Github Exploits
98 exploits tracked across all sources.
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by react2shell-repo-menagerie
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by BankkRoll
11 stars
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by emredavut
311 stars
(pending title)
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by ZihxS
5 stars
Google Chrome < 142.0.7444.59 - Type Confusion
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
by dexterm300
Script Security Plugin <1.49 - RCE
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
by wjl110
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
by wjl110
Microsoft Windows 10 - Use After Free
Windows Win32k Elevation of Privilege Vulnerability
by wjl110
Freebsd - TOCTOU Race Condition
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.
by wjl110
Microsoft Windows 10 - Symlink Following
<p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p>
<p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p>
<p>The security update addresses the vulnerability by correcting how Group Policy checks access.</p>
by wjl110
Rockwellautomation Factorytalk View - Information Disclosure
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.
by wjl110
Microsoft Sharepoint Enterprise Server - Unrestricted File Upload
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.
by wjl110
Intel Proset/wireless Wifi < 21.70.0.6 - Denial of Service
Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.
by wjl110
Atlassian Confluence Widget Connector Macro Velocity Template Injection
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
by wjl110
Tp-link Tl-wr841n Firmware - Buffer Overflow
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457.
by wjl110
By Source