Publicly Disclosed
PoC Exploits

An issue has been identified in the JSON_SCHEMA_VALID() function of MariaDB Server, which is derived from MySQL. This vulnerability allows authenticated users to crash versions 11.4 prior to 11.4.10 and 11.8 prior to 11.8.6 of MariaDB server. While under specific conditions, it could lead to remo...

The CodeAstro Membership Management System version 1.0 is prone to an SQL Injection vulnerability via the ID parameter in print_membership_card.php. This flaw allows attackers to manipulate database queries by injecting arbitrary SQL code, potentially leading to unauthorized data access and manip...

The Ancillary Function Driver (AFD) in various versions of Microsoft Windows does not execute proper validation of user-mode input. This flaw enables local users to escalate their privileges via specially crafted applications, potentially leading to unauthorized access to system resources. Affect...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The Apache JServ Protocol (AJP) Connector in Apache Tomcat allowed for misconfigured connections that could be exploited by attackers. By default, the AJP Connector is enabled, listening on all configured IP addresses. This elevated trust can lead to unauthorized access and manipulation of files ...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A vulnerability exists in FlowiseAI Flowise versions up to 3.0.12 that impacts the 'verify' function located in the account.service.ts file within the Endpoint component. This flaw enables attackers to manipulate requests, potentially leading to unauthorized access to sensitive information. The c...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

A vulnerability in the Vite frontend tooling framework allows unauthorized access to arbitrary files on the server. If an attacker connects to the Vite development server's WebSocket without an Origin header, they can exploit the custom WebSocket event 'vite:invoke' to retrieve file contents as J...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

The pac4j-jwt library's JwtAuthenticator prior to versions 4.5.9, 5.7.9, and 6.3.3 is susceptible to an authentication bypass that could allow remote adversaries to create forged authentication tokens. By leveraging the server's RSA public key, attackers are able to craft a JWE-wrapped PlainJWT w...

A significant logic error in the adbd_tls_verify_cert function of auth.cpp in various Android versions permits a bypass of the wireless ADB mutual authentication process. This flaw can lead to unauthorized remote code execution by exploiting the vulnerability as the shell user without requiring a...

A vulnerability has been identified in Windows Hyper-V, specifically related to the NT Kernel Integration Virtual Service Provider (VSP). This flaw allows an attacker to gain elevated privileges through carefully crafted input, potentially leading to unauthorized access and control over the host ...

A vulnerability in Windows SMB Server allows authorized attackers to exploit improper authentication mechanisms, enabling them to elevate their privileges locally. This weakness can be leveraged to gain unauthorized access and control over sensitive resources within the affected system, presentin...

The Ollama application is susceptible to a heap out-of-bounds read vulnerability within its GGUF model loader. This issue arises when the /api/create endpoint processes an attacker-defined GGUF file where the tensor offset and size exceed the file’s actual length. During quantization, the server ...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

In certain versions of Spring Cloud Function, an attacker can exploit the routing functionality through a specially crafted Spring Expression Language (SpEL) as a routing-expression. This misconfiguration may allow unauthorized access to local resources and the execution of arbitrary code, posing...

An authorization bypass vulnerability exists in Dify prior to version 1.14.0, enabling authenticated users to read files uploaded by other users within the same tenant. By supplying arbitrary file UUIDs in a chat-messages request, attackers can exploit inadequate permission checks in the chat-mes...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The D-Link DI-8100 router contains a vulnerability in the sprintf function located within the /user_group.asp file of the CGI Handler component. This vulnerability allows an attacker to execute a buffer overflow, potentially leading to unauthorized actions on the device. The attack can be initiat...

A flaw in D-Link DI-8100 version 16.07.26A1 has been identified within the web management interface at /url_member.asp. A vulnerability exists that allows remote attackers to manipulate the 'Name' argument, resulting in a buffer overflow. This may enable unauthorized access and exploitation, maki...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

A buffer overflow vulnerability exists in the D-Link DI-8100, particularly within the tggl_asp function of the /tggl.asp file in the HTTP Request Handler. Attackers can manipulate the argument 'Name' to trigger this overflow, potentially leading to remote exploitation. The exploit has been made p...

A buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically within the url_rule_asp function located in the /url_rule.asp file of the POST Parameter Handler. This vulnerability allows attackers to manipulate input parameters that could potentially lead to unauth...

A vulnerability exists in the D-Link DI-8100 router's HTTP handler, specifically in the 'sprintf' function within the '/auto_reboot.asp' file. The flaw arises from improper handling of input parameters, which can lead to a buffer overflow condition. An attacker can exploit this vulnerability remo...

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically in the sprintf function within the yyxz.asp file. This vulnerability arises from improper handling of the ID argument, allowing an attacker to execute arbitrary code remotely. Exploits for t...

A vulnerability exists in the Uploaded File Handler of Langchain-Chatchat, impacting versions up to 0.3.1.3. Specifically, the issue lies within the _get_file_id function in the openai_routes.py file, where manipulation can lead to the use of insufficiently random values. This flaw necessitates a...

A race condition vulnerability exists in Langchain-Chatchat's OpenAI-Compatible File Upload API, specifically within the function handling file uploads in openai_routes.py. This flaw allows for manipulation of the file.filename parameter, leading to a time-of-check to time-of-use (TOCTOU) issue. ...

A vulnerability has been identified in Langchain-Chatchat affecting versions up to 0.3.1.3. This issue arises from a flaw in the Vision Chat Paste Image Handler, specifically within the function PIL.Image.tobytes. The vulnerability can be exploited through manipulation of the paste_image.image_da...

A vulnerability has been identified in the Langchain-Chatchat product from chatchat-space, where the Compatible File Service fails to enforce proper authentication controls for specific functions. This oversight, affecting functions such as retrieving and deleting files, allows unauthorized users...

A vulnerability in the EFM ipTIME NAS1dual 1.5.24 relates to the function get_csrf_whites within the file /cgi/advanced/misc_main.cgi. This flaw can be exploited via remote attacks, leading to stack-based buffer overflow, which can compromise system integrity. The issue was disclosed publicly, an...

A command injection vulnerability has been discovered in the EFM ipTIME C200 router, specifically affecting the ApplyRestore Endpoint functionality located in the /cgi/iux_set.cgi file. This weakness originates from improper handling of the RestoreFile argument within the sub_408F90 function, all...

A security flaw has been identified in IObit Advanced SystemCare 19, specifically within the ASC.exe component of the Service. This flaw allows for symlink following, enabling potential local attack vectors. The complexity of exploiting this vulnerability is significant, and successful exploitati...

AmazCart CMS version 3.4 is susceptible to a reflected cross-site scripting vulnerability that enables unauthenticated attackers to inject harmful scripts through the search functionality. Malicious users can leverage this flaw by inputting script tags in the search box, which can then execute ar...

The ERPGo SaaS 3.9 contains a vulnerability that enables authenticated attackers to perform CSV injection by inserting crafted formula payloads into vendor name fields. This loophole allows attackers to execute arbitrary code when the generated CSV file is opened in spreadsheet applications, pote...

The Backup Migration Plugin version 1.2.8 for WordPress is vulnerable to information disclosure that enables unauthenticated attackers to access sensitive database backups. By exploiting predictable file paths, attackers can enumerate backup directories using configuration files and logs. This vu...

OpenEMR version 7.0.1 is susceptible to a brute force authentication vulnerability, where attackers can exploit the login mechanism to bypass rate limiting controls. By sending multiple login attempts via POST requests with specific parameters, they can test various username and password combinat...

The Frappe Framework ERPNext version 13.4.0 is susceptible to a sandbox escape vulnerability within RestrictedPython. This issue permits authenticated users with the System Manager role to execute arbitrary code by leveraging frame introspection. Specifically, an attacker can craft a server scrip...

Eclipse Equinox OSGi versions 3.8 through 3.18 are susceptible to a remote code execution vulnerability via the console interface. This flaw enables unauthenticated attackers to exploit the fork command functionality, allowing them to establish a telnet connection to the OSGi console. By performi...

Eclipse Equinox OSGi versions 3.7.2 and earlier contain a vulnerability that permits attackers to execute arbitrary commands remotely. By connecting to the OSGi console port, unauthenticated users can send crafted payloads encoded in base64, wrapped within fork directives, enabling them to execut...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A security flaw has been identified in the Totolink A8000RU router, specifically within the setAppFilterCfg function in cgi-bin/cstecgi.cgi. This vulnerability allows for remote command injection via manipulation of the 'enable' argument. An attacker can exploit this flaw to execute arbitrary com...

A vulnerability has been discovered in the itsourcecode Courier Management System 1.0, specifically in the /print_pdets.php file. This vulnerability allows for SQL injection due to improper handling of the 'ids' argument. The flaw can be exploited from a remote location, enabling attackers to man...

A command injection vulnerability exists in the MCP Tool developed by 54yyyu, specifically within the git_operation function found in src/code_mcp/server.py. This flaw allows an attacker to manipulate the operation argument remotely, leading to unauthorized command execution. Despite the project ...