Publicly Disclosed
PoC Exploits

A vulnerability exists in the Totolink CA750-PoE version 6.2c.510 that enables an attacker to manipulate the setWebWlanIdx function in the /cgi-bin/cstecgi.cgi file. This manipulation allows for remote OS command injection, potentially granting unauthorized access to system functionality. Public ...

A vulnerability has been found in the GNU LibreDWG's Dwggrep Utility within the function bit_convert_TU. This flaw causes an out-of-bounds read condition, which can potentially lead to local attacks. The exploit has been made publicly available, thus reinforcing the need for immediate action. The...

A vulnerability exists in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products, allowing attackers to manipulate externally controlled format strings. This weakness enables the execution of unauthorized code or commands through specially crafted packets. Organizations using a...

A security vulnerability exists in GNU LibreDWG up to version 0.14, specifically in the dwg_next_entity function within the DWG File Handler component. This flaw allows for a null pointer dereference, which could be exploited locally. The vulnerability was made public, increasing the risk of atta...

A heap-based buffer overflow vulnerability has been discovered in GNU LibreDWG, specifically in the decompress_R2004_section function found in the src/decode.c component. This weakness enables an attacker to manipulate memory, potentially leading to execution of arbitrary code. The attack must be...

A vulnerability exists in the GNU LibreDWG Dwgread Utility that affects the decompress_R2004_section function. This flaw may be exploited through local execution, leading to a reachable assertion during operation. A public disclosure of this exploit has occurred, emphasizing the need for immediat...

A vulnerability exists in the Dromara lamp-cloud up to version 5.6.2, where the GroovyClassLoader.parseClass function is susceptible to manipulation through the DefMsgTemplate.content argument. This leads to improper neutralization of special elements used within the template engine, enabling a p...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A security flaw has been identified in the SourceCodester Student Grades Management System version 1.0, leading to potential cross-site request forgery (CSRF) attacks. This vulnerability enables remote attackers to manipulate user requests in a way that could compromise personal data and system i...

A remote stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn 1.31. The issue arises from improper handling of the 'submit-url' argument in the /goform/formSDHCP function. This vulnerability allows attackers to manipulate the affected application from a distance,...

A vulnerability present in the multipart request boundary processing of eosphoros-ai/db-gpt v0.6.0 permits unauthenticated attackers to exploit excessive characters added to multipart boundaries. This results in server resource exhaustion through an infinite loop, causing a complete denial of ser...

A significant flaw has been identified in the Edimax EW-7438RPn version 1.31 that involves a stack-based buffer overflow during the handling of the submit-url argument in the formStats function of the /goform/formStats file. This issue enables attackers to exploit the vulnerability remotely, pote...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

A stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn version 1.31, specifically within the formrefresh function located in the /goform/formrefresh file. This vulnerability arises from improper handling of the submit-url argument, which could allow an attacker t...

A stack-based buffer overflow vulnerability has been identified in the Edimax EW-7438RPn 1.31 router. This flaw resides in the 'formLogout' function of the /goform/formLogout file, where inadequate validation of the 'submit-url' argument could be exploited to corrupt memory, leading to potential ...

A security weakness exists in the Totolink A8000RU's Web Management Interface related to the function 'setParentalRules' utilized in the '/cgi-bin/cstecgi.cgi' file. By manipulating the 'enable' argument, an attacker can perform OS command injection. This vulnerability allows for remote execution...

A security flaw has been identified within the Totolink A8000RU's Web Management Interface, specifically in the function setAccessDeviceCfg of the cgi-bin/cstecgi.cgi file. This vulnerability allows an attacker to inject OS commands through crafted input related to the 'mac' argument. As the expl...

A serious vulnerability has been identified in the Totolink A8000RU model, specifically within the web management interface. This flaw allows remote attackers to exploit the 'setPasswordCfg' function found in the /cgi-bin/cstecgi.cgi file. By manipulating the 'admpass' argument, an attacker could...

A vulnerability in the Linux kernel's RDS (Reliable Datagram Sockets) component affects the management of page pinning during zerocopy operations. When the function iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), it releases pinned pages correctly but fails to reset the op_nents var...

A command injection vulnerability has been identified in the Totolink A8000RU's web management interface, specifically within the setIpQosRules function located in /cgi-bin/cstecgi.cgi. This security flaw arises when an attacker manipulates the 'Comment' argument, which allows them to execute arb...

A SQL injection vulnerability has been identified in the StudentManagementSystem developed by yashpokharna2555. The issue arises from the function confirm_logged_in in the studentdel.php file, where improper handling of the ID argument allows attackers to manipulate queries executed against the d...

A vulnerability has been discovered in the c-rick jimeng-mcp product, specifically within the functions handling file uploads and processing media content. The vulnerable code in `src/api.ts` allows a remote attacker to manipulate the `filePath` argument, leading to unauthorized access to filesys...

A path traversal vulnerability exists in Dazeb's markdown-downloader due to inadequate input validation in the function responsible for creating subdirectories. This flaw allows attackers to manipulate file paths, potentially leading to unauthorized access to restricted files and directories. Exp...

A cross site scripting vulnerability has been identified in the Yash Pokharna Student Management System, specifically in the function handling the FIRST_NAME parameter in the file /student.php. This flaw allows attackers to execute arbitrary scripts on the client side, potentially leading to unau...

A security vulnerability has been identified in the Yash Pokharna Student Management System that affects the remote login function. This flaw arises from insufficient input validation in the confirm_logged_in function of student_trans.php. Attackers can exploit this vulnerability by manipulating ...

A critical SQL injection vulnerability has been identified in the Yash Pokharna Student Management System, specifically in the 'success.php' file. By manipulating user input, attackers can exploit this flaw to execute arbitrary SQL commands remotely. This vulnerability allows unauthorized access ...

A security flaw has been identified in Dazeb's Cline-MCP-Memory-Bank due to an improper handling of the 'projectPath' argument within the handleInitializeMemoryBank function, located in src/index.ts. This vulnerability enables attackers to execute path traversal attacks remotely, allowing unautho...

A vulnerability exists in the debugmcp mcp-debugger up to version 0.20.0, specifically within the handleGetSourceContext function located in the src/server.ts file. This flaw allows an attacker to perform path traversal attacks remotely, potentially exposing sensitive file paths and contents. As ...

A vulnerability has been discovered in the Tiandy Easy7 Integrated Management Platform version 7.17.0, affecting the API Endpoint used for updating user passwords. This issue stems from insecure handling of the password recovery mechanism located at /rest/user/updateUserPassword, allowing remote ...

A security vulnerability has been identified in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically within an unknown segment of code located at /Easy7/apps/WebService/GetDBDataEx.jsp. This flaw allows an attacker to execute SQL injection via manipulation of the strTBName...

Joomla Responsive Portfolio version 1.6.1 has a vulnerability that enables authenticated attackers to exploit SQL injection flaws through various filter parameters. By manipulating the filter_type_id, filter_pid_id, and filter_search parameters in POST requests, attackers can execute arbitrary SQ...

The eXtroForms component for Joomla, version 2.1.5, is susceptible to an SQL injection vulnerability. This issue allows authenticated attackers to submit crafted POST requests that exploit the filter_type_id, filter_pid_id, and filter_search parameters. By injecting malicious SQL commands, attack...

Collectric CMU 1.0 suffers from a boolean-based blind SQL injection vulnerability within the lang parameter. This issue allows unauthenticated attackers to manipulate database queries during the login process. By injecting malicious SQL code into the lang parameter of authentication requests, att...

Notebook Pro 2.0 is susceptible to a denial of service vulnerability that allows local attackers to initiate an application crash. By submitting an excessively long string in the 'New Notebook Name' field, attackers can exploit this flaw, leading to potential disruption of service. Specifically, ...

The registration dialog in Flash Slideshow Maker Professional 5.20 is susceptible to a buffer overflow vulnerability. Local attackers can exploit this flaw through structured exception handling, allowing them to execute arbitrary code with system privileges. By crafting a malicious payload and en...

SocuSoft iPod Photo Slideshow version 8.05 is vulnerable to a buffer overflow attack within the registration dialog. This security flaw enables local attackers to craft specific malicious inputs in the Registration Name and Registration Key fields, triggering a stack-based buffer overflow that ca...

The Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability within its registration dialog. This vulnerability allows local attackers to exploit the structured exception handling mechanism by supplying carefully crafted input in the 'Registration Name' and 'Registration Key' fi...

The Softneta MedDream PACS Server Premium version 6.7.1.1 is susceptible to a directory traversal vulnerability. This flaw allows attackers to exploit the path parameter by sending specially crafted requests to nocache.php, which may include encoded backslash sequences. Unauthenticated attackers ...

The MedDream PACS Server Premium 6.7.1.1 is exposed to an SQL injection vulnerability that permits unauthorized users to execute arbitrary SQL commands. By manipulating the email parameter in POST requests directed to userSignup.php, malicious actors can inject crafted SQL payloads, enabling them...

SocuSoft DVD Photo Slideshow Professional 8.07 is vulnerable to a stack-based buffer overflow in the registration name field. This vulnerability allows local attackers to execute arbitrary code through structured exception handling exploitation. By crafting a malicious text file with a specifical...

The mooSocial Store Plugin version 2.6 is susceptible to a blind SQL injection vulnerability. This flaw enables unauthenticated attackers to execute malicious SQL statements by manipulating the product parameter in the URL rewrite functionality. By utilizing techniques such as boolean-based blind...

Admidio 3.3.5 is susceptible to a cross-site request forgery (CSRF) vulnerability that can be exploited by low-privileged users to escalate their permissions. This flaw arises from inadequate checks on the origin of requests made to roles_function.php. Attackers can leverage this by crafting mali...

Visual Ping version 0.8.0.0 contains a buffer overflow vulnerability related to its input field handling. This flaw allows local attackers to exploit the application by supplying excessively large data inputs. Specifically, the Host, Time Out, Packet Size, Pause, or Loops fields can be targeted w...

Nord VPN version 6.14.31 is susceptible to a denial of service vulnerability that can be exploited by attackers without authentication. This vulnerability arises when an attacker inputs an excessively long string into the password field, leading to an application crash during authentication attem...

NASA openVSP version 3.16.1 is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. Specifically, an attacker can crash the application by entering an excessively long string, up to 5000 bytes, into the geometry name field. This allows for the triggering of a d...

CuteFTP 5.0 XP is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. By injecting a malicious payload into the Site Manager label field, an attacker can exceed a buffer limit of 520 bytes. This overflow allows the attacker to overwrite the return address, fac...

The Twitter-Clone 1 application is susceptible to a SQL injection vulnerability that permits unauthenticated users to execute arbitrary SQL queries via the name parameter. By submitting specifically crafted payloads to the search.php endpoint, attackers can exploit this flaw using error-based and...

PCViewer vt1000 is susceptible to a directory traversal vulnerability that exposes sensitive system files to unauthenticated attackers. By manipulating GET requests with relative path sequences, an attacker can traverse the file system and access files such as /etc/passwd, which may contain criti...

The Twitter-Clone 1 application by Fyffe is vulnerable to a cross-site request forgery attack, which enables remote attackers to manipulate user sessions without proper authorization. Specifically, attackers can craft malicious HTML forms that target the tweetdel.php script to delete arbitrary po...

The Twitter-Clone 1 application is vulnerable to SQL injection through the follow.php script. This vulnerability arises when the userid parameter is not properly sanitized, allowing attackers to inject SQL queries. Exploiting this flaw, attackers can execute union-based or time-based blind SQL in...