Publicly Disclosed
PoC Exploits

A security vulnerability has been identified in DVDFab Virtual Drive version 2.0.0.5, specifically affecting the Signed Kernel Driver component (dvdfabio.sys). This vulnerability allows for improper privilege management, which can be exploited locally by an attacker to gain elevated privileges. T...

A vulnerability has been identified in Duktape up to version 2.99.99 that affects its memory management through the file duk_api_bytecode.c. By manipulating the argument count_instr, a local attacker could exploit this weakness to cause memory corruption. This issue is particularly concerning as ...

A security flaw has been identified in Qihoo 360 Total Security 6.0 that impacts the Nucleus Engine Monitoring Logic. This issue lies within the RpcStringBindingComposeW function, where a manipulation of the NetworkAddr argument can lead to a failure in the protection mechanisms. This vulnerabili...

A security flaw has been identified in the Intelbras iNVU 7016 FT web interface, specifically in the file /RPC2_Loadfile/syslog/. This issue allows for potential path traversal, where an attacker can exploit the vulnerability remotely. It is crucial for users of this device to upgrade to the patc...

A vulnerability has been identified in the universal-tool-calling-protocol python-utcp version 1.1.0, specifically within the utcp-gql/utcp-websocket component. This issue allows attackers to perform server-side request forgery (SSRF) by manipulating server requests, which can lead to unauthorize...

A vulnerability has been identified in versions of the RubyLouvre Avalon component up to 2.2.10 that allows for improperly controlled modifications of object prototype attributes. This flaw is located in an unspecified function within src/filters/index.js, undermining the integrity of application...

A vulnerability exists in jsonata-js versions up to 2.2.0 that allows for prototype pollution via the createFrame function in the Function Binding Frame System. This weakness enables an attacker to manipulate object prototype attributes in an improper manner. The attack can be executed remotely, ...

A security flaw has been identified in the medkey HTTP REST API, particularly in the function actionGetPatientById within the PatientController.php file. This vulnerability allows for improper control of resource identifiers by manipulating the argument ID. Such exploitation can be executed remot...

A vulnerability has been identified in Grit42 Grit, specifically affecting versions up to 0.11.0. The issue lies in the Grit::Assays::DataTableEntity function found in the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. This vulnerability enables attackers to perform a SQ...

A vulnerability in ShopXO versions up to 6.7.1 is linked to the Scheduled Task Endpoint functionality, specifically the OrderClose, OrderSuccess, PayLogOrderClose, and GoodsGiveIntegral functions. This flaw allows attackers to bypass authorization checks, enabling potential unauthorized access an...

A significant vulnerability has been discovered in Intelliants Subrion CMS versions up to 4.0.3, specifically within the Blocks Endpoint component. This security flaw enables attackers to manipulate the CSS class name argument, leading to potential cross-site scripting occurrences. Such exploits ...

A security flaw exists in IObit Malware Fighter versions up to 13.2.0, specifically related to its DLL Handler component. This vulnerability introduces permission issues that can be exploited by attackers with local access to the system. The exploit has already been made public, which raises conc...

The vulnerability arises from mismatched length fields in Zlib compressed protocol headers within MongoDB Server, potentially allowing an unauthenticated client to access uninitialized heap memory. This could lead to unauthorized information exposure, affecting versions of MongoDB Server across m...

A vulnerability has been identified in Ritlabs TinyWeb Server, specifically in the libeay32.dll.html component related to the Header Handler. This issue allows attackers to exploit an unknown function by manipulating the Authorization argument, leading to a stack-based buffer overflow. The potent...

A vulnerability exists within the VS Revo RevoUninstaller versions 2.5.x and 2.6.x. The issue is tied to the IOCtl_Handler function in the RevoDetector.sys driver, which is susceptible to heap-based buffer overflow. This manipulation requires local access, making the threat vector limited to user...

A vulnerability exists in the Moovit Bus & Public Transit App version 1.18 for Android, related to improper authorization within the component com.tranzmate. This flaw enables local attackers to exploit the URL scheme handler, which can lead to unauthorized actions within the application. The exp...

A SQL injection vulnerability exists in the GritEntityController component of Grit42 Grit, affecting versions up to 0.11.0. This issue can be exploited remotely by manipulating incoming data sent to the affected controller, leading to unauthorized access and potential data breaches. This exploit ...

A vulnerability exists in the GL.iNet GL-MT3000 router due to an issue in the Online Firmware Upgrade Handler component. This vulnerability allows for command injection through the 'one_click_upgrade' functionality, which can be exploited remotely. As a result of this flaw, an attacker could exec...

A command injection vulnerability exists in the GL.iNet GL-MT3000 due to improper handling in the Tor Proxy Service Configuration Handler, specifically in the replace_country function. This weakness allows remote attackers to execute arbitrary commands on the affected device. The issue is prevale...

A vulnerability present in the CLI of multiple Cisco Catalyst SD-WAN products allows an authenticated local attacker with netadmin privileges to execute arbitrary commands as the root user. This flaw arises from inadequate validation of user-supplied input, enabling an attacker to upload a specia...

In certain versions of Splunk Enterprise and Splunk Cloud Platform, an unauthenticated user may exploit a flaw in the PostgreSQL sidecar service endpoint, enabling them to create or truncate arbitrary files. This vulnerability arises from the absence of proper authentication mechanisms on the end...

The Iptanus File Upload WordPress plugin prior to version 5.1.7 is susceptible to a vulnerability that arises from improper file handling. Specifically, when the duplicatepolicy setting is configured to 'maintain both', a Time-of-Check to Time-of-Use (TOCTOU) race condition occurs between the fil...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability in the CodeAstro Student Attendance Management System 1.0 has been identified, specifically within the function located at /attendance-php/Admin/createStudents.php. This flaw allows for SQL injection through manipulated input of the admissionNumber argument. As a result, attackers...

A security issue has been identified in the D-Link DCS-935L HD Wi-Fi Camera where the snprintf function within the HTTP Handler component is vulnerable to format string manipulation. Specifically, this vulnerability allows attackers to exploit arguments incorrectly, potentially leading to remote ...

The Windows Composite Image File System (CimFS) is impacted by a vulnerability that allows an attacker to potentially elevate their privileges on affected Microsoft products. This elevation of privilege vulnerability can enable unauthorized access to system resources, posing a risk for exploitati...

The Nefteprodukttekhnika BUK TS-G Gas Station Automation System versions 2.9.1 through 2.10.2 on Linux presents an Improper Authentication flaw within its system configuration module. The /php/ajax-login.php endpoint reveals the administrator's user ID in response to any HTTP POST request contain...

A Cross-Site Request Forgery vulnerability exists in JupyterHub versions 4.1.0 to 5.4.4, where the implementation of XSRF protection fails to properly validate requests flagged with Sec-Fetch-Mode: no-cors. This allows attackers to bypass XSRF safeguards on HTTP form endpoints, notably /hub/spawn...

Dagster, an orchestration platform for managing data assets, has a vulnerability in its handling of dynamic partition keys. In versions prior to 1.13.1 for Dagster Core and 0.29.1 for its libraries, the system allowed the construction of SQL WHERE clauses that lacked proper escaping. This flaw en...

A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...

Certain versions of the Django web framework, specifically 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, exhibit a vulnerability due to the caching of parsed Accept-Language headers. This caching mechanism is intended to enhance performance by avoiding repetitive parsing. However, wh...

The Store Locator plugin for WordPress prior to version 1.6.9 is susceptible to a path traversal vulnerability. This issue arises from improper validation of parameters used in file paths, permitting high-privilege users, such as administrators, to access sensitive files on the server. Malicious ...

The Store Locator plugin for WordPress prior to version 1.6.9 fails to adequately sanitize and escape the metadata for store logos before saving and displaying it. This gap allows users with administrative privileges to execute Stored Cross-Site Scripting (XSS) attacks, even in scenarios where th...

A security flaw in Cisco Unified Communications Manager and its Session Management Edition allows unauthenticated remote attackers to exploit server-side request forgery (SSRF). By sending a specially crafted HTTP request, attackers may manipulate the affected device, leading to unauthorized file...

A security feature bypass vulnerability exists in Microsoft Windows, referred to as 'YellowKey.' This flaw could allow unauthorized access to restricted features, compromising system integrity. A proof of concept has been publicly released, contrary to established security practices. Users are ad...

A deserialization vulnerability exists in Jenkins versions 2.567 and earlier, including LTS version 2.555.2 or earlier. This flaw can allow attackers to control the deserialization of arbitrary types through a maliciously crafted `config.xml` submission. Once exploited, this vulnerability opens a...

The Saleor e-commerce platform exhibits an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated users to retrieve sensitive information in plain text. Specifically, orders created prior to Saleor version 3.2.0 can have personally identifiable information (PII) exfiltrat...

A vulnerability has been detected in the CodeAstro Human Resource Management System version 1.0 that allows an SQL injection attack in the Invoice function of the Payroll.php controller. Manipulation of the ID argument permits attackers to execute arbitrary SQL commands. This flaw presents a sign...

A security flaw has been identified in the CodeAstro Human Resource Management System 1.0 that allows for cross-site scripting (XSS) attacks through the manipulation of the 'protitle' argument in the Projects Management Page. This vulnerability can be exploited remotely, potentially compromising ...

A cross site scripting vulnerability exists in CodeAstro's Human Resource Management System version 1.0, specifically within the Dashboard Interface component in the file /dashboard/add_tod. The issue arises due to inadequate input validation of the todo_data argument. This flaw permits remote at...

A command injection vulnerability exists in PAN-OS software that allows authenticated administrators to bypass system restrictions, enabling the execution of arbitrary commands with root user privileges. To exploit this vulnerability, access to the PAN-OS Command Line Interface (CLI) or Web UI is...

The Advanced Custom Fields: Extended plugin for WordPress is susceptible to a privilege escalation vulnerability due to a validation bypass in the after_validate_save_post() function. This function improperly trusts the attacker-controlled _acf_post_id POST parameter, which allows unauthorized us...

Versions 5.5.15 and earlier of SimpleHelp, along with pre-release 6.0 versions, are susceptible to an authentication bypass vulnerability in the OIDC authentication process. When configured to use OIDC authentication, the system fails to validate the cryptographic signatures of identity tokens du...

A vulnerability has been identified in PbootCMS versions up to 3.2.12, specifically in the Password Handler function 'retrieve' within the MemberController.php file. This flaw allows for the manipulation of input parameters such as username, password, email, and checkcode, leading to a compromise...

A vulnerability exists in the Groww Stock, Mutual Fund, Gold App for Android, specifically within the WebView URL Handler component. This flaw allows for improper authorization related to handling custom URL schemes, enabling potential exploitation of user data on affected devices. Attackers may ...

A vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools that potentially allows an unauthenticated attacker to gain unauthorized access via HTTP, compromising the integrity and confidentiality of the system. If exploited, this could enable a malicious actor to take full control over ...

A SQL injection vulnerability has been identified in the Vendor XYZ plugin for WordPress, allowing attackers to execute arbitrary SQL queries. This could result in unauthorized access to sensitive information and potential data breaches. It is crucial for users to update their plugins to the late...

The Secure Copy Content Protection and Content Locking plugin for WordPress prior to version 5.1.5 is vulnerable due to inadequate sanitization and escaping of certain settings. This oversight allows high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attack...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

An OS Command Injection vulnerability exists in Ivanti Sentry versions before R10.5.2, R10.6.2, and R10.7.1, allowing an unauthenticated remote attacker to execute arbitrary commands with root privileges. This high-risk vulnerability could potentially compromise the integrity and security of the ...