Skip to main content
Back to Labs
Hackviser Labs

Common Vulnerabilities

CVE-style labs, real-world misconfigurations, and focused vulnerability practice.

46 labs12 topics

Labs

Browse the labs in this category and open the one you want to practice.

CVE 2026

AVideo Encoder getImage.php Command Injection (CVE-2026-29058)

10 Points
VIPView lab
CVE 2026

Copy Fail – Linux Kernel Local Privilege Escalation (CVE-2026-31431)

10 Points
VIPView lab
CVE 2026

Dirty Frag – Linux Kernel Local Privilege Escalation (CVE-2026-43284 & CVE-2026-43500)

10 Points
VIPView lab
CVE 2026

Grandstream GXP1600 Unauthenticated Remote Code Execution (CVE-2026-2329)

10 Points
VIPView lab
CVE 2026

NGINX Rewrite Module RCE via Heap Buffer Overflow (CVE-2026-42945)

10 Points
VIPView lab
CVE 2026

ProFTPD Authentication Bypass & Remote Code Execution (CVE-2026-42167)

10 Points
VIPView lab
CVE 2026

WPvivid Backup & Migration Plugin Unauthenticated Remote Code Execution (CVE-2026-1357)

10 Points
VIPView lab
CVE 2026

GNU Inetutils Telnetd Authentication Bypass (CVE-2026-24061)

10 Points
VIPView lab
CVE 2025

n8n Remote Code Execution (CVE-2025-68613)

10 Points
VIPView lab
CVE 2025

React Server Components Remote Code Execution (CVE-2025-55182)

10 Points
VIPView lab
CVE 2025

Apache Tomcat 9.0.0-9.0.98/10.1.0-10.1.34/11.0.0-11.0.2 Remote Code Execution (CVE-2025-24813)

10 Points
VIPView lab
CVE 2025

Next.js Middleware Authorization Bypass (CVE-2025-29927)

10 Points
VIPView lab
CVE 2025

YesWiki < 4.5.2 Unauthenticated Path Traversal (CVE-2025-31131)

10 Points
VIPView lab
CVE 2025

Sudo 1.9.14 – 1.9.17 Local Privilege Escalation via chroot (CVE-2025-32463)

10 Points
VIPView lab
CVE 2025

Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization (CVE-2025-49113)

10 Points
VIPView lab
CVE 2024

Palo Alto Networks PAN-OS GlobalProtect Remote Code Execution (CVE-2024-3400)

10 Points
VIPView lab
CVE 2024

pgAdmin 4 Session Deserialization Remote Code Execution (CVE-2024-2044)

10 Points
VIPView lab
CVE 2024

Jenkins Arbitrary File Read (CVE-2024-23897)

10 Points
VIPView lab
CVE 2024

Apache HugeGraph Gremlin Remote Code Execution (CVE-2024-27348)

10 Points
VIPView lab
CVE 2023

Chamilo LMS Remote Code Execution (CVE-2023-34960)

10 Points
VIPView lab
CVE 2023

PaperCut MF/NG Authentication Bypass to Remote Code Execution (CVE-2023-27350)

10 Points
VIPView lab
CVE 2023

Metabase Pre-Auth Remote Code Execution (CVE-2023-38646)

10 Points
VIPView lab
CVE 2023

Mirth Connect Unauthenticated Remote Code Execution (CVE-2023-43208)

10 Points
VIPView lab
CVE 2022

Atlassian Confluence OGNL Injection Remote Code Execution (CVE-2022-26134)

10 Points
VIPView lab
CVE 2022

Control Web Panel (CWP) Remote Code Execution (CVE-2022-44877)

10 Points
VIPView lab
CVE 2022

Redis Lua Sandbox Escape Remote Code Execution (CVE-2022-0543)

10 Points
VIPView lab
CVE 2022

Spring Cloud Function SpEL Injection Remote Code Execution (CVE-2022-22963)

10 Points
VIPView lab
CVE 2021

Apache Log4j Remote Code Execution (CVE-2021-44228)

10 Points
VIPView lab
CVE 2021

Laravel Framework < 8.4.2 Remote Code Execution (CVE-2021-3129)

10 Points
VIPView lab
CVE 2021

Apache HTTP Server 2.4.49/2.4.50 Remote Code Execution (CVE-2021-42013)

10 Points
FreeView lab
CVE 2021

Grafana Directory Traversal (CVE-2021-43798)

10 Points
VIPView lab
CVE 2020

F5 BIG-IP TMUI Remote Code Execution (CVE-2020-5902)

10 Points
VIPView lab
CVE 2020

Pi-hole AdminLTE Web Interface Remote Code Execution (CVE-2020-8816)

10 Points
VIPView lab
CVE 2020

Apache APISIX Default Admin API Token Remote Code Execution (CVE-2020-13945)

10 Points
VIPView lab
CVE 2019

Nostromo Web Server Remote Code Execution (CVE-2019-16278)

10 Points
VIPView lab
CVE 2019

PostgreSQL COPY TO/FROM PROGRAM Authenticated Remote Code Execution (CVE-2019-9193)

10 Points
VIPView lab
CVE 2019

Webmin <= 1.920 Remote Code Execution (CVE-2019-15107)

10 Points
VIPView lab
CVE 2018

Drupalgeddon2 Remote Code Execution (CVE-2018-7600)

10 Points
VIPView lab
CVE 2018

phpMyAdmin 4.8.0/4.8.1 Authenticated Remote Code Execution (CVE-2018-12613)

10 Points
VIPView lab
CVE 2017

Samba 3.5.0 - 4.6.4 Remote Code Execution (CVE-2017-7494)

10 Points
FreeView lab
CVE 2017

Apache Tomcat JSP Upload Bypass Remote Code Execution (CVE-2017-12617)

10 Points
VIPView lab
CVE 2017

Apache CouchDB 1.7.0/2.x < 2.1.1 Remote Code Execution (CVE-2017-12636)

10 Points
VIPView lab
CVE 2016

Magento REST API Remote Code Execution (CVE-2016-4010)

10 Points
VIPView lab
CVE 2016

Apache ActiveMQ Fileserver Remote Code Execution (CVE-2016-3088)

10 Points
VIPView lab
CVE 2015

Joomla HTTP Header Remote Code Execution (CVE-2015-8562)

10 Points
VIPView lab
CVE 2015

ProFTPD 1.3.5 Remote Code Execution (CVE-2015-3306)

10 Points
FreeView lab