CVE-2025-32462
Author: lakshan-sameera
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
GitHub Link:
https://github.com/lakshan-sameera/CVE-2025-32462-and-CVE-2025-32463---Critical-Sudo-Vulnerabilities
Author: lakshan-sameera
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
GitHub Link:
https://github.com/lakshan-sameera/CVE-2025-32462-and-CVE-2025-32463---Critical-Sudo-Vulnerabilities
CVE-2025-29927.zip
656 B
CVE-2025-29927
Author: N3k0t-dev
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/N3k0t-dev/bughunter-cyber-intel-dashboard
Author: N3k0t-dev
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/N3k0t-dev/bughunter-cyber-intel-dashboard
CVE-2020-5752.zip
2 KB
CVE-2020-5752
Author: x0rbeexd
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
GitHub Link:
https://github.com/x0rbeexd/CVE-2020-5752
Author: x0rbeexd
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
GitHub Link:
https://github.com/x0rbeexd/CVE-2020-5752
CVE-2023-4220.zip
13.6 KB
CVE-2023-4220
Author: Least-Significant-Bit
Unrestricted file upload in big file upload functionality in
GitHub Link:
https://github.com/Least-Significant-Bit/CVE-2023-4220
Author: Least-Significant-Bit
Unrestricted file upload in big file upload functionality in
/main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.GitHub Link:
https://github.com/Least-Significant-Bit/CVE-2023-4220
CVE-2020-7693.zip
1.8 KB
CVE-2020-7693
Author: thewindghost
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
GitHub Link:
https://github.com/thewindghost/CVE-2020-7693
Author: thewindghost
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
GitHub Link:
https://github.com/thewindghost/CVE-2020-7693
CVE-2016-1825
Author: BrandonAzad
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
GitHub Link:
https://github.com/BrandonAzad/physmem
Author: BrandonAzad
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
GitHub Link:
https://github.com/BrandonAzad/physmem
CVE-2016-1828
Author: BrandonAzad
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
GitHub Link:
https://github.com/BrandonAzad/rootsh
Author: BrandonAzad
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
GitHub Link:
https://github.com/BrandonAzad/rootsh
CVE-2018-4280
Author: BrandonAzad
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
GitHub Link:
https://github.com/BrandonAzad/blanket
Author: BrandonAzad
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
GitHub Link:
https://github.com/BrandonAzad/blanket