:32:13Z |
| CVE-2024-49138 | CyprianAtsyor/letsdefend-cve-2024-49138-investigation | Hands-on SOC investigation of CVE-2024-49138 using LetsDefend, VirusTotal, Hybrid Analysis, TrueFort, and ChatGPT. | 2025-04-23T18:20:19Z |
| CVE-2024-49138 | Glitch-ao/SOC335-CVE-2024-49138-Exploitation-Detected | no description | 2025-05-04T19:05:49Z |
| CVE-2024-49117 | mutkus/Microsoft-2024-December-Update-Control | Microsoft Windows işletim sistemlerinde ki CVE-2024-49117, CVE-2024-49118, CVE-2024-49122 ve CVE-2024-49124 açıkları için KB kontrolü | 2024-12-17T21:03:12Z |
| CVE-2024-49113 | SafeBreach-Labs/CVE-2024-49113 | LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113 | 2025-01-01T15:48:38Z |
| CVE-2024-49113 | barcrange/CVE-2024-49113-Checker | no description | 2025-01-03T07:05:33Z |
| CVE-2024-49113 | Sachinart/CVE-2024-49113-Checker | Hi, This is to check targets vulnerable for CVE-2024-49113 in bulk, faster. | 2025-01-06T11:59:02Z |
| CVE-2024-49113 | 0xMetr0/metasploit-ldapnightmare | SafeBreaches CVE-2024-49113 POC(LdapNightmare) Integrated into Metasploit | 2025-02-15T20:23:23Z |
| CVE-2024-49112 | tnkr/poc_monitor | A short scraper looking for a POC of CVE-2024-49112 | 2024-12-16T13:41:40Z |
| CVE-2024-49112 | CCIEVoice2009/CVE-2024-49112 | no description | 2025-01-02T14:02:33Z |
| CVE-2024-49112 | bo0l3an/CVE-2024-49112-PoC | CVE-2024-49112 LDAP RCE PoC and Metasploit Module | 2025-01-08T01:56:41Z |
| CVE-2024-49039 | je5442804/WPTaskScheduler_CVE-2024-49039 | WPTaskScheduler RPC Persistence & CVE-2024-49039 via Task Scheduler | 2024-11-19T08:57:18Z |
| CVE-2024-49039 | Alexandr-bit253/CVE-2024-49039 | no description | 2024-12-16T13:25:56Z |
| CVE-2024-49019 | rayngnpc/CVE-2024-49019-rayng | Exploitation for CVE-2024-49019 | 2025-03-05T09:35:13Z |
| CVE-2024-48990 | makuga01/CVE-2024-48990-PoC | PoC for CVE-2024-48990 | 2024-11-20T18:41:25Z |
| CVE-2024-48990 | ns989/CVE-2024-48990 | Exploit for CVE-2024-48990 (Local Privilege Escalation in needrestart < 3.8) | 2024-11-21T23:59:49Z |
| CVE-2024-48990 | felmoltor/CVE-2024-48990 | Qualys needsrestart vulnerability CVE-2024-48990 | 2024-11-22T17:35:58Z |
| CVE-2024-48990 | pentestfunctions/CVE-2024-48990-PoC-Testing | Testing POC for use cases | 2024-11-24T07:33:06Z |
| CVE-2024-48990 | Cyb3rFr0g/CVE-2024-48990-PoC | My take on the needrestart Python CVE-2024-48990 | 2024-11-24T02:12:36Z |
| CVE-2024-48990 | ally-petitt/CVE-2024-48990-Exploit | My exploit for CVE-2024-48990. Full details of how I made this are on my blog. | 2024-11-25T05:28:20Z |
| CVE-2024-48990 | r0xdeadbeef/CVE-2024-48990 | Needrestart, prior to version 3.8, contains a vulnerability that allows local attackers to execute arbitrary code with root privileges. This is achieved by manipulating the PYTHONPATH environment variable to trick needrestart into running the Python interpreter in an unsafe context. | 2024-12-01T16:26:44Z |
| CVE-2024-48990 | CyberCrowCC/CVE-2024-48990 | no description | 2024-12-09T04:28:40Z |
| CVE-2024-48990 | NullByte-7w7/CVE-2024-48990 | no description | 2024-12-18T03:39:57Z |
| CVE-2024-48990 | ten-ops/CVE-2024-48990_needrestart | Exploit for CVE-2024-48990 - Privilege Escalation in Needrestart 3.7-3. For eductional purposes only | 2025-02-16T21:26:51Z |
| CVE-2024-4898 | cve-2024/CVE-2024-4898-Poc | no description | 2024-06-14T07:01:58Z |
| CVE-2024-4898 | truonghuuphuc/CVE-2024-4898-Poc | CVE-2024-4898 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.38 - Missing Authorization to Unauthenticated API setup/Arbitrary Options Update/Administrative User Creation | 2024-06-12T10:03:14Z |
| CVE-2024-48955 | BrotherOfJhonny/CVE-2024-48955_Overview | CVE-2024-48955_Overview | 2024-10-29T13:14:19Z |
| CVE-2024-48914 | EQSTLab/CVE-2024-48914 | PoC for CVE-2024-48914 | 2024-10-21T10:02:05Z |
| CVE-2024-48887 | cybersecplayground/CVE-2024-48887-FortiSwitch-Exploit | a lightweight JavaScript snippet showcasing how unauthorized password changes can be triggered on vulnerable Fortinet FortiSwitch GUI endpoints. | 2025-04-09T17:27:17Z |
| CVE-2024-48887 | groshi215/CVE-2024-48887-Exploit | Unverified Password Change (CWE-620) | 2025-04-10T12:17:11Z |
| CVE-2024-4885 | sinsinology/CVE-2024-4885 | Exploit for CVE-2024-4885 | 2024-07-08T12:14:42Z |
| CVE-2024-4883 | sinsinology/CVE-2024-4883 | Exploit for CVE-2024-4883 | 2024-07-08T12:14:01Z |
| CVE-2024-4879 | Brut-Security/CVE-2024-4879 | CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow | 2024-07-12T10:32:37Z |
| CVE-2024-4879 | zgimszhd61/CVE-2024-4879 | no description | 2024-07-13T07:02:18Z |
| CVE-2024-4879 | Mr-r00t11/CVE-2024-4879 | no description | 2024-07-12T21:43:48Z |
| CVE-2024-4879 | bigb0x/CVE-2024-4879 | Bulk scanning tool for ServiceNow CVE-2024-4879 vulnerability | 2024-07-12T13:02:47Z |
| CVE-2024-4879 | tequilasunsh1ne/CVE_2024_4879 | no description | 2024-07-15T02:51:34Z |
| CVE-2024-4879 | Praison001/CVE-2024-4879-ServiceNow | Exploit for CVE-2024-4879 affecting Vancouver, Washington DC Now and Utah Platform releases | 2024-07-16T04:03:28Z |
| CVE-2024-4879 | ShadowByte1/CVE-2024-4879 | no description | 2024-07-15T12:27:33Z |
| CVE-2024-4879 | NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning | CVE-2024-4879 & CVE-2024-5217 ServiceNow RCE Scanning Using Nuclei & Shodan Dork to find it. | 2024-07-28T06:51:33Z |
| CVE-2024-4879 | jdusane/CVE-2024-4879 | Python script designed to detect specific vulnerabilities in ServiceNow instances and dump database connection details if the vulnerability is found. This tool is particularly useful for security researchers and penetration testers. | 2024-08-14T06:55:41Z |
| CVE-2024-4879 | fa-rrel/CVE-2024-4879 | Jelly Template Injection Vulnerability in ServiceNow - POC CVE-2024-4879 | 2024-08-27T03:43:28Z |
| CVE-2024-4879 | 0xWhoami35/CVE-2024-4879 | no description | 2024-09-13T01:20:34Z |
| CVE-2024-48762 | YZS17/CVE-2024-48762 | Command injection vulnerability in FLIR AX8 up to 1.46.16 | 2024-10-02T16:32:08Z |
| CVE-2024-4875 | RandomRobbieBF/CVE-2024-4875 | HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update | 2024-05-21T14:15:16Z |
| CVE-2024-48705 | L41KAA/CVE-2024-48705 | Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field. | 2024-12-05T22:45:58Z |
| CVE-2024-48652 | paragbagul111/CVE-2024-48652 | Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field | 2024-10-19T10:06:58Z |
| CVE-2024-48644 | rosembergpro/CVE-2024-48644 | Reolink Duo 2 WiFi v1.0.280 - Account Enumeration Vulnerability | 2024-10-17T23:27:04Z |
| CVE-2024-48605 | surajhacx/HelakuruV.1.1-DLLHijack | Helakuru Version 1.1 DLL Hijack - CVE-2024-48605 | 2024-09-25T18:23:06Z |
| CVE-2024-48591 | GCatt-AS/CVE-2024-48591 | no description | 2025-03-20T09:25:34Z |
| CVE-2024-48590 | GCatt-AS/CVE-2024-48590 | no description | 2025-03-20T09:17:27Z |
| CVE-2024-48589 | Exek1el/CVE-2024-48589 | no description | 2024-09-25T08:11:29Z |
| CVE-2024-48569 | MarioTesoro/CVE-2024-48569 | Proof of concept of multiple Stored Cross-Site Scripting (XSS) vulnerabilities discovered in ACI Worldwide Proactive Risk Manager v 9.1.1.0 | 2024-10-27T08:29:59Z |
| CVE-2024-48427 | vighneshnair7/CVE-2024-48427 | no description | 2024-10-24T09:50:31Z |
| CVE-2024-48415 | khaliquesX/CVE-2024-48415 | no description | 2024-10-19T06:58:56Z |
| CVE-2024-48392 | Renzusclarke/CVE-2024-48392-PoC | no description | 2024-10-25T09:00:11Z |
| CVE-2024-48360 | OpenXP-Research/CVE-2024-48360 | CVE-2024-48360 Poc | 2024-10-30T14:55:07Z |
| CVE-2024-48359 | OpenXP-Research/CVE-2024-48359 | CVE-2024-48359 PoC | 2024-10-30T14:52:04Z |
| CVE-2024-48336 | canyie/MagiskEoP | Exploit and writeup for installed app to root privilege escalation through CVE-2024-48336 (Magisk Bug #8279), Privileges Escalation / Arbitrary Code Execution Vulnerability | 2024-08-24T08:51:08Z |
| CVE-2024-48326 | fabiobsj/CVE-2024-48326 | no description | 2024-11-02T19:41:19Z |
| CVE-2024-48325 | osvaldotenorio/cve-2024-48325 | no description | 2024-11-02T17:43:12Z |
| CVE-2024-48322 | trqt/CVE-2024-48322 | no description | 2024-11-09T13:52:50Z |
| CVE-2024-48248 | watchtowrlabs/nakivo-arbitrary-file-read-poc-CVE-2024-48248 | no description | 2025-01-28T04:46:13Z |
| CVE-2024-48246 | ShadowByte1/CVE-2024-48246 | Vehicle Management System 1.0 - Stored Cross-Site Scripting (XSS) | 2024-12-23T09:23:15Z |
| CVE-2024-48245 | ShadowByte1/CVE-2024-48245 | SQL Injection Vulnerability in Vehicle Management System 1.0 - 1.3 | 2024-12-23T09:16:09Z |
| CVE-2024-48217 | ajrielrm/CVE-2024-48217 | CVE-2024-48217 Sismart Vulnerability | 2024-11-01T04:44:17Z |
| CVE-2024-48208 | rohilchaudhry/CVE-2024-48208 | This repo contains all the work surrounding the development of the PoC for CVE-2024-48208, and how a simple OOB(Out-of-bound) read can result in jail escapes as well as broken access control. | 2024-10-30T01:44:32Z |
| CVE-2024-48197 | GCatt-AS/CVE-2024-48197 | Reflected XSS in AudioCodes MP-202b | 2024-12-21T13:07:51Z |
| CVE-2024-47875 | daikinitanda/-CVE-2024-47875- | no description | 2025-02-05T06:34:03Z |
| CVE-2024-47854 | MarioTesoro/CVE-2024-47854 | Proof of concept of multiple Reflected Cross-Site Scripting (XSS) vulnerabilities discovered in Veritas Data Insight before 7.1. | 2024-10-19T13:38:23Z |
| CVE-2024-4761 | michredteam/CVE-2024-4761 | High CVE-2024-4761 Exploit | 2024-05-14T17:45:22Z |
| CVE-2024-47575 | groshi/CVE-2024-47575-POC | CVE-2024-47575: Critical Remote Code Execution (RCE) Vulnerability in VMware Horizon | 2024-10-28T17:32:53Z |
| CVE-2024-47575 | maybelookis/CVE-2024-47575 | no description | 2024-10-25T14:49:32Z |
| CVE-2024-47575 | hazesecurity/CVE-2024-47575 | no description | 2024-10-28T12:16:23Z |
| CVE-2024-47575 | HazeLook/CVE-2024-47575 | no description | 2024-10-25T15:18:53Z |
| CVE-2024-47575 | krmxd/CVE-2024-47575 | no description | 2024-11-01T13:52:07Z |
| CVE-2024-47575 | watchtowrlabs/Fortijump-Exploit-CVE-2024-47575 | Fortinet Fortimanager Unauthenticated Remote Code Execution AKA FortiJump CVE-2024-47575 | 2024-11-07T21:03:30Z |
| CVE-2024-47575 | skyalliance/exploit-cve-2024-47575 | FortiManager Unauthenticated Remote Code Execution (CVE-2024-47575) | 2024-11-15T03:43:51Z |
| CVE-2024-47575 | expl0itsecurity/CVE-2024-47575 | no description | 2024-11-15T13:19:33Z |
| CVE-2024-47575 | XiaomingX/cve-2024-47575-exp | CVE-2024-47575是Fortinet的FortiManager和FortiManager Cloud产品中的一个严重漏洞,源于fgfmsd守护进程缺乏对关键功能的身份验证。 | 2024-11-22T03:13:03Z |
| CVE-2024-47575 | Laonhearts/CVE-2024-47575-POC | CVE POC Exploit | 2025-01-05T02:54:01Z |
| CVE-2024-47533 | zetraxz/CVE-2024-47533 | CVE-2024-47533: Improper Authentication (CWE-287) | 2024-11-19T09:28:48Z |
| CVE-2024-47177 | referefref/cupspot-2024-47177 | PoC honeypot for detecting exploit attempts against CVE-2024-47177 | 2024-09-27T05:18:23Z |
| CVE-2024-47176 | tonyarris/CVE-2024-47176-Scanner | Scanner for the CUPS vulnerability CVE-2024-47176 | 2024-09-27T20:04:21Z |
| CVE-2024-47176 | workabhiwin09/CVE-2024-47176 | CUPS Browsd Check_CVE-2024-47176 | 2024-09-27T18:23:16Z |
| CVE-2024-47176 | mr-r3b00t/CVE-2024-47176 | Scanner | 2024-09-28T16:02:41Z |
| CVE-2024-47176 | nma-io/CVE-2024-47176 | A simple CVE-2024-47176 (cups_browsed) check tool written in go. | 2024-09-29T17:53:50Z |
| CVE-2024-47176 | aytackalinci/CVE-2024-47176 | Vulnerability Scanner for CUPS: CVE-2024-47176 | 2024-09-28T19:01:31Z |
| CVE-2024-47176 | l0n3m4n/CVE-2024-47176 | Unauthenticated RCE on cups-browsed (exploit and nuclei template) | 2024-10-03T15:53:04Z |
| CVE-2024-47176 | gumerzzzindo/CVE-2024-47176 | no description | 2024-10-05T09:22:36Z |
| CVE-2024-47176 | lkarlslund/jugular | Ultrafast CUPS-browsed scanner (CVE-2024-47176) | 2024-09-29T09:05:30Z |
| CVE-2024-47176 | GO0dspeed/spill | POC scanner for CVE-2024-47176 | 2024-09-27T01:22:43Z |
| CVE-2024-47176 | MalwareTech/CVE-2024-47176-Scanner | A simple scanner for identifying vulnerable cups-browsed instances on your network | 2024-10-07T07:25:18Z |
| CVE-2024-47176 | AxthonyV/CVE-2024-47176 | This repository contains a scanner for detecting vulnerabilities in the cups-browsed service of CUPS (Common Unix Printing System). The vulnerability CVE-2024-47176 allows a remote attacker to exploit an insecure configuration of the daemon, potentially leading to arbitrary code execution. | 2024-10-07T16:14:37Z |
| CVE-2024-47176 | gianlu111/CUPS-CVE-2024-47176 | A Mass Scanner designed to detect the CVE-2024-47176 vulnerability across systems running the Common Unix Printing System (CUPS). | 2024-10-17T18:21:10Z |
| CVE-2024-47176 | 0x7556/CVE-2024-47176 | Unix CUPS打印系统 远程代码执行漏洞 | 2024-10-19T08:08:02Z |
| CVE-2024-47076 | mutkus/CVE-2024-47076 | Linux ve Unix sistemlerinizin CVE-2024-47076 açığından etkilenip etkilenmediğini bu script ile öğrenebilirsiniz. | 2024-09-29T15:13:58Z |
| CVE-2024-47066 | l8BL/CVE-2024-47066 | Proof-of-Concept for CVE-2024-47066 | 2024-09-24T09:59:27Z |
| CVE-2024-47062 | saisathvik1/CVE-2024-47062 | CVE-2024-47062 PoC | 2024-11-10T01:10:06Z |
| CVE-2024-47051 | mallo-m/CVE-2024-47051 | Mautic < 5.2.3 Authenticated RCE | 2025-02-28T05:35:57Z |
| CVE-2024-4701 | JoeBeeton/CVE-2024-4701-POC | POC for CVE-2024-4701 | 2024-05-13T11:58:19Z |
| CVE-2024-46986 | vidura2/CVE-2024-46986 | no description | 2024-09-22T14:27:35Z |
| CVE-2024-46982 | CodePontiff/next_js_poisoning | The CVE-2024-46982 is cache poisoning of next_js some site have API to load their image | 2024-12-14T09:14:01Z |
| CVE-2024-46982 | Lercas/CVE-2024-46982 | POC CVE-2024-46982 | 2025-01-23T03:38:22Z |
| CVE-2024-46981 | xsshk/CVE-2024-46981 | no description | 2025-03-21T04:36:22Z |
| CVE-2024-46981 | publicqi/CVE-2024-46981 | no description | 2025-03-19T06:26:31Z |
| CVE-2024-46901 | devhaozi/CVE-2024-46901 | Subversion CVE-2024-46901 PoC | 2024-10-11T13:28:55Z |
| CVE-2024-46658 | jackalkarlos/CVE-2024-46658 | Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 | 2024-10-03T12:12:23Z |
| CVE-2024-46635 | h1thub/CVE-2024-46635 | no description | 2024-10-01T03:07:04Z |
| CVE-2024-46627 | d4lyw/CVE-2024-46627 | CVE-2024-46627 - Incorrect access control in BECN DATAGERRY v2.2 allows attackers to > execute arbitrary commands via crafted web requests. | 2024-09-25T10:32:53Z |
| CVE-2024-46542 | MarioTesoro/CVE-2024-46542 | Veritas SQL injection | 2024-12-30T08:58:05Z |
| CVE-2024-46538 | EQSTLab/CVE-2024-46538 | Proof-of-Concept for CVE-2024-46538 | 2024-10-23T10:50:01Z |
| CVE-2024-46538 | LauLeysen/CVE-2024-46538 | based on EQSTLab | 2024-12-04T15:51:40Z |
| CVE-2024-46532 | KamenRiderDarker/CVE-2024-46532 | Reproduction of SQL Injection Vulnerabilities in OpenHIS | 2024-09-27T14:39:54Z |
| CVE-2024-46507 | Somchandra17/CVE-2024-46507 | build-script for CVE-2024-46507 and CVE-2024-46508 | 2025-03-04T00:53:37Z |
| CVE-2024-46483 | kn32/cve-2024-46483 | Pre-Authentication Heap Overflow in Xlight SFTP server <= 3.9.4.2 | 2024-10-18T11:46:14Z |
| CVE-2024-46451 | vidura2/CVE-2024-46451 | no description | 2024-09-22T14:47:57Z |
| CVE-2024-46383 | nitinronge91/Sensitive-Information-disclosure-via-SPI-flash-firmware-for-Hathway-router-CVE-2024-46383 | CVE-2024-46383 | 2024-09-27T04:19:42Z |
| CVE-2024-46377 | vidura2/CVE-2024-46377 | no description | 2024-09-23T03:47:36Z |
| CVE-2024-46310 | UwUtisum/CVE-2024-46310 | POC for CVE-2024-46310 For FXServer version's v9601 and prior, Incorrect Access Control in FXServer version's v9601 and prior, for CFX.re FiveM, allows unauthenticated users to modify and read userdata via exposed api endpoint | 2024-08-28T19:36:52Z |
| CVE-2024-46278 | ayato-shitomi/CVE-2024-46278-teedy_1.11_account-takeover | 【Teedy 1.11】Account Takeover via XSS | 2024-08-28T03:17:37Z |
| CVE-2024-46256 | barttran2k/POC_CVE-2024-46256 | POC_CVE-2024-46256 | 2024-09-19T09:35:12Z |
| CVE-2024-46209 | h4ckr4v3n/CVE-2024-46209 | no description | 2024-08-26T17:52:27Z |
| CVE-2024-45870 | bshyuunn/bandiview-7.05-vuln-PoC | bandiview (7.05) vuln PoC - CVE-2024-45870, CVE-2024-45871, CVE-2024-45872 | 2025-02-19T12:21:40Z |
| CVE-2024-4577 | Junp0/CVE-2024-4577 | PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC | 2024-06-07T09:42:40Z |
| CVE-2024-4577 | 0x20c/CVE-2024-4577-nuclei | CVE-2024-4577 nuclei-templates | 2024-06-08T03:12:28Z |
| CVE-2024-4577 | Yukiioz/CVE-2024-4577 | no description | 2024-06-07T20:10:49Z |
| CVE-2024-4577 | Sysc4ll3r/CVE-2024-4577 | Nuclei Template for CVE-2024-4577 | 2024-06-07T17:01:20Z |
| CVE-2024-4577 | WanLiChangChengWanLiChang/CVE-2024-4577-RCE-EXP | no description | 2024-06-07T17:02:52Z |
| CVE-2024-4577 | Wh02m1/CVE-2024-4577 | no description | 2024-06-07T12:49:20Z |
| CVE-2024-4577 | taida957789/CVE-2024-4577 | no description | 2024-06-07T10:58:57Z |
| CVE-2024-4577 | ohhhh693/CVE-2024-4577 | CVE-2024-4577 | 2024-06-07T09:42:31Z |
| CVE-2024-4577 | zjhzjhhh/CVE-2024-4577 | CVE-2024-4577 | 2024-06-07T09:53:32Z |
| CVE-2024-4577 | princew88/CVE-2024-4577 | no description | 2024-06-07T09:48:36Z |
| CVE-2024-4577 | manuelinfosec/CVE-2024-4577 | Proof Of Concept RCE exploit for critical vulnerability in PHP <8.2.15 (Windows), allowing attackers to execute arbitrary commands. | 2024-06-08T05:27:44Z |
| CVE-2024-4577 | xcanwin/CVE-2024-4577-PHP-RCE | no description | 2024-06-08T13:04:45Z |
| CVE-2024-4577 | bl4cksku11/CVE-2024-4577 | This is a PoC for PHP CVE-2024-4577. | 2024-06-11T15:11:56Z |
| CVE-2024-4577 | TAM-K592/CVE-2024-4577 | CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters. | 2024-06-07T05:50:23Z |
| CVE-2024-4577 | K3ysTr0K3R/CVE-2024-4577-EXPLOIT | A PoC exploit for CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution (RCE) | 2024-06-09T23:32:11Z |
| CVE-2024-4577 | it-t4mpan/check_cve_2024_4577.sh | Bash script that checks if a PHP CGI setup is vulnerable to the CVE-2024-4577 argument injection vulnerability | 2024-06-10T07:28:44Z |
| CVE-2024-4577 | 11whoami99/CVE-2024-4577 | POC & $BASH script for CVE-2024-4577 | 2024-06-07T09:51:39Z |
| CVE-2024-4577 | Chocapikk/CVE-2024-4577 | PHP CGI Argument Injection vulnerability | 2024-06-09T14:18:21Z |
| CVE-2024-4577 | dbyMelina/CVE-2024-4577 | python poc编写练手,可以对单个目标或批量检测 | 2024-06-09T13:46:46Z |
| CVE-2024-4577 | zomasec/CVE-2024-4577 | CVE-2024-4577 Exploit POC | 2024-06-08T06:36:14Z |
| CVE-2024-4577 | gotr00t0day/CVE-2024-4577 | Argument injection vulnerability in PHP | 2024-06-15T02:49:37Z |
| CVE-2024-4577 | Sh0ckFR/CVE-2024-4577 | Fixed and minimalist PoC of the CVE-2024-4577 | 2024-06-13T14:25:04Z |
| CVE-2024-4577 | hexedbyte/cve-2024-4577 | no description | 2024-06-13T11:28:33Z |
| CVE-2024-4577 | nemu1k5ma/CVE-2024-4577 | php-cgi RCE快速检测 | 2024-06-12T02:16:09Z |
| CVE-2024-4577 | XiangDongCJC/CVE-2024-4577-PHP-CGI-RCE | no description | 2024-06-12T11:50:01Z |
| CVE-2024-4577 | aaddmin1122345/CVE-2024-4577-POC | CVE-2024-4577 | 2024-06-12T04:50:25Z |
| CVE-2024-4577 | d3ck4/Shodan-CVE-2024-4577 | POC for CVE-2024-4577 with Shodan integration | 2024-06-12T06:45:08Z |
| CVE-2024-4577 | VictorShem/CVE-2024-4577 | CVE-2024-4577 POC | 2024-06-17T17:53:31Z |
| CVE-2024-4577 | ZephrFish/CVE-2024-4577-PHP-RCE | PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template | 2024-06-08T12:23:35Z |
| CVE-2024-4577 | amandineVdw/CVE-2024-4577 | no description | 2024-06-19T01:50:40Z |
| CVE-2024-4577 | Entropt/CVE-2024-4577_Analysis | no description | 2024-06-12T07:33:41Z |
| CVE-2024-4577 | jakabakos/CVE-2024-4577-PHP-CGI-argument-injection-RCE | no description | 2024-06-18T13:19:21Z |
| CVE-2024-4577 | watchtowrlabs/CVE-2024-4577 | PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC | 2024-06-07T09:52:54Z |
| CVE-2024-4577 | PhinehasNarh/CVE-2024-4577-Defend | no description | 2024-06-24T10:48:24Z |
| CVE-2024-4577 | huseyinstif/CVE-2024-4577-Nuclei-Template | no description | 2024-06-07T10:40:37Z |
| CVE-2024-4577 | ggfzx/CVE-2024-4577 | no description | 2024-06-26T07:07:49Z |
| CVE-2024-4577 | olebris/CVE-2024-4577 | CVE-2024-4577 | 2024-06-28T10:19:59Z |
| CVE-2024-4577 | AlperenY-cs/CVE-2024-4577 | Create lab for CVE-2024-4577 | 2024-06-28T14:11:15Z |
| CVE-2024-4577 | charis3306/CVE-2024-4577 | CVE-2024-4577 EXP | 2024-07-03T15:30:52Z |
| CVE-2024-4577 | cybersagor/CVE-2024-4577 | CVE-2024-4577 Exploits | 2024-07-05T12:47:44Z |
| CVE-2024-4577 | l0n3m4n/CVE-2024-4577-RCE | PoC - PHP CGI Argument Injection CVE-2024-4577 (Scanner and Exploit) | 2024-07-06T19:37:14Z |
| CVE-2024-4577 | bibo318/CVE-2024-4577-RCE-ATTACK | ATTACK PoC - PHP CVE-2024-4577 | 2024-07-11T02:22:32Z |
| CVE-2024-4577 | waived/CVE-2024-4577-PHP-RCE | Automated PHP remote code execution scanner for CVE-2024-4577 | 2024-07-15T21:31:14Z |
| CVE-2024-4577 | nNoSuger/CVE-2024-4577 | CVE | 2024-07-18T16:39:27Z |
| CVE-2024-4577 | a-roshbaik/CVE-2024-4577-PHP-RCE | no description | 2024-07-24T20:25:46Z |
| CVE-2024-4577 | a-roshbaik/CVE-2024-4577 | no description | 2024-07-24T20:23:03Z |
| CVE-2024-4577 | Jcccccx/CVE-2024-4577 | 批量验证POC和EXP | 2024-07-31T10:14:14Z |
| CVE-2024-4577 | ManuelKy08/CVE-2024-4577---RR | no description | 2024-08-08T14:04:12Z |
| CVE-2024-4577 | bughuntar/CVE-2024-4577 | CVE-2024-4577 Exploits | 2024-08-17T02:01:57Z |
| CVE-2024-4577 | fa-rrel/CVE-2024-4577-RCE | PHP CGI Argument Injection (CVE-2024-4577) RCE | 2024-08-20T02:56:03Z |
| CVE-2024-4577 | ywChen-NTUST/PHP-CGI-RCE-Scanner | Scanning CVE-2024-4577 vulnerability with a url list. | 2024-09-10T17:31:07Z |
| CVE-2024-4577 | phirojshah/CVE-2024-4577 | no description | 2024-09-12T19:27:52Z |
| CVE-2024-4577 | AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577- | 🚨 New Incident Report Completed! 🚨 Just wrapped up "Event ID 268: SOC292 - Possible PHP Injection Detected (CVE-2024-4577)" on LetsDefend.io. This analysis involved investigating an attempted Command Injection targeting our PHP server. Staying ahead of these threats with continuous monitoring and swift containment! 🛡️ | 2024-09-12T19:10:38Z |
| CVE-2024-4577 | JeninSutradhar/CVE-2024-4577-checker | A Bash script designed to scan multiple domains for the CVE-2024-4577 vulnerability in PHP-CGI. | 2024-10-04T13:10:19Z |
| CVE-2024-4577 | longhoangth18/CVE-2024-4577 | no description | 2024-10-14T09:11:06Z |
| CVE-2024-4577 | ahmetramazank/CVE-2024-4577 | no description | 2024-11-03T15:42:04Z |
| CVE-2024-4577 | BTtea/CVE-2024-4577-RCE-PoC | CVE-2024-4577 RCE PoC | 2024-11-06T05:30:33Z |
| CVE-2024-4577 | Dejavu666/CVE-2024-4577 | CVE-2024-4577 POC | 2025-01-08T07:41:29Z |
| CVE-2024-4577 | mr-won/php-cgi-cve-2024-4577 | php-cgi-cve-2024-4577 | 2025-02-14T11:09:15Z |
| CVE-2024-4577 | Didarul342/CVE-2024-4577 | no description | 2025-02-14T19:38:10Z |
| CVE-2024-4577 | mistakes1337/CVE-2024-4577 | no description | 2025-03-21T05:44:12Z |
| CVE-2024-4577 | Night-have-dreams/php-cgi-Injector | 一個測試CVE-2024-4577和CVE-2024-8926的安全滲透工具 | 2025-03-15T11:21:52Z |
| CVE-2024-4577 | sug4r-wr41th/CVE-2024-4577 | PHP CGI CVE-2024-4577 PoC | 2025-04-12T12:28:11Z |
| CVE-2024-4577 | Gill-Singh-A/CVE-2024-4577-Exploit | PHP CGI Parameter Injection Vulnerability (RCE: Remote Code Execution) | 2025-04-18T11:03:27Z |
| CVE-2024-4573 | Castro-Ian/CVE-2024-4573-Mitigation-Script | no description | 2024-12-30T18:54:07Z |
| CVE-2024-45614 | ooooooo-q/puma_header_normalization-CVE-2024-45614 | Puma Header normalization CVE-2024-45614 確認 | 2024-09-28T06:29:00Z |
| CVE-2024-45589 | BenRogozinski/CVE-2024-45589 | no description | 2024-09-04T03:45:33Z |
| CVE-2024-45519 | TOB1a3/CVE-2024-45519-PoC | CVE-2024-45519 unauthenticated OS commoand Injection in Zimbra prior to 8.8.15***. | 2024-09-26T01:13:19Z |
| CVE-2024-45519 | p33d/CVE-2024-45519 | no description | 2024-09-28T08:29:06Z |
| CVE-2024-45519 | Chocapikk/CVE-2024-45519 | Zimbra - Remote Command Execution (CVE-2024-45519) | 2024-10-05T00:15:18Z |
| CVE-2024-45519 | whiterose7777/CVE-2024-45519 | no description | 2024-11-11T08:57:44Z |
| CVE-2024-45519 | XiaomingX/cve-2024-45519-poc | CVE-2024-45519是Zimbra Collaboration(ZCS)中的一个高危漏洞,存在于其postjournal服务中。当该服务被启用时,未经身份验证的攻击者可以通过构造特定的SMTP请求,远程执行任意命令,从而完全控制受影响的服务器。 | 2024-11-22T01:56:21Z |
| CVE-2024-45519 | sec13b/CVE-2024-45519 | Zimbra CVE-2024-45519 | 2025-03-08T20:55:57Z |
| CVE-2024-45507 | Avento/CVE-2024-45507_Behinder_Webshell | no description | 2024-09-11T07:14:13Z |
| CVE-2024-45492 | nidhihcl75/external_expat_2.6.2_CVE-2024-45492 | no description | 2024-11-01T10:27:39Z |
| CVE-2024-45440 | w0r1i0g1ht/CVE-2024-45440 | Drupal CVE-2024-45440 | 2024-12-26T13:35:42Z |
| CVE-2024-45436 | pankass/CVE-2024-45436 | CVE-2024-45436 | 2024-10-21T05:44:49Z |
| CVE-2024-45436 | XiaomingX/cve-2024-45436-exp | This repository contains an exploit demonstration for CVE-2024-45436, a critical vulnerability affecting specific software versions. It highlights the exploitation mechanism and provides insights for security researchers to understand and mitigate the risk. | 2024-11-21T09:03:21Z |
| CVE-2024-45436 | srcx404/CVE-2024-45436 | exploit script for CVE-2024-45436 | 2025-04-17T17:46:03Z |
| CVE-2024-45410 | jphetphoumy/traefik-CVE-2024-45410-poc | A proof of concept of traefik CVE to understand the impact | 2024-09-26T09:58:27Z |
| CVE-2024-45409 | synacktiv/CVE-2024-45409 | Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409) exploit | 2024-10-07T09:24:46Z |
| CVE-2024-45388 | codeb0ss/CVE-2024-45388-PoC | Mass Exploit - CVE-2024-45388 - Hoverfly < Arbitrary File Read | 2024-09-09T11:35:10Z |
| CVE-2024-45383 | SpiralBL0CK/CVE-2024-45383 | poc for CVE-2024-45383 | 2024-09-18T15:40:19Z |
| CVE-2024-45337 | NHAS/CVE-2024-45337-POC | Proof of concept (POC) for CVE-2024-45337 | 2024-12-17T22:07:53Z |
| CVE-2024-45337 | NHAS/VULNERABLE-CVE-2024-45337 | An example project that showcases golang code vulnerable to CVE-2024-45337 | 2024-12-17T22:22:03Z |
| CVE-2024-45337 | peace-maker/CVE-2024-45337 | Proof of Concept for CVE-2024-45337 against Gitea and Forgejo | 2025-01-24T15:17:47Z |
| CVE-2024-45265 | TheHermione/CVE-2024-45265 | CVE-2024-45265 | 2024-08-26T11:02:37Z |
| CVE-2024-45264 | TheHermione/CVE-2024-45264 | CVE-2024-45264 | 2024-08-26T10:10:52Z |
| CVE-2024-45244 | shanker-sec/hlf-time-oracle | Chaincode for blockchain Hyperledger Fabric provides accurate time to other chaincodes. Thus solving the security problem associated with transaction time manipulation (CVE-2024-45244). | 2024-07-28T19:19:42Z |
| CVE-2024-45244 | shanker-sec/HLF_TxTime_spoofing | PoC covering the problem of transaction time manipulation (CVE-2024-45244) in the Hyperledger Fabric blockchain. | 2024-06-23T14:56:14Z |
| CVE-2024-45241 | d4lyw/CVE-2024-45241 | Path Traversal in CentralSquare's CryWolf | 2024-08-25T15:57:40Z |
| CVE-2024-45241 | verylazytech/CVE-2024-45241 | no description | 2024-09-19T12:43:48Z |
| CVE-2024-45216 | congdong007/CVE-2024-45216-Poc | no description | 2024-12-02T04:09:04Z |
| CVE-2024-45216 | qhoko/CVE-2024-45216 | no description | 2025-01-10T05:59:08Z |
| CVE-2024-45200 | latte-soft/kartlanpwn | Information & PoC for CVE-2024-45200, Mario Kart 8 Deluxe's "KartLANPwn" buffer overflow vulnerability | 2024-09-13T00:41:32Z |
| CVE-2024-45058 | 0xbhsu/CVE-2024-45058 | PoC for CVE-2024-45058 Broken Access Control, allowing any user with view permission in the user configuration section to become an administrator changing their own user type. | 2024-08-30T18:44:05Z |
| CVE-2024-44947 | Abdurahmon3236/CVE-2024-44947 | no description | 2024-09-03T18:37:40Z |
| CVE-2024-44946 | Abdurahmon3236/CVE-2024-44946 | no description | 2024-09-01T13:45:12Z |
| CVE-2024-44902 | fru1ts/CVE-2024-44902 | no description | 2024-09-05T15:22:22Z |
| CVE-2024-44871 | vances25/CVE-2024-44871 | no description | 2025-04-07T18:07:02Z |
| CVE-2024-44867 | ChengZyin/CVE-2024-44867 | no description | 2024-09-10T01:49:36Z |
| CVE-2024-44849 | extencil/CVE-2024-44849 | 🔥 CVE-2024-44849 Exploit | 2024-09-07T00:00:20Z |
| CVE-2024-4484 | Abo5/CVE-2024-4484 | This script uses HTTParty to detect stored cross-site scripting (XSS) vulnerabilities in WordPress sites using the xai_username parameter. It sends a payload to the specified URL and checks if the payload is reflected in the response, indicating a vulnerability. | 2024-06-12T23:09:39Z |
| CVE-2024-44815 | nitinronge91/Extracting-User-credentials-For-Web-portal-and-WiFi-AP-For-Hathway-Router-CVE-2024-44815- | CVE-2024-44815 | 2024-08-31T10:17:11Z |
| CVE-2024-44812 | b1u3st0rm/CVE-2024-44812-PoC | Proof of Concept Exploit for CVE-2024-44812 - SQL Injection Authentication Bypass vulnerability in Online Complaint Site v1.0 | 2024-08-31T15:20:27Z |
| CVE-2024-44765 | josephgodwinkimani/cloudpanel-2.4.2-CVE-2024-44765-recovery | How to "recover" a CloudPanel server affected by the CVE-2024-44765 vulnerability | 2024-12-17T13:29:38Z |
| CVE-2024-44625 | Fysac/CVE-2024-44625 | Symbolic link path traversal vulnerability in Gogs | 2024-11-13T16:16:31Z |
| CVE-2024-44623 | merbinr/CVE-2024-44623 | Details about the Blind RCE issue(SPX-GC) in SPX-GC | 2024-09-13T17:11:16Z |
| CVE-2024-44610 | BertoldVdb/PcanExploit | CVE-2024-44610: Authenticated remote root exploit in Peak PCAN-Ethernet CAN-(FD) gateways | 2024-07-23T10:34:19Z |
| CVE-2024-44542 | alphandbelt/CVE-2024-44542 | no description | 2024-09-13T15:05:17Z |
| CVE-2024-44541 | pointedsec/CVE-2024-44541 | This repository details a SQL Injection vulnerability in Inventio Lite v4's, including exploitation steps and a Python script to automate the attack. It provides information on the vulnerable code, recommended fixes, and how to extract and decrypt administrative credentials. | 2024-08-07T08:45:43Z |
| CVE-2024-44450 | VoidSecOrg/CVE-2024-44450 | no description | 2024-09-06T11:53:03Z |
| CVE-2024-4443 | truonghuuphuc/CVE-2024-4443-Poc | CVE-2024-4443 Business Directory Plugin – Easy Listing Directories for WordPress <= 6.4.2 - Unauthenticated SQL Injection via listingfields Parameter | 2024-05-26T16:34:58Z |
| CVE-2024-4439 | d0rb/CVE-2024-4439 | The provided exploit code leverages a stored Cross-Site Scripting (XSS) vulnerability (CVE-2024-4439) in WordPress Core versions up to 6.5.1. | 2024-05-06T09:07:36Z |
| CVE-2024-4439 | MielPopsssssss/CVE-2024-4439 | CVE-2024-4439 PoC | 2024-05-06T08:50:23Z |
| CVE-2024-4439 | xssor-dz/-CVE-2024-4439 | WordPress Core < 6.5.2 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block | 2024-05-20T23:39:54Z |
| CVE-2024-4439 | soltanali0/CVE-2024-4439 | aa | 2024-10-10T09:30:11Z |
| CVE-2024-4439 | w0r1i0g1ht/CVE-2024-4439 | CVE-2024-4439 docker and poc | 2024-11-21T13:36:25Z |
| CVE-2024-44378 | aezdmr/CVE-2024-44378 | no description | 2025-02-11T15:03:17Z |
| CVE-2024-44349 | AndreaF17/PoC-CVE-2024-44349 | no description | 2024-07-26T09:24:37Z |
| CVE-2024-44346 | sahil3276/CVE-2024-44346 | Public Disclosure of CVE-2024-44346 | 2024-09-17T18:20:59Z |
| CVE-2024-44346 | Shauryae1337/CVE-2024-44346 | Public Disclosure | 2024-09-13T10:27:23Z |
| CVE-2024-44337 | Brinmon/CVE-2024-44337 | CVE-2024-44337 POC The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input that caused an infinite loop, causing the program to hang and consume resources indefinitely. |
2024-10-15T13:44:20Z |
| CVE-2024-44313 | cnetsec/CVE-2024-44313 | Estudo de Caso EPSS | 2025-03-19T23:11:09Z |
| CVE-2024-44285 | slds1/explt | App for CVE-2024-44285 | 2024-11-30T13:22:05Z |
| CVE-2024-44258 | ifpdz/CVE-2024-44258 | CVE-2024-44258 | 2024-10-29T09:45:03Z |
| CVE-2024-44193 | mbog14/CVE-2024-44193 | Hacking Windows through iTunes - Local Privilege Escalation 0-day | 2024-10-04T14:20:15Z |
| CVE-2024-44133 | Ununp3ntium115/prevent_cve_2024_44133 | prevent_cve_2024_44133 | 2024-11-09T21:30:04Z |
| CVE-2024-44083 | Azvanzed/CVE-2024-44083 | Makes IDA (most versions) to crash upon opening it. | 2024-08-25T12:33:14Z |
| CVE-2024-4406 | Yogehi/cve-2024-4406-xiaomi13pro-exploit-files | Files related to the Pwn2Own Toronto 2023 exploit against the Xiaomi 13 Pro. | 2024-10-14T09:38:04Z |
| CVE-2024-44000 | absholi7ly/CVE-2024-44000-LiteSpeed-Cache | CVE-2024-44000 is a vulnerability in the LiteSpeed Cache plugin, a popular WordPress plugin. This vulnerability affects session management in LiteSpeed Cache, allowing attackers to gain unauthorized access to sensitive data. | 2024-09-06T03:38:13Z |
| CVE-2024-44000 | gbrsh/CVE-2024-44000 | LiteSpeed Unauthorized Account Takeover | 2024-09-06T13:43:30Z |
| CVE-2024-44000 | ifqygazhar/CVE-2024-44000-LiteSpeed-Cache | CVE-2024-44000-LiteSpeed-Cache | 2024-09-16T14:13:52Z |
| CVE-2024-44000 | geniuszlyy/CVE-2024-44000 | is a PoC tool designed to exploit insecurely exposed debug logs from WordPress sites and extract session cookies | 2024-10-10T15:58:10Z |
| CVE-2024-43998 | RandomRobbieBF/CVE-2024-43998 | Blogpoet <= 1.0.2 - Missing Authorization via blogpoet_install_and_activate_plugins() | 2024-09-10T09:38:20Z |
| CVE-2024-43998 | Nxploited/CVE-2024-43998 | Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3. | 2025-01-20T14:37:49Z |
| CVE-2024-43965 | RandomRobbieBF/CVE-2024-43965 | SendGrid for WordPress <= 1.4 - Unauthenticated SQL Injection | 2024-10-14T05:58:17Z |
| CVE-2024-43919 | RandomRobbieBF/CVE-2024-43919 | YARPP <= 5.30.10 - Missing Authorization | 2024-11-22T15:42:39Z |
| CVE-2024-43918 | KTN1990/CVE-2024-43918 | WBW Product Table Pro <= 1.9.4 - Unauthenticated Arbitrary SQL Execution to RCE | 2024-09-24T05:50:03Z |
| CVE-2024-43917 | p33d/CVE-2024-43917 | no description | 2024-09-29T06:23:35Z |
| CVE-2024-43768 | Mahesh-970/CVE-2024-43768 | no description | 2025-02-20T09:38:08Z |
| CVE-2024-43762 | Mahesh-970/CVE-2024-43762 | no description | 2025-02-17T11:35:26Z |
| CVE-2024-4367 | s4vvysec/CVE-2024-4367-POC | CVE-2024-4367 arbitrary js execution in pdf js | 2024-05-20T22:56:10Z |
| CVE-2024-4367 | avalahEE/pdfjs_disable_eval | CVE-2024-4367 mitigation for Odoo 14.0 | 2024-05-23T07:34:15Z |
| CVE-2024-4367 | spaceraccoon/detect-cve-2024-4367 | YARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js | 2024-05-22T18:05:47Z |
| CVE-2024-4367 | LOURC0D3/CVE-2024-4367-PoC | CVE-2024-4367 & CVE-2024-34342 Proof of Concept | 2024-05-20T10:02:23Z |
| CVE-2024-4367 | Zombie-Kaiser/cve-2024-4367-PoC-fixed | PDF.js是由Mozilla维护的基于JavaScript的PDF查看器。此漏洞允许攻击者在打开恶意 PDF 文件后立即执行任意 JavaScript 代码。这会影响所有 Firefox 用户 (<126),因为 Firefox 使用 PDF.js 来显示 PDF 文件,但也严重影响了许多基于 Web 和 Electron 的应用程序,这些应用程序(间接)使用 PDF.js 进行预览功能。 | 2024-06-13T15:14:47Z |
| CVE-2024-4367 | clarkio/pdfjs-vuln-demo | This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367 | 2024-05-22T23:18:20Z |
| CVE-2024-4367 | Scivous/CVE-2024-4367-npm | CVE-2024-4367复现 | 2024-06-21T08:16:42Z |
| CVE-2024-4367 | snyk-labs/pdfjs-vuln-demo | This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367 | 2024-06-17T11:39:41Z |
| CVE-2024-4367 | UnHackerEnCapital/PDFernetRemotelo | PoC - Prueba de Concepto de CVE-2024-4367 en conjunto al CVE-2023-38831 en un solo Script | 2024-06-19T23:23:07Z |
| CVE-2024-4367 | Masamuneee/CVE-2024-4367-Analysis | no description | 2024-09-04T14:43:33Z |
| CVE-2024-4367 | pedrochalegre7/CVE-2024-4367-pdf-sample | no description | 2024-11-06T19:15:38Z |
| CVE-2024-4367 | exfil0/WEAPONIZING-CVE-2024-4367 | CVE-2024-4367 is a critical vulnerability (CVSS 9.8) in PDF.js, allowing arbitrary JavaScript code execution due to insufficient type checks on the FontMatrix object within PDF files. | 2025-01-05T14:44:01Z |
| CVE-2024-4367 | inpentest/CVE-2024-4367-PoC | This Proof of Concept (PoC) demonstrates the exploitation of the CVE-2024-4367 vulnerability, which involves Cross-Site Scripting (XSS) attacks. | 2025-02-17T16:40:21Z |
| CVE-2024-4367 | elamani-drawing/CVE-2024-4367-POC-PDFJS | no description | 2025-03-25T16:27:24Z |
| CVE-2024-4367 | VVeakee/CVE-2024-4367 | no description | 2025-04-06T03:37:01Z |
| CVE-2024-4367 | BektiHandoyo/cve-pdf-host | PDF host for CVE-2024-4367 | 2025-04-12T06:17:33Z |
| CVE-2024-43583 | Kvngtheta/CVE-2024-43583-PoC | Proof of Concept for CVE-2024-43583 | 2025-02-21T19:37:05Z |
| CVE-2024-43582 | jinxongwi/CVE-2024-43582-RCE | Metasploit Module for CVE-2024-43582 RPC Remote Desktop Service crititcal RCE | 2024-10-09T12:50:24Z |
| CVE-2024-4358 | Harydhk7/CVE-2024-4358 | no description | 2024-06-04T16:07:36Z |
| CVE-2024-4358 | RevoltSecurities/CVE-2024-4358 | An Vulnerability detection and Exploitation tool for CVE-2024-4358 | 2024-06-04T11:32:59Z |
| CVE-2024-4358 | Sk1dr0wz/CVE-2024-4358_Mass_Exploit | no description | 2024-06-05T01:05:12Z |
| CVE-2024-4358 | sinsinology/CVE-2024-4358 | Progress Telerik Report Server pre-authenticated RCE chain (CVE-2024-4358/CVE-2024-1800) | 2024-06-03T08:22:10Z |
| CVE-2024-4358 | verylazytech/CVE-2024-4358 | Authentication Bypass Vulnerability — CVE-2024–4358 — Telerik Report Server 2024 | 2024-06-09T06:30:06Z |
| CVE-2024-4358 | fa-rrel/CVE-2024-4358 | Telerik Report Server deserialization and authentication bypass exploit chain for CVE-2024-4358/CVE-2024-1800 | 2024-08-24T10:09:09Z |
| CVE-2024-43532 | HazeLook/CVE-2024-43532 | no description | 2024-10-25T15:25:57Z |
| CVE-2024-43532 | expl0itsecurity/CVE-2024-43532 | no description | 2024-11-15T13:15:39Z |
| CVE-2024-4352 | truonghuuphuc/CVE-2024-4352-Poc | CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection | 2024-05-16T14:55:43Z |
| CVE-2024-4351 | ZSECURE/CVE-2024-4351 | no description | 2024-11-17T21:37:55Z |
| CVE-2024-43468 | synacktiv/CVE-2024-43468 | no description | 2024-11-26T12:39:44Z |
| CVE-2024-43468 | nikallass/CVE-2024-43468_mTLS_go | CVE-2024-43468 SCCM SQL Injection Exploit (mTLS unextractable client cert from MacOS keychain version) | 2025-01-17T12:20:09Z |
| CVE-2024-43451 | RonF98/CVE-2024-43451-POC | CVE-2024-43451 is a Windows NTLM vulnerability that allows an attacker to force authentication and capture NTLM hashes by using malicious shortcuts. | 2025-01-20T15:30:55Z |
| CVE-2024-43425 | RedTeamPentesting/moodle-rce-calculatedquestions | Scripts for Analysis of a RCE in Moodle Calculated Questions (CVE-2024-43425) | 2024-08-23T09:13:03Z |
| CVE-2024-43425 | Snizi/Moodle-CVE-2024-43425-Exploit | no description | 2025-02-07T19:48:05Z |
| CVE-2024-43416 | 0xmupa/CVE-2024-43416-PoC | no description | 2024-11-18T19:58:42Z |
| CVE-2024-43363 | p33d/CVE-2024-43363 | no description | 2024-10-07T22:59:09Z |
| CVE-2024-4323 | skilfoy/CVE-2024-4323-Exploit-POC | This proof-of-concept script demonstrates how to exploit CVE-2024-4323, a memory corruption vulnerability in Fluent Bit, enabling remote code execution. | 2024-05-20T15:04:13Z |
| CVE-2024-4323 | d0rb/CVE-2024-4323 | Critical heap buffer overflow vulnerability in the handle_trace_request and parse_trace_request functions of the Fluent Bit HTTP server. | 2024-05-21T12:59:16Z |
| CVE-2024-4323 | yuansec/CVE-2024-4323-dos_poc | no description | 2024-05-22T09:55:30Z |
| CVE-2024-4320 | bolkv/CVE-2024-4320 | no description | 2024-08-08T03:54:38Z |
| CVE-2024-43160 | KTN1990/CVE-2024-43160 | The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads | 2024-09-17T04:19:54Z |
| CVE-2024-43097 | Mahesh-970/CVE-2024-43097 | no description | 2025-02-19T10:56:39Z |
| CVE-2024-43093 | hatvix1/CVE-2024-43093 | CVE-2024-43093 | 2024-11-05T15:06:52Z |
| CVE-2024-43090 | nidhihcl75/frameworks_base_AOSP10_r33_CVE-2024-43090 | no description | 2025-02-19T11:18:04Z |
| CVE-2024-43088 | nidhihcl75/packages_apps_Settings_AOSP10_r33_CVE-2024-43088 | no description | 2025-02-18T12:28:15Z |
| CVE-2024-43044 | HwMex0/CVE-2024-43044 | The script checks Jenkins endpoints for CVE-2024-43044 by retrieving the Jenkins version from the innstance and comparing it against known vulnerable version ranges. | 2024-08-08T08:28:26Z |
| CVE-2024-43044 | jenkinsci-cert/SECURITY-3430 | This repository provides a workaround preventing exploitation of SECURITY-3430 / CVE-2024-43044 | 2024-08-08T11:55:32Z |
| CVE-2024-43044 | v9d0g/CVE-2024-43044-POC | CVE-2024-43044的利用方式 | 2024-08-13T07:32:35Z |
| CVE-2024-43044 | convisolabs/CVE-2024-43044-jenkins | Exploit for the vulnerability CVE-2024-43044 in Jenkins | 2024-08-23T20:26:26Z |
| CVE-2024-43044 | DACC4/CVE-2024-43044-jenkins-creds | no description | 2025-01-12T19:16:31Z |
| CVE-2024-43035 | ZeroPathAI/Fonoster-LFI-PoC | Proof-of-concept exploit for Fonoster LFI vulnerability (CVE-2024-43035) | 2024-08-21T21:12:14Z |
| CVE-2024-42992 | thanhh23/CVE-2024-42992 | CVE-2024-42992 | 2024-08-26T03:13:45Z |
| CVE-2024-4295 | truonghuuphuc/CVE-2024-4295-Poc | CVE-2024-4295 Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via hash | 2024-06-05T09:29:20Z |
| CVE-2024-4295 | cve-2024/CVE-2024-4295-Poc | no description | 2024-06-14T07:04:36Z |
| CVE-2024-42919 | jeyabalaji711/CVE-2024-42919 | no description | 2024-08-19T19:50:50Z |
| CVE-2024-42861 | qiupy123/CVE-2024-42861 | the | 2024-09-21T01:24:25Z |
| CVE-2024-42850 | njmbb8/CVE-2024-42850 | An issue in Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. | 2024-08-15T21:32:29Z |
| CVE-2024-42849 | njmbb8/CVE-2024-42849 | An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. | 2024-08-15T21:57:29Z |
| CVE-2024-42845 | partywavesec/invesalius3_vulnerabilities | InVesalius discovered CVE. CVE-2024-42845 | 2024-08-23T13:43:27Z |
| CVE-2024-42845 | theexploiters/CVE-2024-42845-Exploit | Exploit For: CVE-2024-42845: Remote Code Execution (RCE) in Invesalius 3.1 | 2025-01-10T20:00:26Z |
| CVE-2024-42834 | CyberSec-Supra/CVE-2024-42834 | no description | 2024-08-24T02:21:33Z |
| CVE-2024-42758 | 1s1ldur/CVE-2024-42758 | CVE-2024-42758 - Dokuwiki (indexmenu plugin) - XSS Vulnerability | 2024-08-15T13:59:50Z |
| CVE-2024-42658 | sudo-subho/CVE-2024-42658 | CVE-2024-42658 An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the cookies parameter | 2024-08-17T03:02:20Z |
| CVE-2024-42657 | sudo-subho/CVE-2024-42657 | CVE-2024-42657 An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process. | 2024-08-17T02:55:14Z |
| CVE-2024-42642 | VL4DR/CVE-2024-42642 | no description | 2024-08-30T17:24:58Z |
| CVE-2024-42640 | rvizx/CVE-2024-42640 | Unauthenticated Remote Code Execution via Angular-Base64-Upload Library | 2024-10-09T14:35:06Z |
| CVE-2024-42640 | KTN1990/CVE-2024-42640 | Unauthenticated Remote Code Execution via Angular-Base64-Upload Library (npm:bower) | 2024-11-19T23:54:30Z |
| CVE-2024-42471 | theMcSam/CVE-2024-42471-PoC | unzip-stream file write/overwrite vulnerability | 2025-04-24T15:28:56Z |
| CVE-2024-42461 | fevar54/CVE-2024-42461 | Se han identificado problemas en la verificación de firmas ECDSA y EDDSA en el proyecto Wycheproof. Las comprobaciones ausentes durante la etapa de decodificación de firmas permiten agregar o eliminar bytes cero, lo que afecta la capacidad de envío de correos. | 2024-08-06T21:56:15Z |
| CVE-2024-42448 | h3lye/CVE-2024-42448-RCE | Veeam Service Provider Console (VSPC) remote code execution. | 2024-12-05T13:12:44Z |
| CVE-2024-42346 | partywavesec/CVE-2024-42346 | CVE-2024-42346 POC | 2024-11-18T18:31:03Z |
| CVE-2024-42327 | aramosf/cve-2024-42327 | cve-2024-42327 ZBX-25623 | 2024-12-01T00:15:27Z |
| CVE-2024-42327 | compr00t/CVE-2024-42327 | PoC for CVE-2024-42327 / ZBX-25623 | 2024-12-03T12:44:07Z |
| CVE-2024-42327 | watchdog1337/CVE-2024-42327_Zabbix_SQLI | POC for CVE-2024-42327, an authenticated SQL Injection in Zabbix through the user.get API Method | 2024-12-07T21:25:40Z |
| CVE-2024-42327 | depers-rus/CVE-2024-42327 | no description | 2024-12-06T16:06:00Z |
| CVE-2024-42327 | itform-fr/Zabbix---CVE-2024-42327 | no description | 2024-12-11T00:39:26Z |
| CVE-2024-42327 | igorbf495/CVE-2024-42327 | writeup cve-2024-42327 | 2024-12-12T01:32:26Z |
| CVE-2024-42327 | BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE | Zabbix CVE-2024-42327 PoC | 2025-01-01T18:25:44Z |
| CVE-2024-42327 | godylockz/CVE-2024-42327 | POC for CVE-2024-42327: Zabbix Privilege Escalation -> RCE | 2025-02-16T07:33:38Z |
| CVE-2024-42327 | 874anthony/CVE-2024-42327_Zabbix_SQLi | This is for educational porpuses only. Please do not use agains unathorized systems. | 2025-04-18T17:24:16Z |
| CVE-2024-4232 | Redfox-Secuirty/Digisol-DG-GR1321-s-Password-Storage-in-Plaintext-CVE-2024-4232 | no description | 2024-06-18T11:05:06Z |
| CVE-2024-4232 | Redfox-Secuirty/Digisol-DG--GR1321-s-Password-Storage-in-Plaintext--CVE-2024-4232 | no description | 2024-07-04T06:30:19Z |
| CVE-2024-4231 | Redfox-Secuirty/Digisol-DG-GR1321-s-Improper-Access-Control-CVE-2024-4231 | no description | 2024-06-18T11:43:23Z |
| CVE-2024-42009 | 0xbassiouny1337/CVE-2024-42009 | This script exploits a stored XSS vulnerability (CVE-2024-42009) in Roundcube Webmail version 1.6.7. It injects a malicious payload into the webmail system, which, when triggered, exfiltrates email content from the victim’s inbox. | 2025-02-11T23:02:42Z |
| CVE-2024-42009 | Bhanunamikaze/CVE-2024-42009 | This Proof of Concept (PoC) demonstrates an exploit for CVE-2024-42009, leveraging a cross-site scripting (XSS) vulnerability to extract emails from a target webmail application. The attack injects a malicious payload that exfiltrates email content to an attacker-controlled listener. | 2025-02-13T20:53:56Z |
| CVE-2024-42008 | victoni/Roundcube-CVE-2024-42008-and-CVE-2024-42010-POC | POC for Roundcube vulnerabilities CVE-2024-42008 and CVE-2024-42010 | 2025-02-13T13:56:34Z |
| CVE-2024-42007 | BubblyCola/CVE_2024_42007 | Python exploit for CVE-2024-42007 — a path traversal vulnerability in php-spx <= 0.4.15 that allows arbitrary file read via SPX_UI_URI parameter. | 2025-04-06T13:38:54Z |
| CVE-2024-41992 | fj016/CVE-2024-41992-PoC | PoC for the CVE-2024-41992 (RCE on devices running WiFi-TestSuite-DUT) | 2024-08-23T23:48:01Z |
| CVE-2024-41958 | OrangeJuiceHU/CVE-2024-41958-PoC | This is a small proof of concept for CVE-2024-41958 | 2024-08-05T19:10:08Z |
| CVE-2024-41817 | Dxsk/CVE-2024-41817-poc | CVE-2024-41817 POC ImageMagick <= 7.1.1-35 Arbitrary Code Execution | 2025-03-19T00:48:54Z |
| CVE-2024-41713 | watchtowrlabs/Mitel-MiCollab-Auth-Bypass_CVE-2024-41713 | no description | 2024-12-05T06:13:57Z |
| CVE-2024-41713 | zxj-hub/CVE-2024-41713POC | Mitel MiCollab 企业协作平台 任意文件读取漏洞(CVE-2024-41713)由于Mitel MiCollab软件的 NuPoint 统一消息 (NPM) 组件中存在身份验证绕过漏洞,并且输入验证不足,未经身份验证的远程攻击者可利用该漏洞执行路径遍历攻击,成功利用可能导致未授权访问、破坏或删除用户的数据和系统配置。影响范围:version < MiCollab 9.8 SP2 (9.8.2.12) | 2024-12-21T02:26:26Z |
| CVE-2024-41713 | Sanandd/cve-2024-CVE-2024-41713 | cve-2024-CVE-2024-41713 | 2024-12-21T09:35:12Z |
| CVE-2024-41713 | amanverma-wsu/CVE-2024-41713-Scan | A Python script to detect CVE-2024-41713, a directory traversal vulnerability in Apache HTTP Server, enabling unauthorized access to restricted resources. This tool is for educational purposes and authorized testing only. Unauthorized usage is unethical and illegal. | 2025-01-11T02:39:36Z |
| CVE-2024-41662 | sh3bu/CVE-2024-41662 | Markdown XSS leads to RCE in VNote version <=3.18.1 | 2024-07-23T17:21:12Z |
| CVE-2024-41651 | Fckroun/CVE-2024-41651 | CVE-2024-41651 | 2024-08-08T17:25:30Z |
| CVE-2024-41640 | alemusix/CVE-2024-41640 | no description | 2024-07-17T07:00:31Z |
| CVE-2024-41628 | Redshift-CyberSecurity/CVE-2024-41628 | no description | 2024-07-29T07:12:14Z |
| CVE-2024-415770 | muhmad-umair/CVE-2024-415770-ssrf-rce | no description | 2025-01-22T17:54:01Z |
| CVE-2024-41570 | chebuya/Havoc-C2-SSRF-poc | CVE-2024-41570: Havoc C2 0.7 Teamserver SSRF exploit | 2024-07-13T19:54:27Z |
| CVE-2024-41570 | HimmeL-Byte/CVE-2024-41570-SSRF-RCE | Havoc SSRF to RCE | 2025-01-19T14:48:41Z |
| CVE-2024-41570 | kit4py/CVE-2024-41570 | Automated Reverse Shell Exploit via WebSocket - Havoc-C2-SSRF with RCE | 2025-01-21T09:41:05Z |
| CVE-2024-41570 | sebr-dev/Havoc-C2-SSRF-to-RCE | This is a modified version of the CVE-2024-41570 SSRF PoC from @chebuya chained with the auth RCE exploit from @hyperreality. This exploit executes code remotely to a target due to multiple vulnerabilities in Havoc C2 Framework. (https://github.com/HavocFramework/Havoc) | 2025-01-21T06:12:33Z |
| CVE-2024-41570 | thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE | This is a Chained RCE in the Havoc C2 framework using github.com/chebuya and github.com/IncludeSecurity pocs | 2025-01-19T22:03:41Z |
| CVE-2024-41453 | php-lover-boy/CVE-2024-41453_CVE-2024-41454 | CVE-2024-41454, CVE-2024-41453 | 2024-07-09T08:48:59Z |
| CVE-2024-41319 | NingXin2002/TOTOLINK_poc | TOTOLINK A6000R 命令执行漏洞(CVE-2024-41319) | 2024-12-20T09:31:58Z |
| CVE-2024-41312 | Amal264882/CVE-2024-41312. | InstantCMS - Stored Cross Site Scripting (XSS) | 2024-08-26T06:32:49Z |
| CVE-2024-41302 | patrickdeanramos/CVE-2024-41302-Bookea-tu-Mesa-is-vulnerable-to-SQL-Injection | Bookea-tu-Mesa is vulnerable to SQL Injection | 2024-07-14T13:01:36Z |
| CVE-2024-41301 | patrickdeanramos/CVE-2024-41301-Bookea-tu-Mesa-is-vulnerable-to-Stored-Cross-Site-Scripting | no description | 2024-07-14T12:51:17Z |
| CVE-2024-41290 | paragbagul111/CVE-2024-41290 | FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to > store authentication data | 2024-10-01T14:35:39Z |
| CVE-2024-41110 | vvpoglazov/cve-2024-41110-checker | no description | 2024-07-25T08:03:15Z |
| CVE-2024-41110 | PauloParoPP/CVE-2024-41110-SCAN | no description | 2024-07-26T18:41:42Z |
| CVE-2024-41107 | d0rb/CVE-2024-41107 | This repository contains an PoC for the critical vulnerability identified as CVE-2024-41107 in Apache CloudStack | 2024-07-23T09:39:42Z |
| CVE-2024-40892 | xen0bit/fwbt | Proof of Concept code for interaction with Firewalla via Bluetooth Low-Energy and exploitation of CVE-2024-40892 / CVE-2024-40893 | 2024-08-21T17:27:21Z |
| CVE-2024-40815 | w0wbox/CVE-2024-40815 | poc for CVE-2024-40815 (under construction) | 2025-01-31T00:17:08Z |
| CVE-2024-40725 | TAM-K592/CVE-2024-40725-CVE-2024-40898 | CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61. These flaws pose significant risks to web servers worldwide, potentially leading to source code disclosure and server-side request forgery (SSRF) attacks. | 2024-07-19T03:51:54Z |
| CVE-2024-40725 | whiterose7777/CVE-2024-40725-CVE-2024-40898 | no description | 2024-11-11T09:00:22Z |
| CVE-2024-40725 | soltanali0/CVE-2024-40725 | exploit CVE-2024-40725 (Apache httpd) with | 2024-12-18T15:09:38Z |
| CVE-2024-40711 | watchtowrlabs/CVE-2024-40711 | Pre-Auth Exploit for CVE-2024-40711 | 2024-09-15T17:25:32Z |
| CVE-2024-40711 | realstatus/CVE-2024-40711-Exp | CVE-2024-40711-exp | 2024-10-16T05:02:27Z |
| CVE-2024-40711 | XiaomingX/cve-2024-40711-poc | CVE-2024-40711 是 Veeam Backup & Replication 软件中的一个严重漏洞,允许未经身份验证的攻击者远程执行代码。 | 2024-11-23T04:02:34Z |
| CVE-2024-40676 | Aakashmom/frameworks_base_accounts_CVE-2024-40676 | no description | 2024-10-17T11:29:33Z |
| CVE-2024-40676 | Aakashmom/accounts_CVE-2024-40676- | no description | 2024-10-17T11:40:21Z |
| CVE-2024-40675 | Aakashmom/intent_CVE-2024-40675 | no description | 2024-10-17T11:46:29Z |
| CVE-2024-40673 | Aakashmom/G3_libcore_native_CVE-2024-40673 | no description | 2024-10-17T12:26:24Z |
| CVE-2024-40662 | Aakashmom/net_G2.5_CVE-2024-40662 | no description | 2024-10-17T12:39:21Z |
| CVE-2024-40658 | nidhihcl75/frameworks_av_AOSP10_r33_CVE-2024-40658 | no description | 2024-07-23T05:04:03Z |
| CVE-2024-40635 | yen5004/CVE-2024-40635_POC | Proof of Concept code for proving CVE-2024-40635 vulnerability | 2025-04-30T16:22:09Z |
| CVE-2024-40617 | KyssK00L/CVE-2024-40617 | CVE-2024-40617 Exploit PoC | 2024-07-30T11:50:45Z |
| CVE-2024-40512 | Jansen-C-Moreira/CVE-2024-40512 | OpenPetra v.2023.02 CVE-2024-40512 | 2024-07-13T22:06:16Z |
| CVE-2024-40511 | Jansen-C-Moreira/CVE-2024-40511 | OpenPetra v.2023.02 CVE-2024-40511 | 2024-07-13T22:04:53Z |
| CVE-2024-40510 | Jansen-C-Moreira/CVE-2024-40510 | OpenPetra v.2023.02 CVE-2024-40510 | 2024-07-13T22:03:17Z |
| CVE-2024-40509 | Jansen-C-Moreira/CVE-2024-40509 | OpenPetra v.2023.02 CVE-2024-40509 | 2024-07-13T22:01:39Z |
| CVE-2024-40508 | Jansen-C-Moreira/CVE-2024-40508 | OpenPetra v.2023.02 CVE-2024-40508 | 2024-07-13T21:54:07Z |
| CVE-2024-40507 | Jansen-C-Moreira/CVE-2024-40507 | OpenPetra v.2023.02 Use CVE-2024-40507 | 2024-07-13T21:50:57Z |
| CVE-2024-40506 | Jansen-C-Moreira/CVE-2024-40506 | OpenPetra v.2023.02 CVE-2024-40506 | 2024-07-13T21:42:23Z |
| CVE-2024-40500 | nitipoom-jar/CVE-2024-40500 | no description | 2024-08-08T17:12:58Z |
| CVE-2024-40498 | Dirac231/CVE-2024-40498 | no description | 2024-07-29T10:13:15Z |
| CVE-2024-40492 | minendie/POC_CVE-2024-40492 | no description | 2024-07-13T04:57:48Z |
| CVE-2024-40457 | jeppojeps/CVE-2024-40457-PoC | CVE PoC 2024-40457 | 2024-10-30T16:51:31Z |
| CVE-2024-40443 | Yuma-Tsushima07/CVE-2024-40443 | CVE-2024-40443 - A SQL Injection vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary SQL commands | 2024-11-10T17:35:14Z |
| CVE-2024-40431 | SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN | CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK) | 2024-09-17T06:28:17Z |
| CVE-2024-40422 | alpernae/CVE-2024-40422 | no description | 2024-07-03T21:43:15Z |
| CVE-2024-40422 | codeb0ss/CVE-2024-40422-PoC | Mass Exploit < [CVE-2024-40422 - Devika v1] - Path Traversal | 2024-08-05T22:21:06Z |
| CVE-2024-40422 | j3r1ch0123/CVE-2024-40422 | Found this on exploit-db, decided to make my own for practice. This exploit will search out the passwd file and print the contents on a vulnerable system. | 2024-08-06T07:09:47Z |
| CVE-2024-4040 | rbih-boulanouar/CVE-2024-4040 | no description | 2024-04-25T04:45:38Z |
| CVE-2024-4040 | tucommenceapousser/CVE-2024-4040-Scanner | Scanner of vulnerability on crushftp instance | 2024-04-25T04:01:23Z |
| CVE-2024-4040 | Mufti22/CVE-2024-4040 | A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | 2024-04-25T05:18:06Z |
| CVE-2024-4040 | Mohammaddvd/CVE-2024-4040 | Exploit CrushFTP CVE-2024-4040 | 2024-04-30T13:27:34Z |
| CVE-2024-4040 | Praison001/CVE-2024-4040-CrushFTP-server | Exploit for CVE-2024-4040 affecting CrushFTP server in all versions before 10.7.1 and 11.1.0 on all platforms | 2024-04-29T10:21:53Z |
| CVE-2024-4040 | jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerability | no description | 2024-05-01T14:42:39Z |
| CVE-2024-4040 | gotr00t0day/CVE-2024-4040 | A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | 2024-05-03T23:29:53Z |
| CVE-2024-4040 | 1ncendium/CVE-2024-4040 | A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | 2024-05-13T17:33:36Z |
| CVE-2024-4040 | Stuub/CVE-2024-4040-SSTI-LFI-PoC | CVE-2024-4040 CrushFTP SSTI LFI & Auth Bypass - Full Server Takeover - Wordlist Support | 2024-04-25T19:51:38Z |
| CVE-2024-4040 | airbus-cert/CVE-2024-4040 | Scanner for CVE-2024-4040 | 2024-04-23T09:31:29Z |
| CVE-2024-4040 | olebris/CVE-2024-4040 | CVE-2024-4040 PoC | 2024-06-28T10:32:51Z |
| CVE-2024-4040 | entroychang/CVE-2024-4040 | CVE-2024-4040 PoC | 2024-07-05T05:46:56Z |
| CVE-2024-4040 | geniuszlyy/GenCrushSSTIExploit | is a PoC for CVE-2024-4040 tool for exploiting the SSTI vulnerability in CrushFTP | 2024-09-30T16:18:07Z |
| CVE-2024-4040 | safeer-accuknox/CrushFTP-cve-2024-4040-poc | no description | 2024-09-18T04:45:54Z |
| CVE-2024-4040 | rahisec/CVE-2024-4040 | no description | 2024-10-23T06:29:19Z |
| CVE-2024-40348 | bigb0x/CVE-2024-40348 | POC for CVE-2024-40348. Will attempt to read /etc/passwd from target | 2024-07-21T00:54:55Z |
| CVE-2024-40348 | codeb0ss/CVE-2024-40348-PoC | Mass Exploit < [CVE-2024-40348 - Bazarr] - Arbitrary File Read | 2024-07-24T16:13:24Z |
| [CVE-2024-40348](https://www.cve.org/CVERecord?id=C |