GhoStZA-debug

4 exploits Active since Aug 2025
CVE-2025-59287 GITHUB CRITICAL WORKING POC
Windows Server 2012, 2016, 2019, 2022, 2025 - Unauthenticated RCE via Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
1 stars
CVSS 9.8
CVE-2025-8941 GITHUB HIGH WORKING POC
Red Hat Enterprise Linux 7 Extended Lifecycle Support - Privilege Escalation via pam_namespace Symlink Attack
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
1 stars
CVSS 7.8
CVE-2025-61882 GITHUB CRITICAL WORKING POC
Oracle Concurrent Processing 12.2.3-12.2.14 - Unauthenticated Takeover
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
1 stars
CVSS 9.8
CVE-2025-11953 NOMISEC CRITICAL WORKING POC
react-native-community/cli < 20.0.0 - Unauthenticated OS Command Injection via Metro Development Server
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
CVSS 9.8