Publicly Disclosed
PoC Exploits

The Gravity SMTP plugin for WordPress contains a vulnerability that allows unauthenticated visitors to access sensitive system configuration data through a REST API endpoint. Specifically, the endpoint at /wp-json/gravitysmtp/v1/tests/mock-data can be exploited due to a permission callback that a...

n8n, an open-source workflow automation platform, has a Remote Code Execution vulnerability affecting specific versions. Authenticated users can inadvertently supply expressions that, under certain circumstances, are evaluated in a context insufficiently isolated from the runtime. This flaw enabl...

The Shahjada Download Manager is affected by a missing authorization vulnerability that allows attackers to exploit incorrectly configured access control security levels. This issue enables unauthorized users to gain access to restricted functionality, potentially leading to data exposure or furt...

This vulnerability allows an application to perform out-of-bounds read operations, potentially leading to unexpected system termination or unauthorized access to kernel memory. Apple has resolved this issue in the latest updates for its operating systems, enhancing their security by implementing ...

A significant security flaw has been identified in the Autobrowse Trace Artifact Handler component of Browserbase, affecting versions prior to 20260526. The issue involves incorrect default permissions, which could potentially allow unauthorized access or manipulation of sensitive files. This vul...

A significant security flaw has been identified in the Autobrowse Trace Artifact Handler component of Browserbase, affecting versions prior to 20260526. The issue involves incorrect default permissions, which could potentially allow unauthorized access or manipulation of sensitive files. This vul...

An infinite loop vulnerability exists in the pypdf library for Python, affecting versions prior to 6.6.2. An attacker can exploit this vulnerability by crafting a specially designed PDF file that triggers an infinite loop when accessing outlines or bookmarks. This can lead to unresponsive behavio...

The n8n workflow automation platform has a vulnerability in versions ranging from 1.65.0 to just below 1.121.0, which allows potential attackers to exploit specific form-based workflows. This flaw can enable unauthorized remote access to sensitive files on the underlying server, posing a signific...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in Git that affects how configuration values are read and written, particularly regarding trailing carriage returns. When a submodule path includes a trailing carriage return, it is altered when read back, which can cause the submodule to be checked out to an incorrect loca...

The Sudo software, prior to version 1.9.17p1, contains a vulnerability that enables local users to gain root access through improper handling of configuration files. Specifically, when the optional --chroot command is used, the software incorrectly processes the /etc/nsswitch.conf file from a use...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A stack overflow vulnerability exists in the wanMTU parameter of the /goform/AdvSetMacMtuWan endpoint in Tenda AC9 router version 1.0 V15.03.05.14_multi. This vulnerability could allow an attacker to execute arbitrary code remotely, potentially leading to unauthorized access and control over the ...

The XWiki Platform is vulnerable due to improper handling of inputs, allowing unauthenticated users to execute arbitrary code via the `SolrSearch` endpoint. This can result in significant breaches of confidentiality, integrity, and availability of the XWiki installation. Users are encouraged to u...

The vulnerability in Microsoft Windows File Explorer poses a security risk by allowing unauthorized access to sensitive information. In an environment where it is present, attackers can exploit this flaw to spoof identities over a network, potentially compromising data integrity and confidentiali...

An external control of file name or path in Windows NTLM enables unauthorized attackers to exploit a vulnerability, leading to potential spoofing attacks over a network. This situation poses a significant threat as attackers may gain access to sensitive information or systems.

A security vulnerability in the Comfast CF-WR631AX V3 router impacts the API Endpoint due to improper handling of input parameters in the mbox-config system. An attacker can exploit this vulnerability to inject arbitrary OS commands remotely, leading to potential system compromise. Despite attemp...

A vulnerability was identified in Activepieces up to version 0.83.0, specifically within the handleUrlFile function of the File URL Handler component. This flaw enables remote attackers to exploit server-side request forgery (SSRF), allowing them to send unauthorized requests from the server to i...

A cross-site scripting vulnerability has been identified in the Auth Endpoint of Kortix AI Suna, up to version 0.8.38. This issue allows a remote attacker to manipulate the returnURL parameter in the function router.replace/router.push within the file apps/frontend/src/app/auth/page.tsx. This vul...

A security flaw has been identified in the Edimax BR-6478AC V2 router, specifically in the POST Request Handler component. This vulnerability allows an attacker to manipulate the command argument in the function 'mp' of the file '/goform/mp', potentially executing unauthorized commands. The explo...

A command injection vulnerability exists in the Edimax BR-6478AC V2 router, specifically in the 'wiz_5in1_redirect' function within the /goform/wiz_5in1_redirect component. This flaw allows an attacker to manipulate the 'newpass' argument, potentially executing arbitrary commands on the device. G...

Claude Code, an advanced coding tool by Anthropic, had a critical flaw allowing code injection via the startup trust dialog. Attackers could potentially manipulate the application to execute arbitrary code in untrusted directories before the user acknowledges the trust dialog. Users operating wit...

A vulnerability exists in the Directus API management tool where the exact version number is revealed through the OpenAPI Specification at the '/server/specs/oas' endpoint without requiring authentication. This exposure allows attackers to identify potential weaknesses in the Directus core and it...

A command injection vulnerability exists in the Edimax BR-6478AC V2 router, specifically within the POST request handler for the 'stainfo' function. This flaw allows remote attackers to manipulate input arguments, enabling unauthorized execution of commands. The issue has been publicly disclosed,...

A critical command injection vulnerability exists in the Edimax BR-6478AC V2 router, specifically affecting the setWAN function within the POST Request Handler. This flaw allows attackers to manipulate parameters such as pppUserName, pptpUserName, and L2TPUserName to execute arbitrary commands re...

A buffer overflow vulnerability has been identified in the Edimax BR-6478AC V2 router, specifically within the function formWlSiteSurvey located in the /goform/formWlSiteSurvey component. This security flaw arises from improper handling of the selSSID argument, which can be manipulated remotely, ...

A security vulnerability has been identified in BerriAI litellm versions up to 1.82.2, stemming from an incomplete fix related to a prior issue. The vulnerability resides within the 'ui_view_users' function of the internal_user_endpoints.py file, allowing unauthorized users to gain access to sens...

A security vulnerability exists in BerriAI's litellm product, specifically in the MCP OpenAPI Spec Loader component. This flaw occurs in the function load_openapi_spec_async, located in openapi_to_mcp_generator.py. It allows an attacker to manipulate the spec_path argument, enabling server-side r...

A security vulnerability has been identified in BerriAI Litellm, specifically within the async_pre_call_hook function of the enterprise_hooks/banned_keywords.py component. This flaw allows for improper manipulation of the prompt argument, leading to incorrect authorization outcomes. The exploitat...

A vulnerability exists in Icecast versions up to 2.0.1, where a buffer overflow can be triggered by sending an HTTP request with an abnormal quantity of headers. This flaw can allow remote attackers to execute arbitrary code on the affected system. Users of affected Icecast versions should upgrad...

A security vulnerability in BerriAI's Litellm, specifically within the SSO Authentication Flow managed by the get_redirect_response_from_openid function in the file litellm/proxy/management_endpoints/ui_sso.py, has been identified. This flaw allows for session expiration manipulation, posing a ri...

A vulnerability exists in the BerriAI litellm software, specifically within the SSO Debug Flow located in the json.dumps function of the ui_sso.py file. This issue can result in missing authentication, allowing attackers to exploit the function remotely without necessary credentials. The exploit ...

A vulnerability has been identified in the Zhilink (Shenzhen) Technology Co., Ltd. ADP Application Developer Platform version 1.0.0. This issue arises from the XML Parser component's handling of external entity references in the file /adpweb/a/base/barcodeDetail/import. An attacker could exploit ...

A critical deserialization vulnerability exists in the Zhilink ADP Application Developer Platform 1.0.0, specifically within the testConnection endpoint. This vulnerability arises from improper handling of the jdbcUrl argument, allowing an attacker to perform remote exploits. Although the vendor ...

A security vulnerability has been identified in Ezbsystems UltraISO Premium Edition affecting the bootpt64.sys component within the Kernel Driver. This issue manifests due to improper access controls, necessitating local access for exploitation. The threat has been publicly disclosed, indicating ...

A significant access control vulnerability has been detected in IM-Magic Partition Resizer versions up to 7.9.0. This issue resides in the MDA_NTDRV.sys kernel driver, allowing local users to manipulate functions and bypass access restrictions. The potential for exploitation has been made public,...

A security flaw has been identified in EaseUS Partition Master versions up to 14.5, specifically affecting the EUEDKEPM.sys kernel driver. This vulnerability allows for improper access controls, creating opportunities for local privilege escalation attacks. The exploitation requires local access,...

A vulnerability exists in the EaseUS Partition Master due to improper access controls within the kernel driver epmntdrv.sys, affecting versions up to 14.5. This vulnerability requires local exploitation and can potentially allow unauthorized users to manipulate system components. The vendor has c...

A vulnerability exists in the AOMEI Backupper software, specifically within the kernel driver amwrtdrv.sys. This issue impacts an unspecified function within the driver, allowing for improper access controls to be exploited. An attacker needs to execute the exploit locally, which poses a signific...

A vulnerability exists in AOMEI Dynamic Disk Manager affecting its kernel driver ddmdrv.sys, which suffers from improper access controls. This local privilege escalation vulnerability allows an attacker with local access to manipulate operations within the library, potentially leading to unauthor...

A local privilege escalation vulnerability exists in AOMEI Partition Assistant versions up to 10.10.1, impacting the ampa10.sys kernel driver. This flaw allows an attacker to manipulate code execution due to improper access controls, leading to unauthorized access within the system. Local exploit...

A security flaw has been detected in Montodel House-Rental-Management that allows an attacker to execute SQL injection via the 'ID' argument in the index.php file. This vulnerability can be exploited remotely, presenting significant security risks by manipulating database queries. The vendor has ...

A vulnerability in the Montodel House-Rental-Management application, specifically within the /login.php file, allows for SQL injection through the manipulation of the 'Username' parameter. This serious issue enables remote attackers to execute unauthorized SQL commands, potentially compromising t...

A security vulnerability in BerriAI's litellm has been identified, affecting versions up to 1.82.2. This issue arises in the function _execute_with_mcp_client within the MCP Server Connection Testing component, specifically found in the file litellm/proxy/_experimental/mcp_server/rest_endpoints.p...

A vulnerability has been discovered in the BerriAI litellm's MCP Proxy that affects the UserAPIKeyAuth function within the user_api_key_auth_mcp.py file. This weakness can be exploited to achieve improper authentication, allowing unauthorized users to potentially gain access to privileged functio...

A vulnerability has been identified in BerriAI's litellm software, specifically affecting version 1.82.2 and earlier. The issue arises in the user authentication process within the PROXY_ADMIN database API Key Generator, located in the authenticate_user function of the login_utils.py file. Attack...

A security flaw has been identified in BerriAI's Litellm product, specifically affecting versions up to 1.82.2. The vulnerability resides in an unknown function within the file litellm/proxy/auth/user_api_key_auth.py, part of the M2M JWT Handler. This vulnerability allows for improper authorizati...

A vulnerability exists in BerriAI's litellm, affecting versions up to 1.63.1, specifically in the Admin Key Handler component. The issue arises from an unknown function within the file litellm/proxy/management_endpoints/key_management_endpoints.py, leading to improper authorization that can be ex...

An issue has been identified in Microsoft Defender that could allow an authorized attacker to gain elevated privileges through improper link resolution before file access, also known as link following. This vulnerability could enable attackers to manipulate file paths, potentially leading to unau...

WooCommerce version 7.1.0 has a vulnerability that allows remote code execution. This flaw enables attackers to execute arbitrary PHP code by injecting untrusted shell commands through the product-type parameter. By sending crafted requests to the class-wc-meta-box-product-images.php endpoint, at...