CVE-2021-41773
Author: rikdek

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

GitHub Link:
https://github.com/rikdek/CVE-2021-41773

CVE-2026-21858
Author: Chocapikk

None

GitHub Link:
https://github.com/Chocapikk/CVE-2026-21858

CVE-2026-0628
Author: fevar54

None

GitHub Link:
https://github.com/fevar54/CVE-2026-0628-POC

CVE-2019-18634
Author: CyrusRazavi

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

GitHub Link:
https://github.com/CyrusRazavi/CVE-2019-18634-

CVE-2026-21858
Author: eduardorossi84

None

GitHub Link:
https://github.com/eduardorossi84/CVE-2026-21858-POC

CVE-2016-16113
Author: d3vn0mi

None

GitHub Link:
https://github.com/d3vn0mi/cve-2016-16113

CVE-2024-24401
Author: JIBEG-UNIX

SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.

GitHub Link:
https://github.com/JIBEG-UNIX/CVE-2024-24401

CVE-2025-68705
Author: imjdl

None

GitHub Link:
https://github.com/imjdl/CVE-2025-68705-RustFS-Path-Traversal-Vulnerability-Check

CVE-2024-0670
Author: Nikopmpm

None

GitHub Link:
https://github.com/Nikopmpm/nikopmpm.github.io

CVE-2026-21440
Author: k0nnect

None

GitHub Link:
https://github.com/k0nnect/cve-2026-21440-writeup

CVE-2019-9624
Author: x0rbeexd

None

GitHub Link:
https://github.com/x0rbeexd/CVE-2019-9624

CVE-2022-30190
Author: mishra0230

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.

GitHub Link:
https://github.com/mishra0230/CVE-2022-30190-Follina

CVE-2025-65731
Author: whitej3rry

None

GitHub Link:
https://github.com/whitej3rry/CVE-2025-65731

CVE-2022-4782
Author: makmour

None

GitHub Link:
https://github.com/makmour/clickfunnels-zurich

CVE-2025-55182
Author: Asder10

None

GitHub Link:
https://github.com/Asder10/asder10.github.io

CVE-2025-55182
Author: momika233

None

GitHub Link:
https://github.com/momika233/CVE-2025-55182-bypass

CVE-2024-0368
Author: RandomRobbieBF

None

GitHub Link:
https://github.com/RandomRobbieBF/CVE-2024-0368

CVE-2026-21877
Author: Ashwesker

None

GitHub Link:
https://github.com/Ashwesker/Ashwesker-CVE-2026-21877

CVE-2025-4802
Author: Betim-Hodza

None

GitHub Link:
https://github.com/Betim-Hodza/CVE-2025-4802-Proof-of-Concept

CVE-2021-43798
Author: baktistr

Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: <grafana_host_url>/public/plugins//, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.

GitHub Link:
https://github.com/baktistr/cve-2021-43798-enum