GitHub Feed
Explore the latest GitHub repositories gathered from our feed. Entries are grouped by day to help you track developments quickly.
Thu May 08, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2025-47550 | Instantio - Wordpress Plugin <= 3.3.16 - Authenticated (Admin+ | n/a | n/a | Visit Repo |
| RCE-PoC-CVE-2021-25646 | A proof-of-concept for the CVE-2021-25646, which allows for Co | Authenticated users can override system configurations in their requests which allows them to execute arbitrary code. | n/a | Visit Repo |
| CVE-2025-47549 | Ultimate Before After Image Slider & Gallery – BEAF <= 4.6.1 | n/a | n/a | Visit Repo |
| HTA-Exploit | Microsoft Windows HTA (HTML Application) - Pinnacle of Remote | n/a | n/a | Visit Repo |
| CVE-2021-42392-exploit-lab | n/a | n/a | Visit Repo | |
| PDF-FUD-Exploit | A meticulous scrutiny of the Exploit PDFs innards exposes a ne | n/a | n/a | Visit Repo |
| Slient-URL-Exploit | URL Contamination Exploit Muted Java Drive-By downloads can tr | n/a | n/a | Visit Repo |
| cisco-ios-xe-implant-scanner | A go-exploit to scan for implanted Cisco IOS XE Systems cve-20 | n/a | n/a | Visit Repo |
| Jpg-Png-Exploit-Slient-Builder-Exploit-Database-Cve-2023-Malware | In the hushed galleries of the Silent JPG Exploit, a symphony | n/a | n/a | Visit Repo |
| CVE-2024-6648 | n/a | n/a | Visit Repo | |
| Discord-Image-Logger-Stealer | Ephemeral discourse is embodied by the likes of Messenger Sess | n/a | n/a | Visit Repo |
| samba-trans2open-exploit-report | Exploitation report of the Samba Trans2Open vulnerability (CVE | n/a | n/a | Visit Repo |
| x-middleware-exploit | x-middleware exploit for next.js CVE-2023–46298 cache poison | n/a | n/a | Visit Repo |
| CUPS-Exploit | Heap-based buffer overflow example based on CVE-2023-4504 | n/a | n/a | Visit Repo |
| CVE-2024-57376 | CVE-2024-57376 exploit | n/a | n/a | Visit Repo |
| CVE-2024-39719 | n/a | n/a | Visit Repo | |
| Symfony-CVE-Scanner-PoC- | CVE-2021-21424 - CRLF Injection - CVE-2021-41268 - Host Heade | n/a | n/a | Visit Repo |
| CVE-2025-46271-Reverse-Shell-PoC | Planet Technology Network Products OS Command Injection |
v4.0
CRITICAL
Score: 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
|
Visit Repo | |
| N600R_CVE_poc | n/a | n/a | Visit Repo | |
| CVE-2023-7231 | PoC and Disclosure for CVE-2023-7231 – Memcached Gopher RCE | n/a | n/a | Visit Repo |
| VulhubPenTestingReport | Educational penetration testing using Vulhub. Recreated and do | n/a | n/a | Visit Repo |
| nuclei-template-cve-2025-31324-check | sap-netweaver-cve-2025-31324-check | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
Wed May 07, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2025-28074 | n/a | n/a | Visit Repo | |
| CVE-2025-4190 | CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload | n/a | n/a | Visit Repo |
| CVE-2025-45250 | CVE-2025-45250 POC | n/a | n/a | Visit Repo |
| CVE-2024-13800 | Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing A | Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
v3.1
HIGH
Score: 8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
Visit Repo |
| CVE-2025-25014 | n/a | n/a | Visit Repo | |
| CVE-2025-28073 | n/a | n/a | Visit Repo | |
| POC_Collecter_Bot | Automated CVE POC collector with a Telegram bot interface for | n/a | n/a | Visit Repo |
| CVE-2024-39722 | n/a | n/a | Visit Repo | |
| CVE-2025-27007-OttoKit-exploit | exploiting CVE-2025-27007, a critical unauthenticated privileg | WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-47423 | n/a | n/a | Visit Repo | |
| CVE-2025-31324 | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2025-31125 | Vite WASM Import Path Traversal ️ | Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query |
v3.1
MEDIUM
Score: 5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
Visit Repo |
| CVE-2025-2011 | PoC for CVE-2025-2011 - SQLi in Depicter plugin <= 3.6.1 | n/a | n/a | Visit Repo |
| CVE-2025-1974_IngressNightmare_PoC | ingress-nginx admission controller RCE escalation |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2025-29927 | Next.js Auth Bypass PoC Edge Runtime Env Leak via Middleware B | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo |
| VulnVault | A curated collection of CVEs, tools ️, and scripts for vuln | n/a | n/a | Visit Repo |
| CVE-2024-38475_SonicBoom_Apache_URL_Traversal_PoC | Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. | n/a | Visit Repo |
Tue May 06, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| Recon-exploit-tools | Exploit , Hope there might be CVE's for this one in ExploitDB! | n/a | n/a | Visit Repo |
| AirBorne-PoC | poc for CVE-2025-24252 & CVE-2025-24132 | n/a | n/a | Visit Repo |
| CVE-2025-45250 | CVE-2025-45250 POC | n/a | n/a | Visit Repo |
| vulnerable-next_js_cve-2025-29927 | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo | |
| sap_netweaver_cve-2025-31324- | Research Purposes only | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-34028-PoC-Commvault-RCE | Proof-of-Concept (PoC) for CVE-2025-34028, a Remote Code Execu | Commvault Command Center Innovation Release Unathenticated Path Traversal |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
|
Visit Repo |
| CVE-2021-23017 | NGINX DNS Overflow Vulnerability Check - CVE-2021-23017 PoC | n/a | n/a | Visit Repo |
| CVE-2025-24801 | CVE-2025-24801 Exploit | GLPI allows authenticated remote code execution |
v3.1
HIGH
Score: 8.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-46731 | Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI |
v4.0
HIGH
Score: 7.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
|
Visit Repo | |
| Commvault-CVE-2025-34028 | Commvault Remote Code Execution (CVE-2025-34028) NSE | Commvault Command Center Innovation Release Unathenticated Path Traversal |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
|
Visit Repo |
| CVE-2025-3604 | Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation | Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
GitHub Threat Intelligence at a Glance
Stay on top of cybersecurity developments and open-source research through daily GitHub updates.
Jump into a repository to explore code, documentation, or CVE-related insights.