CVE-2021-4146 Business Logic Errors in pimcore/pimcore

Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6...

CVE-2022-0260

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 10.2.7...

CVE-2022-0260

CVE-2022-0260 affects pimcore/pimcore (GitHub repository) where a Stored XSS vulnerability exists in Pimcore prior to version 10.2.7. Multiple sources corroborate a Stored XSS in Pimcore, notably in the Name field of the Global Targeting Rules (GHSA-455W-GV5P-WGG3), and the CVE descriptions indic...

CVE-2022-0261

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

CVE-2022-0261 Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0...

CVE-2022-0242

CVE-2022-0242 overview (supported by connected docs): An unrestricted upload of a dangerous file type in crater-invoice/crater prior to version 6.0 allows uploading arbitrary PHP code via the user avatar field, enabling remote code execution. PoC demonstrates uploading s.php and retrieving execut...

CVE-2021-25067

creationtimestamp| type| source ---|---|--- 2022-01-17 16:23:26+00:00| seen| https://t.me/cibsecurity/35672 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-25067.yaml...

CVE-2021-24838

creationtimestamp| type| source ---|---|--- 2022-01-17 16:23:16+00:00| seen| https://t.me/cibsecurity/35666 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24838.yaml...

`markdown` (1.0.0 and higher) is maintained

A new markdown crate has been brought over by a new maintainer replacing the old crate. The crate GitHub repository is now wooorm/markdown-rs This advisory has been withdraw since version 1.0.0 was released on 2025-04-23. markdown 0.3.0 and lower was unmaintained The old markdown crate was no...

RUSTSEC-2022-0044 `markdown` (1.0.0 and higher) is maintained

A new markdown crate has been brought over by a new maintainer replacing the old crate. The crate GitHub repository is now wooorm/markdown-rs This advisory has been withdraw since version 1.0.0 was released on 2025-04-23. markdown 0.3.0 and lower was unmaintained The old markdown crate was no...

vulhub

This is an open-source collection of vulnerable web applications and environments for security research and training. It is a repository of vulnerable systems, including web applications, databases, and other software, designed to help security professionals and researchers practice and improve...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Apache-Log4j-POC CVE-2021-44228 Proof of Concept of apache log...

RubyGems: Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs

Dependency repository hijacking aka repo jacking is an obscure supply chain vulnerability, conceptually similar to subdomain takeover. When the linked repository owner changes their username, it becomes immediately available to be re-registered by anyone. This means that any project that linked...

Apache Log4j2 2.14.1 Remote Code Execution

Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...

CVE-2021-24915

creationtimestamp| type| source ---|---|--- 2021-11-29 12:33:06+00:00| seen| https://t.me/cibsecurity/33013 2023-10-17 12:50:28+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24915.yaml 2026-03-12 21:02:31+00:00| seen|...

CVE-2021-43495

creationtimestamp| type| source ---|---|--- 2021-11-17 16:14:39+00:00| seen| https://t.me/cibsecurity/32451 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-43495.yaml...

Kubernetes: Broken Link Takeover from kubernetes.io docs

Report Submission Form Summary: Kubernetes docs has Spanish translation available. One of the page of Portuguese doc has an external reference to a github repository. The github account was not registered on github.com. So I was able to takeover the page and host the PoC Kubernetes Version: NA...

CVE-2021-24791

creationtimestamp| type| source ---|---|--- 2021-11-08 20:29:16+00:00| seen| https://t.me/cibsecurity/31991 2023-10-17 12:50:28+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24791.yaml...

CVE-2021-39341

creationtimestamp| type| source ---|---|--- 2021-10-29 18:01:00+00:00| seen| https://t.me/truesecator/2269 2021-10-31 16:24:28+00:00| exploited| https://t.me/CyberSecurityTechnologies/4637 2021-11-01 23:21:31+00:00| seen| https://t.me/cibsecurity/31573 2025-06-09 13:12:57+00:00| confirmed|...