N3k0t

6 exploits Active since Aug 2025
CVE-2025-59287 GITHUB CRITICAL WORKING POC
Microsoft Windows Server 2012 - Insecure Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
1 stars
CVSS 9.8
CVE-2025-8941 GITHUB HIGH WORKING POC
Linux-PAM - Privilege Escalation
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
1 stars
CVSS 7.8
CVE-2025-59287 GITHUB CRITICAL python WORKING POC
Microsoft Windows Server 2012 - Insecure Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
1 stars
CVSS 9.8
CVE-2025-8941 GITHUB HIGH python WORKING POC
Linux-PAM - Privilege Escalation
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
1 stars
CVSS 7.8
CVE-2025-11953 NOMISEC CRITICAL WORKING POC
React-native-community React Native C... - OS Command Injection
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
1 stars
CVSS 9.8
CVE-2025-11953 NOMISEC CRITICAL WORKING POC
React-native-community React Native C... - OS Command Injection
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
CVSS 9.8