Publicly Disclosed
PoC Exploits

A denial of service vulnerability impacts React Server Components, specifically in the react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack packages. This vulnerability is exploited by sending specially crafted HTTP requests to Server Function endpoints, resulting in ...

The FastFeedParser library, utilized for parsing RSS, Atom, and RDF feeds, is prone to an unbounded recursion vulnerability. In versions prior to 0.5.10, the parse() function can be exploited when it encounters a redirect URL that invokes HTML meta-refresh tags. This flaw allows an attacker to cr...

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

FreeScout, a help desk and shared inbox tool built on the Laravel framework, has an authentication bypass vulnerability that allows unauthenticated users to manipulate conversation threads. Versions prior to 1.8.212 are affected. The vulnerability arises from the GET endpoint /thread/read/{conver...

A vulnerability exists in the Ollama product affecting the Model Pull API, specifically within the file server/download.go. This flaw allows an attacker to manipulate requests that can lead to server-side request forgery (SSRF) attacks. Such an attack can be executed remotely, posing significant ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The Django Framework suffers from a vulnerability in the MultiPartParser component, allowing remote attackers to significantly degrade application performance. This issue arises when attackers submit multipart uploads with 'Content-Transfer-Encoding: base64' that contain excessive whitespace. Alt...

Apache ActiveMQ Broker is prone to a code injection vulnerability due to improper input validation in the Jolokia JMX-HTTP bridge. By default, this bridge exposes a web console that allows the execution of operations on all ActiveMQ MBeans. An authenticated attacker can exploit this vulnerability...

The MCP Inspector, a tool designed for testing and debugging MCP servers, is susceptible to remote code execution in versions prior to 0.14.1. The vulnerability arises from an absence of authentication between the Inspector client and the proxy, which allows unauthorized users to send commands to...

A security vulnerability has been discovered within the Vehicle Showroom Management System version 1.0 which allows for SQL injection through manipulation of the BRANCH_ID argument in the RegisterCustomerFunction.php file. Attackers can exploit this flaw remotely, leading to unauthorized data acc...

A vulnerability has been identified in the Vehicle Showroom Management System 1.0, specifically within the /util/AddVehicleFunction.php file. This vulnerability arises from improper handling of the BRANCH_ID parameter, allowing for SQL injection. Attackers can exploit this vulnerability remotely,...

A significant vulnerability exists in the Vehicle Showroom Management System version 1.0, where an unknown function in the /util/VehicleDetailsFunction.php file allows for SQL injection through incorrect handling of the VEHICLE_ID parameter. This flaw can be exploited remotely, potentially allowi...

A vulnerability exists in the Vehicle Showroom Management System 1.0, specifically in an unknown function located in the ServiceAndSalesReport.php file within the BranchManagement directory. This flaw arises from improper handling of the BRANCH_ID argument, which can be manipulated to execute cro...

A vulnerability has been identified in the Vehicle Showroom Management System 1.0, specifically within the ProfitAndLossReport.php file. An attacker can manipulate the BRANCH_ID argument, allowing for a Cross Site Scripting (XSS) scenario that could be exploited remotely. This flaw poses a signif...

FUEL CMS version 1.4.1 is susceptible to a significant vulnerability that allows for PHP code execution. By manipulating the 'pages/select/' filter parameter or the 'preview/' data parameter, an attacker can execute arbitrary PHP code remotely without authentication. This flaw poses a severe risk...

A vulnerability exists in CodeAstro Online Classroom 1.0 that allows for SQL injection via improper handling of the 'fname' parameter in the /updatedetailsfromstudent.php?eno=146891650 file. This could enable an attacker to manipulate the database query, potentially leading to unauthorized access...

A security flaw exists in Simple Laundry System version 1.0 affecting the checkcheckout.php file. Specifically, the handling of the serviceId argument is insufficiently validated, allowing attackers to inject malicious scripts. This cross site scripting vulnerability enables remote exploitation, ...

A security vulnerability has been identified in Simple IT Discussion Forum 1.0, specifically within the /add-category-function.php file. This weakness allows an attacker to manipulate the underlying SQL queries through unsanitized inputs in the Category argument. As a result, remote attackers can...

A SQL injection vulnerability has been identified in the itsourcecode Construction Management System version 1.0. This flaw resides in an unspecified function within the /del1.php file, where unsanitized user input in the 'toolname' argument can be manipulated, leading to potential unauthorized a...

A security weakness has been identified in the Totolink A7100RU router, specifically within the CGI Handler's function setVpnAccountCfg. This issue allows for OS command injection when parameters are manipulated, potentially enabling an attacker to execute arbitrary commands on the affected syste...

A security vulnerability has been detected in the Totolink A7100RU router. The issue lies within the function setPptpServerCfg of the CGI Handler component, specifically in the /cgi-bin/cstecgi.cgi file. This vulnerability arises from improper validation of the argument 'enable', allowing attacke...

A command injection vulnerability has been identified in the Totolink A7100RU router affecting the CGI Handler component. The flaw exists in the setUrlFilterRules function of the cgi-bin/cstecgi.cgi script. By manipulating the 'enable' argument, an attacker can remotely execute arbitrary OS comma...

The YITH WooCommerce Wishlist Plugin prior to version 4.13.0 lacks adequate validation of wishlist ownership within its AJAX handler for renaming operations. Specifically, it only verifies a valid nonce, which can be easily accessed through the public source of the /wishlist/ page. This oversight...

The Yandex Market plugin for WordPress, prior to version 5.0.26, contains a weakness that allows for remote code execution through the feed generation process. This vulnerability can be exploited by attackers to run arbitrary code on the affected site, posing significant security risks. It is ess...

A security flaw has been identified in the Totolink A7100RU router, specifically within the CGI Handler component. The vulnerability, found in the setPortalConfWeChat function of /cgi-bin/cstecgi.cgi, allows for OS command injection through a manipulated argument. Attackers can leverage this flaw...

A vulnerability has been identified in the Totolink A7100RU router, specifically in the function setSyslogCfg located in the CGI Handler component. This flaw can be exploited remotely via manipulation of the 'enable' argument, allowing an attacker to inject operating system commands. With publicl...

A vulnerability exists in the HTTP Handler component of Tenda i6 1.0.0.7(2204), specifically within the R7WebsSecurityHandlerfunction. This issue allows remote attackers to exploit path traversal vulnerabilities, enabling unauthorized access to sensitive files on the system. The exploit has been ...

A vulnerability has been identified in the Tenda AC9 router, specifically within the decodePwd function located in the /goform/WizardHandle file of the POST Request Handler. This issue allows attackers to manipulate the WANS argument, leading to a stack-based buffer overflow. The exploit can be e...

A security vulnerability exists within the Tenda AC9 router's POST Request Handler, specifically in the formQuickIndex function. This vulnerability arises from improper handling of the PPPOEPassword argument, which can result in a stack-based buffer overflow. Attackers can exploit this flaw remot...

Apache ActiveMQ Broker is prone to a code injection vulnerability due to improper input validation in the Jolokia JMX-HTTP bridge. By default, this bridge exposes a web console that allows the execution of operations on all ActiveMQ MBeans. An authenticated attacker can exploit this vulnerability...

A buffer overflow vulnerability exists in the D-Link DIR-513 wireless router within the POST Request Handler, specifically in the formAdvanceSetup function. This flaw can be exploited remotely by manipulating the 'webpage' argument, potentially allowing unauthorized users to compromise the device...

An out-of-bounds read vulnerability exists in the Windows Common Log File System Driver, enabling authorized attackers to execute a local privilege escalation. This security flaw can be exploited to gain unauthorized access to system resources and execute arbitrary code with elevated privileges, ...

A buffer overflow vulnerability exists in the D-Link DIR-513 router, specifically within the formSetRoute function in the POST request handler located at /goform/formSetRoute. This flaw arises from improper handling of the curTime argument, allowing remote attackers to exploit this vulnerability....

A security vulnerability in the D-Link DIR-513 device affects the function formSetPassword within the file /goform/formSetPassword. Manipulation of the curTime argument can lead to a buffer overflow, which allows remote attackers to exploit this vulnerability. This issue can be especially concern...

A vulnerability exists in OpenClaw versions up to 2026.1.26, specifically within the 'assertPublicHostname' handler found in the file 'src/agents/tools/web-fetch.ts'. This issue allows remote attackers to manipulate requests, potentially leading to server-side request forgery (SSRF). Although exp...

The V2Board and Xboard platforms expose sensitive authentication tokens through the HTTP response body of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is activated. Attackers can exploit this vulnerability by sending a POST request to the endpoint using a known emai...

A security flaw has been identified in CodeAstro's Online Classroom platform, specifically within the file /OnlineClassroom/takeassessment2.php?exid=14. This vulnerability allows attackers to manipulate the argument Q1, resulting in an SQL injection. The threat is particularly severe as it permit...

A SQL injection vulnerability has been identified in the itsourcecode Construction Management System version 1.0, specifically affecting the /del.php file. The flaw arises from improper handling of the 'equipname' parameter, allowing remote attackers to manipulate SQL queries. This vulnerability ...

The IndieWeb plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input validation in the 'Telephone' parameter. Authenticated users with author level access and above can exploit this weakness to inject malicious scripts. These scripts execute when othe...

The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting through the '_cl_map_iframe' parameter. This vulnerability exists due to inadequate input sanitization and output escaping routines, specifically in the handling of the Google Maps iframe custom field. The saveCust...

A security flaw exists in the Patient Record Management System version 1.0, specifically in the '/edit_hpatient.php' file, where improper handling of the 'ID' parameter allows remote attackers to execute SQL injection attacks. This vulnerability could lead to unauthorized access to sensitive data...

The EventPrime plugin for WordPress is susceptible to a vulnerability that allows unauthorized image file uploads. This security flaw exists in versions up to and including 4.2.8.4, due to improper registration of the upload_file_media AJAX action. It is publicly accessible without necessary auth...

A security flaw in the Patient Record Management System version 1.0 exposes an unknown function within the hematology_print.php file to SQL injection attacks. By manipulating the hem_id parameter, remote attackers can execute unauthorized SQL queries, compromising the integrity and confidentialit...

The Tutor LMS plugin for WordPress is susceptible to Insecure Direct Object References (IDOR) due to a lack of proper authorization checks. Specifically, functions such as `course_list_bulk_action()`, `bulk_delete_course()`, and `update_course_status()` allow authenticated users with Tutor Instru...

A SQL injection vulnerability has been identified in the Simple IT Discussion Forum 1.0, specifically impacting an unprotected function in the /delete-category.php file. Attackers can exploit this vulnerability by manipulating the 'cat_id' parameter, which could lead to unauthorized access to the...

A security flaw has been identified in the Simple IT Discussion Forum version 1.0, specifically in the processing of the /admin/user.php file. An attacker may exploit this vulnerability by manipulating the 'fname' parameter, potentially leading to cross-site scripting attacks. Given that this iss...

A path traversal vulnerability exists in Xibo CMS, which allows an authenticated user to upload a specially crafted zip file through the layout import function. This can lead to the creation of files outside the designated CMS library directory, enabling the potential upload of a PHP web shell wi...

An information disclosure vulnerability exists in the Online Library Management System 1.0, specifically within the SQL Database Backup File Handler. This flaw resides in an unknown function of the file `/sql/library.sql`. Attackers can exploit this vulnerability remotely to access sensitive info...

A security flaw has been identified in JeecgBoot version 3.9.1 related to the SysAnnouncementController component. This vulnerability allows attackers to manipulate access controls, resulting in improper authorization. The exploit can be conducted remotely, raising concerns for potential unauthor...

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress has a significant flaw that lacks proper user authorization checks in its 'ajax' function. This insufficiency allows authenticated users with subscriber access or higher to make unauthorized changes to loyalty program...