Publicly Disclosed
PoC Exploits

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on ...

A vulnerability exists in Git that affects how configuration values are read and written, particularly regarding trailing carriage returns. When a submodule path includes a trailing carriage return, it is altered when read back, which can cause the submodule to be checked out to an incorrect loca...

A vulnerability exists in Git that affects how configuration values are read and written, particularly regarding trailing carriage returns. When a submodule path includes a trailing carriage return, it is altered when read back, which can cause the submodule to be checked out to an incorrect loca...

A critical SQL injection vulnerability has been identified in Campcodes' Advanced Online Examination System 1.0. The flaw resides in the /query/loginExe.php file, where unsanitized input of the Username parameter allows attackers to execute arbitrary SQL queries. This vulnerability can be exploit...

A security flaw has been identified in the itsourcecode COVID Tracking System version 1.0, specifically within an unspecified function of the /admin/?page=system_info file. This vulnerability allows for SQL injection through the manipulation of the 'meta_value' argument, enabling remote attackers...

A security issue has been identified in the itsourcecode COVID Tracking System 1.0 that allows for SQL injection via manipulation of the Username parameter in the /admin/?page=user endpoint. This vulnerability is remotely exploitable and could lead to unauthorized access or manipulation of the da...

A security flaw has been identified in certain versions of the Tenda WH450 router, specifically affecting the HTTP Request Handler component. This vulnerability arises from a stack-based buffer overflow linked to the processing of arguments in the /goform/DhcpListClient file. Malicious actors can...

A security flaw has been identified in certain versions of the Tenda WH450 router, specifically affecting the HTTP Request Handler component. This vulnerability arises from a stack-based buffer overflow linked to the processing of arguments in the /goform/DhcpListClient file. Malicious actors can...

A vulnerability in Campcodes Supplier Management System version 1.0 affects the handling of the parameter 'chkId[]' in the file /admin/view_unit.php. This flaw allows attackers to manipulate SQL queries, leading to potential unauthorized access and data manipulation. Given that public exploits ar...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The Code-Projects Student File Management System version 1.0 has a vulnerability identified in the /admin/update_student.php file that exposes the application to cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by executing crafted scripts on the affected system, pot...

A vulnerability exists in the Update User Page of the Student File Management System 1.0 developed by Code-Projects. This vulnerability allows an attacker to execute cross-site scripting attacks by manipulating the input parameters on the '/admin/update_user.php' endpoint. Remote attackers can le...

A SQL Injection vulnerability exists in the itsourcecode Student Management System version 1.0, specifically in the /advisers.php file. This flaw allows an attacker to manipulate input parameters, potentially leading to unauthorized access and manipulation of the database. The issue can be exploi...

A vulnerability has been discovered in DecoCMS Mesh versions up to 1.0.0-alpha.31, specifically in the function createTool located in the Workspace Domain Handler component. This flaw results from improper access control measures, allowing remote attackers to manipulate the argument domain used i...

A security flaw has been identified in the DHCP Daemon of D-Link's DIR-860LB1 and DIR-868LB1 routers, allowing for command injection through manipulation of the Hostname argument. This vulnerability can be exploited remotely, posing a significant risk to users' network security. As the exploit de...

A vulnerability has been discovered in the Tenda AC20 router, specifically affecting the httpd function in the openSchedWifi endpoint. By manipulating the parameters schedStartTime or schedEndTime, an attacker can trigger a buffer overflow, leading to potential unauthorized access or execution of...

A security vulnerability has been identified in the Tenda AC20 router firmware version 16.03.08.12, specifically within the function formSetRebootTimer in the /goform/SetSysAutoRebbotCfg component of the httpd service. By manipulating the rebootTime argument, an attacker can exploit this flaw to ...

A stack-based buffer overflow vulnerability has been discovered in Tenda AC20 devices running firmware version 16.03.08.12. This issue resides in the function formSetPPTPUserList located in the /goform/setPptpUserList component of the web server component httpd. Malicious actors can exploit this ...

An SQL injection vulnerability has been identified in the itsourcecode Student Management System, specifically within the /addrecord.php file, where inputs are improperly sanitized. Attackers can manipulate the 'ID' argument, potentially allowing for unauthorized access to the database. This weak...

A SQL injection vulnerability exists in the itsourcecode Online Cake Ordering System version 1.0, specifically in the '/admindetail.php?action=edit' endpoint. The flaw allows an attacker to manipulate the ID parameter, which can lead to unauthorized database access and manipulation of data. This ...

A vulnerability exists in MartialBE one-hub versions up to 0.14.27 that affects the docker-compose.yml configuration file. Specifically, the SESSION_SECRET argument is hard-coded, leading to potential exploitation via remote attacks. While exploiting this vulnerability requires a high level of co...

A security flaw has been identified in the itsourcecode Online Cake Ordering System version 1.0, specifically within the /cakeshop/product.php file. This vulnerabilities stem from improper handling of user input, which allows an attacker to manipulate the Product argument. By exploiting this weak...

A security flaw exists in the itsourcecode Online Cake Ordering System 1.0 that allows for SQL injection through the manipulation of the 'supplier' argument in the /cakeshop/supplier.php file. This vulnerability can be exploited remotely, potentially allowing attackers to execute arbitrary SQL qu...

A security flaw has been identified in DedeBIZ versions up to 6.5.9, impacting the file /src/admin/catalog_add.php. This vulnerability allows attackers to execute arbitrary commands via specially crafted requests, which can be done remotely. Given its public disclosure, there is a heightened risk...

A SQL injection vulnerability exists in the Computer Book Store version 1.0, specifically within the /admin_delete.php file. This vulnerability arises from improper handling of the 'bookisbn' argument, allowing remote attackers to manipulate SQL queries. Once exploited, this weakness can potentia...

A security flaw has been identified in the Student File Management System version 1.0, specifically in the /admin/delete_student.php file. The vulnerability arises from improper validation of the stud_id parameter, allowing attackers to execute SQL injection attacks. This can enable unauthorized ...

The HelloLeads CRM Form Shortcode plugin for WordPress lacks proper authorization and CSRF validation mechanisms. This flaw enables unauthorized users to reset settings without authentication, potentially leading to significant changes in the plugin's operation. Users of this plugin should take i...

A vulnerability exists in the Code-Projects Student File Management System 1.0 specifically in the delete_user.php file, where improper handling of the user_id parameter permits the execution of SQL injection attacks. This flaw allows attackers to manipulate database queries, potentially accessin...

A vulnerability exists in the REST Plugin of Apache Struts that allows for Remote Code Execution due to the use of an XStreamHandler without type filtering during XML payload deserialization. This flaw, present in specific versions of the software, can be exploited by attackers to execute arbitra...

A vulnerability has been identified in the itsourcecode Student Management System version 1.0, specifically within an undefined function in the /update_subject.php file. This flaw allows an attacker to manipulate the 'ID' argument, resulting in potential SQL injection attacks. The exploitation of...

A vulnerability exists within the Simple Attendance Record System 2.0 due to improper handling of user-supplied input in the /check.php file. This flaw allows for SQL injection by manipulating the 'student' argument, enabling remote attackers to execute arbitrary SQL queries. The public availabil...

A vulnerability exists in D-Link network attached storage devices, including the DNS-320, DNS-320LW, DNS-325, and DNS-340L, which allows for OS command injection. This issue arises in the cgi_user_add function of the /cgi-bin/account_mgr.cgi interface, where improper handling of the 'name' argume...

A significant vulnerability exists within the Code-Projects Computer Laboratory System, specifically affecting the 'technical_staff_pic.php' file. This flaw allows attackers to upload files without proper validation, posing serious security risks as unrestricted uploads enable remote exploitation...

A vulnerability has been identified in Code-Projects' Computer Laboratory System version 1.0, specifically within the file handling functionality of admin/admin_pic.php. This flaw allows for unrestricted file uploads through manipulation of the 'image' argument, enabling remote attackers to uploa...

A security flaw exists in the Code-Projects Student File Management System 1.0, specifically within an unknown function in the file /admin/save_student.php. By manipulating the 'stud_no' parameter, an attacker can execute an SQL injection attack, potentially compromising the database remotely. Th...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A SQL injection vulnerability has been identified in the itsourcecode Student Management System version 1.0, specifically within an undefined function located in the file /uprec.php. This flaw allows an attacker to manipulate the argument ID, enabling them to execute unauthorized SQL commands. Th...

A SQL injection vulnerability has been identified in the itsourcecode Online Pet Shop Management System 1.0, specifically within the /pet1/update_cnp.php file. This vulnerability arises from improper handling of the 'ID' parameter, allowing attackers to manipulate the query to execute unauthorize...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A SQL injection vulnerability has been discovered in the itsourcecode Online Pet Shop Management System version 1.0, specifically within the '/pet1/addcnp.php' file. This weakness allows for manipulation of the 'cnpname' argument, which could enable attackers to execute arbitrary SQL queries agai...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A security flaw has been identified in the Tenda AX9 router, specifically affecting version 22.03.01.46. The vulnerability resides in the 'image_check' function of the httpd component, which utilizes weak hashing algorithms. This flaw can be exploited remotely, posing a risk to device integrity. ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability has been discovered in the Student File Management System 1.0 that allows for a remote SQL injection. This issue arises during the processing of the /admin/update_student.php file, where improper handling of the 'stud_id' argument can be exploited by attackers. The exploit has bee...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability has been identified in the 'Student File Management System' version 1.0, in the file /admin/save_user.php. This security flaw permits an SQL injection attack through the manipulation of the 'firstname' parameter. Consequently, attackers can execute this exploit remotely, putting t...

A SQL injection vulnerability exists within the Code-Projects Student File Management System version 1.0, specifically in the /admin/update_user.php script. This issue allows attackers to manipulate the user_id argument, potentially leading to unauthorized access and data exposure. The vulnerabil...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in the Code-Projects Student File Management System 1.0, where an attacker can manipulate the Username argument in the /admin/login_query.php file. This could lead to unauthorized SQL query execution, allowing attackers to potentially access sensitive data remotely. Given t...