Publicly Disclosed
PoC Exploits

The Flowise platform contains a significant vulnerability in its `forgot-password` endpoint, which can return sensitive information, including a valid password reset token, without the necessary authentication or verification. This flaw allows attackers to generate reset tokens for arbitrary user...

A vulnerability in Roundcube Webmail prior to version 1.5.10 and 1.6.x before 1.6.11 allows authenticated users to exploit the _from parameter in the URL. This issue arises from a lack of validation in program/actions/settings/upload.php, leading to the potential for PHP Object Deserialization at...

The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to u...

A critical security flaw has been identified in FoundationAgents MetaGPT versions up to 0.8.1, affecting the decode_image function located in metagpt/utils/common.py. This vulnerability allows an attacker to manipulate the img_url_or_b64 argument, enabling a server-side request forgery (SSRF) att...

A security flaw has been identified in the Tree-of-Thought Solver component of FoundationAgents MetaGPT, specifically in the generate_thoughts function within tot.py. This vulnerability allows attackers to execute arbitrary code remotely, posing significant risks to systems utilizing this softwar...

A significant vulnerability exists in FoundationAgents' MetaGPT, specifically within the evaluateCode function located in the Mineflayer HTTP API. This flaw allows for cross-site request forgery attacks, potentially permitting malicious entities to manipulate requests without appropriate authoriz...

A cross site scripting vulnerability exists in the Public Chat Interface of 1Panel-dev MaxKB, specifically in the StaticHeadersMiddleware function located in static_headers_middleware.py. An attacker can exploit this vulnerability by manipulating the 'Name' argument, enabling the injection of mal...

A security vulnerability has been identified in the perfree go-fastdfs-web application, specifically within the InstallController.java component. This flaw allows for improper authorization, posing a risk that can be exploited remotely. Attackers may leverage this vulnerability to gain unauthoriz...

Windows Human Interface Device Information Disclosure Vulnerability

The vulnerability affects multiple versions of F5 BIG-IP and BIG-IQ products through the iControl REST interface, which allows unauthenticated remote command execution. This flaw can potentially enable attackers to execute arbitrary commands on the server, posing significant security risks to the...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A denial of service vulnerability impacts React Server Components, specifically in the react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack packages. This vulnerability is exploited by sending specially crafted HTTP requests to Server Function endpoints, resulting in ...

CouchCMS suffers from a privilege escalation flaw that permits authenticated Admin-level users to create SuperAdmin accounts. This vulnerability arises from improper validation of the f_k_levels_list parameter during user creation requests. By manipulating the parameter value from 4 to 10 in the ...

The FastFeedParser library, utilized for parsing RSS, Atom, and RDF feeds, is prone to an unbounded recursion vulnerability. In versions prior to 0.5.10, the parse() function can be exploited when it encounters a redirect URL that invokes HTML meta-refresh tags. This flaw allows an attacker to cr...

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

FreeScout, a help desk and shared inbox tool built on the Laravel framework, has an authentication bypass vulnerability that allows unauthenticated users to manipulate conversation threads. Versions prior to 1.8.212 are affected. The vulnerability arises from the GET endpoint /thread/read/{conver...

A vulnerability exists in the Ollama product affecting the Model Pull API, specifically within the file server/download.go. This flaw allows an attacker to manipulate requests that can lead to server-side request forgery (SSRF) attacks. Such an attack can be executed remotely, posing significant ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The Django Framework suffers from a vulnerability in the MultiPartParser component, allowing remote attackers to significantly degrade application performance. This issue arises when attackers submit multipart uploads with 'Content-Transfer-Encoding: base64' that contain excessive whitespace. Alt...

Apache ActiveMQ Broker is prone to a code injection vulnerability due to improper input validation in the Jolokia JMX-HTTP bridge. By default, this bridge exposes a web console that allows the execution of operations on all ActiveMQ MBeans. An authenticated attacker can exploit this vulnerability...

The MCP Inspector, a tool designed for testing and debugging MCP servers, is susceptible to remote code execution in versions prior to 0.14.1. The vulnerability arises from an absence of authentication between the Inspector client and the proxy, which allows unauthorized users to send commands to...

A security vulnerability has been discovered within the Vehicle Showroom Management System version 1.0 which allows for SQL injection through manipulation of the BRANCH_ID argument in the RegisterCustomerFunction.php file. Attackers can exploit this flaw remotely, leading to unauthorized data acc...

A vulnerability has been identified in the Vehicle Showroom Management System 1.0, specifically within the /util/AddVehicleFunction.php file. This vulnerability arises from improper handling of the BRANCH_ID parameter, allowing for SQL injection. Attackers can exploit this vulnerability remotely,...

A significant vulnerability exists in the Vehicle Showroom Management System version 1.0, where an unknown function in the /util/VehicleDetailsFunction.php file allows for SQL injection through incorrect handling of the VEHICLE_ID parameter. This flaw can be exploited remotely, potentially allowi...

A vulnerability exists in the Vehicle Showroom Management System 1.0, specifically in an unknown function located in the ServiceAndSalesReport.php file within the BranchManagement directory. This flaw arises from improper handling of the BRANCH_ID argument, which can be manipulated to execute cro...

A vulnerability has been identified in the Vehicle Showroom Management System 1.0, specifically within the ProfitAndLossReport.php file. An attacker can manipulate the BRANCH_ID argument, allowing for a Cross Site Scripting (XSS) scenario that could be exploited remotely. This flaw poses a signif...

FUEL CMS version 1.4.1 is susceptible to a significant vulnerability that allows for PHP code execution. By manipulating the 'pages/select/' filter parameter or the 'preview/' data parameter, an attacker can execute arbitrary PHP code remotely without authentication. This flaw poses a severe risk...

A vulnerability exists in CodeAstro Online Classroom 1.0 that allows for SQL injection via improper handling of the 'fname' parameter in the /updatedetailsfromstudent.php?eno=146891650 file. This could enable an attacker to manipulate the database query, potentially leading to unauthorized access...

A security flaw exists in Simple Laundry System version 1.0 affecting the checkcheckout.php file. Specifically, the handling of the serviceId argument is insufficiently validated, allowing attackers to inject malicious scripts. This cross site scripting vulnerability enables remote exploitation, ...

A security vulnerability has been identified in Simple IT Discussion Forum 1.0, specifically within the /add-category-function.php file. This weakness allows an attacker to manipulate the underlying SQL queries through unsanitized inputs in the Category argument. As a result, remote attackers can...

A SQL injection vulnerability has been identified in the itsourcecode Construction Management System version 1.0. This flaw resides in an unspecified function within the /del1.php file, where unsanitized user input in the 'toolname' argument can be manipulated, leading to potential unauthorized a...

A security weakness has been identified in the Totolink A7100RU router, specifically within the CGI Handler's function setVpnAccountCfg. This issue allows for OS command injection when parameters are manipulated, potentially enabling an attacker to execute arbitrary commands on the affected syste...

A security vulnerability has been detected in the Totolink A7100RU router. The issue lies within the function setPptpServerCfg of the CGI Handler component, specifically in the /cgi-bin/cstecgi.cgi file. This vulnerability arises from improper validation of the argument 'enable', allowing attacke...

A command injection vulnerability has been identified in the Totolink A7100RU router affecting the CGI Handler component. The flaw exists in the setUrlFilterRules function of the cgi-bin/cstecgi.cgi script. By manipulating the 'enable' argument, an attacker can remotely execute arbitrary OS comma...

The YITH WooCommerce Wishlist Plugin prior to version 4.13.0 lacks adequate validation of wishlist ownership within its AJAX handler for renaming operations. Specifically, it only verifies a valid nonce, which can be easily accessed through the public source of the /wishlist/ page. This oversight...

The Yandex Market plugin for WordPress, prior to version 5.0.26, contains a weakness that allows for remote code execution through the feed generation process. This vulnerability can be exploited by attackers to run arbitrary code on the affected site, posing significant security risks. It is ess...

A security flaw has been identified in the Totolink A7100RU router, specifically within the CGI Handler component. The vulnerability, found in the setPortalConfWeChat function of /cgi-bin/cstecgi.cgi, allows for OS command injection through a manipulated argument. Attackers can leverage this flaw...

A vulnerability has been identified in the Totolink A7100RU router, specifically in the function setSyslogCfg located in the CGI Handler component. This flaw can be exploited remotely via manipulation of the 'enable' argument, allowing an attacker to inject operating system commands. With publicl...

A vulnerability exists in the HTTP Handler component of Tenda i6 1.0.0.7(2204), specifically within the R7WebsSecurityHandlerfunction. This issue allows remote attackers to exploit path traversal vulnerabilities, enabling unauthorized access to sensitive files on the system. The exploit has been ...

A vulnerability has been identified in the Tenda AC9 router, specifically within the decodePwd function located in the /goform/WizardHandle file of the POST Request Handler. This issue allows attackers to manipulate the WANS argument, leading to a stack-based buffer overflow. The exploit can be e...

A security vulnerability exists within the Tenda AC9 router's POST Request Handler, specifically in the formQuickIndex function. This vulnerability arises from improper handling of the PPPOEPassword argument, which can result in a stack-based buffer overflow. Attackers can exploit this flaw remot...

Apache ActiveMQ Broker is prone to a code injection vulnerability due to improper input validation in the Jolokia JMX-HTTP bridge. By default, this bridge exposes a web console that allows the execution of operations on all ActiveMQ MBeans. An authenticated attacker can exploit this vulnerability...

A buffer overflow vulnerability exists in the D-Link DIR-513 wireless router within the POST Request Handler, specifically in the formAdvanceSetup function. This flaw can be exploited remotely by manipulating the 'webpage' argument, potentially allowing unauthorized users to compromise the device...

An out-of-bounds read vulnerability exists in the Windows Common Log File System Driver, enabling authorized attackers to execute a local privilege escalation. This security flaw can be exploited to gain unauthorized access to system resources and execute arbitrary code with elevated privileges, ...

A buffer overflow vulnerability exists in the D-Link DIR-513 router, specifically within the formSetRoute function in the POST request handler located at /goform/formSetRoute. This flaw arises from improper handling of the curTime argument, allowing remote attackers to exploit this vulnerability....

A security vulnerability in the D-Link DIR-513 device affects the function formSetPassword within the file /goform/formSetPassword. Manipulation of the curTime argument can lead to a buffer overflow, which allows remote attackers to exploit this vulnerability. This issue can be especially concern...

A vulnerability exists in OpenClaw versions up to 2026.1.26, specifically within the 'assertPublicHostname' handler found in the file 'src/agents/tools/web-fetch.ts'. This issue allows remote attackers to manipulate requests, potentially leading to server-side request forgery (SSRF). Although exp...

The V2Board and Xboard platforms expose sensitive authentication tokens through the HTTP response body of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is activated. Attackers can exploit this vulnerability by sending a POST request to the endpoint using a known emai...

A security flaw has been identified in CodeAstro's Online Classroom platform, specifically within the file /OnlineClassroom/takeassessment2.php?exid=14. This vulnerability allows attackers to manipulate the argument Q1, resulting in an SQL injection. The threat is particularly severe as it permit...