Publicly Disclosed
PoC Exploits

The Linux kernel's implementation of FUSE is vulnerable to a directory entry overflow due to improper validation of serialized directory entries. Specifically, the function `fuse_add_dirent_to_cache()` fails to verify whether a directory entry exceeds the maximum allowable size, allowing a malici...

Samba versions 3.5.0 up to 4.6.4, along with specific earlier releases, contain a serious vulnerability where a malicious client can upload a shared library to a writable share. This exploit allows the server to load and execute the uploaded file, leading to unauthorized control and potential dam...

A use-after-free vulnerability exists in the Android Binder service, which could allow attackers to elevate privileges from an application to the Linux Kernel. Exploitation of this vulnerability does not require any interaction from the user; however, it necessitates either the installation of a ...

The Hippoo Mobile App for WooCommerce plugin for WordPress contains a vulnerability that allows unauthenticated users to bypass authentication protocols. This security flaw stems from a logic error within the HippooPermissions::get_user_permissions() function, which incorrectly grants full admini...

An unsafe deserialization vulnerability in Feast prior to version 0.63.0 enables unauthorized parties to execute arbitrary code remotely. This flaw arises from the mishandling of the user_defined_function.body field within the OnDemandFeatureView specification. The field is decoded from base64 an...

A vulnerability exists in the Oracle Payments component of the Oracle E-Business Suite, specifically in the File Transmission functionality. This flaw allows an unauthenticated attacker with network access via HTTP to exploit the Oracle Payments system. If successfully exploited, attackers could ...

An OS command injection vulnerability exists in the API of Progress ADC Products, specifically affecting the LoadMaster appliance. This vulnerability allows unauthenticated attackers to execute arbitrary commands through unsanitized input in multiple command endpoints. Exploiting this weakness co...

The JeecgBoot framework version 3.9.2 is susceptible to a broken access control vulnerability that allows authenticated users with low privileges to execute create, read, update, and delete operations on OpenAPI credentials. The issue arises due to missing Shiro authorization annotations on criti...

Dolibarr ERP software versions up to 23.0.3 are susceptible to an SQL injection vulnerability that enables authenticated users to exfiltrate sensitive database contents. This flaw occurs due to inadequate validation of the sqlfilters query parameter in the setup dictionary and multicurrencies RES...

JimuReport versions up to 2.5.0 expose the /jmreport/auto/export endpoint without requiring authentication, due to improper configuration of the JimuNoLoginRequired annotation. This oversight allows any remote attacker to exploit the endpoint, effectively permitting enumeration of Snowflake repor...

SeaweedFS, prior to version 4.34, has a path traversal vulnerability in its S3 gateway, specifically within the DeleteMultipleObjectsHandler. This flaw enables authenticated S3 users with write permissions to one bucket to execute deletions on arbitrary objects across different tenant buckets. By...

RuoYi-Vue-Plus versions up to 5.6.2 have a significant security flaw where workflow task management endpoints lack proper authorization checks. This vulnerability allows any authenticated user, regardless of their role, to manipulate task assignments, circumventing the intended separation of duti...

Ocelot, a popular API Gateway developed by ThreeMammals, is vulnerable to a security control bypass that impacts versions up to 24.1.0. This vulnerability arises from the WebSocket upgrade requests that can bypass IP-based access restrictions due to faulty configuration in the OcelotPipelineExten...

The OpenBMB ChatDev application through version 2.2.0 is affected by a path traversal vulnerability that allows unauthenticated remote attackers to manipulate file upload operations. By sending a malicious multipart filename to the file upload endpoint, attackers can exploit the inadequate saniti...

OpenZiti through version 2.0.0 is vulnerable to a privilege escalation flaw that allows authenticated non-admin users to create enrollments for any identity, including administrative accounts. This is due to insufficient authorization checks in the ApplyCreate function of enrollment_manager.go, w...

A vulnerability has been identified in the Android Framework that allows potential code execution through unsafe deserialization in multiple functions of ZygoteProcess.java. This flaw enables local privilege escalation, requiring user execution privileges but eliminating the need for user interac...

LLaMA-Factory versions up to 0.9.5 are susceptible to a remote code execution vulnerability that enables users with WebUI access to run arbitrary Python code. This occurs when a malicious model path is provided in the Chat or Training interfaces, allowing the application to pass unsanitized user ...

A cross-origin vulnerability has been identified in Safari and various Apple operating systems. This security issue arises from inadequate tracking of security origins, which could allow maliciously crafted web content to expose sensitive user information. Users are advised to update to the lates...

An authenticated user with permissions to create or modify workflows in n8n prior to versions 1.123.43, 2.22.1, and 2.20.7 could exploit an unvalidated pagination parameter within the HTTP Request node to perform global prototype pollution. This vulnerability poses a risk of remote code execution...

The Searchor application, developed by ArjunSharda, contains a flaw in its command-line interface input processing. Prior to version 2.4.2, the application utilizes the 'eval' function on user-provided input without sufficient validation. This oversight can lead to arbitrary code execution, enabl...

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

Gorse versions before 0.5.10 are susceptible to an authentication bypass vulnerability affecting the /api/dump and /api/restore endpoints. This security flaw enables remote attackers to gain unauthorized access to sensitive database functionalities when the admin_api_key is left empty, which is t...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

Crawl4AI, an open-source LLM-friendly web crawler, prior to version 0.8.7, contains a critical vulnerability in its computed fields feature. The _safe_eval_expression() function employs an AST validator that inadequately restricts attribute access, allowing attributes without an underscore prefix...

The first article discusses two different critical vulnerabilities in the GNU C Library (glibc) that allow unprivileged attackers to gain root access on multiple major Linux distributions. The vulnerabilities are tracked as CVE-2023-4911 and CVE-2023-6246 and both can lead to local privilege esca...

The Fluent Booking Plugin for WordPress prior to version 2.1.2 is susceptible to improper access control, allowing users with the Calendar Manager role to access and export sensitive attendee information, such as names, emails, phone numbers, addresses, and payment details, from calendar groups t...

The Kali Forms plugin for WordPress, prior to version 2.4.13, is susceptible to an improper input validation vulnerability. It fails to properly sanitize the caption of form fields before displaying them as column headers on the administrator's form-entries interface. This oversight permits users...

The WP Support Plus Responsive Ticket System Plugin for WordPress has a vulnerability that allows unauthenticated users to execute SQL injection attacks. The plugin fails to properly sanitize user-supplied array keys prior to their inclusion in SQL statements, creating an opportunity for attacker...

The WP Support Plus Responsive Ticket System plugin for WordPress prior to version 9.1.2 lacks proper validation for uploaded files, enabling unauthenticated individuals to upload malicious files, including JavaScript code within HTML and SVG formats. This flaw may lead to Stored Cross-Site Scrip...

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...

Graylog, a widely used open-source log management platform, is susceptible to a vulnerability that enables the loading and instantiation of arbitrary classes. This issue arises from the handling of HTTP PUT requests to the `/api/system/cluster_config/` endpoint, where the system permits the submi...

libssh2 contains an out-of-bounds write vulnerability in the ssh2_transport_read() function that fails to impose proper limits on the packet_length field. This flaw allows remote attackers to exploit the vulnerability by sending specially crafted SSH packets with excessively large packet_length v...

A command injection vulnerability exists in the VPN server configuration module of the TP-Link Archer BE230 v1.2, which can be exploited after administrative authentication. This flaw allows an attacker to execute arbitrary commands, potentially granting full administrative control over the route...

A security flaw exists in the bufwriter append function of the EtherNet IP Message Handler within liftoff-sr CIPster, allowing for potential out-of-bounds write operations. This vulnerability could be exploited remotely, posing significant risks to application integrity and security. Users are st...

A vulnerability has been discovered in DeepMyst Mysti 0.4.0, specifically within the Contact Tracking component's _isTrackedConversation function found in src/managers/ChannelBridge.ts. This flaw occurs due to improper handling of the _channelType argument, allowing unauthorized access. The vulne...

A security flaw has been identified in PcapPlusPlus version 25.05, specifically in the Modbus Protocol Handler's function pcpp::ModbusLayer::getLength. This vulnerability results from improper handling of the length argument, which can lead to a heap-based buffer overflow. Attackers may exploit t...

A vulnerability in the seladb PcapPlusPlus library affects the Telnet subnegotiation packet handler. Specifically, the issue lies within the function pcpp::TelnetLayer::getSubCommand in the source file Packet++/src/TelnetLayer.cpp. A remote attacker can exploit this vulnerability through manipula...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

A vulnerability has been identified in seladb PcapPlusPlus version 25.05, specifically within the TLS Hello Handler. The issue lies in the function pcpp::SSLClientHelloMessage::getHandshakeVersion located in the file Packet++/src/SSLHandshake.cpp. Manipulating the handshakeVersion argument can re...

A vulnerability has been detected in PcapPlusPlus version 25.05 specifically within the LightPcapNg Parser. The issue arises in the 'parse_by_block_type' function located in the file 'light_pcapng.c'. An attacker can exploit this vulnerability by manipulating the 'captured_packet_length' argument...

A remote vulnerability exists in the Edimax EW-7478APC 1.04 related to the processing of the formUSBFolder function within the POST Request Handler. The vulnerability arises from improper handling of the ShareName/SelectName parameters, leading to potential buffer overflow conditions. This issue ...

A buffer overflow vulnerability exists in Edimax EW-7478APC version 1.04 due to improper handling of arguments in the formUSBAccount function of the POST Request Handler component. By manipulating the UserName and Password fields, an attacker can potentially exploit this flaw remotely, leading to...

A vulnerability exists in the Edimax EW-7478APC 1.04 that allows for OS command injection through the formStaDrvSetup function in the POST Request Handler. An attacker can manipulate the rootAPmac argument to execute arbitrary commands on the system remotely. This exploit is publicly accessible, ...

A security vulnerability has been identified in the Edimax EW-7478APC version 1.04 that allows for a buffer overflow during the execution of the formQoS function within the POST Request Handler. This vulnerability arises from insecure handling of the selSSID argument, which can result in remote e...

A vulnerability has been detected in the itsourcecode Hospital Management System version 1.0, specifically in the functionality associated with the file /patientchangepassword.php. This issue arises from improper handling of the input parameter newpassword, making it susceptible to SQL injection ...

A security flaw has been identified in the itsourcecode Hospital Management System version 1.0, specifically in the /patientdetail.php file. This vulnerability arises from an exploitable argument manipulation of 'editid', which allows for SQL injection attacks. Attackers can execute this attack r...

A vulnerability exists in the LLVM llvm-project affecting the Bitcode File Handler, specifically within the GCRelocateInst::getBasePtr function. This issue allows for heap-based buffer overflow, potentially enabling local attackers to exploit the flaw. Despite early reports of the issue to the pr...

A vulnerability has been identified in the LLVM project's ValueSymbolTable module, specifically within the llvm::StringMap::insert function in /lib/IR/ValueSymbolTable.cpp. This vulnerability allows for a stack-based buffer overflow, which may lead to exploit scenarios if an attacker can execute ...

A vulnerability exists in version 1.0 of the itsourcecode Hospital Management System related to an unknown function within the /insertbillingrecord.php file. This flaw allows an attacker to manipulate the patientid parameter, leading to SQL injection attacks. The vulnerability is remotely exploit...

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...