# TODO ## TODO ### 2020 * [CVE-2020-3259, Cisco AnyConnect](https://www.truesec.com/hub/blog/akira-ransomware-and-exploitation-of-cisco-anyconnect-vulnerability-cve-2020-3259) ### 2021 * [CVE-2021-21985, VMWare vSphere](https://github.com/alt3kx/CVE-2021-21985_PoC) * [CVE-2021-21972, VMWare vCenter](https://github.com/horizon3ai/CVE-2021-21972) * [CVE-2021-21974, VMWare ESXi](https://straightblast.medium.com/my-poc-walkthrough-for-cve-2021-21974-a266bcad14b9) * [CVE-2021-40655, D-Link DIR-605L](https://github.com/Ilovewomen/D-LINK-DIR-605) ### 2022 * [CVE-2022-22948, VMWare vCenter](https://github.com/PenteraIO/CVE-2022-22948) ### 2023 * [CVE-2023-20198, Cisco IOS XE](https://github.com/smokeintheshell/CVE-2023-20198) * [CVE-2023-20269, Cisco ASA/Firepower VPN](https://arcticwolf.com/resources/blog/cve-2023-20269/) * [CVE-2023-30908, HPE OneView Auth Bypass](https://github.com/advisories/GHSA-mj28-6mv8-vqx9) * [CVE-2023-34048, VMWare vCenter](https://medium.com/@elniak/navigating-the-storm-understanding-cve-2023-34048s-impact-on-vmware-vcenter-server-6004e6531e5b) * [CVE-2023-34049, VMWare Aria Operations for Networks](https://github.com/sinsinology/CVE-2023-34039) * [CVE-2023-48788, Fortinet FortiClients EMS](https://github.com/horizon3ai/CVE-2023-48788) ### 2024 * [CVE-2024-3080, ASUS Router Auth Bypass](https://github.com/advisories/GHSA-6c6m-p94j-g86j) * [CVE-2024-3400, Palo Alto OS Command Injection](https://github.com/ihebski/CVE-2024-3400) * [CVE-2024-3912, ASUS Router Firmware Upload](https://github.com/advisories/GHSA-67j2-frvf-p57m) * [CVE-2024-4985, GitHub Enterprise Server Auth Bypass](https://github.com/absholi7ly/Bypass-authentication-GitHub-Enterprise-Server) * [CVE-2024-6045, Confluence Auth RCE](https://github.com/W01fh4cker/CVE-2024-21683-RCE?tab=readme-ov-file) * [CVE-2024-10914, D-Link Command Injection](https://www.bleepingcomputer.com/news/security/critical-bug-in-eol-d-link-nas-devices-now-exploited-in-attacks/) * [CVE-2024-20356, Cisco CIMC Command Injection](https://github.com/nettitude/CVE-2024-20356) * [CVE-2024-20357, Cisco IP Phone XML Injection](https://github.com/advisories/GHSA-49gp-r5pw-pqg8) * [CVE-2024-20358, Cisco ASA/Firepower Auth RCE](https://github.com/advisories/GHSA-x299-q796-x4w4) * [CVE-2024-20359, Cisco ASA/Firepower Auth RCE](https://github.com/advisories/GHSA-rqwm-368v-fp53) * [CVE-2024-20419, Cisco Smart Software Manager RCE](https://github.com/advisories/GHSA-5697-p67m-73p6) * [CVE-2024-24919, Check Point SVN RCE](https://github.com/un9nplayer/CVE-2024-24919) * [CVE-2024-29849, Veeam Backupo Auth Bypass](https://github.com/sinsinology/CVE-2024-29849) * [CVE-2024-29972, Zyxel NAS326 Backdoor](https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc/blob/master/exploit.py) * [CVE-2024-29973, Zyxel NAS326 Code Injection](https://github.com/k3lpi3b4nsh33/CVE-2024-29973) * [CVE-2024-29974, Zyxel NAS326 RCE](https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc/blob/master/exploit.py) * [CVE-2024-29975, Zyxel NAS326 Priv Esc](https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc/blob/master/exploit.py) * [CVE-2024-47575, FortiJump Unauth RCE](https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575) * [PAN-SA-2024-0015, Paloalto Unauth RCE](https://security.paloaltonetworks.com/PAN-SA-2024-0015) * [0.0.0.0-day, PNA bypass](https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser) * [Attacking UNIX Systems via CUPS](https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/) ### 2025 * [CVE-2025-20188, Cisco IOS XE, Hardcoded JWT, CVSS 10](https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html) * [Hardware: Pwnagotchi](https://www.youtube.com/watch?v=rNAYWvSMP6o\&t=1s) * [Hardware: Digital Microscope (budget)](https://www.youtube.com/watch?v=jzcHGjFiR0o\&t=76s) * [Hardware: Digital Microscope (premium)](https://www.youtube.com/watch?v=LjJWM7ExVOY\&t=147s) * [CVE-2025-3280X, Kea DHCP](https://security.opensuse.org/2025/05/28/kea-dhcp-security-issues.html) * [CVE-2025-5054, Apport information disclosure](https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt) * CVE-2025-37164 - HPE OneView unauth RCE * [CVE-2026-21858 - Ni8mare. Unauth RCE](https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858) * CVE-2025-68613 - n8n code execution, 9.9 * CVE-2025-68668 - N8scape. Auth sandbox bypass. * CVE-2025-59470 - Veeam auth RCE * CVE-2026-0625 - D-Link unauth command injection through dnscfg.cgi * CVE-2025-55182 - React2Shell * CVE-2025-13915 - IBM API Connect auth bypass, remote access. * CVE-2025-52691 - SmarterMail, 10.0, unauth RCE * [CVE-xxxx-xxxxx - SmarterMail, Auth bypass](https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html) * [CVE-2026-24423 - SmarterMail, 9.3, unauth rce](https://thehackernews.com/2026/01/smartermail-fixes-critical.html) * CVE-2025-14733 - WatchGuard, Fireware OS, out-of-bounds write IKEv2, unauth RCE * CVE-2025-68664 - LangChain (LangGrinch), 9.3, Serialization Injection * [CVE-2025-59718 / CVE-2025-59719 - Fortinet SSO auth bypass, 9.8](https://www.bleepingcomputer.com/news/security/fortinet-confirms-critical-forticloud-auth-bypass-not-fully-patched/) * [XML Signature Wrapping (XSW)](https://portswigger.net/research/the-fragile-lock) * CVE-2025-6218 - WinRAR, 7.8, path traversal to code execution (ofta i kombination med CVE-2025-8088) * CVE-2025-66516 - Apache Tika, 10.0, XXE * [CVE-2025-53772 - Microsoft Web Deploy, RCE, 8.8](https://github.com/sailay1996/CVE-2025-53772) * [CVE-2024-50629 \~ 50631, Synology BeeStation, RCE (Genom CRLF, Auth Bypass + SQL Injection), pwn2own https://github.com/kiddo-pwn/CVE-2024-50629\_50631](https://kiddo-pwn.github.io/blog/2025-11-30/writing-sync-popping-cron) * CVE-2025-59466 - Node.js DOS, async\_hooks * [CVE-2026-22709 - Node.js vm2 escape sandbox code execution, 9.8, https://www.endorlabs.com/learn/cve-2026-22709-critical-sandbox-escape-in-vm2-enables-arbitrary-code-execution](https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8) * CVE-2025-8110 - Gogs Path Traversal to RCE, 8.7, "improper Symbolic link handling in the PutContents API" * CVE-2025-64155 - FortiSIEM unauth RCE, 9.4, TCP port 7900 (handles incoming request for Elasticsearch), 'weaponizing the curl argument injection to write a reverse shell to "/opt/charting/redishb.sh,"' * [.NET remote object wsdl, RCE, code-white](https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/) * CVE-2025-20393 - Cisco Secure Email Gateway, 10.0, RCE insufficient validation of HTTP request by Spam Quarantine feature, China-nexus APT * CVE-2025-53690, Sitecore, CVSS score: 9.0, initial access, China-nexus APT * [TP-link Tapo C200, hardcoded keys, firmware dump: https://www.evilsocket.net/images/2025/tapo/bucket\_contents.txt](https://www.evilsocket.net/2025/12/18/TP-Link-Tapo-C200-Hardcoded-Keys-Buffer-Overflows-and-Privacy-in-the-Era-of-AI-Assisted-Reverse-Engineering/) * [CVE-2026-21962 - Oracle HTTP & Weblogic Server Proxy Plug-in, 10.0](https://github.com/advisories/GHSA-4wp9-cf5h-v2g5) * [CVE-2026-24061 - Telnetd GNU InetUtils, 9.8, https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html, https://seclists.org/oss-sec/2026/q1/89](https://www.safebreach.com/blog/safebreach-labs-root-cause-analysis-and-poc-exploit-for-cve-2026-24061/) [More](https://github.com/fastfire/deepdarkCTI/blob/main/cve_most_exploited.md)