Publicly Disclosed
PoC Exploits

This vulnerability involves a memory corruption issue that arises when processing specially crafted media files, which can lead to unintended app termination or memory corruption in affected Apple devices. Apple has addressed this flaw with enhanced input validation in the latest versions of thei...

A vulnerability in the Linux kernel's ptrace functionality raises concerns regarding task memory image management. This issue relates to 'dumpability' checks for processes without an associated memory management structure (mm). The ptrace_may_access() function includes 'dumpable' checks for proce...

A vulnerability in the Linux kernel's ptrace functionality raises concerns regarding task memory image management. This issue relates to 'dumpability' checks for processes without an associated memory management structure (mm). The ptrace_may_access() function includes 'dumpable' checks for proce...

A vulnerability exists in Metasoft 美特软件 MetaCRM versions up to 6.4.0 Beta06 that allows for the unrestricted upload of files through the /common/jsp/upload3.jsp endpoint. By manipulating the File argument, an attacker can upload a malicious file without appropriate restrictions. This vulnerabilit...

A path traversal vulnerability exists in adenhq Hive versions up to 0.11.0, specifically in the _read_events_tail function within the delete request handler component of routes_sessions.py. An attacker may exploit this vulnerability remotely to gain unauthorized access to files outside the restri...

A path traversal vulnerability has been discovered in the fishaudio Bert-VITS2 Gradio interface, specifically within the generate_config function of the webui_preprocess.py file. This flaw allows attackers to manipulate the data_dir argument, potentially enabling unauthorized access to sensitive ...

A significant vulnerability has been detected in the fishaudio Bert-VITS2 product within the Model Handler component, specifically the function _get_all_models in hiyoriUI.py. This flaw allows attackers to exploit path traversal remotely, potentially compromising the integrity and confidentiality...

A path traversal vulnerability was identified in the AstrBot product up to version 4.23.5. The issue resides in the post_file function within astrbot/dashboard/routes/chat.py, where improper handling of the 'filename' argument allows remote attackers to manipulate file paths. This manipulation co...

Zechat 1.5 has a SQL injection vulnerability in the 'v' parameter, allowing unauthenticated attackers to exploit the system via time-based blind techniques. This SQL injection flaw enables the extraction of sensitive database information by employing sleep-based blind injection scenarios to confi...

Joomla JoomOCShop 1.0 is susceptible to a cross-site request forgery vulnerability. This flaw allows attackers to exploit the trust established between authenticated users and the application. By crafting malicious HTML forms targeting specific account endpoints, such as /joomoc2/?route=account/e...

Joomla jCart for OpenCart version 2.3.0.2 is susceptible to a cross-site request forgery vulnerability that enables attackers to alter user account details illicitly. By crafting malicious HTML forms targeting specific endpoints, unauthorized individuals can modify user credentials, passwords, an...

The Peugeot Music Plugin version 1.0 for WordPress is vulnerable to an arbitrary file upload issue, allowing unauthenticated attackers to upload malicious files. By exploiting the upload.php endpoint, attackers can manipulate the 'name' parameter within POST requests to bypass security measures a...

The Nordex N149/4.0-4.5 Wind Turbine Web Server version 4.0 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to craft malicious SQL queries. By exploiting this weakness through carefully structured POST requests targeting the login.php page, attackers can by...

GitBucket 4.23.1 is susceptible to an unauthenticated remote code execution vulnerability that can be exploited by attackers to execute arbitrary commands. This vulnerability arises from the use of weak secret token generation and insecure file upload functionality. Attackers may potentially brut...

The Zenar Content Management System has a vulnerability that allows unauthenticated attackers to inject malicious scripts via the current_page parameter in POST requests sent to the ajax.php endpoint. This vulnerability reflects unsanitized user input in the response HTML, enabling attackers to e...

The EkRishta 2.10 extension for Joomla! has been identified to contain serious security vulnerabilities, specifically persistent cross-site scripting (XSS) and SQL injection flaws. These vulnerabilities can be exploited by attackers who insert malicious code into user profile fields, such as the ...

The WP with Spritz plugin version 1.0 for WordPress is susceptible to a remote file inclusion vulnerability, enabling unauthenticated attackers to access sensitive files on the server. By manipulating the URL parameter in GET requests directed at wp.spritz.content.filter.php, attackers can potent...

The Joomla! Component Js Jobs version 1.2.0 is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw can be exploited by attackers to perform unauthorized actions by tricking administrators into visiting maliciously crafted web pages. By exploiting this vulnerability, attack...

VX Search version 10.6.18 is susceptible to a local buffer overflow vulnerability that enables an attacker to overwrite the instruction pointer. By providing an oversized string in the directory field, attackers can craft an input file containing 271 bytes of junk data followed by a tailored retu...

Google Drive for WordPress version 2.2 is affected by a path traversal vulnerability that enables unauthenticated attackers to read arbitrary files on the server. By exploiting this vulnerability, attackers can make specially crafted POST requests to the gdrive-ajaxs.php endpoint, using the ajaxs...

The Woocommerce CSV Importer version 3.3.6 is vulnerable to path traversal attacks, enabling authenticated users to delete arbitrary files. By exploiting the delete_export_file AJAX action, attackers can submit specially crafted POST requests containing directory traversal sequences in the filena...

The Simple Fields plugin versions 0.2 to 0.3.5 for WordPress contains a local file inclusion vulnerability. Unauthenticated attackers can exploit this weakness by injecting null bytes into the wp_abspath parameter, allowing them to read sensitive files on the server, such as /etc/passwd. This vul...

Allok AVI DivX MPEG to DVD Converter 2.6.1217 is susceptible to a structured exception handler (SEH) buffer overflow, enabling local attackers to execute arbitrary code. This vulnerability arises when a malicious user crafts a text file containing a specially formatted buffer, along with shellcod...

Allok Fast AVI MPEG Splitter 1.2 is susceptible to a stack based buffer overflow that can be exploited by local attackers. By crafting a malicious payload, an attacker can input a specially-formatted license name string, which includes a sequence of junk data followed by structured shellcode. Thi...

The TP-Link TL-WR720N wireless router is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that enables attackers to execute unauthorized administrative actions. By tricking authenticated users into visiting malicious web pages, attackers can alter critical settings, such as modify...

ACL Analytics versions 11.x through 13.0.0.579 are susceptible to an arbitrary code execution vulnerability that enables attackers to run arbitrary commands. By exploiting the EXECUTE function, attackers can utilize bitsadmin to download and execute malicious PowerShell scripts with system privil...

The Redaxo CMS Addon MyEvents version 2.2.1 is susceptible to an SQL injection vulnerability, enabling authenticated attackers to craft malicious SQL queries through the myevents_id parameter. By sending specially constructed GET requests to the event_add.php page, attackers can manipulate the un...

A command injection vulnerability has been identified in the kalcaddle Kodbox fileThumb Plugin up to version 1.64. This flaw occurs within the parseVideoInfo function located in the VideoResize.class.php file. An attacker can exploit this vulnerability by manipulating the ffmpegBin argument, allo...

A vulnerability has been identified in H2O.ai's H2O-3 software, specifically within the exec function of the AstSetProperty.java file in the Rapids setproperty Primitive Handler. This flaw allows for improper access controls, potentially enabling unauthorized manipulation and access from a remote...

A security flaw has been identified in H2O.ai's H2O-3, specifically within the importBinaryModel function in the JAR Handler component. This vulnerability allows for insecure deserialization, which can be exploited remotely, potentially enabling an attacker to manipulate system behavior or gain u...

A vulnerability exists in the H2O.ai H2O-3 framework affecting the ImportFile API's importFiles function within PersistNFS.java. This flaw allows for unauthorized information disclosure, potentially exposing sensitive data. The vulnerability can be exploited remotely, putting affected systems at ...

A vulnerability exists in Z-BlogPHP version 1.7.4.3430 due to improper authorization handling in the CheckComment function located in zb_system/function/c_system_event.php. This weakness can be exploited remotely, allowing an attacker to manipulate the Commend Approval Handler, potentially leadin...

A security flaw has been identified in Open5GS versions up to 2.7.7, specifically affecting the 'discover_handler' function within the nghttp2-server.c library of the NRF component. This vulnerability allows an attacker to manipulate the application leading to a 'use after free' condition, which ...

A vulnerability has been identified in the Open5GS AUSF component, affecting versions up to 2.7.7. This issue arises within the ogs_timer_add function located in the /src/ausf/nausf-handler.c file, which can lead to a denial of service. The attack can be exploited remotely, and public exploit det...

A denial of service vulnerability has been identified in the Open5GS NRF component, specifically in the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add located in /lib/sbi/context.c. This vulnerability allows attackers to manipulate the function, potentially leading to a denial of s...

A vulnerability exists in Open5GS, specifically affecting the AMF/MME component's function ran_ue_find_by_amf_ue_ngap_id. This flaw allows attackers to manipulate the function and gain unauthorized access remotely. The exploit has been disclosed publicly, posing a significant risk. A patch is ava...

A vulnerability exists within the EMQX Broker that affects the QoS 2 PUBLISH packet handler, specifically in the function located at apps/emqx/src/emqx_persistent_session_ds.erl. This flaw can be exploited remotely, leading to a race condition which may complicate the management of message sessio...

A vulnerability has been identified in Sanluan PublicCMS 5.202506.d, specifically in the templateResult API's execute function. This flaw arises from the inadequate handling of special elements within a template engine, leading to potential template injection attacks. As a result, remote attacker...

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerabili...

A vulnerability in Sanluan PublicCMS version 5.202506.d allows remote attackers to manipulate the privatefile_key argument in the getSignKey function. This misconfiguration reveals a hard-coded cryptographic key, enabling unauthorized access and potential exploitation. Despite early warnings, the...

A security flaw in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance and Threat Defense Software permits unauthorized remote access to restricted URL endpoints. This vulnerability arises from inadequate validation of user-supplied input in HTTP(S) requests. Attackers can exp...

A vulnerability has been identified in Sanluan PublicCMS version 5.202506.d that affects the Trade Payment Flow component. Specifically, the issue resides within the TradeOrderController and TradePaymentController classes, where improper handling of the pay function can lead to critical business ...

A vulnerability exists in the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance and Threat Defense Software. This flaw permits an authenticated, remote attacker to execute arbitrary code on the implicated device due to improper validation of user-supplied input in HTTP...

A vulnerability in Sanluan PublicCMS version 5.202506.d allows attackers to exploit the 'execute' function within the Trade Address Query Handler. This flaw enables remote execution of unauthorized operations by manipulating the 'userId' argument, leading to a potential compromise of user authent...

A security vulnerability has been identified in the Oinone Pamirs up to version 7.2.0. This flaw exists within the function request.getParameter of the LocalFileClient.java file in the RestController component. An attacker can exploit this vulnerability through manipulation of the uniqueFileName ...

A vulnerability has been discovered in Oinone Pamirs versions up to 7.2.0, affecting the function JsonUtils.parseMap within the file PamirsParserConfig.java. This deserialization vulnerability may allow attackers to manipulate data structures through an appConfigQuery interface, facilitating remo...

A vulnerability exists within Oinone Pamirs versions up to 7.2.0 in the 'RSQLToSQLNodeConnector.makeVariable' function of the queryListByWrapper interface, allowing an attacker to execute unauthorized SQL commands. This manipulation method is susceptible to initiation from a remote location, rais...

A stack-based buffer overflow vulnerability exists in Investintech SlimPDFReader versions up to 2.0.13, specifically within the function sub_3B4610 of the SlimPDFReader.exe file. This vulnerability allows for remote exploitation, putting users at risk. Despite being made public, the vendor has ac...

A denial of service vulnerability exists in Open5GS versions up to 2.7.7 within the NRF component's client function. By manipulating the client_pool argument within the ogs_sbi_client_add function in the library /lib/sbi/client.c, an attacker can exploit this vulnerability remotely to disrupt cli...

CVE-2023-26360 is a critical vulnerability affecting Adobe ColdFusion 2018 Update 15 and earlier, as well as ColdFusion 2021 Update 5 and earlier. This improper access control vulnerability can be exploited remotely by unauthenticated attackers to achieve arbitrary code execution without user int...