Abdualhadi khalifa

12 exploits Active since Apr 2024
CVE-2025-0282 NOMISEC CRITICAL WORKING POC
Ivanti Connect Secure <22.7R2.5 - RCE
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
3 stars
CVSS 9.0
CVE-2025-31650 NOMISEC HIGH WORKING POC
Apache Tomcat 9.0.76-9.0.102, 10.1.10-10.1.39, 11.0.0-M2-11.0.5 - Denial of Service via HTTP Priority Header Memory Leak
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
CVSS 7.5
CVE-2024-33559 EXPLOITDB CRITICAL text WORKING POC
8theme XStore <9.3.5 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.
CVSS 9.3
CVE-2025-27007 EXPLOITDB CRITICAL text WORKING POC
OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation
Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82.
CVSS 9.8
CVE-2025-27210 EXPLOITDB HIGH python WORKING POC
Node.js 20.0.0-20.19.3, 22.0.0-22.17.0, 24.0.0-24.4.0 - Path Traversal via Windows Device Names in path.join
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of `path.join` API.
CVSS 7.5
EIP-2026-104120 EXPLOITDB python WORKING POC
VMware Cloud Director 10.5 - Bypass identity verification
CVE-2025-0282 EXPLOITDB CRITICAL python WORKING POC
Ivanti Connect Secure <22.7R2.5 - RCE
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
CVSS 9.0
EIP-2026-103885 EXPLOITDB python SCANNER
CrushFTP < 11.1.0 - Directory Traversal
CVE-2025-31650 EXPLOITDB HIGH python WORKING POC
Apache Tomcat 9.0.76-9.0.102, 10.1.10-10.1.39, 11.0.0-M2-11.0.5 - Denial of Service via HTTP Priority Header Memory Leak
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial of service. This issue affects Apache Tomcat: from 9.0.76 through 9.0.102, from 10.1.10 through 10.1.39, from 11.0.0-M2 through 11.0.5. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.90 though 8.5.100. Users are recommended to upgrade to version 9.0.104, 10.1.40 or 11.0.6 which fix the issue.
CVSS 7.5
CVE-2025-27533 EXPLOITDB HIGH python WORKING POC
Apache ActiveMQ 5.16.0-5.16.7, 5.17.0-5.17.6, 5.18.0-5.18.6 - Denial of Service via OpenWire Buffer Size Validation
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections. This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected. Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue. Existing users may implement mutual TLS to mitigate the risk on affected brokers.
CVSS 7.5
CVE-2024-32113 EXPLOITDB CRITICAL text WORKING POC
Apache OFBiz <18.12.13 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
CVSS 9.8
EIP-2026-101588 EXPLOITDB python WORKING POC
Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE