Publicly Disclosed
PoC Exploits

The vulnerability arises from a logic error in the key-based pairing process of certain Android devices. This flaw may allow an attacker in proximity to exploit the issue and gain unauthorized access to sensitive user information, including conversations and location data. Notably, the attack doe...

A race condition has been identified in the Linux kernel's handling of POSIX CPU timers. When a non-autoreaping task reaches the exit_notify() state and subsequently calls handle_posix_cpu_timers() from an interrupt request (IRQ), it may be reaped by its parent or debugger immediately after unloc...

The Everest Backup plugin for WordPress contains a vulnerability that allows unauthorized users to access sensitive data due to an absence of a capability check on the 'everest_process_status' AJAX action. This flaw affects all versions up to and including 2.3.5, enabling unauthenticated attacker...

A vulnerability exists in Open5GS versions up to 2.7.6, specifically in the functionality of sgwc_s11_handle_downlink_data_notification_ack within the sgwc component. This flaw allows for a denial of service attack that can be executed remotely, potentially taking systems offline. The vulnerabili...

A security flaw has been identified in the Open Asset Import Library Assimp, specifically within the Assimp::LWOImporter::FindUVChannels function located in LWOMaterial.cpp. This vulnerability allows local attackers to exploit a use after free condition, potentially leading to unauthorized access...

A vulnerability exists in the معظم flow development framework related to the SVG File Handler's uploadFile function. The issue arises from improper handling of file uploads, enabling remote attackers to upload arbitrary files without sufficient validation of the File argument. This flaw can lead ...

A vulnerability has been detected in the D-Link DIR-823X, specifically within the function sub_412E7C of the /goform/set_wifidog_settings file. By manipulating the wd_enable argument, an attacker is able to execute commands remotely, leading to potential unauthorized control of the device. Publis...

A security flaw has been identified in the Yonyou KSOA 9.0 product, specifically within the /worksheet/work_report.jsp component related to HTTP GET Parameter handling. An attacker can exploit this vulnerability by manipulating the 'ID' parameter, leading to SQL injection. The potential for remot...

A security flaw exists in Yonyou KSOA 9.0's HTTP GET Parameter Handler, specifically in the '/worksheet/work_mod.jsp' file. This vulnerability allows attackers to manipulate the 'ID' parameter, leading to SQL injection. This exploit can be executed remotely, posing significant risks to the securi...

This vulnerability in Git allows attackers to execute arbitrary scripts on affected systems when a specially crafted .gitmodules file is processed during the 'git clone --recurse-submodules' operation. The attacker can manipulate the submodule 'names' via directory traversal techniques to append ...

A vulnerability exists in Yonyou KSOA 9.0 that allows attackers to exploit an unknown functionality within the file /worksheet/work_info.jsp due to improper handling of HTTP GET parameters. Specifically, the manipulation of the ID argument can lead to SQL injection. This vulnerability can be expl...

A vulnerability has been identified in Yonyou KSOA 9.0, specifically within an undocumented function in the /worksheet/del_workplan.jsp file. This issue arises from improper handling of the HTTP GET parameter 'ID', allowing for SQL injection attacks. Consequently, attackers can exploit this flaw ...

The Intel Ethernet diagnostics driver for Windows contains a vulnerability that allows local users to potentially exploit IOCTL calls to cause a denial of service or execute arbitrary code with kernel-level privileges. Specifically, vulnerable versions of the drivers IQVW32.sys and IQVW64.sys (pr...

A serious vulnerability has been identified in Yonyou KSOA 9.0 affecting the HTTP GET Parameter Handler. This flaw, which lies within an obscure function of the file /worksheet/del_work.jsp, enables an attacker to manipulate the ID argument, leading to SQL injection attacks. This type of attack c...

A vulnerability exists in itsourcecode Society Management System 1.0 that allows attackers to exploit an unknown function within the file /admin/delete_activity.php. By manipulating the activity_id argument, remote SQL injection attacks can be executed, potentially compromising the application's ...

A SQL injection vulnerability has been identified in the Itsourcecode Society Management System version 1.0, particularly in the file /admin/add_activity.php. An attacker can exploit this vulnerability by manipulating the 'Title' argument, allowing unauthorized access to the database. This exploi...

A security flaw has been identified in Mapnik versions up to 4.2.0, specifically affecting the mapnik::dbf_file::string_value function found in plugins/input/shape/dbfile.cpp. This vulnerability allows for a heap-based buffer overflow, which may lead to unauthorized access and manipulation of dat...

A vulnerability has been discovered in BYVoid OpenCC versions up to 1.1.9, specifically within the opencc::MaxMatchSegmentation function located in src/MaxMatchSegmentation.cpp. This weakness leads to a heap-based buffer overflow that could be exploited when executed locally. Given the exploit's ...

A security flaw exists in the nicbarker Clay library up to version 0.14, specifically within the Clay__MeasureTextCached function found in clay.h. This vulnerability allows for a null pointer dereference, which can lead to unintended behavior or system crashes. As it requires local access for exp...

A vulnerability has been identified in the raysan5 raylib library, specifically within the LoadFontData function located in the src/rtext.c file. This vulnerability allows for an integer overflow, which can be exploited by an attacker operating from a local environment. The exploit is publicly av...

A vulnerability exists in Sanluan PublicCMS prior to version 5.202506.d, specifically within the Trade Address Deletion Endpoint of the TradeAddressController. This flaw allows a remote attacker to manipulate the 'ids' argument, leading to improper authorization. Such exploitation may allow unaut...

A path traversal vulnerability exists in Sanluan PublicCMS, specifically within the Task Template Management functionality. This issue affects the Save function in com/publiccms/controller/admin/sys/TaskTemplateAdminController.java, allowing attackers to manipulate the argument path. Consequently...

A vulnerability in the raysan5 Raylib library has been identified, specifically in the GenImageFontAtlas function within the src/rtext.c file. This flaw allows for a local attacker to execute a manipulation that results in a heap-based buffer overflow. The issue has been publicly disclosed, posin...

The WinRing0.sys and WinRing0x64.sys drivers found in EVGA Precision X1 versions up to 1.0.6 contain a vulnerability that allows local users and low integrity processes to read from and write to arbitrary memory locations. This vulnerability enables attackers to escalate privileges to NT AUTHORIT...

The Modular DS plugin by Modular Solutions has been identified with a privilege escalation vulnerability that permits unauthorized users to gain elevated privileges. This flaw affects all versions from n/a up to and including 2.5.1, potentially impacting a significant number of installations. Mal...

A SQL injection vulnerability has been discovered in EasyCMS versions up to 1.6, specifically in the /UserAction.class.php file. This flaw allows an attacker to manipulate the _order argument, potentially leading to unauthorized access to database information. The vulnerability can be exploited r...

A command injection vulnerability exists in the Kalcaddle Kodbox, specifically affecting versions up to 1.61.10. This vulnerability allows attackers to manipulate file processing within the Compression Handler component, particularly through the endpoint /?explorer/index/zip. The vulnerability ca...

A remote command injection vulnerability was identified in the System Management Module of Bastillion up to version 4.0.1. This flaw resides in the processing logic handled within the SystemKtrl.java file, allowing attackers to execute arbitrary commands on the system. The disclosure of this vuln...

A command injection vulnerability has been detected in the Bastillion Public Key Management System, specifically in the AuthKeysKtrl.java file. This weakness allows attackers to manipulate the system remotely, potentially leading to unauthorized command execution. The affected versions include Ba...

A security flaw in xiweicheng TMS, specifically within the HtmlUtil.java file, allows for server-side request forgery (SSRF). This vulnerability is triggered by unsafe manipulation of the URL parameter in the Summary function, enabling potential attackers to exploit this weakness remotely. With t...

A serious security flaw has been identified in xiweicheng TMS prior to version 2.28.0, which allows remote attackers to perform unrestricted file uploads. The vulnerability arises due to improper handling of the filename argument in the Upload function of the FileController.java. This enables mal...

A vulnerability exists in the FeMiner Warehouse Management System where improper handling of the 'Username' parameter in the file /src/chkuser.php allows for SQL injection attacks. This flaw can be exploited remotely, potentially compromising the integrity and confidentiality of the database. Wit...

A vulnerability has been identified in the Risesoft-y9 Digital-Infrastructure, specifically within the REST Authenticate Endpoint. This issue lies in the `Y9PlatformUtil.java` file and allows for SQL injection attacks. The flaw can be exploited remotely, making it a significant security concern. ...

A security vulnerability has been identified in LigeroSmart versions up to 6.1.26, affecting an unknown function in the file /otrs/index.pl. An attacker can manipulate the TicketID argument, potentially allowing for cross-site scripting (XSS) attacks that can be executed remotely. This exploit ha...

A vulnerability has been discovered in LigeroSmart that allows for cross site scripting (XSS) through manipulation of the TicketID argument in the /otrs/index.pl?Action=AgentTicketZoom function. This security flaw can be exploited remotely, enabling attackers to execute arbitrary scripts in the c...

The node-tar library, utilized for handling tar files in Node.js, has a security flaw affecting versions up to 7.5.2. This vulnerability arises from an inadequate sanitization of link paths in both hardlink and symbolic link entries when the preservePaths option is disabled (which is the default ...

A security flaw has been identified in Open5GS, specifically within the Timer Handler component, affecting all versions up to 2.7.5. This vulnerability allows for remote manipulation that can lead to excessive resource consumption. The potential for exploitation is high as the details of the atta...

A remote assertion vulnerability has been identified in Open5GS versions up to 2.7.5, specifically in the sgwc_bearer_add function within the src/sgwc/context.c file. This flaw allows attackers to manipulate the functionality, potentially leading to assertion failures. The exploit is accessible a...

The vulnerability arises from a logic error in the key-based pairing process of certain Android devices. This flaw may allow an attacker in proximity to exploit the issue and gain unauthorized access to sensitive user information, including conversations and location data. Notably, the attack doe...

A vulnerability identified in Open5GS versions up to 2.7.6 can be exploited remotely through the `sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request` function located in `/src/sgwc/s11-handler.c`. This flaw allows an attacker to manipulate requests, resulting in a reachable assertion ...

The vulnerability arises from a logic error in the key-based pairing process of certain Android devices. This flaw may allow an attacker in proximity to exploit the issue and gain unauthorized access to sensitive user information, including conversations and location data. Notably, the attack doe...

A cache poisoning vulnerability exists in the Next.js framework, which is widely used for building full-stack web applications. This vulnerability allows an attacker to send a specially crafted HTTP request that can manipulate the cache of non-dynamic server-side rendered routes. Specifically, it...

The vulnerability in Windows Server Update Service arises from the deserialization of untrusted data, which could allow an unauthorized attacker to execute arbitrary code over a network. This flaw demonstrates the importance of secure coding practices to prevent untrusted input from being process...

A vulnerability exists in Open5GS affecting the functionality of sgwc_s5c_handle_create_session_response. This flaw can be exploited to cause a denial of service, potentially leading to significant disruption for users. The issue has been made public, and remote exploitation is feasible without r...

A vulnerability has been identified in Open5GS, specifically within the GTPv2 Bearer Response Handler. This flaw allows an attacker to exploit an unknown functionality, resulting in denial of service. The vulnerability can be remotely manipulated, making its exploitation especially concerning. Pu...

The OpenCode application by Anomaly Co is affected by a vulnerability that allows any local process or any website with permissive CORS settings to execute arbitrary shell commands on the user's system via an unauthenticated HTTP server. This serious issue was present in versions prior to 1.0.216...

The Poll, Survey & Quiz Maker Plugin developed by Opinion Stage contains a stored cross-site scripting (XSS) vulnerability. This flaw arises from inadequate input validation and output escaping processes in multiple parameters. An unauthenticated attacker could exploit this vulnerability to injec...

The Poll, Survey & Quiz Maker Plugin developed by Opinion Stage contains a stored cross-site scripting (XSS) vulnerability. This flaw arises from inadequate input validation and output escaping processes in multiple parameters. An unauthenticated attacker could exploit this vulnerability to injec...

The Omni Secure Files plugin for WordPress prior to version 0.1.14 suffers from an arbitrary file upload vulnerability due to the lack of authentication and insufficient controls in the bundled plupload example endpoint. The vulnerable upload.php handler allows unauthorized users to upload files ...

The Omni Secure Files plugin for WordPress prior to version 0.1.14 suffers from an arbitrary file upload vulnerability due to the lack of authentication and insufficient controls in the bundled plupload example endpoint. The vulnerable upload.php handler allows unauthorized users to upload files ...