Publicly Disclosed
PoC Exploits

A path traversal vulnerability exists in Splunk Enterprise running on Windows, affecting versions prior to 9.2.2, as well as versions 9.1.5 and 9.0.10. This issue allows an attacker to potentially access restricted directories and files on the server through the /modules/messaging/ endpoint. Ensu...

The Related Posts Lite plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability, due to inadequate input sanitization and output escaping in admin settings. This issue affects all versions up to 1.12, enabling authenticated attackers with administrator-level permissions ...

A missing authorization flaw in the Soar Cloud HRD Human Resource Management System, up to version 7.3.2025.0408, allows unauthorized remote attackers to change critical system settings. This vulnerability poses a significant risk as it enables malicious users to alter configurations without appr...

The Opal Estate Pro – Property Management and Submission plugin for WordPress is susceptible to privilege escalation. This is a result of improper role restriction during user registration in the 'on_register_user' function. Attackers without authentication can exploit this vulnerability to assig...

In PbootCMS versions up to 3.2.12, a significant vulnerability exists in the Member Login component, specifically within the checkUsername function located in apps/home/controller/MemberController.php. This flaw allows the manipulation of user-supplied input to execute SQL injection attacks, pote...

A security flaw has been identified in Mindinventory's MindSQL that allows for SQL injection via a manipulation of the 'ask_db' function located in mindsql/core/mindsql_core.py. This vulnerability can be exploited remotely, placing users at risk of unauthorized database access and potential data ...

A significant vulnerability has been identified in Mindinventory's MindSQL product, specifically affecting the 'ask_db' function located in 'mindsql/core/mindsql_core.py'. This flaw allows for remote code injection, posing serious security risks. An attacker could exploit this vulnerability to ma...

A vulnerability in the eosphoros-ai DB-GPT affects its FastAPI Endpoint, particularly the function module_plugin.refresh_plugins located in controller.py. This flaw enables unauthorized users to perform unrestricted uploads remotely, potentially compromising system integrity. Despite early notifi...

An SQL injection vulnerability exists within the eosphoros-ai db-gpt product, specifically in the /api/v1/editor/ endpoint. This flaw is a result of an incomplete fix, allowing attackers to exploit remote access and manipulate database operations. The affected versions include up to 0.7.5, and th...

A significant SQL injection vulnerability exists in Spring AI's MariaDBFilterExpressionConverter, which allows attackers to circumvent metadata-based access controls. This flaw stems from a lack of adequate input sanitization, enabling unauthorized execution of arbitrary SQL commands within the a...

A security flaw exists in Bagofwords versions up to 0.0.297 that allows for code injection via the generate_df function within the backend/app/ai/code_execution/code_execution.py file. This vulnerability can be exploited remotely, posing a significant risk if left unaddressed. The exploit is publ...

The D-Link DIR-820LW 2.03 router has a vulnerability in its SSDP component, specifically in the ssdpcgi_main function. This issue allows for remote OS command injection, providing an attacker the opportunity to manipulate the system through crafted requests. The vulnerability has been publicly di...

A security vulnerability has been identified in the Totolink WA300 router version V5.2cu.7112_B20190227. The issue occurs in the recvUpgradeNewFw function located within the /cgi-bin/cstecgi.cgi file, allowing for os command injection. This weakness enables attackers to execute arbitrary commands...

A vulnerability has been identified in sigmade's Git-MCP-Server, which impacts the execution of commands through the child_process.exec function in the gitUtils.ts file. This security flaw allows local attackers to inject arbitrary OS commands, potentially compromising the system's integrity. Bec...

A security flaw exists in atjiu pybbs version 6.0.0, specifically within the create function of the CommentApiController.java file. This vulnerability allows for cross site scripting attacks, enabling malicious users to execute harmful scripts in the context of another user. The issue is serious ...

A cross site scripting vulnerability was discovered in atjiu pybbs version 6.0.0, specifically within the create function of the TopicApiController.java file. This flaw allows remote attackers to execute arbitrary JavaScript in the context of users' browsers, leading to potential data theft or se...

A vulnerability exists in the Tenda A18 Pro router, specifically within the MAC Filtering Configuration Endpoint. The flaw is located in the function sub_423B50 of the /goform/setMacFilterCfg file, where improper handling of the deviceList argument can lead to a stack-based buffer overflow. This ...

A stack-based buffer overflow vulnerability exists in the Tenda A18 Pro router within the function set_qosMib_list of the /goform/formSetQosBand file. This flaw allows remote attackers to manipulate the argument list, potentially leading to arbitrary code execution. The exploit has been publicly ...

A vulnerability exists in the Tenda A18 Pro router that affects the fromSetIpMacBind function within the /goform/SetIpMacBind file. This flaw allows for a stack-based buffer overflow due to improper manipulation of the argument list. Remote attackers may exploit this weakness to execute arbitrary...

A critical flaw exists in the Tenda A18 Pro router's setSchedWifi function, found in the /goform/openSchedWifi file. This vulnerability allows for a stack-based buffer overflow, enabling potential remote exploitation. Attackers may manipulate this function to execute arbitrary code, leading to un...

A vulnerability exists in the Tenda A18 Pro routers due to improper handling of the form_fast_setting_wifi_set function in the /goform/fast_setting_wifi_set file. This flaw allows attackers to execute a stack-based buffer overflow remotely, leading to potential unauthorized access or control over...

The Precurio Intranet Portal version 4.4 is susceptible to a Cross-Site Request Forgery (CSRF) attack. This vulnerability could permit an authenticated user to be tricked into submitting a manipulated request to a profile update endpoint responsible for processing file uploads. If an attacker suc...

A Second-Order Cross-Site Scripting (XSS) vulnerability is present in Textpattern CMS version 4.9.0 due to inadequate sanitization and contextual encoding of user-supplied input within Atom feed XML elements. It permits user-controlled parameters, like the category, to be reflected in Atom fields...

A buffer overflow vulnerability has been identified in UTT HiPER 1250GW devices, specifically within the strcpy function located in the /goform/setSysAdm file. This flaw arises when the argument GroupName is manipulated, allowing an attacker to exploit the overflow. The attack can be executed rem...

A cross-origin vulnerability exists within the Navigation API that could allow maliciously crafted web content to bypass the Same Origin Policy. This issue has been rectified with enhanced input validation in version updates for iOS, iPadOS, and macOS, specifically in versions 26.3.1 and 26.3.2. ...

A buffer overflow vulnerability has been identified in the UTT HiPER 1200GW device affecting versions up to 2.5.3-170306. The flaw arises within the strncpy function of the /goform/websHostFilter file, allowing attackers to exploit this vulnerability remotely. This manipulation could lead to unau...

A vulnerability exists in D-Link DIR-513 version 1.10, specifically within the formEasySetPassword function of the /goform/formEasySetPassword component. This flaw allows an attacker to manipulate the curTime argument, leading to a stack-based buffer overflow. The exploit can potentially be execu...

A critical SQL injection vulnerability has been identified in the itsourcecode College Management System version 1.0 within the /admin/search_student.php file. This vulnerability allows attackers to manipulate the 'Search' argument, potentially leading to unauthorized access to the database. The ...

A security flaw in the itsourcecode University Management System version 1.0 permits remote attackers to exploit cross site scripting vulnerabilities via manipulation of the 'st_name' parameter in the /admin_single_student_update.php file. This issue can lead to unauthorized script execution in u...

A security flaw has been identified in the itsourcecode Online Doctor Appointment System 1.0, specifically related to the processing of the 'appointment_id' parameter in the /admin/appointment_action.php file. This vulnerability enables an attacker to execute SQL injection attacks remotely, poten...

A security vulnerability in the itsourcecode Online Frozen Foods Ordering System version 1.0 allows for SQL injection through the /admin/admin_edit_supplier.php file. By manipulating the Supplier_Name argument, an attacker could execute arbitrary SQL commands. This vulnerability can be exploited ...

A vulnerability has been discovered in the itsourcecode Online Frozen Foods Ordering System 1.0, specifically in the /admin/admin_edit_employee.php file. This weakness can be exploited through manipulation of the First_Name argument, leading to SQL injection attacks. As it allows remote attackers...

A security vulnerability has been identified in the itsourcecode Online Frozen Foods Ordering System version 1.0, specifically in the /admin/admin_edit_menu.php file. The vulnerability allows attackers to exploit a flaw by manipulating the 'product_name' argument, facilitating SQL injection attac...

A vulnerability has been discovered in the itsourcecode Online Frozen Foods Ordering System version 1.0, specifically within the file /admin/admin_edit_menu_action.php. This issue arises from improper handling of the product_name argument, which can be exploited to perform SQL injection attacks. ...

A command injection vulnerability exists in the Comfast CF-AC100 (version 2.6.0.8) in the file /cgi-bin/mbox-config?method=SET&section=update_interface_png. This flaw allows an attacker to execute arbitrary commands via crafted requests, potentially enabling unauthorized access to the device. The...

A vulnerability has been identified in the Comfast CF-AC100 router, specifically in version 2.6.0.8, which allows for command injection through an insecure function within the /cgi-bin/mbox-config?method=SET&section=wireless_device_dissoc endpoint. This could enable remote attackers to execute ar...

A command injection vulnerability has been identified in the Comfast CF-AC100 router, specifically in the configuration file handler located at /cgi-bin/mbox-config?method=SET&section=ntp_timezone. This vulnerability allows attackers to execute arbitrary commands remotely, potentially compromisin...

A vulnerability exists in the D-Link DIR-513 1.10, specifically within an undisclosed function related to the /goform/formSysCmd file. By manipulating the sysCmd parameter, an attacker can exploit this flaw to execute arbitrary OS commands remotely. This vulnerability primarily affects devices th...

Versions 3.14 and earlier of Xerte Online Toolkits contain a security flaw that allows unauthorized users to upload arbitrary files via the template import functionality. The vulnerability resides in /website_code/php/import/import.php, where inadequate authentication checks enable the upload of ...

The Kan project management tool has a serious security flaw in its /api/download/attachment endpoint present in versions 0.5.4 and earlier. This vulnerability allows unauthenticated users to pass a URL query parameter directly to the server, which could lead to unintended HTTP requests being made...

The BMC FootPrints ITSM application is susceptible to a vulnerability in its ASP.NET VIEWSTATE handling mechanism that allows authenticated users to exploit the system. By supplying specially crafted serialized objects through the VIEWSTATE parameter, attackers can gain the ability to execute arb...

ApostropheCMS is an open-source content management framework that has a vulnerability in the `@apostrophecms/import-export` package prior to version 3.5.3. The vulnerability lies within the `extract()` function in `gzip.js`, where file-write paths are constructed using `fs.createWriteStream(path....

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The KiviCare – Clinic & Patient Management System for WordPress has a critical vulnerability that allows attackers to bypass authentication checks. The flaw exists in the `patientSocialLogin()` function, which does not properly verify the access token provided by social providers. As a result, an...

The Java OpenWire protocol marshaller in Apache ActiveMQ is susceptible to a remote code execution vulnerability, allowing attackers with network access to execute arbitrary shell commands. By manipulating serialized class types in the OpenWire protocol, an attacker can cause the client or broker...

An elevation of privilege vulnerability exists in the Windows Accessibility Infrastructure due to incorrect permission assignment for critical resources within ATBroker.exe. This flaw enables authorized attackers to gain elevated access to system resources, potentially allowing them to execute un...

On Debian-based operating systems, certain versions of OpenSSL utilize a flawed random number generator that produces predictable outputs. This vulnerability can facilitate brute force attacks, enabling adversaries to guess cryptographic keys with higher success rates. Organizations using affecte...

A local privilege escalation vulnerability in Snapd on Linux systems allows attackers to exploit the automatic cleanup of Snap's private /tmp directory. By re-creating this directory under certain configurations of systemd-tmpfiles, an attacker can potentially gain root privileges. This issue imp...

The Relevanssi – A Better Search plugin for WordPress presents a vulnerability that allows time-based SQL injection through the cats and tags query parameters. This issue affects all versions up to and including 4.24.4 for free and 2.27.4 for premium users. The vulnerability arises from inadequat...

The telnetd component of GNU Inetutils, specifically versions up to 2.7, is susceptible to an out-of-bounds write vulnerability. This flaw occurs in the LINEMODE SLC (Set Local Characters) suboption handler due to insufficient checks in the add_slc function, allowing for data to be written past t...