Publicly Disclosed
PoC Exploits

The vulnerability CVE-2024-32462 in the Flatpak software system for Linux allows a malicious or compromised Flatpak app to execute arbitrary code outside its sandbox in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8. The vulnerability can be exploited by passing `bwrap` arguments to the `--co...

The SourceCodester Client Database Management System 1.0 is susceptible to a vulnerability that allows attackers to upload files without any restrictions. This issue is due to improper handling of the 'uploaded_file_cancelled' argument in the '/user_order_customer_update.php' file. Malicious acto...

A significant SQL injection vulnerability exists in the Campcodes Online Hospital Management System version 1.0. This issue is triggered by improper handling of the 'fromdate' and 'todate' parameters in the admin interface located in the 'betweendates-detailsreports.php' file. An attacker can exp...

A stack-based buffer overflow vulnerability has been identified in the SourceCodester Computer Store System version 1.0, specifically within the Add function of the main.c file. This vulnerability occurs due to improper handling of user inputs for the laptopcompany, RAM, and Processor parameters....

A buffer overflow vulnerability exists in the PORT Command Handler of FreeFloat FTP Server 1.0.0, which can be exploited remotely. The flaw allows attackers to manipulate the server's handling of commands leading to potential unauthorized access or service disruptions. Given the public disclosure...

The vulnerability in Microsoft Windows File Explorer poses a security risk by allowing unauthorized access to sensitive information. In an environment where it is present, attackers can exploit this flaw to spoof identities over a network, potentially compromising data integrity and confidentiali...

The vulnerability in Microsoft Windows File Explorer poses a security risk by allowing unauthorized access to sensitive information. In an environment where it is present, attackers can exploit this flaw to spoof identities over a network, potentially compromising data integrity and confidentiali...

A logic error in the CallRedirectionProcessor.java file within Google's Android Telecommunication Services allows a possible permission bypass. This vulnerability can facilitate local escalation of privilege, enabling unauthorized background activities without additional execution privileges. Not...

A SQL injection vulnerability exists in the PHPGurukul News Portal Project version 4.1, specifically in the /admin/edit-subadmin.php file. This flaw allows an attacker to manipulate the 'emailid' parameter, resulting in unauthorized database queries that could be executed remotely. Due to its pub...

A vulnerability has been identified in PHPGurukul News Portal Project 4.1, specifically related to the manipulation of the 'Category' argument in the /admin/edit-subcategory.php file. This weakness allows attackers to execute SQL injection attacks remotely, potentially compromising the security o...

A vulnerability exists in the PHPGurukul News Portal Project version 4.1, specifically in the file /admin/edit-category.php, where improper handling of the 'Category' argument can allow for SQL injection attacks. This flaw can be exploited remotely, leading to unauthorized access to sensitive dat...

A vulnerability exists in the PHPGurukul News Portal Project 4.1 that allows an attacker to manipulate the 'Category' argument in the /admin/add-category.php file, leading to SQL injection. This flaw can be exploited remotely, allowing unauthorized access to database information. Given that the e...

A remote SQL injection vulnerability exists in the PHPGurukul Company Visitor Management System version 1.0, specifically within the '/bwdates-reports-details.php' file. This weakness allows an attacker to manipulate the 'fromdate' and 'todate' parameters, potentially leading to unauthorized acce...

A vulnerability has been identified in Gowabby HFish version 0.1, specifically within the LoadUrl function located in the file view/url.go. This flaw arises from improper handling of the 'r' argument, enabling potential unauthorized access. The vulnerability can be exploited remotely, allowing at...

A vulnerability has been identified in Campcodes Online Hospital Management System version 1.0, specifically in the file /hms/admin/query-details.php. This type of vulnerability allows for SQL injection, stemming from improper validation of input parameters, particularly in the 'adminremark' argu...

A vulnerability has been discovered in the GNU Binutils objdump component which allows for memory corruption in the debug_type_samep function. This issue affects versions of GNU Binutils up to 2.44 and requires local access for exploitation. The exploit has been made public, highlighting the nece...

A serious vulnerability exists in the GNU Binutils up to version 2.44, specifically within the elf_gc_sweep function of the ld component in elflink.c. This flaw can lead to memory corruption, allowing an attacker to manipulate memory in a way that might compromise the system. The exploit requires...

Langflow versions earlier than 1.3.0 are vulnerable to a code injection flaw located in the /api/v1/validate/code endpoint. This issue can be exploited by remote attackers without authentication, allowing them to send specially crafted HTTP requests, which may lead to the execution of arbitrary c...

A vulnerability exists within the Windows Installer component that allows attackers to gain elevated privileges on affected systems. This weakness can be exploited to perform unauthorized actions on the system, compromising security and data integrity. Users are encouraged to review the associate...

A SQL injection vulnerability has been discovered in the PHPGurukul Student Study Center Management System, specifically in the processing of the file /admin/report.php. This vulnerability arises due to improper handling of user-supplied parameters, namely 'fromdate' and 'todate', allowing an att...

The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is susceptible to arbitrary file uploads due to insufficient file type validation within the crawlomatic_generate_featured_image() function. This vulnerability enables unauthenticated attackers to upload unauthorized files to t...

A SQL injection vulnerability exists in the PHPGurukul Company Visitor Management System 1.0, specifically in the /forgot-password.php file. This vulnerability allows attackers to manipulate the 'email' parameter, enabling unauthorized access and potential data breaches. The manipulation can be e...

A SQL injection vulnerability has been identified in the PHPGurukul Online Nurse Hiring System version 1.0, specifically affecting the file /admin/bwdates-report-details.php. By manipulating the parameters 'fromdate' and 'todate', attackers can execute arbitrary SQL commands, potentially compromi...

A vulnerability exists in the Campcodes Online Hospital Management System, specifically within the /admin/view-patient.php file. An attacker can exploit this issue by manipulating the 'viewid' parameter, leading to SQL injection challenges. This may allow unauthorized access to the database, pote...

The D-Link DI-8100 router, up to version 20250523, contains a stack-based buffer overflow vulnerability in its jhttpd component. The issue arises when the 'notify' argument in the /login.cgi function is manipulated, potentially allowing unauthorized access to the device. While the exploit must or...

A vulnerability has been identified in PHPGurukul Small CRM version 3.0, where improper processing in the /admin/manage-tickets.php file leads to SQL injection. Attackers could manipulate the 'aremark' argument, potentially allowing for unauthorized database access and manipulation. The vulnerabi...

A security vulnerability in PHPGurukul Small CRM version 3.0 allows attackers to execute SQL injection through the manipulation of the 'oldpass' argument in the /admin/change-password.php file. This flaw potentially enables unauthorized access to sensitive data, due to improper validation of user...

A SQL injection vulnerability exists in the Campcodes Advanced Online Voting System v1.0, specifically affecting the /index.php file. This vulnerability allows remote attackers to manipulate the 'voter' argument, potentially leading to unauthorized data access or compromise of the system. The exp...

A significant security vulnerability has been identified in the Campcodes Online Hospital Management System version 1.0, specifically in the /admin/add-doctor.php file. This flaw arises from improper validation of the 'Doctorspecialization' argument, which makes it susceptible to SQL injection at...

A buffer overflow vulnerability exists in FreeFloat FTP Server 1.0.0, specifically within the QUOTE Command Handler component. This flaw allows an attacker to manipulate the buffer, potentially leading to remote code execution. The issue has been publicly disclosed, raising concerns about the sec...

A vulnerability exists in FreeFloat FTP Server version 1.0.0 related to the GET Command Handler. This issue stems from improper handling of input that may lead to a buffer overflow, allowing remote attackers to execute arbitrary code. The exploit has been publicly disclosed, increasing the urgenc...

A buffer overflow vulnerability exists in the ASCII Command Handler of FreeFloat FTP Server 1.0.0, potentially allowing remote attackers to exploit this flaw. The vulnerability arises from improper handling of input, which can lead to unauthorized access or execution of arbitrary code. Publicly d...

A critical vulnerability has been discovered in the FreeFloat FTP Server 1.0.0, specifically in the LITERAL Command Handler component. This flaw allows for a buffer overflow, which can be exploited remotely, potentially enabling an attacker to execute arbitrary code. The exploit has been made pub...

A significant buffer overflow vulnerability has been identified within the RMDIR Command Handler of FreeFloat FTP Server 1.0.0. This flaw allows remote attackers to manipulate the processing of commands, potentially leading to unauthorized access or system crashes. As this exploit has been public...

A SQL injection vulnerability exists in the PHPGurukul Student Record System 3.20, affecting the /login.php file. This flaw allows an attacker to manipulate the ID parameter, potentially executing arbitrary SQL queries against the database. The vulnerability can be exploited remotely, posing sign...

A SQL injection vulnerability exists in the Projectworlds Responsive E-Learning System, specifically targeting the /admin/delete_file.php script. By manipulating the ID parameter, an attacker can execute malicious SQL queries, potentially compromising the database. This vulnerability can be explo...

A security flaw has been identified in the Kashipara Responsive Online Learning Platform version 1.0, specifically in the handling of the argument ID within the file /courses/course_detail_user_new.php. This vulnerability allows for SQL injection attacks, which can be exploited remotely by attack...

A vulnerability exists in the PHPGurukul Employee Record Management System 1.3 that allows malicious users to exploit an unvalidated input in the /admin/editempexp.php file. By manipulating the 'emp1name' parameter, attackers can execute SQL injection attacks, leading to unauthorized data access ...

A SQL injection vulnerability exists in the PHPGurukul Employee Record Management System version 1.3, specifically affecting the processing of the file myprofile.php. The issue arises when the EmpCode argument is manipulated, allowing remote attackers to execute arbitrary SQL commands. This vulne...

A significant SQL injection vulnerability exists within the PHPGurukul Employee Record Management System version 1.3. This flaw resides in the '/loginerms.php' file, where improper handling of the Email argument allows attackers to execute arbitrary SQL queries against the database. The vulnerabi...

A vulnerability in the SourceCodester Online Hospital Management System version 1.0 exists in the /admin/check_availability.php file. This issue is triggered by improper handling of the 'emailid' argument, allowing an attacker to execute SQL injection attacks. Such exploitation can be carried out...

A SQL injection vulnerability has been identified in the SourceCodester Client Database Management System 1.0, specifically in the /superadmin_update_profile.php file. This security flaw allows attackers to manipulate the 'nickname' or 'email' arguments leading to unauthorized access and potentia...

A vulnerability in the Installation component of Pixelimity allows for SQL injection via the site_description argument of the /install/index.php file. This flaw can be exploited remotely, potentially leading to unauthorized access to the database. The exploit has been made public, increasing the ...

A SQL injection vulnerability has been identified in the 1000 Projects Daily College Class Work Report Book 1.0, specifically in the /dcwr_entry.php file. This flaw arises from improper handling of input data related to the 'Date' argument, allowing attackers to manipulate SQL queries. Remote exp...

A vulnerability has been identified in version 5.4.3 of the Open Asset Import Library, specifically within the MDLImporter::ParseSkinLump_3DGS_MDL7 function located in MDLMaterialLoader.cpp. This flaw allows for an out-of-bounds read, which can be exploited locally. The issue has been disclosed p...

A vulnerability has been identified in Open Asset Import Library Assimp version 5.4.3, specifically within the SkipSpaces function located in the ParsingUtils.h file. This flaw allows for an out-of-bounds read condition when certain input scenarios are exploited. Local access is necessary to expl...

A vulnerability exists within the Open Asset Import Library (Assimp) version 5.4.3, specifically in the HL1MDLLoader::validate_header function located in the assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp file. This vulnerability allows for an out-of-bounds read, posing potential risks when m...

A local vulnerability has been identified in the Open Asset Import Library Assimp version 5.4.3, specifically in the LWOImporter::CountVertsAndFacesLWO2 function found in the LWOLoader.cpp file. This issue allows for potential out-of-bounds reads, which may expose sensitive information during pro...

A flaw exists in the Open Asset Import Library (Assimp) version 5.4.3 affecting the MDLImporter::InternReadFile_Quake1 function located in the MDLLoader.cpp file. This vulnerability allows an attacker to perform out-of-bounds reads, potentially leading to information disclosure or other unforesee...

The Online Exam Mastering System version 1.0 faces a Cross Site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts through the name field in the feedback form, potentially compromising user data and session information. Proper input validation and sanitization m...