cve-poc-mon

https://github.com/Totunm/CVE-2025-3928 No description
https://github.com/Subha-coder-hash/Anydesk-Exploit-CVE-2025-12654-RCE-Builder Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.
https://github.com/Nxploited/CVE-2025-1304 WordPress NewsBlogger Theme <= 0.2.5.1 is vulnerable to Arbitrary File Upload
https://github.com/sattarbug/Analysis-of-TomcatKiller—CVE-2025-31650-Exploit-Tool No description
https://github.com/bilalz5-github/Erlang-OTP-SSH-CVE-2025-32433 CVE-2025-32433 – Erlang/OTP SSH vulnerability allowing pre-auth RCE
https://github.com/Yuweixn/Anydesk-Exploit-CVE-2025-12654-RCE-Builder Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.
https://github.com/Caztemaz/Office-Exploit-Cve2025-Xml-Doc-Docx-Rce-Builder-Fud Exploit development targets vulnerabilities like CVE-2025-44228, often using tools like silent exploit builders. Office documents, including DOC files, are exploited through malware payloads and CVE exploits, impacting platforms like Office 365.
https://github.com/Caztemaz/Lnk-Exploit-FileBinder-Certificate-Spoofer-Reg-Doc-Cve-Rce Exploit development involves tools like exploitation frameworks and CVE databases. LNK exploits, such as LNK builder or LNK payload techniques, leverage vulnerabilities like CVE-2025-44228 for silent RCE execution through shortcut files.
https://github.com/Caztemaz/Phantom-Registy-Exploit-Cve2025-20682-Runtime-Fud-Lnk Exploit development involves tools like exploitation frameworks and CVE databases. Registry exploits, such as reg exploit or registry-based payloads, leverage vulnerabilities for silent execution, often using FUD techniques to evade detection.
https://github.com/schoi1337/CVE-2025-20029-simulation Simulated environment for CVE-2025-20029 using Docker. Includes PoC and auto-reporting.
https://github.com/nullcult/CVE-2025-31324-File-Upload A totally unauthenticated file-upload endpoint in Visual Composer lets anyone drop arbitrary files (e.g., a JSP web-shell) onto the server.
https://github.com/respondiq/jsp-webshell-scanner 🔍 A simple Bash script to detect malicious JSP webshells, including those used in exploits of SAP NetWeaver CVE-2025-31324.
https://github.com/Nxploited/CVE-2025-39538 WordPress WP-Advanced-Search <= 3.3.9.3 - Arbitrary File Upload Vulnerability
https://github.com/BlueOWL-overlord/Burp_CVE-2025-31324 Python-based Burp Suite extension is designed to detect the presence of CVE-2025-31324
https://github.com/mr-spongebob/CVE-2025-21756 No description
https://github.com/tunahantekeoglu/CVE-2025-31650 CVE-2025-31650 PoC
https://github.com/twypsy/cve-2025-29775 POCs for CVE-2025-29775
https://github.com/absholi7ly/TomcatKiller-CVE-2025-31650 A tool designed to detect the vulnerability CVE-2025-31650 in Apache Tomcat (versions 10.1.10 to 10.1.39)
https://github.com/vigilante-1337/CVE-2025-26014 A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. The manipulation of the argument path from read.py file leads to os command injection. The attack can be launched remotely.
https://github.com/Pengrey/CVE-2025-31324 Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader
https://github.com/Darabium/Gombruc This vulnerability is related to CVE-2025-0401, which affects all Linux systems. With the help of this bash script, you can give your user any level of access, up to and including Root access. Warning: This exploit is for educational purposes only and any exploitation of this vulnerability is risky.
https://github.com/rubbxalc/CVE-2025-29927 No description
https://github.com/HoumanPashaei/CVE-2025-29927 This is a CVE-2025-29927 Scanner.
https://github.com/cyruscostini/CVE-2025-24091 No description
https://github.com/abrewer251/CVE-2025-31324_PoC_SAP Proof-of-Concept for CVE-2025-31324: Unauthenticated upload in SAP NetWeaver Visual Composer Metadata Uploader
https://github.com/gregk4sec/CVE-2025-46701 Tomcat CVE
https://github.com/hed1ad/CVE-2025-29927 CVE-2025-29927
https://github.com/Alizngnc/SAP-CVE-2025-31324 SAP NetWeaver Unauthenticated Remote Code Execution
https://github.com/Hirainsingadia/CVE-2025-29927 Next js middlewareauth Bypass
https://github.com/hed1ad/my-CVE-2025-29927 CVE-2025-29927
https://github.com/moften/CVE-2025-31324 SAP PoC para CVE-2025-31324
https://github.com/moften/CVE-2025-31324-NUCLEI Nuclei template for cve-2025-31324 (SAP)
https://github.com/MrDreamReal/CVE-2025-32433 CVE-2025-32433 Summary and Attack Overview
https://github.com/nov-1337/CVE-2025-46657 No description
https://github.com/minxxcozy/CVE-2025-3248-langflow-RCE CVE-2025-3248 Langflow 사전 인증 원격 코드 실행 취약점 PoC
https://github.com/romanedutov/CVE-2025-2294 No description
https://github.com/chhhd/CVE-2025-1974 No description
https://github.com/Profanatic/ExploitCVE2025 ExploitCVE2025 - SAP Path Traversal Auto-Exploit Tool
https://github.com/mr-spongebob/CVE-2025-0927 No description
https://github.com/0x7556/CVE-2025-32433 CVE-2025-32433 Erlang/OTP SSH RCE Exploit
https://github.com/becrevex/CVE-2025-32433 Erlang OTP SSH NSE Discovery Script
https://github.com/rxerium/CVE-2025-31324 SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
https://github.com/SUPRAAA-1337/CVE-2025-3102 Detects the version of the SureTriggers WordPress plugin from exposed asset URLs and compares it to determine if it’s vulnerable (<= 1.0.78).
https://github.com/SUPRAAA-1337/CVE-2025-3102_v2 Checks the SureTriggers WordPress plugin’s readme.txt file for the Stable tag version. If the version is less than or equal to 1.0.78, it is considered vulnerable.0.78).
https://github.com/EQSTLab/CVE-2025-29927 Next.js middleware bypass PoC
https://github.com/Mattb709/CVE-2025-29306-PoC-FoxCMS-RCE Proof-of-Concept (PoC) for CVE-2025-29306, a Remote Code Execution vulnerability in FoxCMS. This Python script scans single or multiple targets, executes commands, and reports vulnerable hosts.
https://github.com/ps-interactive/lab_CVE-2025-32433 CVE lab to accompany CVE course for CVE-2025-32433
https://github.com/tinkerlev/commvault-cve2025-34028-check Commvault CVE-2025-34028 endpoint scanner using Nmap NSE. For ethical testing and configuration validation.
https://github.com/Urbank-61/cve-2025-21497-lab CSC180 final project presentation of a vulnerable CVE
https://github.com/ThreeMens/Anydesk-Exploit-CVE-2025-12654-RCE-Builder Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.
https://github.com/mmotti/Reset-inetpub Restore the integrity of the parent ‘inetpub’ folder following security implications highlighted by CVE-2025-2120.
https://github.com/SUPRAAA-1337/CVE-2025-31161 Проверка наличие пути /WebInterface/function
https://github.com/W01fh4cker/CVE-2025-30406 Exploit for CVE-2025-30406
https://github.com/SUPRAAA-1337/Nuclei_CVE-2025-31161_CVE-2025-2825 Official Nuclei template for CVE-2025-31161 (formerly CVE-2025-2825)
https://github.com/r0ngy40/CVE-2025-30208-Series Analysis of the Reproduction of CVE-2025-30208 Series Vulnerabilities
https://github.com/Nxploited/CVE-2025-3776 WordPress Verification SMS with TargetSMS Plugin <= 1.5 is vulnerable to Remote Code Execution (RCE)
https://github.com/0xdeviner/CVE-2025-24963 No description
https://github.com/pouriam23/vulnerability-in-Remix-React-Router-CVE-2025-31137- No description
https://github.com/kh4sh3i/CVE-2025-29927 CVE-2025-29927: Next.js Middleware Bypass Vulnerability
https://github.com/helidem/CVE-2025-24054-PoC Proof of Concept for the NTLM Hash Leak via .library-ms CVE-2025-24054
https://github.com/Nxploited/CVE-2025-32140 WordPress WP Remote Thumbnail Plugin <= 1.3.2 is vulnerable to Arbitrary File Upload
https://github.com/bronsoneaver/CVE-2025-42599 No description
https://github.com/inok009/FOXCMS-CVE-2025-29306-POC No description
https://github.com/cybersecplayground/CVE-2025-43919-POC A new vulnerability has been discovered in GNU Mailman 2.1.39, bundled with cPanel/WHM, allowing unauthenticated remote attackers to read arbitrary files on the server via a directory traversal flaw.
https://github.com/pouriam23/Next.js-Middleware-Bypass-CVE-2025-29927- No description
https://github.com/ThreatRadarAI/TRA-001-Critical-RCE-Vulnerability-in-Apache-Parquet-CVE-2025-30065-Simulation- A CVSS 10.0-rated vulnerability in the parquet-avro Java module allows remote code execution via unsafe deserialization when parsing schemas. Tracked as CVE-2025-30065, this flaw affects Apache Parquet ≤ 1.15.0. All users must upgrade to version 1.15.1 immediately to mitigate exploitation risks.
https://github.com/imbas007/CVE-2025-30208-template CVE-2025-30208 vite file read nuclei template
https://github.com/zhuowei/apple-positional-audio-codec-invalid-header looking into CVE-2025-31200 - can’t figure it out yet
https://github.com/dennisec/CVE-2025-3102 No description
https://github.com/SexyShoelessGodofWar/LibHeif—CVE-2025-XXXXX Heap Overflow in LibHeif
https://github.com/0NYX-MY7H/CVE-2025-43919 No description
https://github.com/0NYX-MY7H/CVE-2025-43920 No description
https://github.com/0NYX-MY7H/CVE-2025-43921 No description
https://github.com/z3usx01/CVE-2025-0054 No description
https://github.com/0xBenCantCode/CVE-2025-43929 Medium-severity vulnerability in KiTTY allowing for local executables to be ran without user confirmation under certain circumstances.
https://github.com/meloppeitreet/CVE-2025-32433-Remote-Shell Go-based exploit for CVE-2025-32433
https://github.com/0xPThree/cve-2025-32433 No description
https://github.com/pruthuraut/CVE-2025-28121 No description
https://github.com/r1beirin/CVE-2025-24801 No description
https://github.com/hoefler02/CVE-2025-21756 My first linux kernel exploit
https://github.com/teamtopkarl/CVE-2025-32433 No description
https://github.com/abbisQQ/CVE-2025-28355 It was identified that the https://github.com/Volmarg/personal-management-system application is vulnerable to CSRF attacks.
https://github.com/ruiwenya/CVE-2025-32395 CVE-2025-32395-POC
https://github.com/Nxploited/CVE-2025-32682 WordPress MapSVG Lite Plugin <= 8.5.34 is vulnerable to Arbitrary File Upload
https://github.com/darses/CVE-2025-32433 Security research on Erlang/OTP SSH CVE-2025-32433.
https://github.com/LemieOne/CVE-2025-32433 Missing Authentication for Critical Function (CWE-306)-Exploit
https://github.com/xigney/CVE-2025-24054_PoC PoC - CVE-2025-24071 / CVE-2025-24054, NTMLv2 hash’leri alınabilen bir vulnerability
https://github.com/Erosion2020/CVE-2025-24813-vulhub CVE-2025-24813的vulhub环境的POC脚本
https://github.com/ProDefense/CVE-2025-32433 No description
https://github.com/Grand-Moomin/Vuln-Next.js-CVE-2025-29927 No description
https://github.com/NotItsSixtyN3in/CVE-2025-4172026 No description
https://github.com/NotItsSixtyN3in/CVE-2025-4172025 No description
https://github.com/shellkraft/CVE-2025-3568 A security vulnerability has been identified in Krayin CRM <=2.1.0 that allows a low-privileged user to escalate privileges by tricking an admin into opening a malicious SVG file.
https://github.com/verylazytech/CVE-2025-29306 No description
https://github.com/beardenx/CVE-2025-28009 No description
https://github.com/Knotsecurity/CVE-2025-29927-NextJs-Middleware-Simulation Simulates CVE-2025-29927, a critical Next.js vulnerability allowing attackers to bypass middleware authorization by exploiting the internal x-middleware-subrequest HTTP header. Demonstrates unauthorized access to protected routes and provides mitigation strategies.
https://github.com/mhamzakhattak/CVE-2025-29927 No description
https://github.com/Anton-ai111/CVE-2025-30967 CVE-2025-30967
https://github.com/Nxploited/CVE-2025-39601 WordPress Custom CSS, JS & PHP plugin <= 2.4.1 - CSRF to RCE vulnerability
https://github.com/verylazytech/CVE-2025-3248 No description
https://github.com/Frozenka/CVE-2025-26318 POC CVE-2025-26318

cve proof of concepts