Publicly Disclosed
PoC Exploits

The Tutor LMS plugin for WordPress is susceptible to SQL Injection attacks through the 'coupon_code' parameter. This vulnerability exists in all versions up to and including 3.9.6. Due to inadequate escaping of user-supplied input and poor SQL query preparation, unauthenticated attackers can expl...

In Wing FTP Server prior to version 7.4.4, both user and admin web interfaces improperly handle null ('\0') bytes, which can lead to the injection of arbitrary Lua code into user session files. This vulnerability enables attackers to execute arbitrary system commands with the privileges of the FT...

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier face a significant risk due to an Improper Input Validation flaw. This vulnerability allows attackers to bypass security features, potentially leading to session takeover without requiring any us...

A heap-based buffer overflow vulnerability in Microsoft Windows DNS can allow unauthorized attackers to execute arbitrary code remotely over the network. This can lead to potential data breaches and unauthorized access to sensitive information. Organizations are strongly encouraged to apply secur...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A buffer overflow vulnerability has been identified in the Edimax BR-6675nD router, specifically within the formsetPPPoE function of the POST Request Handler located at /goform/formsetPPPoE. By manipulating the pppUserName argument, an attacker can trigger a buffer overflow, potentially leading t...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A buffer overflow vulnerability exists in the Edit_BasicSSID_5G function of the H3C Magic B0 up to version 100R002. This flaw allows an attacker to manipulate the 'param' argument, potentially leading to remote exploitation. The issue has been disclosed publicly, raising concerns over the securit...

A security vulnerability exists in the Tenda F456 router version 1.0.0.5, specifically impacting the frmL7ImForm function of the /goform/L7Im file. This issue arises from improper handling of the 'page' argument, which can lead to a buffer overflow. Remote attackers can exploit this flaw to manip...

A vulnerability exists in the Totolink A8000RU's Web Management Interface, specifically within the setScheduleCfg function of the /cgi-bin/cstecgi.cgi file. By manipulating the argument 'mode', an attacker can execute arbitrary OS commands remotely. This vulnerability is particularly critical as ...

A vulnerability in the peering authentication of Cisco Catalyst SD-WAN Controller and Manager enables remote attackers to bypass authentication and gain administrative privileges. The flaw arises from an ineffective peering authentication mechanism, allowing crafted requests to compromise the sys...

A security feature bypass vulnerability exists in Microsoft Windows, referred to as 'YellowKey.' This flaw could allow unauthorized access to restricted features, compromising system integrity. A proof of concept has been publicly released, contrary to established security practices. Users are ad...

A security flaw has been identified in the Totolink A8000RU's web management interface, specifically within the function setUpgradeFW of the /cgi-bin/cstecgi.cgi file. By manipulating the resetFlags argument, an attacker can execute OS commands remotely, exposing the system to potential exploitat...

A security vulnerability has been identified in the Totolink A8000RU device, specifically in the web management interface's setLanguageCfg function. Manipulating the 'lang' argument in the /cgi-bin/cstecgi.cgi file may allow an attacker to execute arbitrary operating system commands remotely. Due...

A command injection vulnerability exists in the Totolink A8000RU Web Management Interface, specifically in the setTracerouteCfg function of the cstecgi.cgi file. This vulnerability can be exploited remotely by manipulating the argument command, potentially allowing an attacker to execute arbitrar...

A vulnerability has been identified in the Totolink A8000RU device, specifically within the web management interface. This security flaw, located in the setDiagnosisCfg function of the cstecgi.cgi file, allows for OS command injection through the manipulation of the IP argument. Attackers can exp...

A SQL injection vulnerability exists in the itsourcecode Electronic Judging System 1.0, specifically affecting the /intrams/admin/login.php file. This vulnerability allows attackers to manipulate the 'Username' input argument, potentially leading to remote exploitation. Publicly disclosed exploit...

A critical flaw has been identified in the Edimax BR-6675nD router, specifically within the function formPPTPSetup of the POST Request Handler. The vulnerability allows for a buffer overflow by manipulating the pptpUserName argument in the request. This issue could lead to unauthorized remote exe...

A vulnerability in the Edimax BR-6675nD router affects the function formPPPoESetup within the POST Request Handler. This vulnerability arises from improper handling of the pppUserName parameter, resulting in a buffer overflow. An attacker can exploit this flaw remotely, potentially executing arbi...

A vulnerability has been identified in the Edimax BR-6675nD router, specifically within the formL2TPSetup function of the POST Request Handler. This issue arises from improper handling of the L2TPUserName argument during remote requests, resulting in a potential buffer overflow. This flaw could b...

A security flaw exists in the Edimax BR-6675nD router version 1.12 that allows remote attackers to exploit the function formWpsStart, located in /goform/formWpsStart. By manipulating the pinCode argument, attackers can trigger command injection, enabling them to execute arbitrary commands on the ...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, which can be exploited by an unauthenticated attacker. When specific rewrite directives utilize overlapping Perl-Compatible Regular Expressions (PCRE) captures, and combine them in a replacement string with...

A command injection vulnerability has been identified in the Edimax BR-6675nD router, specifically within the formHwSet function of the POST Request Handler. This vulnerability allows an attacker to manipulate specific arguments (regDomain, ABandregDomain, nic0Addr, nic1Addr, wlanAddr, inicAddr) ...

A cross site scripting vulnerability exists in the SourceCodester SUP Online Shopping platform, specifically in the file /admin/productedit.php. This issue arises from a flaw in handling the 'productName' parameter, allowing remote attackers to execute malicious scripts in the context of an affec...

A vulnerability exists in JPress versions up to 1.0.3, specifically within the UCenter Article Submission Endpoint. An unknown function in the file /ucenter/article/doWriteSave can be manipulated through crafted arguments, specifically id/userId, resulting in improper authorization issues. This f...

A vulnerability has been identified in ItzCrazyKns Vane versions up to 1.12.1, specifically in the Model Provider API component. The flaw arises from improper handling of the baseURL argument in the code located in src/app/api/providers/route.ts. This oversight enables a potential attacker to con...

A significant security vulnerability has been identified in the ItzCrazyKns Vane API, specifically impacting versions up to 1.12.1. This flaw arises from a missing authentication mechanism within the route.ts file of the API component, allowing for potential unauthorized access to functionalities...

A security vulnerability has been discovered in the Ulises Bocchio jasypt-spring-boot library, specifically within the Password Hash Handler component. The flaw resides in the getSecretKeySaltGenerator function, which may allow attackers to leverage a predictable salt value when performing one-wa...

A security flaw has been identified in the NousResearch Hermes-Agent product, specifically within the _discover_dashboard_plugins function of the CLI web-dashboard interface. The vulnerability stems from an incorrect comparison triggered by manipulating the HERMES_ENABLE_PROJECT_PLUGINS argument....

A vulnerability exists in the NousResearch hermes-agent's environment variable handler located in the execute_code function of tools/code_execution_tool.py. This flaw allows for sandbox escape due to improper handling of environment variables, which can be exploited remotely. An attacker can leve...

A security vulnerability has been identified within the NousResearch hermes-agent that allows for OS command injection through the 'detect_dangerous_command' function located in the 'approval.py' file of the terminal_tool component. This vulnerability permits an attacker to execute arbitrary comm...

A code injection vulnerability was identified in NousResearch hermes-agent version 2026.4.23, where the function _scan_context_content in the file agent/prompt_builder.py is susceptible to manipulation. This could potentially allow an attacker to execute arbitrary commands remotely. The vulnerabi...

A significant vulnerability has been identified in Ettercap, specifically within the GG Dissector component. This issue revolves around a heap-based buffer overflow in the FUNC_DECODER function located in src/dissectors/ec_gg.c. By manipulating the 'gg' argument, an attacker can exploit this vuln...

A vulnerability has been identified in the Projectworlds Online Art Gallery Shop, specifically within the /admin/adminHome.php file. This flaw allows an attacker to manipulate the 'social_linked' argument, leading to unauthorized SQL injection attacks. Due to its nature, the vulnerability can be ...

A command injection vulnerability exists in the Edimax EW-7438RPn device, specifically within the function formEZCHNwlanSetup of the POST Request Handler component. This flaw can be exploited through the manipulation of the argument method, allowing for unauthorized remote command execution. The ...

A command injection vulnerability has been identified in the Edimax EW-7438RPn router, specifically impacting the formConnectionSetting function within the Setting Handler component. By manipulating the parameters 'max_Conn' and 'timeOut' during an exploit, an attacker can execute arbitrary comma...

A command injection vulnerability exists in the Edimax EW-7438RPn router due to an improper handling of user-supplied input in the formAccept function. Specifically, an attacker can manipulate the 'submit-url' parameter within the POST Request Handler, potentially allowing the execution of arbitr...

The Prodigy Commerce plugin for WordPress is susceptible to Local File Inclusion due to inadequate input validation in the 'parameters[template_name]' parameter. This vulnerability allows unauthenticated attackers to read and include arbitrary files on the server. Such access enables the potentia...

A vulnerability exists in Langflow that allows remote attackers to execute arbitrary code without authentication. The flaw is rooted in the improper handling of the exec_globals parameter at the validate endpoint, resulting in the dynamic inclusion of resources from untrusted sources. Attackers c...

A security vulnerability has been identified in the Edimax EW-7438RPn router running firmware version 1.28a. This issue lies within the POST Request Handler, specifically in the formwlencrypt24g function located in the /goform/formwlencrypt24g file. The vulnerability arises from improper handling...

The LiteSpeed User-End cPanel Plugin prior to version 2.4.5 is susceptible to a privilege escalation flaw that may allow attackers to gain unauthorized access, potentially escalating privileges to the root level. This vulnerability has been actively exploited since May 2026. Detection can be perf...

A command injection vulnerability exists in the formHwSet function of the POST Request Handler in Edimax EW-7438RPn Mini Firmware version 1.28a. By manipulating specific parameters such as Anntena, Mcs, and various address entries, an attacker can execute arbitrary commands remotely. This exploit...

A vulnerability exists in PostCSS versions up to 7.1.1 within the function toString located in the component AST Serialization at src/selectors/container.js. This flaw can lead to uncontrolled recursion, potentially allowing an attacker to exploit it remotely. Although the vendor has indicated th...

A vulnerability exists in the SourceCodester Hospitals Patient Records Management System 1.0 that allows for SQL injection through an unvalidated parameter in the manage_history.php file. Attackers can manipulate the 'ID' argument, which may lead to unauthorized access or manipulation of the data...

A vulnerability exists in the SourceCodester Hospitals Patient Records Management System version 1.0, specifically within the function located at /classes/Master.php?f=save_patient_history. This flaw allows attackers to perform SQL injection through manipulation of the ID argument, posing a signi...

A security vulnerability has been identified in NousResearch hermes-agent versions up to 2026.4.16, specifically within an unrecognized function of the Slack and Mattermost Agents. This flaw allows for the manipulation of the 'format_message' argument, leading to improper escaping of output. As a...

A security vulnerability has been identified in the NousResearch hermes-agent affecting the Skills Guard Multi-Word Prompt Handler. The vulnerability stems from improper handling of the THREAT_PATTERNS argument in the agent/skills_guard.py file, which opens the door for potential injection attack...

A vulnerability has been discovered in the NousResearch hermes-agent's Messaging Gateway Handler, specifically within the _make_run_env function located in tools/environments/local.py. This weakness allows for potential information disclosure, which attackers can exploit remotely, exposing sensit...

A security flaw has been identified in NousResearch's hermes-agent, specifically within the read_file Tool's _is_blocked_device function in the file tools/file_tools.py. This vulnerability allows for path traversal, which can be exploited remotely. Details indicate that a proper manipulation of f...

The Piotnet Addons for Elementor Pro plugin for WordPress presents a security risk due to its inadequate file type validation in the 'pafe_ajax_form_builder' function. This issue affects all versions up to and including 7.1.70. Specifically, the plugin employs an incomplete blacklist for file ext...