Publicly Disclosed
PoC Exploits

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

OpenIdentityPlatform's OpenAM, an access management solution, is susceptible to a pre-authentication Remote Code Execution vulnerability due to unsafe Java deserialization. This issue arises from the handling of the jato.clientSession HTTP parameter, allowing unauthenticated attackers to execute ...

A cross-site scripting vulnerability exists in the SourceCodester Pharmacy Sales and Inventory System version 1.0. The flaw resides in the 'supplier' function within the /index.php?page=supplier script. Attackers could exploit this vulnerability by manipulating the 'Name' argument, allowing them ...

A vulnerability exists in the WilliamCloudQi matlab-mcp-server, specifically within the generate_matlab_code and execute_matlab_code functions. This flaw allows an attacker to manipulate the scriptPath argument, potentially enabling unauthorized access to file paths outside of the intended direct...

A stack-based buffer overflow vulnerability exists in the VPN Clients on Asustor's ADM platform. This flaw results from the unbounded use of the sscanf() function and the direct incorporation of user-controlled data into printf() calls. The absence of protection mechanisms such as Position Indepe...

A path traversal vulnerability has been identified in the DV0x creative-ad-agent server, particularly affecting the sdk-server.ts file. This flaw allows attackers to manipulate request parameters, potentially enabling unauthorized access to sensitive files and directories on the server. The issue...

A cross-site scripting vulnerability exists in the SourceCodester Pharmacy Sales and Inventory System 1.0 due to improper validation of user-supplied input. The vulnerability affects the /index.php?page=product endpoint, where an attacker can manipulate the argument ID. This manipulation allows f...

A vulnerability has been detected in the SourceCodester Pizzafy Ecommerce System version 1.0, specifically affecting the save_category function within the /admin/ajax.php file. This issue allows an attacker to manipulate the input parameter 'Name', leading to SQL injection. Such vulnerabilities c...

A security flaw in the SourceCodester Pizzafy Ecommerce System 1.0 allows attackers to execute unauthorized SQL commands through manipulated input in the file /view_prod.php. This vulnerability can be exploited remotely, potentially compromising the integrity of the database. It is crucial for us...

A vulnerability exists in the Pizzafy Ecommerce System where the function save_order, located in /admin/ajax.php, can be exploited through SQL injection. This occurs when the argument ID is manipulated, allowing an attacker to execute arbitrary SQL queries remotely. Since this exploit is publicly...

A security vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0. The vulnerability arises from improper validation of user-provided input in the argument ID within the function Category located in pizza/index.php?page=category. This flaw enables attackers t...

A vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0, specifically within the get_cart_items function located in the /admin/ajax.php file. By manipulating the ID argument, an attacker can execute SQL injection attacks remotely. The public availability of ...

A buffer overflow vulnerability exists in the CGI endpoint of D-Link DI-8100 version 16.07.26A1. Specifically, the flaw is in the function tgfile_htm located in the tgfile.htm file. Attackers may exploit this vulnerability remotely by manipulating the 'fn' argument, leading to potential applicati...

A buffer overflow vulnerability exists in the file_exten_asp function of D-Link DI-8100's file_exten.asp file. An attacker can manipulate the 'Name' argument, potentially leading to system instability or unauthorized access through remote exploitation. This vulnerability has been publicly disclos...

A security flaw has been identified in the Totolink A8000RU router, specifically in the CGI Handler's setWiFiEasyGuestCfg function within the /cgi-bin/cstecgi.cgi file. This vulnerability allows an attacker to manipulate the merge argument, leading to os command injection. Such an exploit can be ...

A command injection vulnerability exists in the Totolink A8000RU router due to improper handling of the maxRtrAdvInterval argument in the setRadvdCfg function within the CGI Handler. An attacker can exploit this flaw remotely to execute arbitrary OS commands, potentially compromising the device's...

A serious OS command injection vulnerability exists in the Totolink A8000RU router, specifically in the function setOpenVpnClientCfg within the CGI Handler at /cgi-bin/cstecgi.cgi. This flaw allows an attacker to exploit a manipulation of the 'enabled' argument, leading to potential remote code e...

A newly discovered vulnerability in the Totolink A8000RU affects the CGI handler's setWiFiBasicCfg function, allowing attackers to perform remote OS command injections. By manipulating the 'wifiOff' argument in the /cgi-bin/cstecgi.cgi file, unauthorized execution of commands could be executed, p...

A vulnerability exists within the Totolink A8000RU due to improper handling of user input in the setVpnAccountCfg function located in /cgi-bin/cstecgi.cgi. This weakness allows an attacker to execute arbitrary operating system commands via crafted requests. This command injection can be exploited...

A security flaw has been identified in Code-projects Online Music Site version 1.0, specifically in the /Administrator/PHP/AdminUpdateAlbum.php file. This vulnerability allows for the manipulation of the argument 'txtimage', resulting in unrestricted file uploads. The potential for remote exploit...

A vulnerability exists in the AgiFlow scaffold-mcp tool that impacts the file write functionality. By manipulating the file_path argument in the source file packages/scaffold-mcp/src/server/index.ts, an attacker can exploit this vulnerability to perform path traversal attacks. This allows unautho...

A security vulnerability exists in the ErlichLiu claude-agent-sdk-master, related to the improper handling of the outputFile argument in the app/api/agent-output/route.ts file. This flaw allows for path traversal attacks, potentially enabling an attacker to access sensitive files on the server. T...

A path traversal vulnerability has been discovered in BrowserOperator's browser-operator-core up to version 0.6.0. The issue arises in the 'startsWith' function within the scripts/component_server/server.js file. Attackers can manipulate the 'request.url' parameter, potentially leading to unautho...

A vulnerability exists in Artifex MuPDF versions up to 1.28.0 due to improper management of the fz_subset_cff_for_gids function in the subset-cff.c file. This flaw leads to potential out-of-bounds read conditions, enabling an attacker to exploit it locally. Although the problem has been acknowled...

The Check & Log Email WordPress plugin, prior to version 2.0.13, is susceptible to stored Cross-Site Scripting (XSS) attacks due to improper handling of email replacement. With the email encoder setting enabled, this vulnerability allows unauthenticated attackers to inject malicious scripts that ...

A vulnerability identified in Code-Projects' Coaching Management System 1.0 allows attackers to exploit an unknown function within the /cims/modules/admin/reply.php file. This weakness arises during the manipulation of the 'complaintreply' argument, resulting in SQL injection. The nature of this ...

A vulnerability exists in Oracle VM VirtualBox that allows an unauthenticated attacker with access to the infrastructure where the software is deployed to exploit the system. This can lead to unauthorized control over Oracle VM VirtualBox, resulting in potential service disruptions such as freque...

A vulnerability exists in the Pizzafy Ecommerce System 1.0, specifically within the get_cart_count function located in the /admin/ajax.php file. This flaw allows attackers to manipulate the ID argument, enabling them to execute SQL injection attacks remotely. Exploiting this vulnerability could l...

A vulnerability has been identified in the Pizzafy Ecommerce System, specifically impacting its login functionality. The flaw resides in the handling of email arguments within the /admin/ajax.php?action=login file. This vulnerability allows for SQL injection attacks, which can be remotely execute...

A security flaw has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0 that permits SQL injection through the login function at /admin/ajax.php?action=login2. By manipulating the e-mail argument, an attacker can exploit this vulnerability to execute arbitrary SQL commands,...

A vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System 1.0, specifically in the delete_menu function located in /admin/ajax.php. This flaw arises from improper handling of the argument ID, which can be manipulated by an attacker to execute SQL injection attacks. These ...

A security flaw has been identified in the SourceCodester Pizzafy Ecommerce System 1.0, specifically affecting the delete_cart function located in /admin/ajax.php. This vulnerability allows for SQL injection through manipulation of the argument ID, potentially enabling attackers to execute arbitr...

A server-side request forgery vulnerability exists in the AI Proxy Middleware component of BigSweetPotatoStudio HyperChat, specifically within the 'fetch' function located in the file packages/core/src/http/aiProxyMiddleware.mts. This flaw allows an attacker to manipulate the 'baseurl' argument, ...

A cross site scripting vulnerability has been identified in the Coaching Management System 1.0, specifically within the Complaint Form Page functionality located in the file /cims/modules/student/complaint.php. This flaw allows for remote exploitation by manipulating the 'Complaint' argument. Att...

A vulnerability exists in TencentCloudBase CloudBase-MCP up to version 2.17.0 that exposes the open-url API endpoint to server-side request forgery attacks. This flaw allows remote attackers to manipulate the 'req.body.url' argument in the 'openUrl' function, potentially leading to unauthorized a...

A vulnerability exists within Apache Camel's camel-coap component that allows an unauthenticated attacker to exploit message header injection. By sending a single CoAP UDP packet to a Camel route that accepts coap:// input, attackers can inject arbitrary Camel internal headers into the Exchange. ...

A vulnerability has been identified in the FastlyMCP tool by jackwrichards, specifically in the fastly-mcp.mjs file. This issue allows for remote OS command injection through manipulated command arguments. Exploiting this flaw may lead to unauthorized command execution, posing significant securit...

A buffer overflow vulnerability exists in the Totolink N300RT router, specifically within the /boafrm/formIpQoS function. An attacker can exploit this flaw by manipulating the argument 'entry_name', potentially leading to unauthorized access or remote code execution. This vulnerability affects us...

A significant vulnerability has been identified in Totolink N300RT Router version 3.4.0-B20250430, specifically within the implementation of the 'is_cmd_string_valid' function in the 'libapmib.so' component. This weakness arises from improper handling of the 'localPin' argument, leading to a buff...

A security flaw has been identified in Deepractice PromptX, affecting versions up to 2.4.0. The issue lies within the Document File Handler's functions responsible for reading various file formats, including DOCX, XLSX, PPTX, and PDF. This vulnerability allows for absolute path traversal due to i...

A vulnerability in the Donchelo processing-claude-mcp-bridge has been identified, specifically in the create_sketch Tool's processing_server.py file. This flaw allows for path traversal due to improper handling of the `sketch_name` parameter. Exploiting this vulnerability could enable remote atta...

A security flaw in the egtai gmx-vmd-mcp product allows for command injection via the VMD Launch Handler. Specifically, the vulnerability is located in the launch_vmd_gui_tool function of the mcp_server.py file. Attackers can manipulate the structure_file and trajectory_file arguments, which coul...

A path traversal vulnerability exists in the eghuzefa engineer-your-data software, specifically affecting versions up to 0.1.3. The flaw resides in the file management functions—read_file, write_file, list_files, and file_inf—located in src/server.py. An attacker can exploit this vulnerability by...

A path traversal vulnerability exists in the ef10007 MLOps_MCP 1.0.0, specifically within the save_file tool's fastmcp_server.py script. By manipulating the 'filename/destination' argument, an attacker can execute a path traversal attack, potentially allowing unauthorized file system access. This...

OpenIdentityPlatform's OpenAM, an access management solution, is susceptible to a pre-authentication Remote Code Execution vulnerability due to unsafe Java deserialization. This issue arises from the handling of the jato.clientSession HTTP parameter, allowing unauthenticated attackers to execute ...

A security vulnerability has been identified in the notes-mcp application developed by edvardlindelof, specifically affecting version 0.1.4. The flaw resides in an unknown function within the notes_mcp.py file, where improper validation of the root_dir/path argument enables unauthorized access to...

A security flaw exists in the dvladimirov MCP Git Search API affecting versions up to 0.1.0. The vulnerability is located in the GitSearchRequest function of the mcp_server.py file. Through a manipulation of the 'repo_url/pattern' arguments, an attacker can execute remote command injection. The e...

A command injection vulnerability exists in the Totolink A8000RU router due to improper handling of user-supplied input in the setPptpServerCfg function within the CGI handler. An attacker can manipulate the arguments passed to this function, potentially allowing remote execution of arbitrary com...

A flaw has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0, specifically affecting an unknown functionality of the file /index.php?page=types. By manipulating the argument ID, an attacker could potentially execute cross-site scripting (XSS) attacks, which can be performe...

A SQL injection vulnerability exists in SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the AJAX functionality at /ajax.php?action=delete_product. Maliciously crafted requests targeting the argument ID can lead to unauthorized access and potential manipulation of the d...