GitHub Feed
Explore the latest GitHub repositories gathered from our feed. Entries are grouped by day to help you track developments quickly.
Fri Apr 25, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2025-32433 | CVE-2025-32433 https://github.com/erlang/otp/security/advisori | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-2812 | USOM Tarafından resmi yayın beklenmektedir. | SQLi in Mydata Informatics' Ticket Sales Automation |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2024-42471-PoC | unzip-stream file write/overwrite vulnerability | Arbitrary File Write via artifact extraction in actions/artifact |
v3.1
HIGH
Score: 7.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
|
Visit Repo |
| CVE-2024-12905-PoC | tar-fs file write/overwrite vulnerability | n/a |
v3.1
HIGH
Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
Visit Repo |
| cve-2025-21497-lab | CSC180 final project presentation of a vulnerable CVE | n/a |
v3.1
MEDIUM
Score: 5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
|
Visit Repo |
| cve-2023-30861-poc | Flask CVE-2023-30861 Poc 환경구축 | Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header |
v3.1
HIGH
Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
Visit Repo |
| CVE-2025-2404 | USOM Tarafından resmi yayın beklenmektedir. | n/a | n/a | Visit Repo |
| CVE-2025-29306-PoC-FoxCMS-RCE | Proof-of-Concept (PoC) for CVE-2025-29306, a Remote Code Execu | n/a | n/a | Visit Repo |
| Reset-inetpub | Restore the integrity of the parent 'inetpub' folder following | n/a | n/a | Visit Repo |
| CVE-2025-3243 | A proof-of-concept exploit for CVE-2025-32433, a critical vuln | code-projects Patient Record Management System dental_form.php sql injection |
v4.0
MEDIUM
Score: 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
|
Visit Repo |
| CVE-2025-2301 | USOM Tarafından resmi yayın beklenmektedir. | n/a | n/a | Visit Repo |
| CVE-2021-43857-POC | Optimized exploit for CVE-2021-43857 affecting Gerapy < 0.9.8 | Gerapy may contain remote code execution vulnerability |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-31161_exploit | CVE-2025-31161 python exploit | n/a |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
Thu Apr 24, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| lab_CVE-2025-32433 | CVE lab to accompany CVE course for CVE-2025-32433 | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2024-7120-Exploit-by-Dark-07x | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection |
v4.0
MEDIUM
Score: 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
|
Visit Repo | |
| CVE-2025-30208-Series | Analysis of the Reproduction of CVE-2025-30208 Series Vulnerab | Vite bypasses server.fs.deny when using `?raw??` |
v3.1
MEDIUM
Score: 5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
Visit Repo |
| Nuclei_CVE-2025-31161_CVE-2025-2825 | Official Nuclei template for CVE-2025-31161 (formerly CVE-2025 | n/a |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-3776 | WordPress Verification SMS with TargetSMS Plugin <= 1.5 is vu | Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution |
v3.1
HIGH
Score: 8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
Visit Repo |
| WinRAR-Exploit-Builder | The WinRAR Exploit Builder is a C# project designed to create | n/a | n/a | Visit Repo |
| CVE-2025-31161 | Проверка наличие пути /WebInterface/functio | n/a |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2024-27876 | libAppleArchive exploit maker, read the writeup here https://s | n/a | n/a | Visit Repo |
| CVE-2025-30406 | Exploit for CVE-2025-30406 | n/a |
v3.1
CRITICAL
Score: 9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
Wed Apr 23, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| Erlang-OTP-CVE-2025-32433 | This Python script exploits the CVE-2025-32433 vulnerability i | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| letsdefend-cve-2024-49138-investigation | Hands-on SOC investigation of CVE-2024-49138 using LetsDefend, | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
Visit Repo |
| HTA-Exploit | Microsoft Windows HTA (HTML Application) - Pinnacle of Remote | n/a | n/a | Visit Repo |
| CVE-2025-32965-xrpl-js-poc | CVE Kodu: CVE-2025-32965 Zafiyet Türü: Supply Chain Attack | Compromised xrpl.js versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 |
v4.0
CRITICAL
Score: 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
|
Visit Repo |
| vulnerability-in-Remix-React-Router-CVE-2025-31137- | Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers |
v3.0
HIGH
Score: 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
Visit Repo | |
| PDF-FUD-Exploit | A meticulous scrutiny of the Exploit PDFs innards exposes a ne | n/a | n/a | Visit Repo |
| Slient-URL-Exploit | URL Contamination Exploit Muted Java Drive-By downloads can tr | n/a | n/a | Visit Repo |
| Jpg-Png-Exploit-Slient-Builder-Exploit-Database-Cve-2023-Malware | In the hushed galleries of the Silent JPG Exploit, a symphony | n/a | n/a | Visit Repo |
| Discord-Image-Logger-Stealer | Ephemeral discourse is embodied by the likes of Messenger Sess | n/a | n/a | Visit Repo |
| CVE-2025-29927 | CVE-2025-29927: Next.js Middleware Bypass Vulnerability | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo |
| CVE-2025-24963 | Browser mode serves arbitrary files in vitest |
v3.1
MEDIUM
Score: 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
Visit Repo |
Tue Apr 22, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2025-32140 | WordPress WP Remote Thumbnail Plugin <= 1.3.2 is vulnerable t | WordPress WP Remote Thumbnail Plugin <= 1.3.1 - Arbitrary File Upload vulnerability |
v3.1
CRITICAL
Score: 9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-29529 | SQLi ITC Multiplan v3.7.4.1002 (CVE-2025-29529) | n/a | n/a | Visit Repo |
| CVE-PoC-Hunter | n/a | n/a | Visit Repo | |
| CVE-2025-42599 | n/a |
v3.0
CRITICAL
Score: 9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2024-38828 | CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter |
v3.1
MEDIUM
Score: 5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
Visit Repo | |
| Gigacenter_cwmp_poc | POC for exploitation of Gigacenter devices (cwmp) no-CVE | n/a | n/a | Visit Repo |
| CVE-2025-24054-PoC | Proof of Concept for the NTLM Hash Leak via .library-ms CVE-20 | NTLM Hash Disclosure Spoofing Vulnerability |
v3.1
MEDIUM
Score: 6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
|
Visit Repo |
| FOXCMS-CVE-2025-29306-POC | n/a | n/a | Visit Repo | |
| TRAI-001-Critical-RCE-Vulnerability-in-Apache-Parquet-CVE-2025-30065-Simulation | A CVSS 10.0-rated vulnerability in the parquet-avro Java modul | Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata |
v4.0
CRITICAL
Score: 10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
|
Visit Repo |
| CVE-2025-43919-POC | A new vulnerability has been discovered in GNU Mailman 2.1.39, | n/a |
v3.1
MEDIUM
Score: 5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
Visit Repo |
| swa20250422031chj2zy8d3cvekhdprezlu | swa20250422031chj2zy8d3cvekhdprezlu | n/a | n/a | Visit Repo |
| CVE-2025-31161 | CrushFTP CVE-2025-31161 Exploit Tool | n/a |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
Mon Apr 21, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| openpoc | Aggregates multiple data sources related to CVE exploits/PoC. | n/a | n/a | Visit Repo |
| PDF-EXPLOIT | Convert your executables into PDF files with embedded exploits | n/a | n/a | Visit Repo |
| CVE-2025-24016-Wazuh-Remote-Code-Execution-RCE-PoC | A critical RCE vulnerability has been identified in the Wazuh | Remote code execution in Wazuh server |
v3.1
CRITICAL
Score: 9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
|
Visit Repo |
| CVE-2024-28987 | Proof of Concept Exploit for CVE-2024-28987: SolarWinds Web He | SolarWinds Web Help Desk Hardcoded Credential Vulnerability |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo |
| CVE-2021-34371 | python exploit - Neo4j 3.4.18 - RMI based Remote Code Executio | n/a | n/a | Visit Repo |
GitHub Threat Intelligence at a Glance
Stay on top of cybersecurity developments and open-source research through daily GitHub updates.
Jump into a repository to explore code, documentation, or CVE-related insights.