This repository contains Proof of Concept (POC) code for high severity CVEs for educational and authorized security testing purposes only.
This code is provided for educational purposes, authorized penetration testing, CTF challenges, and security research only.
Do NOT use these POCs against systems without explicit written authorization. Unauthorized access to computer systems is illegal.
| CVE ID | Severity | Vendor | Description |
|---|---|---|---|
| CVE-2022-22963 | Critical (9.8) | VMware | Spring Cloud Function SpEL Injection RCE |
| CVE-2022-22965 | Critical (9.8) | VMware | Spring Framework RCE (Spring4Shell) |
| CVE-2022-47966 | Critical (9.8) | Zoho | ManageEngine SAML RCE |
| CVE ID | Severity | Vendor | Description |
|---|---|---|---|
| CVE-2023-20198 | Critical (10.0) | Cisco | IOS XE Web UI Privilege Escalation |
| CVE-2023-27350 | Critical (9.8) | PaperCut | NG/MF Authentication Bypass RCE |
| CVE-2023-46604 | Critical (10.0) | Apache | ActiveMQ RCE |
| CVE-2023-44487 | High (7.5) | Multiple | HTTP/2 Rapid Reset Attack |
| CVE-2023-29357 | Critical (9.8) | Microsoft | SharePoint Server Privilege Escalation |
| CVE ID | Severity | Vendor | Description |
|---|---|---|---|
| CVE-2024-21762 | Critical (9.8) | Fortinet | FortiOS SSL VPN Out-of-Bounds Write RCE |
| CVE-2024-45387 | High (8.1) | Apache | Traffic Server HTTP Request Smuggling |
| CVE-2024-50623 | Critical (9.8) | Cleo | File Transfer Unrestricted Upload RCE |
| CVE-2024-3400 | Critical (10.0) | Palo Alto | PAN-OS GlobalProtect Command Injection |
| CVE-2024-27198 | Critical (9.8) | JetBrains | TeamCity Authentication Bypass |
| CVE ID | Severity | Vendor | Description |
|---|---|---|---|
| CVE-2025-0282 | Critical (9.0) | Ivanti | Connect Secure Stack Buffer Overflow RCE |
| CVE-2025-21298 | Critical (9.8) | Microsoft | Windows OLE Remote Code Execution |
| CVE-2025-22224 | Critical (9.3) | VMware | vCenter Server Heap Overflow RCE |
| CVE-2025-24813 | Critical (9.8) | Apache | Tomcat Path Equivalence RCE |
| CVE-2025-29927 | Critical (9.1) | Vercel | Next.js Middleware Authorization Bypass |
| CVE ID | Severity | Vendor | Description |
|---|---|---|---|
| CVE-2026-33557 | Critical (9.1) | Apache | Kafka JWT Validation Bypass (OAUTHBEARER) |
vulnerability-poc/
├── README.md
├── 2022/ # 2022 CVEs (3 entries)
│ └── CVE-2022-XXXXX/
├── 2023/ # 2023 CVEs (45 entries)
│ └── CVE-2023-XXXXX/
├── 2024/ # 2024 CVEs (413 entries)
│ └── CVE-2024-XXXXX/
│ ├── README.md # English documentation
│ ├── README_KO.md # Korean documentation (한국어)
│ ├── poc.py # POC exploit code
│ └── prevention/
│ ├── README.md # Mitigation guide
│ ├── nginx.conf # Nginx prevention rules
│ ├── httpd.conf # Apache HTTPD rules
│ ├── snort.rules # Snort IDS rules
│ └── yara.yar # YARA detection rules
└── 2025/ # 2025 CVEs (1107 entries)
└── CVE-2025-XXXXX/
└── ... # Same structure as above
Each CVE includes comprehensive prevention rules for:
- Nginx: Reverse proxy protection rules
- Apache HTTPD: ModSecurity and RewriteRules
- Snort: Network IDS detection signatures
- YARA: File and memory pattern detection
Each POC can be run with the --help flag to see available options:
python 2024/CVE-2024-21762/poc.py --help
python 2024/CVE-2024-21762/poc.py --check -t <target>Deploy prevention rules to your infrastructure:
# Nginx
cp 2024/CVE-2024-21762/prevention/nginx.conf /etc/nginx/conf.d/cve-2024-21762.conf
# Apache
cp 2024/CVE-2024-21762/prevention/httpd.conf /etc/httpd/conf.d/cve-2024-21762.conf
# Snort
cat 2024/CVE-2024-21762/prevention/snort.rules >> /etc/snort/rules/local.rules
# YARA
yara 2024/CVE-2024-21762/prevention/yara.yar <target_file>Each CVE folder includes:
- README.md: English documentation with vulnerability details
- README_KO.md: Korean documentation (한국어 문서)
- poc.py: Python POC code with check and exploit functions
- prevention/: Complete detection and mitigation rules
This repository uses Shields.io status badges. Here's how to create and customize them:
https://img.shields.io/badge/{LABEL}-{MESSAGE}-{COLOR}?style={STYLE}
| Style | Example |
|---|---|
flat-square |
 |
flat |
 |
plastic |
 |
for-the-badge |
 |
| Color | Code | Example |
|---|---|---|
| Green | brightgreen, green, success |
 |
| Red | red, critical |
 |
| Blue | blue, informational |
 |
| Orange | orange, important |
 |
| Yellow | yellow |
 |
<!-- Test Status -->
<!-- Verification Status -->
<!-- Count Badge -->
<!-- Version Badge -->
<!-- CVSS Severity -->
| Character | URL Encode |
|---|---|
| Space | _ or %20 |
| Dash | -- |
| Underscore | __ |
| Slash | %2F |
| Percent | %25 |
Looking for deeper security support? We offer comprehensive enterprise solutions:
- MSSP (Managed Security Service Provider): 24/7 security monitoring and incident response
- Automated Integration: Seamless integration with your existing security infrastructure (SIEM, SOAR, ticketing systems)
- Continuous Vulnerability Management: Proactive vulnerability tracking, prioritization, and remediation guidance
- Custom Detection Rules: Tailored detection signatures for your specific environment
- Threat Intelligence: Real-time threat feeds and vulnerability intelligence
| Contact | |
|---|---|
| Sales & Partnerships | srkim@nshc.net |
| Technical Support | hsjang@nshc.net |
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
Please ensure any contributions include:
- Proper CVE attribution
- Both English and Korean documentation
- Prevention rules (nginx, httpd, snort, yara)
- Responsible disclosure compliance