Public PoC Exploits Surfaced for CVE-2026-34177 and CVE-2025-7389
Public GitHub repositories were flagged for newly published proof-of-concept exploits tied to two high-severity vulnerabilities: CVE-2026-34177, a VM low-level restriction bypass involving raw.apparmor and raw.qemu.conf, and CVE-2025-7389, an unauthorized arbitrary file-read issue via RMI in an AdminServer interface. The monitoring identified repositories advertising exploit code or demonstrations for both flaws, indicating that offensive tradecraft is now publicly accessible.
The referenced tracking activity monitors GitHub for exploit and PoC publications, ranks results by most recently updated repositories, and limits visible results to the first 15 entries for performance reasons. For defenders, the appearance of public exploit material raises the urgency of validating exposure to affected virtualization and AdminServer deployments, prioritizing patching or mitigations, and increasing detection coverage for exploitation attempts targeting these CVEs.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Public PoC Monitoring Flags New Elevation-of-Privilege CVEs in Windows and Lenovo Software
Public exploit monitoring feeds highlighted two newly listed elevation-of-privilege vulnerabilities: **CVE-2026-26167** affecting **Windows Push Notifications** and **CVE-2026-4145** affecting **Lenovo Software Fix**. Both entries were published through high-severity CVE tracking and tied to GitHub-based monitoring intended to identify newly public proof-of-concept repositories and exploit code. The available details indicate the monitoring process scans GitHub for public exploit and PoC repositories, sorts matches by most recently updated, and limits output to the first 15 repositories for performance reasons. No threat actor, malware family, victim organization, exploitation evidence, or technical exploit details were provided in the referenced material, but the appearance of these CVEs in PoC-tracking feeds suggests defenders should watch for emerging exploit code and prioritize validation of exposure to the affected Windows and Lenovo components.
3 weeks ago
Active Exploitation of Critical RCE Vulnerabilities in Enterprise Infrastructure (Cisco UC and VMware vCenter)
Reports warn of **in-the-wild exploitation** of critical remote code execution vulnerabilities affecting widely deployed enterprise infrastructure. One report describes a purported Cisco Unified Communications zero-day, **CVE-2024-20253**, impacting *Cisco Unified Communications Manager (Unified CM)*, *Cisco Unity Connection*, and *Webex Calling Dedicated Instance*, and claims it enables **unauthenticated command execution** via the web management interface, creating risk of full system compromise and rapid opportunistic scanning of internet-exposed instances. Separately, **CISA added Broadcom VMware vCenter Server CVE-2024-37079** (CVSS 9.8) to the **Known Exploited Vulnerabilities (KEV)** catalog based on evidence of exploitation; the issue is described as a **DCE/RPC heap overflow** that can lead to RCE via specially crafted network packets, and Broadcom updated its advisory to acknowledge observed exploitation. A third item (Rapid7’s Metasploit wrap-up) is not about either of these active-exploitation advisories; it covers new Metasploit modules for unrelated vulnerabilities (e.g., Oracle E-Business Suite **CVE-2025-61882** and Splunk issues), which may increase general exploitation capability but does not substantively corroborate the Cisco or VMware events.
1 months ago
Public Exploit Releases for Multiple High-Impact RCE Vulnerabilities by Chocapikk
Security researcher Chocapikk has released a curated collection of public exploit repositories targeting a range of unauthenticated remote code execution (RCE) vulnerabilities across various platforms. The collection includes weaponized proof-of-concept (PoC) exploits and Metasploit modules for critical CVEs such as CVE-2025-34152 (Shenzhen Aitemi M300 Wi-Fi Repeater), CVE-2024-31819 (AVideo Platform), CVE-2024-25600 (Bricks), CVE-2023-50917 (MajorDoMo), CVE-2025-32432 (CraftCMS), and others. These tools are designed to facilitate security testing and highlight the risks posed by unpatched systems, with several exploits enabling unauthenticated attackers to gain remote shell access or escalate privileges on vulnerable targets. The public availability of these exploits increases the urgency for organizations to patch affected systems and monitor for exploitation attempts. Chocapikk's contributions are widely referenced in the security community, with mentions in multiple security news outlets and integration into major exploit frameworks like Metasploit. The release of these tools underscores the ongoing threat posed by rapidly weaponized vulnerabilities and the importance of proactive vulnerability management and detection strategies for enterprise defenders.
1 months ago