CVE-2015-8351.zip
1.9 KB
CVE-2015-8351
Author: Philip-Otter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allowurlinclude is enabled.
GitHub Link:
https://github.com/Philip-Otter/CVE-2015-8351OtterRemix
Author: Philip-Otter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allowurlinclude is enabled.
GitHub Link:
https://github.com/Philip-Otter/CVE-2015-8351OtterRemix
CVE-2016-5195.zip
507.6 KB
CVE-2016-5195
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab
CVE-2019-18935.zip
7.3 KB
CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
CVE-2025-24085.zip
1.1 MB
CVE-2025-24085
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201
CVE-2025-24085.zip
1.1 MB
CVE-2025-24085
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201
CVE-2020-36847.zip
3.4 KB
CVE-2020-36847
Author: 137f
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
GitHub Link:
https://github.com/137f/PoC-CVE-2020-36847-WordPress-Plugin-4.2.2-RCE
Author: 137f
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
GitHub Link:
https://github.com/137f/PoC-CVE-2020-36847-WordPress-Plugin-4.2.2-RCE
CVE-2019-18935.zip
7.3 KB
CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
CVE-2016-5195.zip
507.6 KB
CVE-2016-5195
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab
CVE-2024-37054.zip
6.9 KB
CVE-2024-37054
Author: NiteeshPujari
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.
GitHub Link:
https://github.com/NiteeshPujari/CVE-2024-37054-MLflow-RCE
Author: NiteeshPujari
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.
GitHub Link:
https://github.com/NiteeshPujari/CVE-2024-37054-MLflow-RCE
CVE-2025-27519.zip
1.9 KB
CVE-2025-27519
Author: Diabl0xE
Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setup using Docker. Because the docker environment sets up the backend uvicorn server with auto reload enabled, when an attacker overwrites the /app/backend/init.py file, the file will automatically be reloaded and executed. This allows an attacker to get remote code execution in the context of the Docker container. This vulnerability is fixed in commit a78bd065e05a1b30a53a3386cc02e08c317d2243.
GitHub Link:
https://github.com/Diabl0xE/CVE-2025-27519
Author: Diabl0xE
Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. A path traversal issue exists at /v1/internal/upload-to-local-directory which is enabled when the Local env variable is set to true, such as when Cognita is setup using Docker. Because the docker environment sets up the backend uvicorn server with auto reload enabled, when an attacker overwrites the /app/backend/init.py file, the file will automatically be reloaded and executed. This allows an attacker to get remote code execution in the context of the Docker container. This vulnerability is fixed in commit a78bd065e05a1b30a53a3386cc02e08c317d2243.
GitHub Link:
https://github.com/Diabl0xE/CVE-2025-27519