poc

poc Collection of my PoC's for various vulnerabilities. L...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

EUVD-2025-31717

Malicious code in bioql PyPI...

EUVD-2025-24242

Malicious code in bioql PyPI...

EUVD-2025-6921

Malicious code in bioql PyPI...

CVE-2025-41098

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a misuse of the general enquiry web service...

CVE-2025-41098

CVE-2025-41098 affects Bold Workplanner. The issue is an Insecure Direct Object Reference (IDOR) resulting from misuse of the General Enquiry web service, impacting versions prior to 2.5.25 (build 4935b438f9b). Public sources across multiple databases confirm an IDOR vulnerability without exposed...

CVE-2024-8053 Improper Authentication in open-webui/open-webui

In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...

CVE-2024-29040

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...