GitHub Feed
Explore the latest GitHub repositories gathered from our feed. Entries are grouped by day to help you track developments quickly.
Sat Apr 26, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2025-3102-exploit | Exploitation of an authorization bypass vulnerability in the S | SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation |
v3.1
HIGH
Score: 8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2023-1545 | Python Proof of Concept for CVE-2023-1545 (SQL Injection for T | SQL Injection in nilsteampassnet/teampass |
v3.0
HIGH
Score: 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
Visit Repo |
| CVE-2025-31324 | SAP NetWeaver Visual Composer Metadata Uploader is not protect | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2016-2098-PoC | A PoC of CVE-2016-2098 I made for PentesterLab | n/a | n/a | Visit Repo |
| CVE-2025-32433 | Erlang OTP SSH NSE Discovery Script | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2018-0114-PoC | A PoC of CVE-2018-0114 I made for PentesterLab | n/a | n/a | Visit Repo |
Fri Apr 25, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2024-24919-Incident-Report.md | Information disclosure |
v3.1
HIGH
Score: 8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
Visit Repo | |
| CVE-2025-3102_v2 | Checks the SureTriggers WordPress plugin's readme.txt file for | SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation |
v3.1
HIGH
Score: 8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-3102 | Detects the version of the SureTriggers WordPress plugin from | SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation |
v3.1
HIGH
Score: 8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| IronLocker-Ransomware | STRONGEST RAAS EVER | n/a | n/a | Visit Repo |
| CVE-2025-29927 | Next.js middleware bypass PoC | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo |
| commvault-cve2025-34028-check | Commvault CVE-2025-34028 endpoint scanner using Nmap NSE. For | n/a | n/a | Visit Repo |
| CVE-2025-32433 | CVE-2025-32433 https://github.com/erlang/otp/security/advisori | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-2812 | USOM Tarafından resmi yayın beklenmektedir. | SQLi in Mydata Informatics' Ticket Sales Automation |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2024-42471-PoC | unzip-stream file write/overwrite vulnerability | Arbitrary File Write via artifact extraction in actions/artifact |
v3.1
HIGH
Score: 7.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
|
Visit Repo |
| CVE-2024-12905-PoC | tar-fs file write/overwrite vulnerability | n/a |
v3.1
HIGH
Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
Visit Repo |
| cve-2025-21497-lab | CSC180 final project presentation of a vulnerable CVE | n/a |
v3.1
MEDIUM
Score: 5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
|
Visit Repo |
| cve-2023-30861-poc | Flask CVE-2023-30861 Poc 환경구축 | Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header |
v3.1
HIGH
Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
Visit Repo |
| CVE-2025-2404 | USOM Tarafından resmi yayın beklenmektedir. | n/a | n/a | Visit Repo |
| CVE-2025-29306-PoC-FoxCMS-RCE | Proof-of-Concept (PoC) for CVE-2025-29306, a Remote Code Execu | n/a | n/a | Visit Repo |
| Reset-inetpub | Restore the integrity of the parent 'inetpub' folder following | n/a | n/a | Visit Repo |
| CVE-2025-3243 | A proof-of-concept exploit for CVE-2025-32433, a critical vuln | code-projects Patient Record Management System dental_form.php sql injection |
v4.0
MEDIUM
Score: 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
|
Visit Repo |
| CVE-2025-2301 | USOM Tarafından resmi yayın beklenmektedir. | IDOR in Akbim Software's Online Exam Registration |
v3.1
MEDIUM
Score: 4.4
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
|
Visit Repo |
| CVE-2021-43857-POC | Optimized exploit for CVE-2021-43857 affecting Gerapy < 0.9.8 | Gerapy may contain remote code execution vulnerability |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-31161_exploit | CVE-2025-31161 python exploit | n/a |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
Thu Apr 24, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| lab_CVE-2025-32433 | CVE lab to accompany CVE course for CVE-2025-32433 | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2024-7120-Exploit-by-Dark-07x | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection |
v4.0
MEDIUM
Score: 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
|
Visit Repo | |
| CVE-2025-30208-Series | Analysis of the Reproduction of CVE-2025-30208 Series Vulnerab | Vite bypasses server.fs.deny when using `?raw??` |
v3.1
MEDIUM
Score: 5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
Visit Repo |
| Nuclei_CVE-2025-31161_CVE-2025-2825 | Official Nuclei template for CVE-2025-31161 (formerly CVE-2025 | n/a |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-3776 | WordPress Verification SMS with TargetSMS Plugin <= 1.5 is vu | Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution |
v3.1
HIGH
Score: 8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
Visit Repo |
| WinRAR-Exploit-Builder | The WinRAR Exploit Builder is a C# project designed to create | n/a | n/a | Visit Repo |
| CVE-2025-31161 | Проверка наличие пути /WebInterface/functio | n/a |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2024-27876 | libAppleArchive exploit maker, read the writeup here https://s | n/a | n/a | Visit Repo |
| CVE-2025-30406 | Exploit for CVE-2025-30406 | n/a |
v3.1
CRITICAL
Score: 9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
Wed Apr 23, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| Erlang-OTP-CVE-2025-32433 | This Python script exploits the CVE-2025-32433 vulnerability i | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| letsdefend-cve-2024-49138-investigation | Hands-on SOC investigation of CVE-2024-49138 using LetsDefend, | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
Visit Repo |
| HTA-Exploit | Microsoft Windows HTA (HTML Application) - Pinnacle of Remote | n/a | n/a | Visit Repo |
| CVE-2025-32965-xrpl-js-poc | CVE Kodu: CVE-2025-32965 Zafiyet Türü: Supply Chain Attack | Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 |
v4.0
CRITICAL
Score: 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
|
Visit Repo |
| vulnerability-in-Remix-React-Router-CVE-2025-31137- | Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers |
v3.0
HIGH
Score: 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
Visit Repo | |
| PDF-FUD-Exploit | A meticulous scrutiny of the Exploit PDFs innards exposes a ne | n/a | n/a | Visit Repo |
| Slient-URL-Exploit | URL Contamination Exploit Muted Java Drive-By downloads can tr | n/a | n/a | Visit Repo |
| Jpg-Png-Exploit-Slient-Builder-Exploit-Database-Cve-2023-Malware | In the hushed galleries of the Silent JPG Exploit, a symphony | n/a | n/a | Visit Repo |
| Discord-Image-Logger-Stealer | Ephemeral discourse is embodied by the likes of Messenger Sess | n/a | n/a | Visit Repo |
| CVE-2025-29927 | CVE-2025-29927: Next.js Middleware Bypass Vulnerability | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo |
| CVE-2025-24963 | Browser mode serves arbitrary files in vitest |
v3.1
MEDIUM
Score: 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
Visit Repo |
Tue Apr 22, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2025-32140 | WordPress WP Remote Thumbnail Plugin <= 1.3.2 is vulnerable t | WordPress WP Remote Thumbnail Plugin <= 1.3.1 - Arbitrary File Upload vulnerability |
v3.1
CRITICAL
Score: 9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-29529 | SQLi ITC Multiplan v3.7.4.1002 (CVE-2025-29529) | n/a | n/a | Visit Repo |
| CVE-PoC-Hunter | n/a | n/a | Visit Repo | |
| CVE-2025-42599 | n/a |
v3.0
CRITICAL
Score: 9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2024-38828 | CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter |
v3.1
MEDIUM
Score: 5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
Visit Repo |
GitHub Threat Intelligence at a Glance
Stay on top of cybersecurity developments and open-source research through daily GitHub updates.
Jump into a repository to explore code, documentation, or CVE-related insights.