Publicly Disclosed
PoC Exploits

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in Apache Tomcat that arises from missing encryption mechanisms for sensitive data, which could lead to data exposure. This issue was introduced as a result of the fix for another vulnerability, allowing the EncryptInterceptor to be bypassed. Users running vers...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

A vulnerability has been identified in inkeep agents version 0.58.14, specifically within the createDevContext function of the runAuth.ts file in the runAuth Middleware component. This flaw allows an attacker to perform an authentication bypass via an alternate channel, potentially exposing sensi...

A security vulnerability exists in jishenghua's jshERP prior to version 3.6. This vulnerability affects the getUserByWeixinCode function within the UserService.java component of the updatePlatformConfigByKey endpoint. An attacker can manipulate the weixinUrl argument, enabling the execution of a ...

A weakness has been identified in aiwaves-cn agents, specifically within the 'recall_relevant_memories_to_working_memory' function of the 'stray_cat.py' file in the 'cheshire_cat_core' component. This vulnerability can lead to significant resource exhaustion if exploited, allowing attackers to co...

A security flaw in VectifyAI PageIndex has been identified within the PDF Table of Contents Handler, specifically in the toc_transformer function of page_index.py. This vulnerability allows an attacker to exploit the software remotely, triggering an infinite loop that disrupts normal operations. ...

Bitwarden Server versions prior to v2026.4.1 contain a critical flaw that allows authenticated users with SCIM management privileges to bypass the re-authentication requirement when accessing or rotating an organization's SCIM API key. This vulnerability enables unauthorized retrieval of sensitiv...

A vulnerability in Bitwarden Server versions prior to v2026.4.0 allows a provider service user to exploit a missing authorization mechanism. This flaw enables the user to add an arbitrary organization to their provider through a specific API endpoint, effectively taking over the target organizati...

A vulnerability in Bitwarden Server prior to v2026.4.1 allows any authenticated user to exploit a missing authorization check. By sending an empty `collections` array in a request to `POST /ciphers/import-organization`, attackers can bypass the server-side permission validation. This flaw enables...

A vulnerability has been identified in OpenClaw's Bluebubbles Webhook component, specifically in the handleBlueBubblesWebhookRequest function located in monitor.ts. This flaw can allow unauthorized access due to improper authentication mechanisms. Remote attackers may exploit this vulnerability, ...

A security flaw has been identified in the Open5GS framework, affecting versions up to 2.7.7. The vulnerability resides in the function yuarel_parse within the NRF component's library /lib/sbi/conv.c. Attackers can exploit this weakness by manipulating the hnrf-uri argument, potentially leading t...

The Contact Form by Supsystic plugin for WordPress is susceptible to a Server-Side Template Injection (SSTI) vulnerability that may lead to Remote Code Execution (RCE). This exposure affects all versions up to and including 1.7.36. The flaw arises from the plugin's integration of the Twig `Twig_L...

A vulnerability exists in the Linux kernel that concerns the handling of shared skb fragments during the decryption process in ESP-in-UDP packets. When pages are attached from a pipe directly to an skb using MSG_SPLICE_PAGES, the kernel marked these SKBs with SKBFL_SHARED_FRAG, which plays a cruc...

A vulnerability has been discovered in Open5GS versions up to 2.7.7, specifically within the ogs_nnrf_nfm_handle_nf_profile function in the NRF component's lib/sbi/nnrf-handler.c file. This issue allows for a remote attacker to cause a denial of service, potentially disrupting service availabilit...

A security flaw has been identified in the Open5GS SMF component, specifically in the smf_nsmf_handle_update_data_in_vsmf function within /src/smf/nsmf-handler.c. This vulnerability allows for remote exploitation, potentially leading to a denial of service condition. Attackers can leverage this i...

A vulnerability in Open5GS affects the SMF component, particularly the smf_nsmf_handle_update_data_in_vsmf function. This vulnerability arises from improper handling of the qosFlowProfile argument, leading to potential denial of service attacks. The exploitation can be conducted remotely, and pub...

A denial of service vulnerability has been identified in Open5GS software up to version 2.7.7. Specifically, the issue resides in the function gsm_handle_pdu_session_modification_qos_flow_descriptions located in the file src/smf/gsm-handler.c. By manipulating the argument n1SmMsg, an attacker can...

The Spring Framework MVC is susceptible to a Path Traversal Vulnerability when deployed on certain Servlet containers that do not adhere to compliance norms. The vulnerability arises when applications deployed as WAR files or with embedded Servlet containers accept unvalidated input leading to fi...

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

The Custom CSS-JS-PHP WordPress plugin prior to version 2.0.7 contains a vulnerability that allows attackers to inject malicious SQL code due to inadequate input sanitization. This flaw enables unauthenticated users to execute arbitrary PHP code on the server by passing unverified data to an eval...

The Airoha Bluetooth audio SDK contains a vulnerability that enables a permission bypass, granting unauthorized access to sensitive data associated with the RACE protocol via Bluetooth LE GATT service. This flaw allows potential escalations in privilege without requiring additional execution priv...

An integer coercion error has been identified in the MySQL Server component of Bettercap, affecting versions up to 2.41.5. This vulnerability can be exploited remotely, presenting a complex challenge for potential attackers. The flaw resides in the 'modules/mysql_server/mysql_server.go' file, whi...

A vulnerability has been identified in Bettercap's Zerogod IPP Service, specifically within the ippReadChunkedBody function in the zerogod_ipp_primitives.go file. This issue allows for potential exploitation through a remote attack that manipulates data, leading to an integer coercion error. The ...

A security vulnerability has been identified in Npitre cramfs-tools versions up to 2.1, specifically within the do_directory function in cramfsck.c. This issue allows local attackers to manipulate the path and access restricted directories through path traversal exploits. The problem has been pub...

A security flaw has been identified in the D-Link DNS-320, specifically in the /cgi-bin/webfile_mgr.cgi file management functionalities. This vulnerability allows attackers to perform OS command injection, enabling unauthorized remote manipulation of file operations such as delete, rename, copy, ...

A significant vulnerability has been found in the D-Link DNS-320 ShareCenter NAS, particularly in the network_mgr.cgi script. This vulnerability allows remote attackers to inject operating system commands via specific parameters in multiple CGI functions. Given that the exploit is already publicl...

A vulnerability exists in Open5GS up to version 2.7.7 within the SMF component's ogs_nas_parse_qos_rules function. An attacker can remotely exploit this flaw through crafted inputs, resulting in denial of service. The issue has been publicly disclosed, highlighting significant risks for users and...

A vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the SMF component in the function smf_nsmf_handle_create_sm_context. This vulnerability allows for manipulation that can lead to a denial of service, enabling remote exploitation. Despite being reported early...

A vulnerability in Open5GS’s SMF component, specifically within the OpenAPI_list_create function, allows a remote attacker to execute a denial of service attack. This issue has been disclosed publicly, making affected installations potentially vulnerable to disruptions. The Open5GS project was no...

A vulnerability has been identified in Open5GS versions up to 2.7.7, specifically in the SMF component's function smf_nsmf_handle_created_data_in_vsmf. This flaw allows attackers to initiate remote denial of service attacks, disrupting the service's functionality. Despite being reported, there ha...

A vulnerability exists in Open5GS versions up to 2.7.7, specifically in the gsm_build_pdu_session_establishment_accept function located in /src/smf/gsm-build.c. This flaw allows an attacker to remotely exploit the vulnerability, resulting in a denial of service. Despite initial reporting to the p...

A vulnerability exists within the Android kernel's binder subsystem, where improper locking in the binder_release_work function can result in a use-after-free condition. This flaw enables a local attacker to escalate their privileges on the device without requiring any additional execution permis...

A security vulnerability has been identified in the Tenda AC6 router firmware version 15.03.06.23, specifically in the get_log_file function of the httpd component. This issue arises from improper handling of the 'wans.flag' argument, which can lead to OS command injection attacks. Malicious acto...

A vulnerability has been discovered in the Tenda AC6 router affecting firmware version 15.03.06.23. Specifically, the flaw resides within the formWifiApScan function located in the httpd component of the router's software. By manipulating the wl2g.public.country or wl5g.public.country arguments, ...

A security flaw exists in the Tenda AC6 router's firmware version 15.03.06.49_multi_TDE01, specifically in the functionality associated with the fromSetWirelessRepeat function. This vulnerability allows for OS command injection through manipulation of the mac/ssid parameters within the /goform/Wi...

A vulnerability in Devs Palace ERP Online versions up to 4.0.0 allows attackers to execute arbitrary JavaScript code via an inadequate validation mechanism in the /accounts/chart-save endpoint. This flaw can be exploited remotely and poses a risk for users as it enables the injection of malicious...

A vulnerability affecting Squirrel versions up to 3.2 is identified, stemming from issues in the SQFunctionProto::Load function located in the squirrel/sqobject.cpp file. This vulnerability enables a heap-based buffer overflow, which can be triggered through local execution. Publicly disclosed ex...

A buffer overflow vulnerability affects the D-Link DCS-935L camera models running firmware versions up to 1.10.01. The flaw exists in the SetDeviceSettings function of the HNAP Service, located at /web/cgi-bin/hnap/hnap_service. This vulnerability enables an attacker to manipulate the AdminPasswo...

A vulnerability has been discovered in the Tenda AC6 router affecting the HTTP daemon component, specifically within the '/goform/telnet' function. This issue arises from improper handling of the 'lan.ip' argument, which can lead to OS command injection. Attackers can exploit this vulnerability r...

A vulnerability has been identified in the Squirrel library, particularly affecting versions up to 3.2. This flaw exists within the 'validate_format' function located in 'sqstdlib/sqstdstring.cpp'. An attacker with local access can manipulate this function, leading to a stack-based buffer overflo...

A vulnerability in WebAssembly Binaryen's BrOn Parser has been identified, which can lead to a Denial of Service condition. Specifically, the issue lies within the function IRBuilder::makeBrOn in the wasm-ir-builder.cpp file. Manipulation of this function could trigger a reachable assertion failu...

A significant vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the SMF component's function smf_nsmf_handle_create_data_in_hsmf. This issue allows attackers to exploit a null pointer dereference, which can lead to denial of service. Importantly, this vulnerab...

A denial of service vulnerability has been identified in the Open5GS SMF, specifically in the function update_authorized_pcc_rule_and_qos located in the file /src/smf/npcf-handler.c. This vulnerability allows an attacker to disrupt the service functionality remotely by performing manipulation on ...

A denial of service vulnerability has been identified in Open5GS versions up to 2.7.7, specifically affecting the SMF component. The issue arises from a flaw in the function smf_n4_build_qos_flow_to_modify_list located in the /src/smf/n4-build.c file. This vulnerability allows remote attackers to...

A vulnerability in Open5GS SMF impacting version 2.7.7 allows unauthorized manipulation of the function update_authorized_pcc_rule_and_qos within the source file /src/smf/npcf-handler.c. This results in a Denial of Service (DoS) condition, permitting remote exploitation. Despite being reported to...

A vulnerability in Open5GS, specifically within the SMF component, has been identified that could lead to a denial of service. The issue lies within the function update_authorized_pcc_rule_and_qos in the npcf-handler.c file. This flaw, present in versions up to 2.7.7, can be exploited remotely, p...

The File Manager plugin for WordPress prior to version 6.9 contains a vulnerability that permits remote attackers to upload and execute arbitrary PHP code. The issue arises from the renaming of an insecure example elFinder connector file to have a .php extension. This flaw facilitates attackers t...

An identified vulnerability in OpenClaw products before version 2026.1.29 allows the software to retrieve a gateway URL from a query string. This triggers an automatic WebSocket connection, which then sends a sensitive token value without user interaction. This flaw may expose users to unauthoriz...

The LangChain framework, designed for building agents and LLM-powered applications, contains a serialization injection vulnerability in its dumps() and dumpd() functions. This flaw arises from the handling of user-controlled data, specifically when dictionaries containing 'lc' keys are serialized...