joaquinrrr

2 exploits Active since Nov 2023

CVE-2023-6019 NOMISEC CRITICAL WORKING POC

Ray < 2.8.1 - Unauthenticated Remote Code Execution via CPU Profile URL Parameter

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023

5 stars

CVSS 9.8

View Code

CVE-2025-8110 GITHUB HIGH python WORKING POC

Gogs < 0.13.3 - Local Code Execution via PutContents API Symbolic Link Handling

Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

4 stars

CVSS 8.8

View Code