CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
aac323de9b48aa004aa9c6f136f3c606f50d30a9
CVEs-PoC/docs/index.html
0xMarcio aac323de9b Add KEV/EPSS static site generator
2025-12-17 13:59:41 +01:00

317 lines
16 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>CVE Intelligence</title>
<link rel="stylesheet" href="/assets/style.css" />
<script defer src="/assets/site.js"></script>
</head>
<body>
<header class="site-header">
<div class="wrap">
<div class="brand"><a href="/">CVE Radar</a></div>
<nav>
<a href="/kev/">KEV</a>
<a href="/epss/">EPSS</a>
<a href="/diffs/">Diffs</a>
</nav>
</div>
</header>
<main class="wrap">
<section>
<h1>Top KEV by EPSS percentile</h1>
<div class="card-grid">
<article class="card">
<div class="card-title"><a href="/cve/CVE-2025-9242.html">CVE-2025-9242</a></div>
<div class="card-meta">EPSS 0.744 • 99th pct</div>
<p>An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Offic...</p>
<div class="badge">WatchGuard</div>
<div class="badge">Firebox</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2025-7775.html">CVE-2025-7775</a></div>
<div class="card-meta">EPSS 0.174 • 95th pct</div>
<p>Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) o...</p>
<div class="badge">Citrix</div>
<div class="badge">NetScaler</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2025-9377.html">CVE-2025-9377</a></div>
<div class="card-meta">EPSS 0.146 • 94th pct</div>
<p>The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/N...</p>
<div class="badge">TP-Link</div>
<div class="badge">Multiple Routers</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2025-8876.html">CVE-2025-8876</a></div>
<div class="card-meta">EPSS 0.139 • 94th pct</div>
<p>Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.</p>
<div class="badge">N-able</div>
<div class="badge">N-Central</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2025-8875.html">CVE-2025-8875</a></div>
<div class="card-meta">EPSS 0.051 • 89th pct</div>
<p>Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.</p>
<div class="badge">N-able</div>
<div class="badge">N-Central</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2025-8088.html">CVE-2025-8088</a></div>
<div class="card-meta">EPSS 0.032 • 86th pct</div>
<p>A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovere...</p>
<div class="badge">RARLAB</div>
<div class="badge">WinRAR</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2002-0367.html">CVE-2002-0367</a></div>
<div class="card-meta">EPSS 0.000 • 0th pct</div>
<p>smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a...</p>
<div class="badge">Microsoft</div>
<div class="badge">Windows</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2004-0210.html">CVE-2004-0210</a></div>
<div class="card-meta">EPSS 0.000 • 0th pct</div>
<p>The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.</p>
<div class="badge">Microsoft</div>
<div class="badge">Windows</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2004-1464.html">CVE-2004-1464</a></div>
<div class="card-meta">EPSS 0.000 • 0th pct</div>
<p>Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.</p>
<div class="badge">Cisco</div>
<div class="badge">IOS</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2005-2773.html">CVE-2005-2773</a></div>
<div class="card-meta">EPSS 0.000 • 0th pct</div>
<p>HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl...</p>
<div class="badge">Hewlett Packard (HP)</div>
<div class="badge">OpenView Network Node Manager</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2006-1547.html">CVE-2006-1547</a></div>
<div class="card-meta">EPSS 0.000 • 0th pct</div>
<p>ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references t...</p>
<div class="badge">Apache</div>
<div class="badge">Struts 1</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2006-2492.html">CVE-2006-2492</a></div>
<div class="card-meta">EPSS 0.000 • 0th pct</div>
<p>Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object po...</p>
<div class="badge">Microsoft</div>
<div class="badge">Word</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2007-0671.html">CVE-2007-0671</a></div>
<div class="card-meta">EPSS 0.000 • 0th pct</div>
<p>Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonst...</p>
<div class="badge">Microsoft</div>
<div class="badge">Office</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2007-3010.html">CVE-2007-3010</a></div>
<div class="card-meta">EPSS 0.000 • 0th pct</div>
<p>masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during...</p>
<div class="badge">Alcatel</div>
<div class="badge">OmniPCX Enterprise</div>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2007-5659.html">CVE-2007-5659</a></div>
<div class="card-meta">EPSS 0.000 • 0th pct</div>
<p>Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be...</p>
<div class="badge">Adobe</div>
<div class="badge">Acrobat and Reader</div>
</article>
</div>
</section>
<section>
<h1>High EPSS not in KEV</h1>
<div class="card-grid">
<article class="card">
<div class="card-title"><a href="/cve/CVE-2025-9316.html">CVE-2025-9316</a></div>
<div class="card-meta">EPSS 0.787 • 99th pct</div>
<p>No description.</p>
</article>
<article class="card">
<div class="card-title"><a href="/cve/CVE-2025-8943.html">CVE-2025-8943</a></div>
<div class="card-meta">EPSS 0.658 • 98th pct</div>
<p>The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise&#39;s inherent authentication and authorization model is minimal and lacks ro...</p>
</article>
</div>
</section>
<section>
<h1>Trending PoCs</h1>
<div class="table-responsive">
<table class="list">
<thead><tr><th>Stars</th><th>Updated</th><th>Name</th><th>Description</th></tr></thead>
<tbody>
<tr>
<td>1241</td>
<td>2 hours ago </td>
<td><a href="https://github.com/msanft/CVE-2025-55182" target="_blank">CVE-2025-55182</a></td>
<td>Explanation and full RCE PoC for CVE-2025-55182 </td>
</tr>
<tr>
<td>775</td>
<td>3 hours ago </td>
<td><a href="https://github.com/ejpir/CVE-2025-55182-research" target="_blank">CVE-2025-55182-research</a></td>
<td>CVE-2025-55182 POC </td>
</tr>
<tr>
<td>495</td>
<td>8 days ago </td>
<td><a href="https://github.com/WyAtu/CVE-2018-20250" target="_blank">CVE-2018-20250</a></td>
<td>exp for https://research.checkpoint.com/extracting-code-execution-from-winrar </td>
</tr>
<tr>
<td>607</td>
<td>20 hours ago </td>
<td><a href="https://github.com/mverschu/CVE-2025-33073" target="_blank">CVE-2025-33073</a></td>
<td>PoC Exploit for the NTLM reflection SMB flaw. </td>
</tr>
<tr>
<td>496</td>
<td>4 days ago </td>
<td><a href="https://github.com/pr0v3rbs/CVE-2025-32463_chwoot" target="_blank">CVE-2025-32463_chwoot</a></td>
<td>Escalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463 </td>
</tr>
<tr>
<td>419</td>
<td>5 hours ago </td>
<td><a href="https://github.com/kh4sh3i/CVE-2025-32463" target="_blank">CVE-2025-32463</a></td>
<td>Local Privilege Escalation to Root via Sudo chroot in Linux </td>
</tr>
<tr>
<td>305</td>
<td>1 day ago </td>
<td><a href="https://github.com/soltanali0/CVE-2025-53770-Exploit" target="_blank">CVE-2025-53770-Exploit</a></td>
<td>SharePoint WebPart Injection Exploit Tool </td>
</tr>
<tr>
<td>289</td>
<td>4 hours ago </td>
<td><a href="https://github.com/emredavut/CVE-2025-55182" target="_blank">CVE-2025-55182</a></td>
<td>RSC/Next.js RCE Vulnerability Detector &amp; PoC Chrome Extension CVE-2025-55182 &amp; CVE-2025-66478 </td>
</tr>
<tr>
<td>901</td>
<td>1 hour ago </td>
<td><a href="https://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-poc" target="_blank">React2Shell-CVE-2025-55182-original-poc</a></td>
<td>Original Proof-of-Concepts for React2Shell CVE-2025-55182 </td>
</tr>
<tr>
<td>386</td>
<td>4 days ago </td>
<td><a href="https://github.com/0x6rss/CVE-2025-24071_PoC" target="_blank">CVE-2025-24071_PoC</a></td>
<td>CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File </td>
</tr>
<tr>
<td>207</td>
<td>1 day ago </td>
<td><a href="https://github.com/leesh3288/CVE-2025-32023" target="_blank">CVE-2025-32023</a></td>
<td>PoC &amp; Exploit for CVE-2025-32023 / PlaidCTF 2025 &#34;Zerodeo&#34; </td>
</tr>
<tr>
<td>396</td>
<td>6 days ago </td>
<td><a href="https://github.com/yuuouu/ColorOS-CVE-2025-10184" target="_blank">ColorOS-CVE-2025-10184</a></td>
<td>ColorOS短信漏洞以及用户自救方案 </td>
</tr>
<tr>
<td>180</td>
<td>6 days ago </td>
<td><a href="https://github.com/absholi7ly/POC-CVE-2025-24813" target="_blank">POC-CVE-2025-24813</a></td>
<td>his repository contains an automated Proof of Concept (PoC) script for exploiting **CVE-2025-24813**, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met. </td>
</tr>
<tr>
<td>256</td>
<td>15 minutes ago </td>
<td><a href="https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-" target="_blank">CVE-2025-55182-advanced-scanner-</a></td>
<td></td>
</tr>
<tr>
<td>357</td>
<td>1 hour ago </td>
<td><a href="https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478" target="_blank">Next.js-RSC-RCE-Scanner-CVE-2025-66478</a></td>
<td>A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability. </td>
</tr>
<tr>
<td>198</td>
<td>4 days ago </td>
<td><a href="https://github.com/ThumpBo/CVE-2025-30208-EXP" target="_blank">CVE-2025-30208-EXP</a></td>
<td>CVE-2025-30208-EXP </td>
</tr>
<tr>
<td>73</td>
<td>6 days ago </td>
<td><a href="https://github.com/4daysday/cve-2025-8088" target="_blank">cve-2025-8088</a></td>
<td>Path traversal tool based on cve-2025-8088 </td>
</tr>
<tr>
<td>163</td>
<td>1 day ago </td>
<td><a href="https://github.com/ZeroMemoryEx/CVE-2025-26125" target="_blank">CVE-2025-26125</a></td>
<td>( 0day ) Local Privilege Escalation in IObit Malware Fighter </td>
</tr>
<tr>
<td>153</td>
<td>8 days ago </td>
<td><a href="https://github.com/hoefler02/CVE-2025-21756" target="_blank">CVE-2025-21756</a></td>
<td>Exploit for CVE-2025-21756 for Linux kernel 6.6.75. My first linux kernel exploit! </td>
</tr>
<tr>
<td>136</td>
<td>27 days ago </td>
<td><a href="https://github.com/platsecurity/CVE-2025-32433" target="_blank">CVE-2025-32433</a></td>
<td>CVE-2025-32433 https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 </td>
</tr>
</tbody>
</table>
</div>
</section>
<section>
<h1>Changes since yesterday</h1>
<div class="table-responsive">
<table class="list">
<thead><tr><th>Type</th><th>Count</th><th>Examples</th></tr></thead>
<tbody>
<tr>
<td>New KEV entries</td>
<td>75</td>
<td>
<a href="/cve/CVE-2025-9242.html">CVE-2025-9242</a>, <a href="/cve/CVE-2025-7775.html">CVE-2025-7775</a>, <a href="/cve/CVE-2025-9377.html">CVE-2025-9377</a>, <a href="/cve/CVE-2025-8876.html">CVE-2025-8876</a>, <a href="/cve/CVE-2025-8875.html">CVE-2025-8875</a> </td>
</tr>
<tr>
<td>New high EPSS</td>
<td>2</td>
<td>
<a href="/cve/CVE-2025-9316.html">CVE-2025-9316</a>, <a href="/cve/CVE-2025-8943.html">CVE-2025-8943</a> </td>
</tr>
<tr>
<td>Top EPSS movers</td>
<td>0</td>
<td>
None </td>
</tr>
</tbody>
</table>
</div>
</section>
</main>
<footer class="site-footer">
<div class="wrap">
<span>Updated 2025-12-17</span>
<span>Data: CISA KEV, FIRST EPSS, community PoCs</span>
<span><a href="https://github.com/0xMarcio/cve">GitHub repo</a></span>
</div>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink