GitHub Feed
Explore the latest GitHub repositories gathered from our feed. Entries are grouped by day to help you track developments quickly.
Wed May 07, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2025-4190 | CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload | CSV Mass Importer <= 1.2 - Admin+ Arbitrary File Upload | n/a | Visit Repo |
| CVE-2025-45250 | CVE-2025-45250 POC | n/a | n/a | Visit Repo |
| CVE-2024-13800 | Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing A | Popup Plugin For WordPress - ConvertPlus <= 3.5.30 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
v3.1
HIGH
Score: 8.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
Visit Repo |
| CVE-2025-25014 | n/a | n/a | Visit Repo | |
| CVE-2025-28073 | n/a | n/a | Visit Repo | |
| POC_Collecter_Bot | Automated CVE POC collector with a Telegram bot interface for | n/a | n/a | Visit Repo |
| CVE-2024-39722 | n/a | n/a | Visit Repo | |
| CVE-2025-27007-OttoKit-exploit | exploiting CVE-2025-27007, a critical unauthenticated privileg | WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-47423 | n/a | n/a | Visit Repo | |
| CVE-2025-31324 | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2025-31125 | Vite WASM Import Path Traversal ️ | Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query |
v3.1
MEDIUM
Score: 5.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
Visit Repo |
| CVE-2025-2011 | PoC for CVE-2025-2011 - SQLi in Depicter plugin <= 3.6.1 | n/a | n/a | Visit Repo |
| CVE-2025-1974_IngressNightmare_PoC | ingress-nginx admission controller RCE escalation |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2025-29927 | Next.js Auth Bypass PoC Edge Runtime Env Leak via Middleware B | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo |
| VulnVault | A curated collection of CVEs, tools ️, and scripts for vuln | n/a | n/a | Visit Repo |
| CVE-2024-38475_SonicBoom_Apache_URL_Traversal_PoC | Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. | n/a | Visit Repo |
Tue May 06, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| Recon-exploit-tools | Exploit , Hope there might be CVE's for this one in ExploitDB! | n/a | n/a | Visit Repo |
| AirBorne-PoC | poc for CVE-2025-24252 & CVE-2025-24132 | n/a | n/a | Visit Repo |
| CVE-2025-45250 | CVE-2025-45250 POC | n/a | n/a | Visit Repo |
| vulnerable-next_js_cve-2025-29927 | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo | |
| sap_netweaver_cve-2025-31324- | Research Purposes only | Missing Authorization check in SAP NetWeaver (Visual Composer development server) |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-34028-PoC-Commvault-RCE | Proof-of-Concept (PoC) for CVE-2025-34028, a Remote Code Execu | Commvault Command Center Innovation Release Unathenticated Path Traversal |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
|
Visit Repo |
| CVE-2021-23017 | NGINX DNS Overflow Vulnerability Check - CVE-2021-23017 PoC | n/a | n/a | Visit Repo |
| CVE-2025-24801 | CVE-2025-24801 Exploit | GLPI allows authenticated remote code execution |
v3.1
HIGH
Score: 8.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-46731 | Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI |
v4.0
HIGH
Score: 7.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
|
Visit Repo | |
| Commvault-CVE-2025-34028 | Commvault Remote Code Execution (CVE-2025-34028) NSE | Commvault Command Center Innovation Release Unathenticated Path Traversal |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
|
Visit Repo |
| CVE-2025-3604 | Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation | Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
Mon May 05, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| CVE-2025-3248 | Scanner and exploit for CVE-2025-3248 | Langflow Unauth RCE |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-29448 | n/a | n/a | Visit Repo | |
| advisory | ️ A collection of in-depth vulnerability advisories and secu | n/a | n/a | Visit Repo |
| CVE-2025-3776 | Verification SMS with TargetSMS <= 1.5 - Unauthenticated Limited Remote Code Execution |
v3.1
HIGH
Score: 8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
Visit Repo | |
| CVE-2025-47256 | Stack overflow in LibXMP | n/a | n/a | Visit Repo |
| CVE-202428187 | Command Injection | n/a | n/a | Visit Repo |
| CVE-2025-28062 | proof of concept | n/a | n/a | Visit Repo |
| CVE-2025-24893-EXP | Remote code execution as guest via SolrSearchMacros request in xwiki |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo | |
| analyze-Exploit-CVE-2023-22518-Confluence | n/a |
v3.0
CRITICAL
Score: 10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo | |
| CVE-2024-21546 | This Python exploit script targets a vulnerable Laravel Filema | n/a |
v4.0
CRITICAL
Score: 9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
|
Visit Repo |
| CVE-2025-3969-Exploit | CVE-2025-3969: Exploit PoC (OS CMD injection, Web Shell, Inter | codeprojects News Publishing Site Dashboard Edit Category Page edit-category.php unrestricted upload |
v4.0
MEDIUM
Score: 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
|
Visit Repo |
Sun May 04, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| SOC335-CVE-2024-49138-Exploitation-Detected | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
v3.1
HIGH
Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
|
Visit Repo | |
| CVE-2021-1931-BBRY-KEY2 | proof of concept CVE-2021-1931 exploit for the blackberry key2 | n/a |
v3.1
MEDIUM
Score: 6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| cve-2024-36401-poc | A poc for cve-2024-36401 for applications using GeoTools for W | Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-Analysis | n/a | n/a | Visit Repo |
Sat May 03, 2025
| Repository | Description | CVE | Metrics | Action |
|---|---|---|---|---|
| cve-2025-1323 | WP-Recall Plugin SQL Injection | WP-Recall – Registration, Profile, Commerce & More <= 16.26.10 - Unauthenticated SQL Injection |
v3.1
HIGH
Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
Visit Repo |
| fastify-cve-2025-47240 | PoC and write-up for CVE-2025-47240 — RCE in @fastify/view v | n/a | n/a | Visit Repo |
| UNISA_CVE-2025-26529 | This repository contains a comprehensive Proof-of-Concept (PoC | Stored XSS risk in admin live log |
v3.1
HIGH
Score: 8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-47226 | This CVE - PoC about information on the CVEs I found. | n/a |
v3.1
MEDIUM
Score: 5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
|
Visit Repo |
| CVE-2025-32375 | This repository includes everything needed to run a PoC exploi | Insecure Deserialization leads to RCE in BentoML's runner server |
v3.1
CRITICAL
Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Visit Repo |
| CVE-2025-29927_scanner | Authorization Bypass in Next.js Middleware |
v3.1
CRITICAL
Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
Visit Repo | |
| CVE-2025-32433 | A critical flaw has been discovered in Erlang/OTP's SSH server | Erlang/OTP SSH Vulnerable to Pre-Authentication RCE |
v3.1
CRITICAL
Score: 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
Visit Repo |
| wpstorecart-exploit | Simple PoC of wpstorecart before 2.5.30 plugin exploit (CVE-20 | n/a | n/a | Visit Repo |
GitHub Threat Intelligence at a Glance
Stay on top of cybersecurity developments and open-source research through daily GitHub updates.
Jump into a repository to explore code, documentation, or CVE-related insights.