CVE-2021-3007.zip
5.9 KB
CVE-2021-3007
Author: KrE80r
DISPUTED Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized.
GitHub Link:
https://github.com/KrE80r/cve-2021-3007-vulnerable
Author: KrE80r
DISPUTED Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized.
GitHub Link:
https://github.com/KrE80r/cve-2021-3007-vulnerable
CVE-2022-26134.zip
5.8 KB
CVE-2022-26134
Author: Hghost0x00
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
GitHub Link:
https://github.com/Hghost0x00/CVE-2022-26134-GO
Author: Hghost0x00
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
GitHub Link:
https://github.com/Hghost0x00/CVE-2022-26134-GO
CVE-2025-13486.zip
5 KB
CVE-2025-13486
Author: MataKucing-OFC
None
GitHub Link:
https://github.com/MataKucing-OFC/CVE-2025-13486
Author: MataKucing-OFC
None
GitHub Link:
https://github.com/MataKucing-OFC/CVE-2025-13486