Publicly Disclosed
PoC Exploits

The Doctreat Core plugin for WordPress contains a vulnerability that allows unauthenticated users to register as administrators. This issue arises from the improper handling of user roles in the doctreat_process_registration() function. Any attacker can exploit this weakness in versions up to and...

A vulnerability has been identified in Veritas Backup Exec versions prior to 21.2 that compromises secure communication between clients and agents. This flaw arises from weaknesses in the SHA Authentication scheme, allowing an unauthorized attacker to bypass authentication. Once exploited, the at...

In specific versions of Eclipse BIRT, an attacker can exploit the software by altering query parameters to generate a JSP file. This malicious JSP file can potentially execute code on the running instance. Such an attack allows unauthorized access through the current BIRT viewer directory, enabli...

An OS command injection vulnerability exists in Xdebug, a PHP debugging extension, allowing unauthenticated attackers to exploit the remote debugging feature. When remote debugging is enabled, Xdebug listens on port 9000, accepting debugger protocol commands without authentication. This vulnerabi...

The MagicForm plugin for WordPress, up to version 0.1.3, contains a critical flaw that allows unauthenticated attackers to upload malicious PHP files via an AJAX action. This occurs due to inadequate validation of uploaded file types when per-field extension allowlists are empty. Attackers exploi...

A vulnerability in networkd-dispatcher can be exploited due to insufficient sanitization of functions related to OperationalState and AdministrativeState. This flaw allows attackers to perform directory traversal attacks, potentially escaping the authorized '/etc/networkd-dispatcher' base directo...

Open XDMoD, an open framework for collecting and analyzing high-performance computing metrics, is affected by a remote command execution vulnerability. This issue allows attackers to execute arbitrary system commands on the web server running versions 9.5.0 through 11.0.2, with the same privilege...

A flaw exists in the cookie date handling logic within the libsoup HTTP library, which is utilized by various applications, including those in the GNOME ecosystem. This flaw arises when the library processes cookies with specially crafted expiration dates, resulting in an out-of-bounds memory rea...

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager enables an authenticated remote attacker to create or overwrite files on the system's filesystem. This issue arises from inadequate validation of user inputs during file uploads. An attacker, using a crafted HTTP request directed at t...

A use-after-free vulnerability exists in the libvirt virtualization API, specifically within the `qemuMonitorUnregister()` function. This flaw arises when multiple threads call this function without adequate synchronization mechanisms, leading to potential instability. It can be exploited through...

The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

The vulnerability in Sudo prior to version 1.9.5p2 arises from an off-by-one error that can lead to a heap-based buffer overflow. This flaw can be exploited through 'sudoedit -s' when given a command-line argument that concludes with a backslash. Successful exploitation can grant attackers elevat...

The WPEverest User Registration plugin for WordPress has a vulnerability that allows users with insufficient privileges to elevate their access rights. This vulnerability permits a user to perform actions that should be restricted, leading to potential misuse of the platform. This affects all ver...

A contributor privilege escalation vulnerability exists in the LatePoint Plugin for WordPress, allowing unauthorized users to elevate their permissions and potentially gain access to restricted areas of the website. This issue affects versions up to 5.5.1, making it crucial for site administrator...

The JetSearch plugin for WordPress has a vulnerability that allows unauthenticated SQL injection, enabling attackers to manipulate the database through crafted input. This security flaw affects versions up to 3.5.17, posing a risk for sites utilizing this plugin. Web administrators are advised to...

This vulnerability allows unauthenticated attackers to exploit PHP object injection flaws in the WP Zendesk for Contact Form 7 and other associated WordPress plugins such as WPForms, Elementor, Formidable, and Ninja Forms. Versions up to 1.1.4 are impacted, permitting malicious users to potential...

The Integration for Keap/Infusionsoft and several popular WordPress plugins are susceptible to a PHP object injection vulnerability, which allows attackers to exploit the application by sending specially crafted requests. This issue affects versions of Contact Form 7, WPForms, Elementor, Formidab...

The Integration for ActiveCampaign and Contact Form 7, along with its related plugins WPForms, Elementor, and Ninja Forms, are susceptible to an unauthenticated PHP Object Injection vulnerability. This flaw allows attackers to inject arbitrary PHP objects, potentially leading to unauthorized acce...

The WP Insightly plugin for WordPress contains an unauthenticated PHP Object Injection vulnerability, affecting multiple versions of popular form plugins including Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms. This weakness allows attackers to potentially exploit the applicatio...

The WP Captcha PRO plugin for WordPress is susceptible to an authentication bypass vulnerability present in all versions up to 5.38. This occurs due to inadequate security checks in the ajax_run_tool() AJAX handler, which only verifies a nonce without any capability validation. Furthermore, the c...

The Simple History plugin for WordPress is susceptible to an authenticated account takeover due to insufficient permissions on specific event reaction endpoints. This vulnerability allows a Subscriber-level user to exploit the plugin's mechanism to access sensitive event data, including the full ...

The Spectra Gutenberg Blocks plugin for WordPress presents a vulnerability that allows authenticated attackers with Contributor-level access or higher to execute arbitrary code on the server. The exploit hinges on a two-block payload embedded within post content. The first block creates a decepti...

The Kirki Freeform Page Builder plugin for WordPress is susceptible to privilege escalation due to a flaw in its password reset functionality. Versions 6.0.0 to 6.0.6 permit attackers to utilize an arbitrary email address when submitting password reset requests, potentially allowing unauthorized ...

The Admin Columns plugin for WordPress is susceptible to a PHP Object Injection vulnerability due to insecure usage of the unserialize() function. This flaw allows authenticated users with Contributor access and higher to inject manipulated serialized PHP objects through post custom meta fields. ...

The WP Captcha PRO plugin, a premium version of the Advanced Google reCAPTCHA plugin, is susceptible to an arbitrary file upload vulnerability in all versions leading up to and including version 5.38. This flaw arises from inadequate capability checks within the save_ajax() function of the licens...

A vulnerability in the WebinarIgnition plugin developed by Saleswonder Team exposes users to privilege escalation attacks. This flaw is present in versions prior to 4.08.253, allowing unauthorized users to gain elevated permissions, leading to potential data breaches and unauthorized access to se...

The vulnerability in Discuz! X5.0 enables unauthenticated remote attackers to exploit the shared cryptographic key used in UCenter integration, granting them unauthorized access to the database backup and restore features via the dbbak.php file. By injecting a tailored payload through the usernam...

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

An improper restriction of names for files and other resources in Active Directory Domain Services enables an authorized attacker to exploit this vulnerability, allowing them to gain elevated privileges over a network. This could result in unauthorized access to sensitive resources and data. Prop...

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

The vulnerability CVE-2024-20399 affects Cisco NX-OS Software and allows an authenticated, local attacker to execute arbitrary commands as root on the affected device. This is a command injection vulnerability with a CVSS risk score of 6.0, and it has been exploited by the Chinese hacker group Ve...

An OS command injection vulnerability exists in Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw arises from improper neutralization of special elements used in operating system commands. An attacker can exploit this vulnerability to execute unauthorized commands, potentially comprom...

A path traversal vulnerability exists in Fortinet's FortiSandbox, affecting versions 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8. This vulnerability may enable attackers to exploit the system by manipulating file directories, potentially leading to privilege escalation. Proper input validation is...

The LearnPress plugin for WordPress, versions prior to 4.3.7, contains a vulnerability in one of its REST endpoints that allows unauthenticated attackers to access sensitive user information. Without proper access controls, malicious users can retrieve a list of every user’s roles, capabilities, ...

The WP Magnific Popup plugin for WordPress fails to properly escape URLs provided by users before inserting them into the Document Object Model (DOM) to display image load error messages. This flaw allows authenticated users with Author-level access or higher to execute Stored Cross-Site Scriptin...

The Taskbuilder plugin for WordPress, versions prior to 5.0.8, is susceptible to a Reflected Cross-Site Scripting vulnerability due to improper sanitization of a URL parameter. This flaw allows an attacker to inject malicious JavaScript code into a frontend page that utilizes one of the plugin's ...

The weMail plugin for WooCommerce, versions prior to 2.1.3, is susceptible to Reflected Cross-Site Scripting (XSS). This arises from inadequate escaping of user-supplied parameters reflected in HTML attributes within non-nonce-protected AJAX responses. As a result, unauthenticated attackers can e...

An SQL Injection vulnerability exists in Drupal Core that arises from improper neutralization of special elements utilized in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Affected versions include those from 8.9....

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

The DBCPConnectionPool and HikariCPConnectionPool services in Apache NiFi versions 0.0.2 through 1.21.0 are susceptible to a vulnerability that allows an authenticated and authorized user to configure a Database URL leveraging the H2 driver, leading to potential execution of custom code. The reco...

A vulnerability in Vite's frontend development tooling allows attackers to bypass file access restrictions. Specifically, versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 expose the risk where app URLs can be manipulated with trailing query parameters such as '?raw?' or '?import&raw?' t...

A vulnerability exists in the Samba printing subsystem that allows remote attackers to execute arbitrary commands on affected systems. The flaw occurs due to improper handling of the client-controlled job description string, which is passed directly to the configured print command without escapin...

An issue has been identified in the Redis open-source database that impacts all versions with Lua scripting enabled. Authenticated users can exploit this vulnerability by executing specially crafted Lua scripts that manipulate the garbage collector. This can result in a use-after-free situation, ...

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager enables an authenticated remote attacker to create or overwrite files on the system's filesystem. This issue arises from inadequate validation of user inputs during file uploads. An attacker, using a crafted HTTP request directed at t...

The LiteSpeed cPanel plugin prior to version 2.4.8 is susceptible to improper handling of symbolic links on shared hosting servers that run CloudLinux/CageFS. This vulnerability allows attackers with FTP or web shell access to exploit symlink behaviors, potentially leading to unauthorized file ac...

A vulnerability in LiteLLM prior to version 1.83.14 allows an authenticated internal user to generate API keys with access to restricted routes. The vulnerability allows the 'allowed_routes' field to be set without proper validation against the user's role permissions. As a result, keys can be cr...

Nezha Monitoring, a self-hostable tool for monitoring servers and websites, has a path traversal vulnerability prior to version 2.0.13. The NoRoute handler in the dashboard improperly validates URLs, treating any URL that begins with '/dashboard' as an admin-frontend asset request. This flaw allo...

This vulnerability arises from uncontrolled resource consumption within the HTTP/2 protocol, which can be exploited by unauthorized attackers to launch Denial of Service (DoS) attacks over a network. This attack could potentially disrupt the availability of services that rely on HTTP/2, making it...