GitHub Feed
Explore the latest GitHub repositories gathered from our feed. Entries are grouped by day to help you track developments quickly.
Mon Apr 28, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2025-3971 | PHPGurukul COVID19 Testing Management System add-phlebotomist.php sql injection |
v4.0
MEDIUM
Score: 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
|
Visit Repo | |
| cve-cli | A Python CLI that turns natural-language queries into CVE look | n/a | n/a | Visit Repo |
| CVE-2024-8418 | Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service |
v3.1
HIGH
Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
Visit Repo | |
| CVE-2025-31324-NUCLEI | Nuclei template for cve-2025-31324 (SAP) | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-29927 | Next js middlewareauth Bypass | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo |
| CVE-2025-31324 | SAP PoC para CVE-2025-31324 | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
Sun Apr 27, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| Onapsis_CVE-2025-31324_Scanner_Tools | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo | |
| PoC-CVE-2025-3914-Aeropage-WordPress-File-Upload | CVE-2025-3914-PoC | The Aeropage Sync for Airtable WordPress p | Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload |
v3.1
HIGH
Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| Grafana-LFI-exploit | Updated exploit script for the CVE-2021-43798 | n/a | n/a | Visit Repo |
| CVE-2025-31324 | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2022-3552 | Here is an explanation of how to exploit CVE-2022-3552 | Unrestricted Upload of File with Dangerous Type in boxbilling/boxbilling |
v3.0
HIGH
Score: 7.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| wordpress-CVE-2024-27956 | Attacks a vulnerable WordPress site with the wp-automatic pl | WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability |
v3.1
CRITICAL
Score: 9.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
|
Visit Repo |
| CVE-2022-42092 | CVE-2023-46818 Python3 Exploit for Backdrop CMS <= 1.22.0 Auth | n/a | n/a | Visit Repo |
| ExploitCVE2025 | ExploitCVE2025 - SAP Path Traversal Auto-Exploit Tool | n/a | n/a | Visit Repo |
| CVE-2025-31324 | CVE-2025-31324, SAP Exploit | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-32432 | CVE-2025-32432 checker and exploit | Craft CMS Allows Remote Code Execution |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
|
Visit Repo |
| CVE-2024-27808.github.io | Vulnerabilidade em TypedArray/DataView | n/a | n/a | Visit Repo |
| CVE-2024-31449 | Lua library commands may lead to stack overflow and RCE in Redis |
v3.1
HIGH
Score: 7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo | |
| Pre-render-data-spoofing-on-React-Router-framework-mode-CVE-2025-43865 | React Router allows pre-render data spoofing on React-Router framework mode |
v3.1
HIGH
Score: 8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
|
Visit Repo | |
| CVE-2015-2797-PoC | airtiels 5650 CVE-2015-2797 PoC | n/a | n/a | Visit Repo |
| WHS3_vulhub | PoC for CVE-2017-8386 Git-Shell sandbox bypass vulnerability. | n/a | n/a | Visit Repo |
| PoC-CVE-2025-3914-FileUpload-Vulnerability | Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload |
v3.1
HIGH
Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2024-36587 | n/a | n/a | Visit Repo | |
| CVE-2019-19781 | Whitehat school_Docker assignement_CVE-2019-19781_PoC | n/a | n/a | Visit Repo |
| DoS-via-cache-poisoning-by-forcing-SPA-mode-CVE-2025-43864- | React Router allows a DoS via cache poisoning by forcing SPA mode |
v3.1
HIGH
Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
Visit Repo | |
| CVE-2025-24813 | Proof of Concept (PoC) script for CVE-2025-24813, vulnerabilit | Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT | n/a | Visit Repo |
| cve-docker | Tomcat PUT Method Vulnerability PoC | n/a | n/a | Visit Repo |
| drupal-cve-2018-7600-poc | n/a | n/a | Visit Repo | |
| CVE-2025-46657 | n/a |
v3.1
HIGH
Score: 7.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
Visit Repo | |
| CVE-2025-32432 | CraftCMS RCE Checker (CVE-2025-32432) | Craft CMS Allows Remote Code Execution |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
|
Visit Repo |
| CVE-2025-1974 | WHS3기 가상화 취약한(CVE) Docker 환경 구성 과제 | ingress-nginx admission controller RCE escalation |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| DrSudo | DrSudo is an automation pentesting tool to perform scanning, e | n/a | n/a | Visit Repo |
| ExploitCVE2025 | ExploitCVE2025 - SAP Path Traversal Auto-Exploit Tool | n/a | n/a | Visit Repo |
| CVE-2025-32433 | CVE-2025-32433 Summary and Attack Overview | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-Walkthrough | Practicing Infamous CVE Walkthroughs via Docker Containers. By | n/a | n/a | Visit Repo |
| CVE-Scanner | CVE-2021-42287/CVE-2021-42278/OTHER Scanner & Exploiter. | n/a | n/a | Visit Repo |
| CVE-2025-32432 | This repository contains a proof-of-concept exploit script for | Craft CMS Allows Remote Code Execution |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
|
Visit Repo |
| CVE-2025-3248-langflow-RCE | CVE-2025-3248 Langflow 사전 인증 원격 코드 실행 취� | Langflow Unauth RCE |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| cve-2024-31317 | Detailed discussion of Zygote vulnerability CVE-2024-31317 | n/a | n/a | Visit Repo |
| CVE-2025-2294 | Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2025-24054-PoC | Proof of Concept for the NTLM Hash Leak via .library-ms CVE-20 | NTLM Hash Disclosure Spoofing Vulnerability |
v3.1
MEDIUM
Score: 6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
|
Visit Repo |
Sat Apr 26, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE2023-1389 | TP-Link Archer AX21 Command Injection Exploit (CVE-2023-1389) | n/a | n/a | Visit Repo |
| CVE-2025-1974 | ingress-nginx admission controller RCE escalation |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2025-0927 | n/a | n/a | Visit Repo | |
| CVE-2016-10033-PoC | A PoC of CVE-2016-10033 I made for PentesterLab | n/a | n/a | Visit Repo |
| CVE-2019-5420-PoC | A PoC of CVE-2019-5420 I made for PentesterLab | n/a | n/a | Visit Repo |
| CVE-2024-32830-poc | PoC code to download files with CVE-2024-32830 | WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability |
v3.1
HIGH
Score: 8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
Visit Repo |
| CVE-2025-32433 | CVE-2025-32433 Erlang/OTP SSH RCE Exploit SSH远程代码执� | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-3102-exploit | Exploitation of an authorization bypass vulnerability in the S | SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation |
v3.1
HIGH
Score: 8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2023-1545 | Python Proof of Concept for CVE-2023-1545 (SQL Injection for T | SQL Injection in nilsteampassnet/teampass |
v3.0
HIGH
Score: 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
Visit Repo |
GitHub Threat Intelligence at a Glance
Stay on top of cybersecurity developments and open-source research through daily GitHub updates.
Jump into a repository to explore code, documentation, or CVE-related insights.