CVE-2021-23017.zip
7.5 KB
CVE-2021-23017
Author: 6lj
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
GitHub Link:
https://github.com/6lj/EVIL-CVE-2021-23017-Update-2025
Author: 6lj
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
GitHub Link:
https://github.com/6lj/EVIL-CVE-2021-23017-Update-2025
CVE-2025-24204.zip
255.1 KB
CVE-2025-24204
Author: 34306
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
GitHub Link:
https://github.com/34306/decrypted
Author: 34306
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
GitHub Link:
https://github.com/34306/decrypted
CVE-2021-21974.zip
4.4 KB
CVE-2021-21974
Author: abirasecurity
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
GitHub Link:
https://github.com/abirasecurity/CVE-2021-21974vulndectection
Author: abirasecurity
OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.
GitHub Link:
https://github.com/abirasecurity/CVE-2021-21974vulndectection
CVE-2025-23266.zip
6.3 KB
CVE-2025-23266
Author: Mindasy
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
GitHub Link:
https://github.com/Mindasy/cve-2025-23266-migration-bypass
Author: Mindasy
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
GitHub Link:
https://github.com/Mindasy/cve-2025-23266-migration-bypass
CVE-2020-0610.zip
3.8 KB
CVE-2020-0610
Author: Riocipta75
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.
GitHub Link:
https://github.com/Riocipta75/lab-cve-2020-0610
Author: Riocipta75
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609.
GitHub Link:
https://github.com/Riocipta75/lab-cve-2020-0610
CVE-2025-24071.zip
3 KB
CVE-2025-24071
Author: AC8999
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
GitHub Link:
https://github.com/AC8999/CVE-2025-24071
Author: AC8999
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
GitHub Link:
https://github.com/AC8999/CVE-2025-24071
CVE-2023-50164.zip
21.3 KB
CVE-2023-50164
Author: MKIRAHMET
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
GitHub Link:
https://github.com/MKIRAHMET/CVE-2023-50164-HTB-strutted
Author: MKIRAHMET
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
GitHub Link:
https://github.com/MKIRAHMET/CVE-2023-50164-HTB-strutted
CVE-2025-22131.zip
134.1 KB
CVE-2025-22131
Author: s0ck37
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.
GitHub Link:
https://github.com/s0ck37/CVE-2025-22131-POC
Author: s0ck37
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays it in the response.
GitHub Link:
https://github.com/s0ck37/CVE-2025-22131-POC