CVE-2025-2011.zip
4.9 KB
CVE-2025-2011
Author: Ashwesker
The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
GitHub Link:
https://github.com/Ashwesker/Blackash-CVE-2025-2011
Author: Ashwesker
The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
GitHub Link:
https://github.com/Ashwesker/Blackash-CVE-2025-2011
CVE-2024-20666.zip
8.4 KB
CVE-2024-20666
Author: tazxtazxedu
BitLocker Security Feature Bypass Vulnerability
GitHub Link:
https://github.com/tazxtazxedu/WinRE-Fix
Author: tazxtazxedu
BitLocker Security Feature Bypass Vulnerability
GitHub Link:
https://github.com/tazxtazxedu/WinRE-Fix
CVE-2023-26360.zip
4.9 KB
CVE-2023-26360
Author: RyanRodrigues880
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
GitHub Link:
https://github.com/RyanRodrigues880/CVE-2023-26360
Author: RyanRodrigues880
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
GitHub Link:
https://github.com/RyanRodrigues880/CVE-2023-26360
CVE-2018-10933.zip
1010 B
CVE-2018-10933
Author: opsifiz
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
GitHub Link:
https://github.com/opsifiz/CVE-2018-10933
Author: opsifiz
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
GitHub Link:
https://github.com/opsifiz/CVE-2018-10933
CVE-2018-17254.zip
2.5 KB
CVE-2018-17254
Author: 7amzahard
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
GitHub Link:
https://github.com/7amzahard/script-python-to-detect-CVE-2018-17254
Author: 7amzahard
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
GitHub Link:
https://github.com/7amzahard/script-python-to-detect-CVE-2018-17254
CVE-2021-23394
Author: 0xnemian
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
GitHub Link:
https://github.com/0xnemian/CVE-2021-23394
Author: 0xnemian
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
GitHub Link:
https://github.com/0xnemian/CVE-2021-23394
CVE-2024-21413.zip
241.8 KB
CVE-2024-21413
Author: mmathivanan17
Microsoft Outlook Remote Code Execution Vulnerability
GitHub Link:
https://github.com/mmathivanan17/CVE-2024-21413
Author: mmathivanan17
Microsoft Outlook Remote Code Execution Vulnerability
GitHub Link:
https://github.com/mmathivanan17/CVE-2024-21413
CVE-2025-49132.zip
2.5 KB
CVE-2025-49132
Author: f3d0rq
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
GitHub Link:
https://github.com/f3d0rq/CVE-2025-49132
Author: f3d0rq
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
GitHub Link:
https://github.com/f3d0rq/CVE-2025-49132
CVE-2023-35813.zip
5.1 KB
CVE-2023-35813
Author: Rezy-Dev
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
GitHub Link:
https://github.com/Rezy-Dev/CVE-2023-35813
Author: Rezy-Dev
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
GitHub Link:
https://github.com/Rezy-Dev/CVE-2023-35813
CVE-2024-10220.zip
3.5 KB
CVE-2024-10220
Author: imohammed28
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
GitHub Link:
https://github.com/imohammed28/cve-2024-10220-test
Author: imohammed28
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
GitHub Link:
https://github.com/imohammed28/cve-2024-10220-test
CVE-2020-26217.zip
3.2 KB
CVE-2020-26217
Author: Kairo-one
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
GitHub Link:
https://github.com/Kairo-one/CVE-2020-26217-XStream
Author: Kairo-one
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
GitHub Link:
https://github.com/Kairo-one/CVE-2020-26217-XStream