Publicly Disclosed
PoC Exploits

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The ...

A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service. The attack is restricted to local execution. A high degree of complexity is needed for the attack...

A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntity of the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint. The manipulation of the argument url results in server-side request for...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local en...

The authentication bypass vulnerability in Palo Alto Networks' PAN-OS software presents a significant security risk by allowing unauthorized access to the GlobalProtect portal and gateway. This flaw enables attackers to circumvent authentication mechanisms, potentially gaining unauthorized VPN co...

The BIRD Internet Routing Daemon experiences a stack-based buffer overflow due to improper handling of BGP AS_PATH segments. Specifically, in the as_path_match() function, the daemon allocates a fixed-size stack array, while allowing for the expansion of AS_PATH segments without a corresponding c...

A stack-based buffer overflow vulnerability in Windows Netlogon permits an unauthorized attacker to execute arbitrary code over a network. This flaw may allow attackers to compromise systems by sending specially crafted requests to the affected service, leading to potential system control and dat...

A vulnerability in Go's x509 package leads to inefficient hostname verification due to multiple iterations over DNS Subject Alternative Name (SAN) entries. The method (*x509.Certificate).VerifyHostname invokes matchHostnames in a loop, causing significant performance degradation when dealing with...

A vulnerability in Cilium's eBPF component allows local attackers to exploit an integer overflow in the loadRawSpec function, located in the btf.go file. This manipulation can compromise the integrity of the LoadCollectionSpec/LoadCollectionSpecFromReader functionality. It is important for users ...

The integer overflow vulnerability in multiple Android components allows for unintended code execution, potentially leading to local privilege escalation. This flaw does not require additional execution privileges or user interaction, making it a significant concern for system security. Organizat...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

GNU Bash versions up to 4.3 are vulnerable to a code injection flaw due to the mishandling of trailing strings after function definitions in environment variables. This vulnerability enables remote attackers to execute arbitrary code by crafting specific environment variables under various condit...

A SQL injection vulnerability exists in the Login function of the /admin/admin_class_novo.php file within the Administrative Control Panel of SourceCodester's Pizzafy E-Commerce System version 1.0. This vulnerability allows malicious actors to manipulate the Username argument, providing an avenue...

A security vulnerability has been reported in the EIPStackGroup's OpENer software, specifically within the CreateMessageRouterRequestStructure function in the cipmessagerouter.c file. This issue leads to a use after free condition, allowing for potential remote exploitation. The vulnerability has...

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used.

A vulnerability has been discovered in the johnhuang316 code-index-mcp component that affects the function responsible for safe regex pattern verification. This weakness can be exploited through the remote manipulation of the regex argument, resulting in inefficient regular expression complexity....

A security flaw exists in wonderwhy-er DesktopCommanderMCP affecting versions up to 0.2.38, particularly in the src/search-manager.ts file during a 'start_search' operation. The vulnerability arises from inefficient regular expression complexity when manipulating the argument SearchResult[]. This...

A server-side request forgery (SSRF) vulnerability exists in wonderwhy-er DesktopCommanderMCP version 0.2.37. This weakness is caused by improper handling of the URL argument in the readFileFromUrl function, located in the filesystem.ts component. An attacker can exploit this flaw to send unautho...

A critical vulnerability found in Oracle WebLogic Server allows unauthenticated attackers with network access through T3 and IIOP to exploit the system. Successful exploitation gives attackers unauthorized access to sensitive data, potentially leading to complete control over all data accessible ...

A security flaw exists in the ahujasid Blender-MCP within the function 'execute_blender_code' located in /src/blender_mcp/server.py. This vulnerability permits attackers to perform code injection by manipulating the 'code' argument. Given that the vulnerability is remotely exploitable, it poses a...

A vulnerability has been identified in AhujaSid's Blender-mcp that affects its ZIP File Handler component. The issue resides in the 'requests.get' function within the 'src/blender_mcp/server.py' file, allowing for unique manipulation of the 'zip_file_url' argument. This exploitation can potential...

An injection vulnerability has been identified in AhujaSid's Blender-MCP where the 'Open' function within src/blender_mcp/server.py is improperly handling the argument 'input_image_url'. This flaw allows remote attackers to inject malicious data, potentially leading to unauthorized access or exec...

A flaw exists in the warmcat libwebsockets product that affects the SSH Protocol Handler's function lws_ssh_parse_plaintext. An attacker can exploit this vulnerability by manipulating the msg_len argument, leading to potential resource consumption issues. This vulnerability can be exploited remot...

A flaw exists in the warmcat libwebsockets product that affects the SSH Protocol Handler's function lws_ssh_parse_plaintext. An attacker can exploit this vulnerability by manipulating the msg_len argument, leading to potential resource consumption issues. This vulnerability can be exploited remot...

An SQL injection vulnerability has been identified in the Code-Projects Student Admission System 1.0, specifically within the unknown function in the /index.php file. This flaw allows attackers to manipulate the argument 'eid/did', potentially compromising the database. The exploitation can be ex...

The Swiper framework, widely used for mobile touch slider functionality, contains a prototype pollution issue affecting versions 6.5.1 to 12.1.1. The vulnerability exists due to improper handling of user input in shared/utils.mjs, specifically at line 94 where the indexOf() function fails to adeq...

A vulnerability has been identified in the Sayan365 Student Management System that facilitates improper authentication across multiple endpoints. The flaw allows remote attackers to bypass authentication mechanisms, potentially leading to unauthorized access. Although the project has been notifie...

The Kirki Freeform Page Builder plugin for WordPress is susceptible to privilege escalation due to a flaw in its password reset functionality. Versions 6.0.0 to 6.0.6 permit attackers to utilize an arbitrary email address when submitting password reset requests, potentially allowing unauthorized ...

A vulnerability has been identified in the GoClaw product by nextlevelbuilder, specifically in the resolveAuth function of the Webhook Verification Handler component. This flaw can result in unauthenticated access, allowing a remote attacker to exploit the issue. The vulnerability was publicly di...

A vulnerability in GoClaw by nextlevelbuilder, specifically within the Team Task Completion Handler, allows attackers to exploit the TeamTasksTool.executeComplete function. This weakness facilitates remote attacks due to a lack of required authorization checks during the execution of team task co...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

In the Linux kernel, a flaw in the BPF interpreter's handling of signed 32-bit division and modulo operations can lead to undefined behavior. Specifically, the kernel's abs() macro fails when applied to the minimum value of a signed 32-bit integer, resulting in incorrect calculations and potentia...

Podinfo versions up to 6.9.0 are susceptible to an arbitrary file upload vulnerability due to improper validation in the /store endpoint. This allows attackers to upload malicious files through crafted POST requests. The lack of a restrictive Content-Security-Policy (CSP) and inadequate Content-T...

The Really Simple Security plugin for WordPress, prior to version 9.5.10.1, inadequately implements the second-factor authentication challenge in its REST endpoints. This flaw allows attackers who have compromised a user's password to bypass the email OTP requirement, enabling them to gain unauth...

A security flaw has been identified in the GoClaw product by nextlevelbuilder, specifically within the TTS Configuration Endpoint (file internal/http/tts_config.go). This vulnerability enables attackers to conduct server-side request forgery (SSRF) attacks, potentially allowing them to send unaut...

A vulnerability has been identified in itsourcecode Fees Management System version 1.0, specifically within the /manage_payment.php file. The vulnerability stems from an insufficient validation of user inputs, which allows for SQL injection attacks through the manipulation of the 'ID' parameter. ...

A security vulnerability has been identified in CordysCRM up to version 1.4.1, specifically in the Save function of the ModuleFormService.java file. This vulnerability allows attackers to manipulate the Description argument, leading to potential cross-site scripting (XSS) attacks that can be exec...

A deserialization vulnerability has been identified in FoundationAgents MetaGPT versions up to 0.8.2. This flaw resides within the Message.check_instruct_content function located in the metagpt/schema.py file. By manipulating the argument mapping, an attacker can exploit the vulnerability, enabli...

A security vulnerability has been identified in Open5GS, specifically within the NGAP Handover component, affecting versions up to 2.7.6. The flaw resides in the gmm_state_security_mode function of the source file src/amf/gmm-sm.c. Successful exploitation of this issue can trigger a race conditio...

A security flaw has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0. This vulnerability exists in the /index.php file, where an unknown function can be manipulated through the 'page' argument. This manipulation allows for remote file inclusion, potentially leading to un...

A vulnerability exists in the SourceCodester Pizzafy Ecommerce System 1.0 that allows unauthorized file inclusion through a compromised call to the /admin/index.php file. This vulnerability can be exploited remotely, enabling attackers to manipulate the 'page' argument, potentially leading to exp...

A command injection vulnerability exists in the elunez eladmin application due to improper handling of the uploadPath argument in the Application Deployment Module. This weakness can allow remote attackers to execute arbitrary commands on the server through crafted requests. Public exploits for t...

A security vulnerability has been discovered in NousResearch's hermes-agent, specifically affecting the Credential Pool Synchronization component. This flaw arises from the function _sync_anthropic_entry_from_credentials_file within the agent/credential_pool.py file, which allows for improper aut...

A vulnerability has been discovered in the Task Scheduling Management Module of westboy's CicadasCMS, specifically within the ScheduleJobController.java file. This weakness allows malicious actors to execute remote cross site scripting (XSS) attacks, potentially leading to unauthorized access or ...

A security flaw has been identified in the Orthanc DICOM Server, specifically within the DcmItem::read function in the DCMTK Parser component. This vulnerability allows for a stack-based buffer overflow when manipulated, posing a risk during local attacks. The public release of an exploit intensi...

A security vulnerability exists in 1Panel-dev CordysCRM affecting versions up to 1.6.2, specifically within the RequestParamTrimConfig.java file. This flaw allows attackers to manipulate an unspecified function, resulting in cross-site scripting (XSS) vulnerabilities. Successfully exploiting this...

A vulnerability exists in the itsourcecode Fees Management System 1.0 that allows for SQL injection through the manipulate of the ID argument in the /manage_fee.php file. This security flaw can be exploited remotely, permitting unauthorized access to the database and potentially leading to data e...

A vulnerability has been identified in the itsourcecode Fees Management System 1.0, specifically within the index.php file. This vulnerability arises due to improper handling of the 'page' argument, allowing attackers to execute cross-site scripting (XSS) attacks. The manipulation can be performe...