CVE-2023-5359.zip
3.8 KB
CVE-2023-5359
Author: enzocipher
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.
GitHub Link:
https://github.com/enzocipher/CVE-2023-5359
Author: enzocipher
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to impersonate W3 Total Cache and gain access to user account information in successful conditions. This would not impact the WordPress users site in any way.
GitHub Link:
https://github.com/enzocipher/CVE-2023-5359
CVE-2023-45612.zip
52.3 KB
CVE-2023-45612
Author: ksaweryr
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
GitHub Link:
https://github.com/ksaweryr/CVE-2023-45612-PoC
Author: ksaweryr
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
GitHub Link:
https://github.com/ksaweryr/CVE-2023-45612-PoC
CVE-2023-45612.zip
123.9 KB
CVE-2023-45612
Author: stefan-500
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
GitHub Link:
https://github.com/stefan-500/ktor-cve-2023-45612-poc
Author: stefan-500
In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE
GitHub Link:
https://github.com/stefan-500/ktor-cve-2023-45612-poc
CVE-2025-12907.zip
3 KB
CVE-2025-12907
Author: DExplo1ted
None
GitHub Link:
https://github.com/DExplo1ted/CVE-2025-12907-Exploit
Author: DExplo1ted
None
GitHub Link:
https://github.com/DExplo1ted/CVE-2025-12907-Exploit
CVE-2025-48384.zip
777 B
CVE-2025-48384
Author: bummie
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
GitHub Link:
https:...
Author: bummie
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
GitHub Link:
https:...