diff options
Diffstat (limited to 'docs/feed.xml')
| -rw-r--r-- | docs/feed.xml | 514 |
1 files changed, 514 insertions, 0 deletions
diff --git a/docs/feed.xml b/docs/feed.xml new file mode 100644 index 0000000..6214cc0 --- /dev/null +++ b/docs/feed.xml @@ -0,0 +1,514 @@ +<?xml version="1.0" encoding="utf-8"?> +<rss xmlns:atom="http://www.w3.org/2005/Atom" version="2.0"> + <channel> + <title>CVE Updates Feed</title> + <link>https://cve.heqnx.com</link> + <description>RSS feed for recent CVE GitHub repositories</description> + <atom:link href="https://cve.heqnx.com/feed.xml" rel="self" type="application/rss+xml"/> + <item> + <title>CVE-2025-3928</title> + <link>https://github.com/Totunm/CVE-2025-3928</link> + <description>No description</description> + </item> + <item> + <title>Anydesk-Exploit-CVE-2025-12654-RCE-Builder</title> + <link>https://github.com/Subha-coder-hash/Anydesk-Exploit-CVE-2025-12654-RCE-Builder</link> + <description>Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.</description> + </item> + <item> + <title>CVE-2025-1304</title> + <link>https://github.com/Nxploited/CVE-2025-1304</link> + <description>WordPress NewsBlogger Theme <= 0.2.5.1 is vulnerable to Arbitrary File Upload</description> + </item> + <item> + <title>Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool</title> + <link>https://github.com/sattarbug/Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool</link> + <description>No description</description> + </item> + <item> + <title>Erlang-OTP-SSH-CVE-2025-32433</title> + <link>https://github.com/bilalz5-github/Erlang-OTP-SSH-CVE-2025-32433</link> + <description>CVE-2025-32433 – Erlang/OTP SSH vulnerability allowing pre-auth RCE</description> + </item> + <item> + <title>Anydesk-Exploit-CVE-2025-12654-RCE-Builder</title> + <link>https://github.com/Yuweixn/Anydesk-Exploit-CVE-2025-12654-RCE-Builder</link> + <description>Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.</description> + </item> + <item> + <title>Office-Exploit-Cve2025-Xml-Doc-Docx-Rce-Builder-Fud</title> + <link>https://github.com/Caztemaz/Office-Exploit-Cve2025-Xml-Doc-Docx-Rce-Builder-Fud</link> + <description>Exploit development targets vulnerabilities like CVE-2025-44228, often using tools like silent exploit builders. Office documents, including DOC files, are exploited through malware payloads and CVE exploits, impacting platforms like Office 365.</description> + </item> + <item> + <title>Lnk-Exploit-FileBinder-Certificate-Spoofer-Reg-Doc-Cve-Rce</title> + <link>https://github.com/Caztemaz/Lnk-Exploit-FileBinder-Certificate-Spoofer-Reg-Doc-Cve-Rce</link> + <description>Exploit development involves tools like exploitation frameworks and CVE databases. LNK exploits, such as LNK builder or LNK payload techniques, leverage vulnerabilities like CVE-2025-44228 for silent RCE execution through shortcut files.</description> + </item> + <item> + <title>Phantom-Registy-Exploit-Cve2025-20682-Runtime-Fud-Lnk</title> + <link>https://github.com/Caztemaz/Phantom-Registy-Exploit-Cve2025-20682-Runtime-Fud-Lnk</link> + <description>Exploit development involves tools like exploitation frameworks and CVE databases. Registry exploits, such as reg exploit or registry-based payloads, leverage vulnerabilities for silent execution, often using FUD techniques to evade detection.</description> + </item> + <item> + <title>CVE-2025-20029-simulation</title> + <link>https://github.com/schoi1337/CVE-2025-20029-simulation</link> + <description>Simulated environment for CVE-2025-20029 using Docker. Includes PoC and auto-reporting.</description> + </item> + <item> + <title>CVE-2025-31324-File-Upload</title> + <link>https://github.com/nullcult/CVE-2025-31324-File-Upload</link> + <description>A totally unauthenticated file-upload endpoint in Visual Composer lets anyone drop arbitrary files (e.g., a JSP web-shell) onto the server.</description> + </item> + <item> + <title>jsp-webshell-scanner</title> + <link>https://github.com/respondiq/jsp-webshell-scanner</link> + <description>🔍 A simple Bash script to detect malicious JSP webshells, including those used in exploits of SAP NetWeaver CVE-2025-31324.</description> + </item> + <item> + <title>CVE-2025-39538</title> + <link>https://github.com/Nxploited/CVE-2025-39538</link> + <description>WordPress WP-Advanced-Search <= 3.3.9.3 - Arbitrary File Upload Vulnerability</description> + </item> + <item> + <title>Burp_CVE-2025-31324</title> + <link>https://github.com/BlueOWL-overlord/Burp_CVE-2025-31324</link> + <description>Python-based Burp Suite extension is designed to detect the presence of CVE-2025-31324</description> + </item> + <item> + <title>CVE-2025-21756</title> + <link>https://github.com/mr-spongebob/CVE-2025-21756</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-31650</title> + <link>https://github.com/tunahantekeoglu/CVE-2025-31650</link> + <description>CVE-2025-31650 PoC</description> + </item> + <item> + <title>cve-2025-29775</title> + <link>https://github.com/twypsy/cve-2025-29775</link> + <description>POCs for CVE-2025-29775</description> + </item> + <item> + <title>TomcatKiller-CVE-2025-31650</title> + <link>https://github.com/absholi7ly/TomcatKiller-CVE-2025-31650</link> + <description>A tool designed to detect the vulnerability **CVE-2025-31650** in Apache Tomcat (versions 10.1.10 to 10.1.39)</description> + </item> + <item> + <title>CVE-2025-26014</title> + <link>https://github.com/vigilante-1337/CVE-2025-26014</link> + <description>A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. The manipulation of the argument path from read.py file leads to os command injection. The attack can be launched remotely.</description> + </item> + <item> + <title>CVE-2025-31324</title> + <link>https://github.com/Pengrey/CVE-2025-31324</link> + <description>Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader</description> + </item> + <item> + <title>Gombruc</title> + <link>https://github.com/Darabium/Gombruc</link> + <description>This vulnerability is related to CVE-2025-0401, which affects all Linux systems. With the help of this bash script, you can give your user any level of access, up to and including Root access. Warning: This exploit is for educational purposes only and any exploitation of this vulnerability is risky.</description> + </item> + <item> + <title>CVE-2025-29927</title> + <link>https://github.com/rubbxalc/CVE-2025-29927</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-29927</title> + <link>https://github.com/HoumanPashaei/CVE-2025-29927</link> + <description>This is a CVE-2025-29927 Scanner.</description> + </item> + <item> + <title>CVE-2025-24091</title> + <link>https://github.com/cyruscostini/CVE-2025-24091</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-31324_PoC_SAP</title> + <link>https://github.com/abrewer251/CVE-2025-31324_PoC_SAP</link> + <description>Proof-of-Concept for CVE-2025-31324: Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader</description> + </item> + <item> + <title>CVE-2025-46701</title> + <link>https://github.com/gregk4sec/CVE-2025-46701</link> + <description>Tomcat CVE</description> + </item> + <item> + <title>CVE-2025-29927</title> + <link>https://github.com/hed1ad/CVE-2025-29927</link> + <description>CVE-2025-29927</description> + </item> + <item> + <title>SAP-CVE-2025-31324</title> + <link>https://github.com/Alizngnc/SAP-CVE-2025-31324</link> + <description>SAP NetWeaver Unauthenticated Remote Code Execution</description> + </item> + <item> + <title>CVE-2025-29927</title> + <link>https://github.com/Hirainsingadia/CVE-2025-29927</link> + <description>Next js middlewareauth Bypass</description> + </item> + <item> + <title>my-CVE-2025-29927</title> + <link>https://github.com/hed1ad/my-CVE-2025-29927</link> + <description>CVE-2025-29927</description> + </item> + <item> + <title>CVE-2025-31324</title> + <link>https://github.com/moften/CVE-2025-31324</link> + <description>SAP PoC para CVE-2025-31324</description> + </item> + <item> + <title>CVE-2025-31324-NUCLEI</title> + <link>https://github.com/moften/CVE-2025-31324-NUCLEI</link> + <description>Nuclei template for cve-2025-31324 (SAP)</description> + </item> + <item> + <title>CVE-2025-32433</title> + <link>https://github.com/MrDreamReal/CVE-2025-32433</link> + <description>CVE-2025-32433 Summary and Attack Overview</description> + </item> + <item> + <title>CVE-2025-46657</title> + <link>https://github.com/nov-1337/CVE-2025-46657</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-3248-langflow-RCE</title> + <link>https://github.com/minxxcozy/CVE-2025-3248-langflow-RCE</link> + <description>CVE-2025-3248 Langflow 사전 인증 원격 코드 실행 취약점 PoC</description> + </item> + <item> + <title>CVE-2025-2294</title> + <link>https://github.com/romanedutov/CVE-2025-2294</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-1974</title> + <link>https://github.com/chhhd/CVE-2025-1974</link> + <description>No description</description> + </item> + <item> + <title>ExploitCVE2025</title> + <link>https://github.com/Profanatic/ExploitCVE2025</link> + <description>ExploitCVE2025 - SAP Path Traversal Auto-Exploit Tool</description> + </item> + <item> + <title>CVE-2025-0927</title> + <link>https://github.com/mr-spongebob/CVE-2025-0927</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-32433</title> + <link>https://github.com/0x7556/CVE-2025-32433</link> + <description>CVE-2025-32433 Erlang/OTP SSH RCE Exploit</description> + </item> + <item> + <title>CVE-2025-32433</title> + <link>https://github.com/becrevex/CVE-2025-32433</link> + <description>Erlang OTP SSH NSE Discovery Script</description> + </item> + <item> + <title>CVE-2025-31324</title> + <link>https://github.com/rxerium/CVE-2025-31324</link> + <description>SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.</description> + </item> + <item> + <title>CVE-2025-3102</title> + <link>https://github.com/SUPRAAA-1337/CVE-2025-3102</link> + <description>Detects the version of the SureTriggers WordPress plugin from exposed asset URLs and compares it to determine if it's vulnerable (<= 1.0.78).</description> + </item> + <item> + <title>CVE-2025-3102_v2</title> + <link>https://github.com/SUPRAAA-1337/CVE-2025-3102_v2</link> + <description>Checks the SureTriggers WordPress plugin's readme.txt file for the Stable tag version. If the version is less than or equal to 1.0.78, it is considered vulnerable.0.78).</description> + </item> + <item> + <title>CVE-2025-29927</title> + <link>https://github.com/EQSTLab/CVE-2025-29927</link> + <description>Next.js middleware bypass PoC</description> + </item> + <item> + <title>CVE-2025-29306-PoC-FoxCMS-RCE</title> + <link>https://github.com/Mattb709/CVE-2025-29306-PoC-FoxCMS-RCE</link> + <description>Proof-of-Concept (PoC) for CVE-2025-29306, a Remote Code Execution vulnerability in FoxCMS. This Python script scans single or multiple targets, executes commands, and reports vulnerable hosts.</description> + </item> + <item> + <title>lab_CVE-2025-32433</title> + <link>https://github.com/ps-interactive/lab_CVE-2025-32433</link> + <description>CVE lab to accompany CVE course for CVE-2025-32433</description> + </item> + <item> + <title>commvault-cve2025-34028-check</title> + <link>https://github.com/tinkerlev/commvault-cve2025-34028-check</link> + <description>Commvault CVE-2025-34028 endpoint scanner using Nmap NSE. For ethical testing and configuration validation.</description> + </item> + <item> + <title>cve-2025-21497-lab</title> + <link>https://github.com/Urbank-61/cve-2025-21497-lab</link> + <description>CSC180 final project presentation of a vulnerable CVE</description> + </item> + <item> + <title>Anydesk-Exploit-CVE-2025-12654-RCE-Builder</title> + <link>https://github.com/ThreeMens/Anydesk-Exploit-CVE-2025-12654-RCE-Builder</link> + <description>Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.</description> + </item> + <item> + <title>Reset-inetpub</title> + <link>https://github.com/mmotti/Reset-inetpub</link> + <description>Restore the integrity of the parent 'inetpub' folder following security implications highlighted by CVE-2025-2120.</description> + </item> + <item> + <title>CVE-2025-31161</title> + <link>https://github.com/SUPRAAA-1337/CVE-2025-31161</link> + <description>Проверка наличие пути /WebInterface/function</description> + </item> + <item> + <title>CVE-2025-30406</title> + <link>https://github.com/W01fh4cker/CVE-2025-30406</link> + <description>Exploit for CVE-2025-30406</description> + </item> + <item> + <title>Nuclei_CVE-2025-31161_CVE-2025-2825</title> + <link>https://github.com/SUPRAAA-1337/Nuclei_CVE-2025-31161_CVE-2025-2825</link> + <description>Official Nuclei template for CVE-2025-31161 (formerly CVE-2025-2825)</description> + </item> + <item> + <title>CVE-2025-30208-Series</title> + <link>https://github.com/r0ngy40/CVE-2025-30208-Series</link> + <description>Analysis of the Reproduction of CVE-2025-30208 Series Vulnerabilities</description> + </item> + <item> + <title>CVE-2025-3776</title> + <link>https://github.com/Nxploited/CVE-2025-3776</link> + <description>WordPress Verification SMS with TargetSMS Plugin <= 1.5 is vulnerable to Remote Code Execution (RCE)</description> + </item> + <item> + <title>CVE-2025-24963</title> + <link>https://github.com/0xdeviner/CVE-2025-24963</link> + <description>No description</description> + </item> + <item> + <title>vulnerability-in-Remix-React-Router-CVE-2025-31137-</title> + <link>https://github.com/pouriam23/vulnerability-in-Remix-React-Router-CVE-2025-31137-</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-29927</title> + <link>https://github.com/kh4sh3i/CVE-2025-29927</link> + <description>CVE-2025-29927: Next.js Middleware Bypass Vulnerability</description> + </item> + <item> + <title>CVE-2025-24054-PoC</title> + <link>https://github.com/helidem/CVE-2025-24054-PoC</link> + <description>Proof of Concept for the NTLM Hash Leak via .library-ms CVE-2025-24054</description> + </item> + <item> + <title>CVE-2025-32140</title> + <link>https://github.com/Nxploited/CVE-2025-32140</link> + <description>WordPress WP Remote Thumbnail Plugin <= 1.3.2 is vulnerable to Arbitrary File Upload</description> + </item> + <item> + <title>CVE-2025-42599</title> + <link>https://github.com/bronsoneaver/CVE-2025-42599</link> + <description>No description</description> + </item> + <item> + <title>FOXCMS-CVE-2025-29306-POC</title> + <link>https://github.com/inok009/FOXCMS-CVE-2025-29306-POC</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-43919-POC</title> + <link>https://github.com/cybersecplayground/CVE-2025-43919-POC</link> + <description>A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw.</description> + </item> + <item> + <title>Next.js-Middleware-Bypass-CVE-2025-29927-</title> + <link>https://github.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927-</link> + <description>No description</description> + </item> + <item> + <title>TRA-001-Critical-RCE-Vulnerability-in-Apache-Parquet-CVE-2025-30065-Simulation-</title> + <link>https://github.com/ThreatRadarAI/TRA-001-Critical-RCE-Vulnerability-in-Apache-Parquet-CVE-2025-30065-Simulation-</link> + <description>A CVSS 10.0-rated vulnerability in the parquet-avro Java module allows remote code execution via unsafe deserialization when parsing schemas. Tracked as CVE-2025-30065, this flaw affects Apache Parquet ≤ 1.15.0. All users must upgrade to version 1.15.1 immediately to mitigate exploitation risks.</description> + </item> + <item> + <title>CVE-2025-30208-template</title> + <link>https://github.com/imbas007/CVE-2025-30208-template</link> + <description>CVE-2025-30208 vite file read nuclei template</description> + </item> + <item> + <title>apple-positional-audio-codec-invalid-header</title> + <link>https://github.com/zhuowei/apple-positional-audio-codec-invalid-header</link> + <description>looking into CVE-2025-31200 - can't figure it out yet</description> + </item> + <item> + <title>CVE-2025-3102</title> + <link>https://github.com/dennisec/CVE-2025-3102</link> + <description>No description</description> + </item> + <item> + <title>LibHeif---CVE-2025-XXXXX</title> + <link>https://github.com/SexyShoelessGodofWar/LibHeif---CVE-2025-XXXXX</link> + <description>Heap Overflow in LibHeif</description> + </item> + <item> + <title>CVE-2025-43919</title> + <link>https://github.com/0NYX-MY7H/CVE-2025-43919</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-43920</title> + <link>https://github.com/0NYX-MY7H/CVE-2025-43920</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-43921</title> + <link>https://github.com/0NYX-MY7H/CVE-2025-43921</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-0054</title> + <link>https://github.com/z3usx01/CVE-2025-0054</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-43929</title> + <link>https://github.com/0xBenCantCode/CVE-2025-43929</link> + <description>Medium-severity vulnerability in KiTTY allowing for local executables to be ran without user confirmation under certain circumstances.</description> + </item> + <item> + <title>CVE-2025-32433-Remote-Shell</title> + <link>https://github.com/meloppeitreet/CVE-2025-32433-Remote-Shell</link> + <description>Go-based exploit for CVE-2025-32433</description> + </item> + <item> + <title>cve-2025-32433</title> + <link>https://github.com/0xPThree/cve-2025-32433</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-28121</title> + <link>https://github.com/pruthuraut/CVE-2025-28121</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-24801</title> + <link>https://github.com/r1beirin/CVE-2025-24801</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-21756</title> + <link>https://github.com/hoefler02/CVE-2025-21756</link> + <description>My first linux kernel exploit</description> + </item> + <item> + <title>CVE-2025-32433</title> + <link>https://github.com/teamtopkarl/CVE-2025-32433</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-28355</title> + <link>https://github.com/abbisQQ/CVE-2025-28355</link> + <description>It was identified that the https://github.com/Volmarg/personal-management-system application is vulnerable to CSRF attacks.</description> + </item> + <item> + <title>CVE-2025-32395</title> + <link>https://github.com/ruiwenya/CVE-2025-32395</link> + <description>CVE-2025-32395-POC</description> + </item> + <item> + <title>CVE-2025-32682</title> + <link>https://github.com/Nxploited/CVE-2025-32682</link> + <description>WordPress MapSVG Lite Plugin <= 8.5.34 is vulnerable to Arbitrary File Upload</description> + </item> + <item> + <title>CVE-2025-32433</title> + <link>https://github.com/darses/CVE-2025-32433</link> + <description>Security research on Erlang/OTP SSH CVE-2025-32433.</description> + </item> + <item> + <title>CVE-2025-32433</title> + <link>https://github.com/LemieOne/CVE-2025-32433</link> + <description>Missing Authentication for Critical Function (CWE-306)-Exploit</description> + </item> + <item> + <title>CVE-2025-24054_PoC</title> + <link>https://github.com/xigney/CVE-2025-24054_PoC</link> + <description>PoC - CVE-2025-24071 / CVE-2025-24054, NTMLv2 hash'leri alınabilen bir vulnerability</description> + </item> + <item> + <title>CVE-2025-24813-vulhub</title> + <link>https://github.com/Erosion2020/CVE-2025-24813-vulhub</link> + <description>CVE-2025-24813的vulhub环境的POC脚本</description> + </item> + <item> + <title>CVE-2025-32433</title> + <link>https://github.com/ProDefense/CVE-2025-32433</link> + <description>No description</description> + </item> + <item> + <title>Vuln-Next.js-CVE-2025-29927</title> + <link>https://github.com/Grand-Moomin/Vuln-Next.js-CVE-2025-29927</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-4172026</title> + <link>https://github.com/NotItsSixtyN3in/CVE-2025-4172026</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-4172025</title> + <link>https://github.com/NotItsSixtyN3in/CVE-2025-4172025</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-3568</title> + <link>https://github.com/shellkraft/CVE-2025-3568</link> + <description>A security vulnerability has been identified in Krayin CRM <=2.1.0 that allows a low-privileged user to escalate privileges by tricking an admin into opening a malicious SVG file.</description> + </item> + <item> + <title>CVE-2025-29306</title> + <link>https://github.com/verylazytech/CVE-2025-29306</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-28009</title> + <link>https://github.com/beardenx/CVE-2025-28009</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-29927-NextJs-Middleware-Simulation</title> + <link>https://github.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation</link> + <description>Simulates CVE-2025-29927, a critical Next.js vulnerability allowing attackers to bypass middleware authorization by exploiting the internal x-middleware-subrequest HTTP header. Demonstrates unauthorized access to protected routes and provides mitigation strategies.</description> + </item> + <item> + <title>CVE-2025-29927</title> + <link>https://github.com/mhamzakhattak/CVE-2025-29927</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-30967</title> + <link>https://github.com/Anton-ai111/CVE-2025-30967</link> + <description>CVE-2025-30967</description> + </item> + <item> + <title>CVE-2025-39601</title> + <link>https://github.com/Nxploited/CVE-2025-39601</link> + <description>WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability</description> + </item> + <item> + <title>CVE-2025-3248</title> + <link>https://github.com/verylazytech/CVE-2025-3248</link> + <description>No description</description> + </item> + <item> + <title>CVE-2025-26318</title> + <link>https://github.com/Frozenka/CVE-2025-26318</link> + <description>POC CVE-2025-26318</description> + </item> + </channel> +</rss> |