CVE-2024-21413.zip
241.8 KB
CVE-2024-21413
Author: mmathivanan17
Microsoft Outlook Remote Code Execution Vulnerability
GitHub Link:
https://github.com/mmathivanan17/CVE-2024-21413
Author: mmathivanan17
Microsoft Outlook Remote Code Execution Vulnerability
GitHub Link:
https://github.com/mmathivanan17/CVE-2024-21413
CVE-2025-49132.zip
2.5 KB
CVE-2025-49132
Author: f3d0rq
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
GitHub Link:
https://github.com/f3d0rq/CVE-2025-49132
Author: f3d0rq
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
GitHub Link:
https://github.com/f3d0rq/CVE-2025-49132
CVE-2023-35813.zip
5.1 KB
CVE-2023-35813
Author: Rezy-Dev
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
GitHub Link:
https://github.com/Rezy-Dev/CVE-2023-35813
Author: Rezy-Dev
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
GitHub Link:
https://github.com/Rezy-Dev/CVE-2023-35813
CVE-2024-10220.zip
3.5 KB
CVE-2024-10220
Author: imohammed28
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
GitHub Link:
https://github.com/imohammed28/cve-2024-10220-test
Author: imohammed28
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
GitHub Link:
https://github.com/imohammed28/cve-2024-10220-test
CVE-2020-26217.zip
3.2 KB
CVE-2020-26217
Author: Kairo-one
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
GitHub Link:
https://github.com/Kairo-one/CVE-2020-26217-XStream
Author: Kairo-one
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
GitHub Link:
https://github.com/Kairo-one/CVE-2020-26217-XStream