Publicly Disclosed
PoC Exploits

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with...

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

Multiple versions of Drupal, including those prior to 7.58 and various 8.x releases, are susceptible to a vulnerability that permits remote attackers to execute arbitrary code. This exploit takes advantage of configuration flaws in several subsystems, particularly those using default or common mo...

GLPI, a widely used asset and IT management software, is susceptible to SQL injection due to vulnerabilities in its Computer Virtual Machine form and inventory request feature. This flaw allows attackers to manipulate database queries, potentially compromising sensitive data. Users are encouraged...

A potential vulnerability exists in the ServiceNow AI Platform, which may allow an unauthenticated user to execute arbitrary code in the ServiceNow Sandbox under specific conditions. ServiceNow has released security updates to address this issue for both hosted and self-hosted customers. Users ar...

The IO::Compress module for Perl is vulnerable to arbitrary code execution due to its handling of user-supplied output glob strings. When the _parseOutputGlob() method wraps these strings in double quotes, it can inadvertently allow an attacker to inject Perl code. The vulnerability resides in th...

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

A vulnerability has been identified in MediaTek Modem due to a missing bounds check, resulting in a possible out of bounds write. This flaw allows for remote code execution if an unwitting user connects to a malicious base station operated by an attacker. No local execution privileges or user int...

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to ...

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 m...

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

The Mirasvit Full Page Cache Warmer, specifically for Magento 2, is susceptible to a PHP object injection flaw that permits unauthenticated attackers to execute arbitrary code. This vulnerability arises from an unrestricted invocation of PHP's native unserialize() function when handling malformed...

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (incl...

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks ...

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection

The integer overflow vulnerability in multiple Android components allows for unintended code execution, potentially leading to local privilege escalation. This flaw does not require additional execution privileges or user interaction, making it a significant concern for system security. Organizat...

A vulnerability exists in the Zabbix frontend that permits non-administrative users with certain roles to manipulate API functions due to an SQL injection flaw. Specifically, the issue arises within the CUser class's addRelatedObjects function, which is invoked by the CUser.get function. This fun...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

An improper encoding vulnerability in Tesla allows for multipart part header injection due to the lack of validation on CR, LF, and double-quote characters in the Content-Disposition header values. When parameters are passed without proper validation, an attacker can manipulate header values, lea...

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with JavaScr...

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with JavaScr...

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can inj...

A vulnerability exists in the Linux kernel's netfilter module that affects the nft_map_catchall_activate() function. This function encounters an inverted element activity check, leading to a failure in appropriately handling catchall map elements during a failed transaction. The bug arises when t...

The LiteLLM proxy server by BerriAI, used to interface with LLM APIs, has a significant vulnerability that allows authenticated users to execute arbitrary commands on the host system. This issue arises from two endpoints that accept a complete server configuration in the request body, which inclu...

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

A Cross Site Scripting (XSS) vulnerability exists in the Teldat Router RS123 and RS123w models. This vulnerability arises from improper handling of user inputs in the cmdcookie parameter of the upgrade/query.php page. Attackers can exploit this flaw to execute arbitrary code, potentially leading ...

The Launch Editor by Vite suffers from a command injection vulnerability due to insufficient sanitization of the `file` argument in the `launchEditor` function. This flaw allows attackers to execute arbitrary commands on Windows systems by manipulating the filename with special characters before ...

A vulnerability in the Publish Audit API endpoints of dotCMS Core allows remote unauthenticated attackers to exploit improper neutralization of special elements in SQL commands. This can lead to unauthorized reading, modification, or destruction of database content. The API endpoints (/api/auditP...

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint w...

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside...

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the...

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive d...

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract s...

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc_ad' parameter in base.css.php or kittycatfish.php to extract sensit...

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payload...

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php ...

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter. Attackers can send GET requests to the booking-page endpoint with ma...

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the ...

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to ...

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...

A vulnerability exists in the Linux kernel's netfilter module that affects the nft_map_catchall_activate() function. This function encounters an inverted element activity check, leading to a failure in appropriately handling catchall map elements during a failed transaction. The bug arises when t...

Flowise, a user-friendly platform for creating customized large language model flows, has a significant vulnerability in version 3.0.5 that allows for remote code execution. The flaw lies within the CustomMCP node, where user input is inadequately sanitized. Specifically, the mcpServerConfig stri...