ThemeHackers

31 exploits Active since Feb 2024
CVE-2025-13780 GITLAB CRITICAL WRITEUP
Pgadmin 4 < 9.10 - Code Injection
pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
CVSS 9.1
CVE-2024-38063 GITLAB CRITICAL WORKING POC
Windows TCP/IP < - RCE
Windows TCP/IP Remote Code Execution Vulnerability
CVSS 9.8
CVE-2024-21413 GITLAB CRITICAL SUSPICIOUS
Microsoft 365 Apps - Improper Input Validation
Microsoft Outlook Remote Code Execution Vulnerability
CVSS 9.8
CVE-2024-10914 GITLAB HIGH WORKING POC
Dlink Dns-320 Firmware - Command Injection
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 8.1
CVE-2024-3094 GITLAB CRITICAL SCANNER
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
CVSS 10.0
CVE-2024-6387 GITLAB HIGH WORKING POC
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS 8.1