Publicly Disclosed
PoC Exploits

The dbutil_2_3.sys driver from Dell is susceptible to an insufficient access control issue that can be exploited by local authenticated users. This vulnerability can result in unauthorized privilege escalation, potential denial of service, or unauthorized information exposure. Users should ensure...

A cross site scripting vulnerability exists in Eastnets PaymentSafe version 2.5.26.0, specifically within the BIC Search component. This vulnerability allows an attacker to manipulate the system to execute malicious scripts in the browser of users, which can potentially lead to unauthorized data ...

An out-of-bounds write vulnerability exists in Apple’s operating systems, which may allow attackers to execute malicious code through crafted image files. This issue could lead to memory corruption, potentially giving attackers unauthorized access to sensitive information or system resources. Add...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A vulnerability in the JWT Service component of Nocobase exposes systems to remote attacks due to a hard-coded cryptographic key. This issue arises from a manipulation of the API_KEY argument within the jwt-service.ts file in the core authentication package. Although the complexity of exploiting ...

The Upload.am WordPress plugin prior to version 1.0.1 contains a vulnerability that allows unauthorized users, such as contributors, to access sensitive site options. This flaw arises from a lack of proper capability checks within the AJAX request handler, which fails to restrict access to confid...

A security vulnerability has been identified in version 12.1.372 of the Rareprob HD Video Player All Formats App on Android. This issue affects a specific function within the component com.rocks.music.videoplayer, allowing for a path traversal exploit. Attackers can manipulate this vulnerability ...

A vulnerability exists in the Yohann0617 oci-helper's OCI Configuration Upload component, specifically in the addCfg function of OciServiceImpl.java. This weakness allows remote attackers to manipulate file arguments, potentially leading to unauthorized access to files outside the intended direct...

Citrix ShareFile Storage Zones Controller versions prior to 5.11.20 are susceptible to an access control vulnerability, potentially allowing unauthorized attackers to compromise the system remotely. This issue may enable attackers to gain access to sensitive data stored within the storage zones c...

A hash collision vulnerability exists in the Linux kernel's IPv6 connection lookup table, which can be exploited through a new variant of SYN flood attacks. An attacker, either within the local network or leveraging a high-bandwidth connection, can manipulate the lookup process, causing the CPU u...

The Donation Plugin for WordPress versions up to 1.0 contains a significant flaw that allows high privilege users, including administrators, to execute SQL injection attacks. This vulnerability arises from the plugin's failure to properly sanitize and escape user input before incorporating it int...

The db-access plugin for WordPress, up to version 0.8.7, lacks proper authorization checks during AJAX actions. This vulnerability enables authenticated users, including those with limited roles such as subscribers, to execute SQL injection attacks. Through these unauthorized actions, potential a...

A vulnerability in Synology Active Backup for Microsoft 365 permits remote authenticated attackers to gain access to sensitive data through unspecified methods, potentially compromising user privacy and security. This flaw underscores the importance of stringent access controls and prompt securit...

The vSphere Web Client (FLEX/Flash) suffers from a vulnerability that allows an unauthorized file read. This weakness comes from improper access controls, permitting a malicious actor with network access to port 443 on vCenter Server to exploit the vulnerability. By leveraging this flaw, attacker...

A significant security vulnerability has been identified in Deco-CX apps prior to version 0.120.2. This weakness resides in the AnalyticsScript function of the Parameter Handler component, specifically within the file located at website/loaders/analyticsScript.ts. Attackers can exploit this flaw ...

A vulnerability has been identified in Mogu Blog v2 up to 5.2, specifically in the FileOperation.unzip function of the ZIP File Handler component. This flaw allows an attacker to manipulate the 'fileUrl' argument, leading to unauthorized file access through path traversal. The exploitation of thi...

An unrestricted file upload vulnerability exists in Mogu Blog v2 up to version 5.2, specifically affecting the /file/pictures component. This flaw allows attackers to manipulate the 'filedatas' argument, facilitating unauthorized file uploads that can be exploited remotely. The potential for this...

A security flaw has been identified in Mogu Blog versions up to 5.2, specifically within the LocalFileServiceImpl.uploadPictureByUrl function. This vulnerability facilitates server-side request forgery, allowing remote attackers to exploit the function without authentication. The issue arises whe...

The Proxmox Virtual Environment, an open-source platform designed for enterprise virtualization, is prone to an arbitrary file read vulnerability due to insufficient safeguards against malicious API response values. This vulnerability permits authenticated users with 'Sys.Audit' or 'VM.Monitor' p...

A security issue has been identified in Mogu Blog v2 (versions up to and including 5.2) that stems from improper handling of the Storage Management Endpoint, specifically within the /storage/ file. This vulnerability allows unauthorized users to potentially manipulate storage processes without ad...

A vulnerability exists in WebStack-Guns version 1.0 that allows for remote SQL injection through inadequate handling of input in the PageFactory.java file. Specifically, the manipulation of the 'sort' argument can be exploited, enabling an attacker to execute arbitrary SQL commands. This issue wa...

A path traversal vulnerability exists in the jsnjfz WebStack-Guns 1.0 software, specifically within the renderPicture function located in the KaptchaController.java file. This vulnerability allows an attacker to manipulate file paths, potentially leading to unauthorized access to files on the ser...

A vulnerability exists in the orionsec Orion-Ops software related to the SSH Connection Handler. This flaw enables an attacker to manipulate certain arguments—such as host, sshPort, username, password, and authType—resulting in server-side request forgery (SSRF). This can allow malicious users to...

A vulnerability has been identified in Orionsec's Orion-Ops, specifically within the User Profile Handler component. An improper authorization issue arises in the function update located in the UserController.java file. This flaw allows an attacker to manipulate the argument ID, potentially leadi...

A vulnerability exists in the Orionsec Orion-Ops API, specifically within the MachineKeyController, which allows improper authorization due to flawed access controls. This vulnerability can be exploited remotely, enabling attackers to manipulate the function without authentication or authorizatio...

A security vulnerability in Nutzam's NutzBoot up to version 2.6.0-SNAPSHOT affects the Transaction API within the EthModule. This flaw allows an attacker to manipulate arguments related to token conversion, specifically from/to wei, potentially leading to unauthorized access. The vulnerability ma...

A deserialization vulnerability exists in the Nutzam NutzBoot framework, specifically within the LiteRpc-Serializer component's getInputStream function. This vulnerability can be exploited remotely, allowing attackers to manipulate data and potentially execute arbitrary code. The complexity of ex...

A security flaw has been detected in Nutzam's NutzBoot, specifically within the Ethereum Wallet Handler component. This issue arises from an unknown function located in the file 'nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java'...

A cross-site scripting vulnerability exists in the jairiidriss RestaurantWebsite due to improper handling of the 'selected_date' argument in the 'Make a Reservation' feature. This flaw allows attackers to inject malicious scripts, which can be executed in the context of another user's session. Be...

A command injection vulnerability exists in the ADSLR NBR1005GPEV2 router, specifically in the `set_mesh_disconnect` function within the `send_order.cgi` script. By manipulating the 'mac' argument, remote attackers can potentially execute arbitrary commands on the device. This exploit poses signi...

A command injection vulnerability exists in the ADSLR NBR1005GPEV2 250814-r037c router, specifically within the ap_macfilter_del function of the /send_order.cgi file. A malicious actor can exploit this vulnerability by manipulating the mac argument, allowing arbitrary command execution remotely. ...

Multiple Sitecore products are susceptible to a remote code execution vulnerability, which could allow an attacker to execute arbitrary code on the affected systems. This issue impacts the Experience Manager, Experience Platform, and Experience Commerce, with known vulnerabilities in versions pre...

A command injection vulnerability exists in the ADSLR NBR1005GPEV2 router, specifically in the ap_macfilter_add function of the /send_order.cgi file. By manipulating the MAC address argument, an attacker can execute arbitrary commands remotely. This vulnerability poses a serious risk as it allows...

A command injection vulnerability has been identified in the ADSLR B-QE2W401 model. Specifically, the flaw lies within the function parameter `del_swifimac` in the `send_order.cgi` file. This vulnerability permits an attacker to manipulate the `del_swifimac` argument, resulting in the potential e...

A command injection vulnerability exists in the HexStrike AI MCP server's EnhancedCommandExecutor class. Attackers can exploit this flaw by supplying a command-line argument that begins with a semi-colon (;) to an API endpoint. This bypasses normal security measures, leading to commands being exe...

A remote code execution vulnerability in Microsoft Outlook allows an attacker to run arbitrary code on a user's system. This can occur when the vulnerable version processes specially crafted email messages, which can result in unauthorized access or control over the affected system. Attackers can...

A vulnerability has been detected in the winston-dsouza Ecommerce-Website related to the GET Parameter Handler within the /includes/header_menu.php file. This flaw allows for cross site scripting (XSS), which can be exploited remotely by manipulating the Error argument. With public exploits avail...

A security flaw has been identified in Qualitor versions 8.20 and 8.24, specifically within the eval function of the file /html/st/stdeslocamento/request/getResumo.php. This vulnerability allows for manipulation of the 'passageiros' argument, leading to potential code injection. As a result, an a...

A path traversal vulnerability exists in Scada-LTS affecting versions up to 2.7.8.1, specifically in the Common.getHomeDir function located in the ZIPProjectManager.java file. This flaw allows attackers to manipulate input to gain access to arbitrary files on the server. The vulnerability can be ...

A critical security vulnerability has been identified in Scada-LTS, impacting versions up to 2.7.8.1. This flaw enables attackers to perform unauthorized actions on behalf of authenticated users, leveraging cross-site request forgery techniques. The exploit can be triggered remotely, placing user...

A vulnerability in ZenTao versions up to 21.7.6-8564 allows attackers to exploit the makeRequest function in the ai module by manipulating the 'Base' argument. This results in the potential for server-side request forgery (SSRF), which can be exploited remotely. The publicly disclosed exploit pos...

A SQL injection vulnerability has been identified in Chanjet CRM affecting versions up to 20251106. An unknown function within the file /tools/upgradeattribute.php is susceptible to manipulation via the gblOrgID argument. This allows attackers to execute SQL queries against the database remotely,...

A code injection vulnerability has been identified in taosir WTCMS. Specifically, the issue resides in the 'fetch' function located in '/index.php'. By manipulating the 'content' argument, an attacker can execute arbitrary code, leading to a potential breach. This vulnerability allows for remote ...

A significant security fault has been found in the yungifez Skuul School Management System, specifically in versions up to 2.6.5. This vulnerability concerns the Image Handler component, particularly affecting the processing of files in the /user/profile directory. Exploiting this vulnerability c...

A cross site scripting vulnerability has been identified in the yungifez Skuul School Management System, affecting versions up to 2.6.5. The issue resides in the SVG File Handler component, specifically within handling code at `/dashboard/schools/1/edit`. This vulnerability allows remote attacker...

A design flaw in the Werkzeug library allows an attacker to exploit a multipart data upload that begins with carriage return (CR) or line feed (LF) characters followed by significant amounts of additional data. This attack creates a situation where internal bytearrays grow substantially, leading ...

A security flaw in taosir WTCMS allows for SQL injection through the CommentadminController's check/uncheck/delete functionalities. This vulnerability arises from improper handling of argument IDs in the application/Comment/Controller/CommentadminController.class.php file, enabling remote attacke...

A vulnerability exists within the taosir WTCMS product that impacts the SlideController component. Specifically, the issue arises in the 'delete' function located in the application/Admin/Controller/SlideController.class.php file. An attacker may manipulate the input arguments (ids) which could r...

A vulnerability in the server-side state machine of libssh permits a malicious client to create communication channels without prior authentication. This flaw can lead to unauthorized access, posing risks to the confidentiality and integrity of data transmitted through the affected software. User...

An improper encoding or escaping of output vulnerability exists in the webapi component of Synology BeeStation Manager and DiskStation Manager. This flaw permits remote attackers to potentially read limited files through unspecified vectors, impacting the integrity of the system. Users are advise...