CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/MAAYTHM/CVE-2025-32462_32463-Lab
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/MAAYTHM/CVE-2025-32462_32463-Lab
GitHub
GitHub - MAAYTHM/CVE-2025-32462_32463-Lab: Docker PoC for CVE-2025-32462 & CVE-2025-32463 (sudo), based on Stratascale CRU research.
Docker PoC for CVE-2025-32462 & CVE-2025-32463 (sudo), based on Stratascale CRU research. - MAAYTHM/CVE-2025-32462_32463-Lab
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/GongWook/CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/GongWook/CVE-2025-24813
GitHub
GitHub - GongWook/CVE-2025-24813: POC
POC. Contribute to GongWook/CVE-2025-24813 development by creating an account on GitHub.
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Github link:
https://github.com/Antoine-MANTIS/POC-Bash-CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Github link:
https://github.com/Antoine-MANTIS/POC-Bash-CVE-2021-3560
GitHub
GitHub - Antoine-MANTIS/POC-Bash-CVE-2021-3560: POC Bash -- CVE-2021-3560
POC Bash -- CVE-2021-3560. Contribute to Antoine-MANTIS/POC-Bash-CVE-2021-3560 development by creating an account on GitHub.
CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Github link:
https://github.com/rvizx/CVE-2024-9264
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
Github link:
https://github.com/rvizx/CVE-2024-9264
GitHub
GitHub - rvizx/CVE-2024-9264: Authenticated RCE in Grafana (v11.0) via SQL Expressions - PoC Exploit
Authenticated RCE in Grafana (v11.0) via SQL Expressions - PoC Exploit - rvizx/CVE-2024-9264
CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Github link:
https://github.com/bidaoui4905/CVE-2018-10933
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Github link:
https://github.com/bidaoui4905/CVE-2018-10933
GitHub
GitHub - bidaoui4905/CVE-2018-10933: LibSSH authentification bypass
LibSSH authentification bypass. Contribute to bidaoui4905/CVE-2018-10933 development by creating an account on GitHub.
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/SpongeBob-369/cve-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/SpongeBob-369/cve-2025-32463
GitHub
GitHub - SpongeBob-369/cve-2025-32463: cve-2025-32463's demo
cve-2025-32463's demo. Contribute to SpongeBob-369/cve-2025-32463 development by creating an account on GitHub.
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Chocapikk/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Chocapikk/CVE-2025-5777
GitHub
GitHub - Chocapikk/CVE-2025-5777: CitrixBleed 2 (CVE-2025-5777)
CitrixBleed 2 (CVE-2025-5777). Contribute to Chocapikk/CVE-2025-5777 development by creating an account on GitHub.
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/K3ysTr0K3R/CVE-2025-32463-EXPLOIT
GitHub
GitHub - K3ysTr0K3R/CVE-2025-32463-EXPLOIT: A PoC exploit for CVE-2025-32463 - Sudo Privilege Escalation
A PoC exploit for CVE-2025-32463 - Sudo Privilege Escalation - K3ysTr0K3R/CVE-2025-32463-EXPLOIT
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/abrewer251/CVE-2025-32463_Sudo_PoC
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/abrewer251/CVE-2025-32463_Sudo_PoC
GitHub
GitHub - abrewer251/CVE-2025-32463_Sudo_PoC: PoC for CVE-2025-32463: Local privilege escalation in sudo via --chroot. Exploits…
PoC for CVE-2025-32463: Local privilege escalation in sudo via --chroot. Exploits NSS module injection through crafted chroot environments. Designed for security researchers and lab-only environmen...
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity
GitHub
GitHub - Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity: Repository
Repository. Contribute to Alaric112/CVE-2025-32463-Chroot-Vulnerabilitity development by creating an account on GitHub.
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/win3zz/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/win3zz/CVE-2025-5777
GitHub
GitHub - win3zz/CVE-2025-5777: CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC…
CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices - win3zz/CVE-2025-5777
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/susancodes55/CVE-2025-32463-sudo-poc
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/susancodes55/CVE-2025-32463-sudo-poc