CVE-2024-10220.zip
3.5 KB
CVE-2024-10220
Author: imohammed28
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
GitHub Link:
https://github.com/imohammed28/cve-2024-10220-test
Author: imohammed28
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
GitHub Link:
https://github.com/imohammed28/cve-2024-10220-test
CVE-2020-26217.zip
3.2 KB
CVE-2020-26217
Author: Kairo-one
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
GitHub Link:
https://github.com/Kairo-one/CVE-2020-26217-XStream
Author: Kairo-one
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
GitHub Link:
https://github.com/Kairo-one/CVE-2020-26217-XStream
CVE-2021-21980.zip
8.1 KB
CVE-2021-21980
Author: pratikjojode
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
GitHub Link:
https://github.com/pratikjojode/vcenter-cve-2021-21980-lab
Author: pratikjojode
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
GitHub Link:
https://github.com/pratikjojode/vcenter-cve-2021-21980-lab
CVE-2024-48990.zip
2 KB
CVE-2024-48990
Author: 0x3bs
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
GitHub Link:
https://github.com/0x3bs/CVE-2024-48990
Author: 0x3bs
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
GitHub Link:
https://github.com/0x3bs/CVE-2024-48990
CVE-2021-22941.zip
3.6 KB
CVE-2021-22941
Author: pratikjojode
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
GitHub Link:
https://github.com/pratikjojode/citrix-cve-2021-22941-lab
Author: pratikjojode
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
GitHub Link:
https://github.com/pratikjojode/citrix-cve-2021-22941-lab
CVE-2025-29927.zip
122.9 KB
CVE-2025-29927
Author: liamromanis101
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/liamromanis101/CVE-2025-29927-NextJS
Author: liamromanis101
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/liamromanis101/CVE-2025-29927-NextJS