Github Exploits

41 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-55177 GITHUB MEDIUM html
Whatsapp < 2.25.21.73 - Incorrect Authorization
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
by danielw98
CVSS 5.4
CVE-2025-43300 GITHUB CRITICAL html
iOS <15.8.5, <16.7.12 - Memory Corruption
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
by danielw98
CVSS 10.0
CVE-2026-2441 GITHUB HIGH html
Google Chrome <145.0.7632.75 - Use After Free
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
by huseyinstif
12 stars
CVSS 8.8
CVE-2025-14766 GITHUB HIGH html
Google Chrome < 143.0.7499.146 - Out-of-Bounds Write
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
by InfoSecAntara
2 stars
CVSS 8.8
CVE-2025-10720 GITHUB MEDIUM html
WP Private Content Plus <3.6.2 - Auth Bypass
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.
by lorenzocamilli
CVSS 6.5
CVE-2025-9738 GITHUB LOW html
Portabilis i-Educar <2.10 - XSS
A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used.
by KarinaGante
CVSS 3.5
CVE-2025-9724 GITHUB LOW html
Portabilis i-Educar <2.10 - XSS
A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
by KarinaGante
CVSS 3.5
CVE-2025-9723 GITHUB LOW html
Portabilis i-Educar <2.10 - XSS
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used.
by KarinaGante
CVSS 3.5
CVE-2025-9722 GITHUB LOW html
Portabilis i-Educar <2.10 - XSS
A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by KarinaGante
CVSS 3.5
CVE-2025-9721 GITHUB LOW html
Portabilis i-Educar <2.10 - XSS
A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used.
by KarinaGante
CVSS 3.5
CVE-2025-9720 GITHUB LOW html
Portabilis i-Educar <2.10 - XSS
A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used.
by KarinaGante
CVSS 3.5
CVE-2025-9653 GITHUB LOW html
Portabilis i-Educar <2.10 - XSS
A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
by KarinaGante
CVSS 3.5
CVE-2025-9652 GITHUB LOW html
Portabilis i-Educar <2.10 - XSS
A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
by KarinaGante
CVSS 3.5
CVE-2025-9532 GITHUB MEDIUM html
Portabilis i-Educar <2.10 - SQL Injection
A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 6.3
CVE-2025-9531 GITHUB MEDIUM html
Portabilis i-Educar <2.10 - SQL Injection
A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument cod_agenda results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 6.3
CVE-2025-8545 GITHUB LOW html
Portabilis I-educar - Code Injection
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 2.4
CVE-2025-8544 GITHUB LOW html
Portabilis I-educar - Code Injection
A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 2.4
CVE-2025-8543 GITHUB LOW html
Portabilis I-educar - Code Injection
A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 2.4
CVE-2025-8542 GITHUB LOW html
Portabilis I-educar - Code Injection
A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 2.4
CVE-2025-8541 GITHUB LOW html
Portabilis I-educar - Code Injection
A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 2.4
CVE-2025-8540 GITHUB LOW html
Portabilis I-educar - Code Injection
A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 2.4
CVE-2025-8539 GITHUB LOW html
Portabilis I-educar - Code Injection
A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 2.4
CVE-2025-8538 GITHUB LOW html
Portabilis I-educar - Code Injection
A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
by KarinaGante
CVSS 2.4
CVE-2025-10846 GITHUB MEDIUM html
Portabilis I-educar < 2.10.0 - Injection
A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
by KarinaGante
CVSS 6.3
CVE-2025-10845 GITHUB MEDIUM html
Portabilis I-educar < 2.10.0 - Injection
A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
by KarinaGante
CVSS 6.3
By Source
All 41 Exploitdb 50,123 Writeup 46,583 Nomisec 21,106 Metasploit 3,189 Github 2,211 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,723 c 3,550 perl 2,854 html 2,053 php 1,332 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24