Publicly Disclosed
PoC Exploits

The vLLM inference and serving engine for large language models has a vulnerability that allows arbitrary code execution. Versions from 0.10.1 up to, but not including, 0.14.0 are susceptible. The issue arises when vLLM loads dynamic modules from Hugging Face without proper validation of the `tru...

A vulnerability exists in Microsoft Office that allows attackers to manipulate untrusted inputs, enabling them to bypass critical security measures locally. This flaw can expose systems to unauthorized actions, compromising the integrity of sensitive data. It is crucial for users to apply the lat...

Fortinet products, including FortiAnalyzer and FortiManager, are susceptible to a vulnerability that allows an attacker with a FortiCloud account to bypass authentication, granting unauthorized access to devices linked with different accounts. This issue can be exploited if FortiCloud SSO authent...

An authentication bypass vulnerability in SolarWinds Web Help Desk can enable unauthorized users to perform specific actions. This flaw allows attackers to gain access to functionalities that should be restricted, posing a risk to the integrity of the system. It is essential for users to implemen...

PolarLearn, an open-source learning program, contains a vulnerability in its vote API that allows attackers to exploit improper validation of the JSON body’s direction parameter. Prior to the release of version 0-PRERELEASE-15, the application does not enforce TypeScript types at runtime, enablin...

The vulnerability in Microsoft Windows Desktop Manager exposes sensitive information to unauthorized actors, potentially allowing them to access confidential data locally. This breach of information security can have significant implications for user privacy and system integrity. It is crucial fo...

A vulnerability exists in Microsoft Office that allows attackers to manipulate untrusted inputs, enabling them to bypass critical security measures locally. This flaw can expose systems to unauthorized actions, compromising the integrity of sensitive data. It is crucial for users to apply the lat...

Dokploy, a self-hostable Platform as a Service (PaaS), is vulnerable to a command injection flaw in its WebSocket endpoint `/docker-container-terminal`. This issue exists in versions prior to 0.26.6, allowing authenticated attackers to exploit the `containerId` and `activeWay` parameters. These p...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The n8n workflow automation platform has a vulnerability in versions ranging from 1.65.0 to just below 1.121.0, which allows potential attackers to exploit specific form-based workflows. This flaw can enable unauthorized remote access to sensitive files on the underlying server, posing a signific...

The backup restore function in TP-Link RE605X routers fails to properly validate tags in backup files. An attacker can exploit this vulnerability by supplying a specially crafted backup file that contains unexpected or unrecognized tags. When this malicious file is restored, the router's shell in...

The Online-Exam-System 2015 has a vulnerability in its feedback module where an SQL injection can be executed through the 'fid' parameter. This security flaw permits attackers to manipulate database queries, allowing unauthorized access to sensitive data, and potentially enabling them to extract,...

Navigate CMS 2.8.7 is impacted by an authenticated SQL injection vulnerability that allows attackers to manipulate the 'sidx' parameter in comments to extract sensitive database information. By leveraging time-based blind SQL injection techniques, attackers can gain access to user activation keys...

Navigate CMS 2.8.7 has a security flaw that allows attackers to carry out cross-site request forgery (CSRF) attacks. By exploiting this vulnerability, an attacker can deceive authenticated administrators into uploading malicious extensions via a crafted HTML page. The lack of sufficient validatio...

The Crystal Shard http-protection version 0.2.0 is susceptible to an IP spoofing vulnerability that enables attackers to manipulate request headers, specifically X-Forwarded-For, X-Client-IP, and X-Real-IP. By hardcoding uniform IP values across these headers, malicious actors can bypass essentia...

The Online-Exam-System 2015 features a time-based blind SQL injection vulnerability in its feedback form, particularly within the 'feed.php' endpoint. This flaw allows attackers to execute crafted malicious payloads that leverage time delays to systematically identify and extract user password ha...

AirControl 1.4.2 features a pre-authentication remote code execution flaw that permits unauthenticated attackers to execute arbitrary system commands. By exploiting the /.seam endpoint, an attacker can inject malicious Java expressions through specially crafted URLs, allowing them to execute comm...

Frigate version 3.36.0.9 contains a local buffer overflow vulnerability that affects the Command Line input field. An attacker can exploit this vulnerability by sending a carefully crafted input sequence that overflows the buffer. This allows the attacker to bypass Data Execution Prevention (DEP)...

Quick Player version 1.3 is susceptible to a buffer overflow vulnerability, which can be exploited by attackers through the manipulation of specially crafted .m3l files. By leveraging this flaw, an adversary can execute arbitrary code remotely after loading the malicious file within the applicati...

The Sistem Informasi Pengumuman Kelulusan Online 1.0 is susceptible to a cross-site request forgery (CSRF) vulnerability, which allows attackers to create unauthorized administrative accounts through the 'tambahuser.php' endpoint. By crafting a malicious HTML form, an attacker can submit admin cr...

Quick Player version 1.3 is susceptible to a buffer overflow vulnerability, which can be exploited by attackers through the manipulation of specially crafted .m3l files. By leveraging this flaw, an adversary can execute arbitrary code remotely after loading the malicious file within the applicati...

Quick Player version 1.3 is susceptible to a buffer overflow vulnerability, which can be exploited by attackers through the manipulation of specially crafted .m3l files. By leveraging this flaw, an adversary can execute arbitrary code remotely after loading the malicious file within the applicati...

The 10-Strike Bandwidth Monitor 3.9 is susceptible to a buffer overflow vulnerability that enables attackers to bypass critical security mechanisms such as SafeSEH, ASLR, and DEP. This weakness can be exploited via a specially crafted input directed at the application's registration key input. If...

OpenCTI version 3.3.1 is susceptible to a reflected cross-site scripting attack via the /graphql endpoint. This vulnerability allows an attacker to inject arbitrary JavaScript into the victim's browser by sending a specially crafted GET request. The exploitation of this vulnerability can lead to ...

Frigate Professional 3.36.0.9 is susceptible to a local buffer overflow vulnerability within its 'Find Computer' feature. This flaw allows attackers to exploit the computer name input field, crafting a malicious payload that triggers a buffer overflow. Successful exploitation can lead to unauthor...

Frigate 2.02 is susceptible to a denial of service vulnerability that allows malicious actors to crash the application. By sending oversized input—specifically a payload of 8000 repeated characters—through the command line interface, an attacker can effectively render the application non-function...

A local buffer overflow vulnerability exists in Code Blocks 17.12, where attackers can exploit the file name input during project creation. By entering a specially crafted file name containing Unicode characters, an attacker may execute arbitrary code on the host machine. This exploitation can al...

Code Blocks 20.03 is susceptible to a denial of service attack that can be exploited by sending a specially crafted input to the FSymbols search field. By pasting an excessive payload of 5000 repeated characters, an attacker can induce an application crash, disrupting normal functionality and wor...

The e-Learning PHP Script version 0.1.0 is susceptible to a SQL injection vulnerability found in its search functionality. This flaw enables attackers to execute arbitrary SQL commands through the 'search' parameter by manipulating unvalidated user input. Consequently, this can result in unauthor...

RM Downloader version 2.50.60 contains a vulnerability that allows local attackers to exploit a buffer overflow through the 'Load' parameter. This flaw permits the execution of arbitrary code, enabling adversaries to craft malicious payloads that can bypass memory protections. A successful attack...

The Infor Storefront B2B 1.0 software is susceptible to a SQL injection vulnerability through the 'usr_name' parameter during login requests. This flaw allows attackers to inject harmful SQL commands, which can lead to unauthorized access and potential modification or extraction of sensitive data...

HelloWeb 2.0 is prone to an arbitrary file download vulnerability that enables remote attackers to exploit manipulated filepath and filename parameters. By crafting specific GET requests aimed at the download.asp script, attackers can leverage directory traversal techniques to retrieve sensitive ...

Wing FTP Server version 6.3.8 is susceptible to a remote code execution vulnerability through its Lua-based web console. Authenticated users can exploit this flaw by sending POST requests containing malicious commands, which are executed on the server's operating system via the os.execute() funct...

FTPDummy version 4.80 has a local buffer overflow vulnerability due to improper handling of preference files. An attacker can exploit this vulnerability by crafting a malicious preference file that contains specially defined shellcode. When processed by the FTPDummy application, this crafted file...

The Simple Startup Manager version 1.17 has a local buffer overflow vulnerability that can be exploited by attackers. By crafting a specifically designed payload with just 268 bytes, attackers can manipulate the 'File' input parameter to overwrite memory. This vulnerability allows them to bypass ...

Sickbeard Alpha is susceptible to a remote command injection vulnerability that enables unauthenticated attackers to execute arbitrary commands. By manipulating the extra scripts configuration, attackers can insert malicious commands into the field, which, when processed, can lead to unauthorized...

The Socusoft Photo to Video Converter Professional 8.07 is susceptible to a local buffer overflow vulnerability in the 'Output Folder' input field. This flaw permits attackers to insert a specially crafted payload into the output folder field, leading to a stack-based buffer overflow and potentia...

Sickbeard version 0.1 is vulnerable to a cross-site request forgery flaw, enabling attackers to manipulate users into executing unwanted actions. By tricking users into submitting a malicious configuration form, the attackers can effectively clear the web application’s stored authentication crede...

Nidesoft DVD Ripper version 5.2.18 is susceptible to a local buffer overflow due to improper handling of user input in the License Code registration parameter. By injecting a specifically crafted payload into this field, attackers can exploit this vulnerability to achieve arbitrary code execution...

The Port Forwarding Wizard version 4.8.0 suffers from a buffer overflow vulnerability that can be exploited by local attackers. By sending a crafted long request via the Register feature, an attacker may manipulate the application's memory. This could lead to the execution of arbitrary code, allo...

Koken CMS version 0.22.24 is susceptible to a file upload vulnerability that enables authenticated attackers to circumvent file extension restrictions. By manipulating file upload requests—potentially using a web proxy—attackers can rename malicious PHP files, allowing for the execution of system...

Koken CMS version 0.22.24 is susceptible to a file upload vulnerability that enables authenticated attackers to circumvent file extension restrictions. By manipulating file upload requests—potentially using a web proxy—attackers can rename malicious PHP files, allowing for the execution of system...

NetPCLinker 1.0.0.0 is susceptible to a buffer overflow vulnerability found in the DNS/IP field within the Clients Control Panel. This flaw allows attackers to inject crafted malicious payloads into the input field, which can manipulate SEH (Structured Exception Handling) handlers, leading to arb...

A cross site scripting vulnerability exists in the web interface of the D-Link DSL-6641K version N8.TR069.20131126. This flaw, associated with the function ad_virtual_server_vdsl, can be exploited through manipulation of the 'Name' argument. An attacker could potentially initiate a remote attack,...

A significant use-after-free vulnerability has been identified in Apple’s iOS and macOS products, impacting versions prior to the latest updates. This flaw arises due to improper memory management, allowing maliciously crafted web content to trigger arbitrary code execution. Apple has acknowledge...

A vulnerability has been identified in the User Management component of SourceCodester Pet Grooming Management Software 1.0. This flaw lies in the manipulation of the argument 'group_id' within the /admin/operation/user.php file, leading to improper access controls. Attackers can exploit this vul...

A security vulnerability has been identified in the itsourcecode Student Management System version 1.0, specifically in the processing of inputs within the file /enrollment/index.php. This vulnerability allows an attacker to manipulate the argument ID, leading to SQL injection attacks. As a resul...

A security vulnerability has been discovered in Projectworlds' House Rental and Property Listing software version 1.0, specifically in the /app/sms.php file. This issue arises from improper handling of user-supplied input in the Message parameter, which can be exploited to execute arbitrary JavaS...

A deserialization vulnerability has been identified in bolo-solo versions up to 2.6.4, specifically within the importMarkdownsSync function located in the BackupService.java file of the SnakeYAML component. This vulnerability allows an attacker to craft malicious input that can be remotely proces...

A vulnerability has been identified in the Tenda HG10 router, specifically within the /boaform/formSysCmd file. This flaw allows remote attackers to inject arbitrary commands through the sysCmd argument. When exploited, this vulnerability could lead to unauthorized system command execution, posin...