adminlove520

199 exploits Active since Jan 2024
CVE-2025-60751 GITHUB HIGH python SCANNER
GeographicLib 2.5 - Buffer Overflow
GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.
2 stars
CVSS 7.5
CVE-2025-60852 GITHUB MEDIUM python WRITEUP
Instant Developer Foundation <25.0.9600 - Code Injection
A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before including it in CSV exports. This issue could lead to code execution on the system where the exported CSV file is opened.
2 stars
CVSS 6.5
CVE-2025-61301 GITHUB HIGH python WRITEUP
CAPEv2 - Denial of Service via Oversized Behavior Data
Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.
2 stars
CVSS 7.5
CVE-2025-61303 GITHUB CRITICAL python SCANNER
Hatching Triage Sandbox Windows 10 build 2004 and LTSC 2021 - Denial-of-Analysis via Recursive Child Process Spawning
Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The vulnerability is triggered when a sample recursively spawns a large number of child processes, generating high log volume and exhausting system resources. As a result, key malicious behavior, including PowerShell execution and reverse shell activity, may not be recorded or reported, misleading analysts and compromising the integrity and availability of sandboxed analysis results.
2 stars
CVSS 9.8
CVE-2025-61882 GITHUB CRITICAL python WORKING POC
Oracle Concurrent Processing 12.2.3-12.2.14 - Unauthenticated Takeover
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
2 stars
CVSS 9.8
CVE-2025-62168 GITHUB CRITICAL python SCANNER
Squid < 7.2 - Information Disclosure via HTTP Authentication Credential Leak in Error Handling
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.
2 stars
CVSS 10.0
CVE-2025-62215 GITHUB HIGH python WORKING POC
Windows Kernel - Use-After-Free via Race Condition
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
2 stars
CVSS 7.0
CVE-2025-62506 GITHUB HIGH python WORKING POC
MinIO < RELEASE.2025-10-15T17-29-55Z - Privilege Escalation via IAM Policy Validation Bypass
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing operations on their own account, specifically when creating new service accounts for the same user. The vulnerability exists in the IAM policy validation logic where the code incorrectly relied on the DenyOnly argument when validating session policies for restricted accounts. When a session policy is present, the system should validate that the action is allowed by the session policy, not just that it is not denied. An attacker with valid credentials for a restricted service or STS account can create a new service account for itself without policy restrictions, resulting in a new service account with full parent privileges instead of being restricted by the inline policy. This allows the attacker to access buckets and objects beyond their intended restrictions and modify, delete, or create objects outside their authorized scope. The vulnerability is fixed in version RELEASE.2025-10-15T17-29-55Z.
2 stars
CVSS 8.1
CVE-2025-62507 GITHUB HIGH python WORKING POC
Redis 8.2.0-8.2.2 - Stack-based Buffer Overflow via XACKDEL Command
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.
2 stars
CVSS 8.8
CVE-2025-62518 GITHUB HIGH python WORKING POC
astral-tokio-tar < 0.5.6 - Archive Entry Smuggling via PAX Header Size Mismatch
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
2 stars
CVSS 8.1
CVE-2025-62726 GITHUB HIGH python WORKING POC
n8n < 1.113.0 - Remote Code Execution via Git Node Pre-Commit Hook
n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.
2 stars
CVSS 8.8
CVE-2025-63406 GITHUB HIGH python WORKING POC
GroupOffice < 25.0.47 and 6.8.136 - FunctionField eval Code Execution
An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php
2 stars
CVSS 8.8
CVE-2025-63499 GITHUB MEDIUM python STUB
Alinto SOGo < 5.12.4 - Cross-Site Scripting via Theme Parameter
Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.
2 stars
CVSS 6.1
CVE-2025-6440 GITHUB CRITICAL python WORKING POC
WooCommerce Designer Pro <1.9.26 - RCE
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdp_save_canvas_design_ajax' function in all versions up to, and including, 1.9.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
2 stars
CVSS 9.8
CVE-2025-64446 GITHUB CRITICAL python SUSPICIOUS
Fortinet FortiWeb unauthenticated RCE
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
2 stars
CVSS 9.8
CVE-2025-64512 GITHUB HIGH python WORKING POC
pdfminer.six < 20251107 - Remote Code Execution via Malicious Pickle File Deserialization
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The `CMapDB._load_data()` function in pdfminer.six uses `pickle.loads()` to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the `cmap/` directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in `.pickle.gz`. A malicious, zipped pickle file can then contain code which will automatically execute when the PDF is processed. Version 20251107 fixes the issue.
2 stars
CVSS 8.6
CVE-2025-65637 GITHUB HIGH python WORKING POC
logrus < 1.8.3 - Denial of Service via Large Single-Line Payload
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.
2 stars
CVSS 7.5
CVE-2025-65945 GITHUB HIGH python WORKING POC
auth0/node-jws <4.0.0 - Improper Signature Verification
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1.
2 stars
CVSS 7.5
CVE-2025-66478 GITHUB python WORKING POC
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
2 stars
CVE-2025-6758 GITHUB CRITICAL python WORKING POC
Imithemes Real Spaces - WordPress Properties Directory Theme <= 3.6 - Privilege Escalation
The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during user registration.
2 stars
CVSS 9.8
CVE-2025-68055 GITHUB HIGH python WORKING POC
Themefic Hydra Booking <1.1.32 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32.
2 stars
CVSS 8.5
CVE-2025-68147 GITHUB HIGH python WRITEUP
Open Source Point of Sale 3.4.0-3.4.2 - Stored Cross-Site Scripting in Return Policy Configuration Field
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting (XSS) vulnerability exists in the "Return Policy" configuration field. The application does not properly sanitize user input before saving it to the database or displaying it on receipts. An attacker with access to the "Store Configuration" (such as a rogue administrator or an account compromised via the separate CSRF vulnerability) can inject malicious JavaScript payloads into this field. These payloads are executed in the browser of any user (including other administrators and sales staff) whenever they view a receipt or complete a transaction. This can lead to session hijacking, theft of sensitive data, or unauthorized actions performed on behalf of the victim. The vulnerability has been patched in version 3.4.2 by ensuring the output is escaped using the `esc()` function in the receipt template. As a temporary mitigation, administrators should ensure the "Return Policy" field contains only plain text and strictly avoid entering any HTML tags. There is no code-based workaround other than applying the patch.
2 stars
CVSS 8.1
CVE-2026-49975 NOMISEC HIGH SCANNER
Apache HTTP Server: mod_http2 denial of service
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.
1 stars
CVSS 7.5
CVE-2024-0204 NOMISEC CRITICAL WORKING POC
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
1 stars
CVSS 9.8