CVE Updates Feed

CVE-2025-3928

No description

Anydesk-Exploit-CVE-2025-12654-RCE-Builder

Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.

CVE-2025-1304

WordPress NewsBlogger Theme <= 0.2.5.1 is vulnerable to Arbitrary File Upload

Analysis-of-TomcatKiller---CVE-2025-31650-Exploit-Tool

No description

Erlang-OTP-SSH-CVE-2025-32433

CVE-2025-32433 – Erlang/OTP SSH vulnerability allowing pre-auth RCE

Anydesk-Exploit-CVE-2025-12654-RCE-Builder

Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.

Office-Exploit-Cve2025-Xml-Doc-Docx-Rce-Builder-Fud

Exploit development targets vulnerabilities like CVE-2025-44228, often using tools like silent exploit builders. Office documents, including DOC files, are exploited through malware payloads and CVE exploits, impacting platforms like Office 365.

Lnk-Exploit-FileBinder-Certificate-Spoofer-Reg-Doc-Cve-Rce

Exploit development involves tools like exploitation frameworks and CVE databases. LNK exploits, such as LNK builder or LNK payload techniques, leverage vulnerabilities like CVE-2025-44228 for silent RCE execution through shortcut files.

Phantom-Registy-Exploit-Cve2025-20682-Runtime-Fud-Lnk

Exploit development involves tools like exploitation frameworks and CVE databases. Registry exploits, such as reg exploit or registry-based payloads, leverage vulnerabilities for silent execution, often using FUD techniques to evade detection.

CVE-2025-20029-simulation

Simulated environment for CVE-2025-20029 using Docker. Includes PoC and auto-reporting.

CVE-2025-31324-File-Upload

A totally unauthenticated file-upload endpoint in Visual Composer lets anyone drop arbitrary files (e.g., a JSP web-shell) onto the server.

jsp-webshell-scanner

🔍 A simple Bash script to detect malicious JSP webshells, including those used in exploits of SAP NetWeaver CVE-2025-31324.

CVE-2025-39538

WordPress WP-Advanced-Search <= 3.3.9.3 - Arbitrary File Upload Vulnerability

Burp_CVE-2025-31324

Python-based Burp Suite extension is designed to detect the presence of CVE-2025-31324

CVE-2025-21756

No description

CVE-2025-31650

CVE-2025-31650 PoC

cve-2025-29775

POCs for CVE-2025-29775

TomcatKiller-CVE-2025-31650

A tool designed to detect the vulnerability **CVE-2025-31650** in Apache Tomcat (versions 10.1.10 to 10.1.39)

CVE-2025-26014

A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. The manipulation of the argument path from read.py file leads to os command injection. The attack can be launched remotely.

CVE-2025-31324

Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader

Gombruc

This vulnerability is related to CVE-2025-0401, which affects all Linux systems. With the help of this bash script, you can give your user any level of access, up to and including Root access. Warning: This exploit is for educational purposes only and any exploitation of this vulnerability is risky.

CVE-2025-29927

No description

CVE-2025-29927

This is a CVE-2025-29927 Scanner.

CVE-2025-24091

No description

CVE-2025-31324_PoC_SAP

Proof-of-Concept for CVE-2025-31324: Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader

CVE-2025-46701

Tomcat CVE

CVE-2025-29927

SAP-CVE-2025-31324

SAP NetWeaver Unauthenticated Remote Code Execution

CVE-2025-29927

Next js middlewareauth Bypass

my-CVE-2025-29927

CVE-2025-29927

CVE-2025-31324

SAP PoC para CVE-2025-31324

CVE-2025-31324-NUCLEI

Nuclei template for cve-2025-31324 (SAP)

CVE-2025-32433

CVE-2025-32433 Summary and Attack Overview

CVE-2025-46657

No description

CVE-2025-3248-langflow-RCE

CVE-2025-3248 Langflow 사전 인증 원격 코드 실행 취약점 PoC

CVE-2025-2294

No description

CVE-2025-1974

No description

ExploitCVE2025

ExploitCVE2025 - SAP Path Traversal Auto-Exploit Tool

CVE-2025-0927

No description

CVE-2025-32433

CVE-2025-32433 Erlang/OTP SSH RCE Exploit

CVE-2025-32433

Erlang OTP SSH NSE Discovery Script

CVE-2025-31324

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.

CVE-2025-3102

Detects the version of the SureTriggers WordPress plugin from exposed asset URLs and compares it to determine if it's vulnerable (<= 1.0.78).

CVE-2025-3102_v2

Checks the SureTriggers WordPress plugin's readme.txt file for the Stable tag version. If the version is less than or equal to 1.0.78, it is considered vulnerable.0.78).

CVE-2025-29927

Next.js middleware bypass PoC

CVE-2025-29306-PoC-FoxCMS-RCE

Proof-of-Concept (PoC) for CVE-2025-29306, a Remote Code Execution vulnerability in FoxCMS. This Python script scans single or multiple targets, executes commands, and reports vulnerable hosts.

lab_CVE-2025-32433

CVE lab to accompany CVE course for CVE-2025-32433

commvault-cve2025-34028-check

Commvault CVE-2025-34028 endpoint scanner using Nmap NSE. For ethical testing and configuration validation.

cve-2025-21497-lab

CSC180 final project presentation of a vulnerable CVE

Anydesk-Exploit-CVE-2025-12654-RCE-Builder

Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.

Reset-inetpub

Restore the integrity of the parent 'inetpub' folder following security implications highlighted by CVE-2025-2120.

CVE-2025-31161

Проверка наличие пути /WebInterface/function

CVE-2025-30406

Exploit for CVE-2025-30406

Nuclei_CVE-2025-31161_CVE-2025-2825

Official Nuclei template for CVE-2025-31161 (formerly CVE-2025-2825)

CVE-2025-30208-Series

Analysis of the Reproduction of CVE-2025-30208 Series Vulnerabilities

CVE-2025-3776

WordPress Verification SMS with TargetSMS Plugin <= 1.5 is vulnerable to Remote Code Execution (RCE)

CVE-2025-24963

No description

vulnerability-in-Remix-React-Router-CVE-2025-31137-

No description

CVE-2025-29927

CVE-2025-29927: Next.js Middleware Bypass Vulnerability

CVE-2025-24054-PoC

Proof of Concept for the NTLM Hash Leak via .library-ms CVE-2025-24054

CVE-2025-32140

WordPress WP Remote Thumbnail Plugin <= 1.3.2 is vulnerable to Arbitrary File Upload

CVE-2025-42599

No description

FOXCMS-CVE-2025-29306-POC

No description

CVE-2025-43919-POC

A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw.

Next.js-Middleware-Bypass-CVE-2025-29927-

No description

TRA-001-Critical-RCE-Vulnerability-in-Apache-Parquet-CVE-2025-30065-Simulation-

A CVSS 10.0-rated vulnerability in the parquet-avro Java module allows remote code execution via unsafe deserialization when parsing schemas. Tracked as CVE-2025-30065, this flaw affects Apache Parquet ≤ 1.15.0. All users must upgrade to version 1.15.1 immediately to mitigate exploitation risks.

CVE-2025-30208-template

CVE-2025-30208 vite file read nuclei template

apple-positional-audio-codec-invalid-header

looking into CVE-2025-31200 - can't figure it out yet

CVE-2025-3102

No description

LibHeif---CVE-2025-XXXXX

Heap Overflow in LibHeif

CVE-2025-43919

No description

CVE-2025-43920

No description

CVE-2025-43921

No description

CVE-2025-0054

No description

CVE-2025-43929

Medium-severity vulnerability in KiTTY allowing for local executables to be ran without user confirmation under certain circumstances.

CVE-2025-32433-Remote-Shell

Go-based exploit for CVE-2025-32433

cve-2025-32433

No description

CVE-2025-28121

No description

CVE-2025-24801

No description

CVE-2025-21756

My first linux kernel exploit

CVE-2025-32433

No description

CVE-2025-28355

It was identified that the https://github.com/Volmarg/personal-management-system application is vulnerable to CSRF attacks.

CVE-2025-32395

CVE-2025-32395-POC

CVE-2025-32682

WordPress MapSVG Lite Plugin <= 8.5.34 is vulnerable to Arbitrary File Upload

CVE-2025-32433

Security research on Erlang/OTP SSH CVE-2025-32433.

CVE-2025-32433

Missing Authentication for Critical Function (CWE-306)-Exploit

CVE-2025-24054_PoC

PoC - CVE-2025-24071 / CVE-2025-24054, NTMLv2 hash'leri alınabilen bir vulnerability

CVE-2025-24813-vulhub

CVE-2025-24813的vulhub环境的POC脚本

CVE-2025-32433

No description

Vuln-Next.js-CVE-2025-29927

No description

CVE-2025-4172026

No description

CVE-2025-4172025

No description

CVE-2025-3568

A security vulnerability has been identified in Krayin CRM <=2.1.0 that allows a low-privileged user to escalate privileges by tricking an admin into opening a malicious SVG file.

CVE-2025-29306

No description

CVE-2025-28009

No description

CVE-2025-29927-NextJs-Middleware-Simulation

Simulates CVE-2025-29927, a critical Next.js vulnerability allowing attackers to bypass middleware authorization by exploiting the internal x-middleware-subrequest HTTP header. Demonstrates unauthorized access to protected routes and provides mitigation strategies.

CVE-2025-29927

No description

CVE-2025-30967

CVE-2025-39601

WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability

CVE-2025-3248

No description

CVE-2025-26318

POC CVE-2025-26318