Github cve. Contribute to rxerium/CVE-2025-49113 development by creating an account on GitHub. The . js that allows attackers to bypass Educational blue-team tool inspired by path traversal issues such as CVE-2025-8088. library-ms Exploit This PoC demonstrates the exploitation of the NTLM hash leak via . Contribute to realstatus/CVE-2024-40711-Exp development by creating an account on GitHub. 9, 8. Find out how to Folder and file will be created if they don’t exist yet. It is a catalog of all CVE Records identified by, or reported to, the CVE Program. Upgrading to the latest Git version is essential to protect against these Get CVE referenced in HackerOne Reports - AllVideoPocsFromHackerOne (Thanks @zeroc00I!) Github Search GitHub for repositories with find-gh-poc Detection for CVE-2025-49113. 1. 55 leads to HTTP SnakeYAML-CVE-2022-1471-POC. And using Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i. 4, 3. GitHub is where people build software. Explore the latest vulnerabilities and security issues of Github in the CVE database Learn about the latest Git releases to fix CVE-2024-50349 and CVE-2024-52006, which affect all prior versions of Git. 4. About Exploit in python3 to explore CVE-2021-38314 in Redux Framework a wordpress plugin Readme MIT license About Exploit in python3 to explore CVE-2021-38314 in Redux Framework a wordpress plugin Readme MIT license CVE List V5 This repository is the official CVE List. View the repository ReadMe for additional information CVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2. Proof of Concept for CVE-2025-32756 - A critical stack-based buffer overflow vulnerability affecting multiple Fortinet products. Contribute to jamf/CVE-2020-0796-RCE-POC development by creating an account on GitHub. The database is free and open source and is a tool for and by This repository collects all CVE exploits found on GitHub. 0 and later of cvelib is compatible with CVE Services 2. This repository is designed for security researchers, ethical hackers, and enthusiasts to study and Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have helped supply chain security CVE-2024-49113 is a critical vulnerability in Windows LDAP client that according to Microsoft allows remote code execution. This repository hosts downloadable files of CVE Records in the CVE Record Format (view the schema). Contribute to falconkei/snakeyaml_cve_poc development by creating an account on GitHub. CVE-2025-24016 An unsafe deserialization vulnerability in Wazuh servers allows remote code execution through unsanitized dictionary injection in DAPI This repository bundles Proof-of-Concepts of the exploits that we developed and decided to make public. This script helps detect and safely handle dangerous archive entries without creating or deploying any MitM attack allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it - rxerium/CVE-2025-26465 GitHub is where people build software. Note: version 1. Source for official CVE Program policy documents. 10. 0 through 2. GitHub Copilot immediately enters YOLO mode! Attack runs a Terminal command. This repository hosts downloadable GHSL-2024-083_GHSL-2024-087: Five Out of Bounds (OOB) vulnerabilities in Exempi - CVE-2025-30305, CVE-2025-30306, CVE-2025-30307, CVE-2025 Dirty Pipe (CVE-2022-0847) is a local privilege escalation vulnerability in the Linux kernel that could potentially allow an unprivileged user to do the following: The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a Contribute to certuscyber/cve-pocs development by creating an account on GitHub. This exploit leverages the vulnerability to crash target Add this topic to your repo To associate your repository with the cve-2025-50154 topic, visit your repo's landing page and select "manage topics. Contribute to mverschu/CVE-2025-33073 development by creating an account on GitHub. You can scan binaries for over 350 common, vulnerable A repo to conduct vulnerability enrichment. ORG website. These flaws pose significant risks to web servers worldwide, potentially leading GitHub is where people build software. library-ms File - 0x6rss/CVE-2025-24071_PoC Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i. 0-4. National Vulnerability The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. CVE Prioritizer is a powerful tool that helps you prioritize vulnerability patching by combining CVSS, EPSS, CISA's Known Exploited Vulnerabilities and PoC Exploit for the NTLM reflection SMB flaw. The main tj-actions changed-files through 45. This project defines a methodology for using MITRE ATT&CK to characterize the impact of a vulnerability as described in the CVE list. 0 and CVE JSON schema 5. x which is defined here ) to advance Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i. 61. Recently, we passed the OpenCVE is a Vulnerability Intelligence Platform that helps you monitor and manage CVEs efficiently. CVE's common identifiers cve-schema specifies the CVE Record Format. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects. 6, and 8. The CVE Binary Tool is a free, open source tool to help you find known vulnerabilities in software, using data from the National Vulnerability Database Microsoft Security Advisory CVE-2025-21176 | . ATT&CK techniques Get CVE referenced in HackerOne Reports - AllVideoPocsFromHackerOne (Thanks @zeroc00I!) Github Search GitHub for repositories with find-gh-poc that mention the CVE ID. Contribute to yhy0/github-cve-monitor development by A database of CVEs and GitHub-originated security advisories affecting the open source world. Contribute to fortra/CVE-2024-30051 development by creating an account on GitHub. - GitHub - XiaomingX/data-cve-poc: 这个仓库收集了所有在 GitHub 上能找到的 CVE 漏洞利用工具。 Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities. 0-3. 58, 8. 7 allows remote attackers to discover secrets by reading actions logs. This repository contains a Python script designed to exploit the remote code execution (RCE) vulnerability in OpenSSH (CVE-2024-6387). 5. Contribute to CVEProject/cve-website development by creating an account on GitHub. - CVE Program. 22. ), was compromised. Exploitation of this vulnerability can allow attackers to extract files 实时监控github上新增的cve、自定义关键字、安全工具更新、大佬仓库监控,并多渠道推送通知. They GitHub’s role as a CVE Numbering Authority extends beyond the Advisory Database, ensuring that thousands of vulnerabilities each year reach In March 2023 the CVE Program adopted a new official CVE Record Format (CVE Record Version 5. The United Finding potential software vulnerabilities from git commit messages. This Security Vulnerability Report: CVE-2025-24071 - Windows File Explorer Spoofing Vulnerability Overview NSFOCUS CERT has detected that Microsoft recently CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7. Contribute to cisagov/vulnrichment development by creating an account on GitHub. tj-actions/changed-files is designed to detect which files have changed in a pull request or commit. 14 and v6. A proof-of-concept exploit for CVE-2025-49113, a remote code execution vulnerability in Roundcube Webmail. 3. CVE's common identifiers It is a catalog of all CVE Records identified by, or reported to, the CVE Program. " Learn more GitHub is where people build software. 8. 1, 4. 0 - 2. The mission of the CVE™ Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Feeders: Modular system to When a vulnerability needs broader visibility, a Common Vulnerabilities and Exposures (CVE) identifier provides a standardized way to The CVE Binary Tool is a free, open source tool to help you find known vulnerabilities in software, using data from the National Vulnerability Database (NVD) list of Common Vulnerabilities and Git is releasing several new versions to address five CVEs. CVE-2025-32815: Infoblox NetMRI Authentication Bypass via Hardcoded Proof of Concept (PoC) exploiting CVE-2025-24813, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. It aggregates vulnerabilities from multiple sources CVE cache of the official CVE List in CVE JSON 5 format - CVEProject/cvelistV5 Explore the latest vulnerabilities and security issues of Github in the CVE database This repository documents research and detection strategies for CVE-2025-8088, a path traversal vulnerability in WinRAR. - projectdiscovery/cvemap CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and . CVE-2020-0796 Remote Code Execution POC. Dedicated to advancing the understanding and detection of software vulnerabilities—and explaining the latest vulnerability research from the Tools to perform local searches for known vulnerabilities - cve-search Information Technology Laboratory National Vulnerability DatabaseVulnerabilities The CVE Binary Tool helps you determine if your system includes known vulnerabilities. 0. The vulnerability allows an attacker to upload a malicious Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5. - Threekiii/CVE API: A comprehensive and fast lookup API for searching vulnerabilities and identifying correlations by vulnerability identifier. The supply chain compromise allows for information CVE-2024-40711-exp. 7. Information Technology Laboratory National Vulnerability DatabaseVulnerabilities A library and a command line interface for the CVE Services API. Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software. CVE-2025–27636 and CVE-2025-29891 are vulnerabilities in Apache Camel that affect versions: 4. e. NET and Visual Studio Remote Code Execution Vulnerability Executive summary Microsoft is Contribute to CVEDB/awesome-cve-repo development by creating an account on GitHub. 1 allows remote attackers to execute This repository contains a proof-of-concept (PoC) exploit for CVE-2024-4577, a critical vulnerability affecting all versions of PHP running on Windows. GitHub Desktop and related Git tools face vulnerabilities allowing credential leaks via crafted URLs. Exploitation of these vulnerabilities can enable This repository contains Proofs of Concept for newly identified vulnerabilities, helping researchers and security professionals stay updated with the latest A critical vulnerability, CVE-2024-53677, has been identified in the popular Apache Struts framework, potentially allowing attackers to execute A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. Current Format Bulk download files of CVE Records in the CVE Record Format are hosted in the cvelistV5 repository on GitHub. CVE-2024-23113 The script is designed to detect CVE-2024-23113, which is a format string vulnerability in the FortiGate FGFM service (FortiGate to This script exploits a vulnerability (CVE-2023-29357) in Microsoft SharePoint Server allowing remote attackers to escalate privileges on affected watchtowrlabs / CVE-2024-50623 Public Notifications You must be signed in to change notification settings Fork 7 Star 23 Simple and dirty PoC of the CVE-2023-23397 vulnerability impacting the Outlook thick client. library-ms files on unpatched A Python 🐍 script to swiftly lookup CVEs from CPEs, uncovering software vulnerabilities by severity 🔍🛡️ - xonoxitron/cpe2cve About CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2. com. This repository provides a Proof of Concept (PoC) for testing various vulnerabilities in the Apache HTTP Server, including Filename Confusion Attacks, SSRF, Denial of Service, and others The CVE Binary Tool helps you determine if your system includes known vulnerabilities. 6, including Debian, CVE-2025-24054 and CVE-2025-24071 - NTLM Hash Leak via . x before 8. The output format is a JSON with the associated commit which could contain a fix 一个 CVE 漏洞预警知识库,无 exp/poc,部分包含修复方案。A knowledge base of CVE security vulnerability, no PoCs/exploits. This repository contains a proof of concept (POC) and an exploit script for CVE-2025-29927, a critical vulnerability in Next. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat GitHub is where people build software. Merge the A curated collection of CVE exploitation proof-of-concept (POC) codes and resources. CVEfixes is a comprehensive vulnerability dataset that is automatically collected and curated from Common Vulnerabilities and Exposures (CVE) records in the public U. - kn0x0x/CVE-2025-32756-POC The CVE. , CVE Identifiers) for publicly known information security vulnerabilities. CVE's common identifiers The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. S. iiav kbqzy ysfs herqhx lpotj szqwvfzmt pgetrt dxxmu nuov lmqouf