# TODO ## TODO ### 2020 * [CVE-2020-3259, Cisco AnyConnect](https://www.truesec.com/hub/blog/akira-ransomware-and-exploitation-of-cisco-anyconnect-vulnerability-cve-2020-3259) ### 2021 * [CVE-2021-21985, VMWare vSphere](https://github.com/alt3kx/CVE-2021-21985_PoC) * [CVE-2021-21972, VMWare vCenter](https://github.com/horizon3ai/CVE-2021-21972) * [CVE-2021-21974, VMWare ESXi](https://straightblast.medium.com/my-poc-walkthrough-for-cve-2021-21974-a266bcad14b9) * [CVE-2021-40655, D-Link DIR-605L](https://github.com/Ilovewomen/D-LINK-DIR-605) ### 2022 * [CVE-2022-22948, VMWare vCenter](https://github.com/PenteraIO/CVE-2022-22948) ### 2023 * [CVE-2023-20198, Cisco IOS XE](https://github.com/smokeintheshell/CVE-2023-20198) * [CVE-2023-20269, Cisco ASA/Firepower VPN](https://arcticwolf.com/resources/blog/cve-2023-20269/) * [CVE-2023-30908, HPE OneView Auth Bypass](https://github.com/advisories/GHSA-mj28-6mv8-vqx9) * [CVE-2023-34048, VMWare vCenter](https://medium.com/@elniak/navigating-the-storm-understanding-cve-2023-34048s-impact-on-vmware-vcenter-server-6004e6531e5b) * [CVE-2023-34049, VMWare Aria Operations for Networks](https://github.com/sinsinology/CVE-2023-34039) * [CVE-2023-48788, Fortinet FortiClients EMS](https://github.com/horizon3ai/CVE-2023-48788) ### 2024 * [CVE-2024-3080, ASUS Router Auth Bypass](https://github.com/advisories/GHSA-6c6m-p94j-g86j) * [CVE-2024-3400, Palo Alto OS Command Injection](https://github.com/ihebski/CVE-2024-3400) * [CVE-2024-3912, ASUS Router Firmware Upload](https://github.com/advisories/GHSA-67j2-frvf-p57m) * [CVE-2024-4985, GitHub Enterprise Server Auth Bypass](https://github.com/absholi7ly/Bypass-authentication-GitHub-Enterprise-Server) * [CVE-2024-6045, Confluence Auth RCE](https://github.com/W01fh4cker/CVE-2024-21683-RCE?tab=readme-ov-file) * [CVE-2024-10914, D-Link Command Injection](https://www.bleepingcomputer.com/news/security/critical-bug-in-eol-d-link-nas-devices-now-exploited-in-attacks/) * [CVE-2024-20356, Cisco CIMC Command Injection](https://github.com/nettitude/CVE-2024-20356) * [CVE-2024-20357, Cisco IP Phone XML Injection](https://github.com/advisories/GHSA-49gp-r5pw-pqg8) * [CVE-2024-20358, Cisco ASA/Firepower Auth RCE](https://github.com/advisories/GHSA-x299-q796-x4w4) * [CVE-2024-20359, Cisco ASA/Firepower Auth RCE](https://github.com/advisories/GHSA-rqwm-368v-fp53) * [CVE-2024-20419, Cisco Smart Software Manager RCE](https://github.com/advisories/GHSA-5697-p67m-73p6) * [CVE-2024-24919, Check Point SVN RCE](https://github.com/un9nplayer/CVE-2024-24919) * [CVE-2024-29849, Veeam Backupo Auth Bypass](https://github.com/sinsinology/CVE-2024-29849) * [CVE-2024-29972, Zyxel NAS326 Backdoor](https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc/blob/master/exploit.py) * [CVE-2024-29973, Zyxel NAS326 Code Injection](https://github.com/k3lpi3b4nsh33/CVE-2024-29973) * [CVE-2024-29974, Zyxel NAS326 RCE](https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc/blob/master/exploit.py) * [CVE-2024-29975, Zyxel NAS326 Priv Esc](https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc/blob/master/exploit.py) * [CVE-2024-47575, FortiJump Unauth RCE](https://github.com/watchtowrlabs/Fortijump-Exploit-CVE-2024-47575) * [PAN-SA-2024-0015, Paloalto Unauth RCE](https://security.paloaltonetworks.com/PAN-SA-2024-0015) * [0.0.0.0-day, PNA bypass](https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser) * [Attacking UNIX Systems via CUPS](https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/) ### 2025 * [CVE-2025-20188, Cisco IOS XE, Hardcoded JWT, CVSS 10](https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html) * [Hardware: Pwnagotchi](https://www.youtube.com/watch?v=rNAYWvSMP6o\&t=1s) * [Hardware: Digital Microscope (budget)](https://www.youtube.com/watch?v=jzcHGjFiR0o\&t=76s) * [Hardware: Digital Microscope (premium)](https://www.youtube.com/watch?v=LjJWM7ExVOY\&t=147s) * [CVE-2025-3280X, Kea DHCP](https://security.opensuse.org/2025/05/28/kea-dhcp-security-issues.html) * [CVE-2025-5054, Apport information disclosure](https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt) * CVE-2025-37164 - HPE OneView unauth RCE * [CVE-2026-21858 - Ni8mare. Unauth RCE](https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858) * CVE-2025-68613 - n8n code execution, 9.9 * CVE-2025-68668 - N8scape. Auth sandbox bypass. * CVE-2025-59470 - Veeam auth RCE * CVE-2026-0625 - D-Link unauth command injection through dnscfg.cgi * CVE-2025-55182 - React2Shell * CVE-2025-13915 - IBM API Connect auth bypass, remote access. * CVE-2025-52691 - SmarterMail, 10.0, unauth RCE * [CVE-xxxx-xxxxx - SmarterMail, Auth bypass](https://thehackernews.com/2026/01/smartermail-auth-bypass-exploited-in.html) * [CVE-2026-24423 - SmarterMail, 9.3, unauth rce](https://thehackernews.com/2026/01/smartermail-fixes-critical.html) * CVE-2025-14733 - WatchGuard, Fireware OS, out-of-bounds write IKEv2, unauth RCE * CVE-2025-68664 - LangChain (LangGrinch), 9.3, Serialization Injection * [CVE-2025-59718 / CVE-2025-59719 - Fortinet SSO auth bypass, 9.8](https://www.bleepingcomputer.com/news/security/fortinet-confirms-critical-forticloud-auth-bypass-not-fully-patched/) * [XML Signature Wrapping (XSW)](https://portswigger.net/research/the-fragile-lock) * CVE-2025-6218 - WinRAR, 7.8, path traversal to code execution (ofta i kombination med CVE-2025-8088) * CVE-2025-66516 - Apache Tika, 10.0, XXE * [CVE-2025-53772 - Microsoft Web Deploy, RCE, 8.8](https://github.com/sailay1996/CVE-2025-53772) * [CVE-2024-50629 \~ 50631, Synology BeeStation, RCE (Genom CRLF, Auth Bypass + SQL Injection), pwn2own https://github.com/kiddo-pwn/CVE-2024-50629\_50631](https://kiddo-pwn.github.io/blog/2025-11-30/writing-sync-popping-cron) * CVE-2025-59466 - Node.js DOS, async\_hooks * [CVE-2026-22709 - Node.js vm2 escape sandbox code execution, 9.8, https://www.endorlabs.com/learn/cve-2026-22709-critical-sandbox-escape-in-vm2-enables-arbitrary-code-execution](https://github.com/patriksimek/vm2/security/advisories/GHSA-99p7-6v5w-7xg8) * CVE-2025-8110 - Gogs Path Traversal to RCE, 8.7, "improper Symbolic link handling in the PutContents API" * CVE-2025-64155 - FortiSIEM unauth RCE, 9.4, TCP port 7900 (handles incoming request for Elasticsearch), 'weaponizing the curl argument injection to write a reverse shell to "/opt/charting/redishb.sh,"' * [.NET remote object wsdl, RCE, code-white](https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/) * CVE-2025-20393 - Cisco Secure Email Gateway, 10.0, RCE insufficient validation of HTTP request by Spam Quarantine feature, China-nexus APT * CVE-2025-53690, Sitecore, CVSS score: 9.0, initial access, China-nexus APT * [TP-link Tapo C200, hardcoded keys, firmware dump: https://www.evilsocket.net/images/2025/tapo/bucket\_contents.txt](https://www.evilsocket.net/2025/12/18/TP-Link-Tapo-C200-Hardcoded-Keys-Buffer-Overflows-and-Privacy-in-the-Era-of-AI-Assisted-Reverse-Engineering/) * [CVE-2026-21962 - Oracle HTTP & Weblogic Server Proxy Plug-in, 10.0](https://github.com/advisories/GHSA-4wp9-cf5h-v2g5) * [CVE-2026-24061 - Telnetd GNU InetUtils, 9.8, https://thehackernews.com/2026/01/critical-gnu-inetutils-telnetd-flaw.html, https://seclists.org/oss-sec/2026/q1/89](https://www.safebreach.com/blog/safebreach-labs-root-cause-analysis-and-poc-exploit-for-cve-2026-24061/) [More](https://github.com/fastfire/deepdarkCTI/blob/main/cve_most_exploited.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://0xpthree.gitbook.io/notes/todo.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.