Publicly Disclosed
PoC Exploits

A heap-based buffer overflow vulnerability exists in the __vsyslog_internal function of the glibc library, which is crucial for logging system events through the syslog and vsyslog functionalities. The issue arises if the openlog function is not invoked or if it is invoked with a NULL ident argum...

The gRPC-Go server has a vulnerability that allows an attacker to bypass authorization checks due to improper input validation on the HTTP/2 ':path' pseudo-header. Specifically, versions before 1.79.3 accepted requests with omitted leading slashes in the ':path', allowing unauthorized access to s...

The PJSIP multimedia communication library has a vulnerability related to a heap-based buffer overflow in the DNS parser's name length handler. This issue impacts applications using PJSIP's integrated DNS resolver, which is configured through pjsua_config.nameserver or UaConfig.nameserver setting...

A vulnerability exists within the ngx_http_dav_module of NGINX Open Source and NGINX Plus that can be exploited to trigger a buffer overflow in the NGINX worker process. This scenario is possible when configuration files utilize the DAV module's MOVE or COPY methods combined with specific prefix ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

Pydio Cells allows users to create external users for file sharing. However, by altering the HTTP request during this process, it is possible to assign arbitrary roles to new external users. This vulnerability enables an attacker to grant themselves or any other unauthorized user access to all ce...

The parquet-avro module of Apache Parquet versions 1.15.0 and earlier contains a schema parsing vulnerability that enables attackers to execute arbitrary code. It is crucial for users to upgrade to version 1.15.1 or later to mitigate this risk and secure their systems against potential exploitation.

A cross-site scripting vulnerability exists in the Online Hotel Booking 1.0 software, specifically affecting the /booknow.php component. This flaw allows attackers to manipulate the roomname parameter, enabling them to execute arbitrary scripts in the context of another user's browser. The exploi...

A security flaw has been identified in the Totolink A7100RU router, specifically in the function setGameSpeedCfg located in /cgi-bin/cstecgi.cgi. This vulnerability allows for OS command injection through manipulation of the 'enable' argument, potentially enabling an attacker to execute arbitrary...

A security flaw has been identified in the Totolink A7100RU router, specifically within the setFirewallType function of the cstecgi.cgi file. This vulnerability allows attackers to manipulate the firewallType parameter, potentially leading to OS command injection. This threat can be exploited rem...

A vulnerability exists in the Totolink A7100RU router due to improper validation in the setRemoteCfg function of the cstecgi.cgi file. By manipulating the enable argument, an attacker can execute OS commands remotely, potentially compromising the device's security. This exploit has been publicly ...

A vulnerability has been identified in the Totolink A7100RU firmware version 7.4cu.2313_b20191024, specifically within the setNtpCfg function of the cgi-bin/cstecgi.cgi file. This issue arises from improper handling of the 'tz' argument, allowing attackers to perform OS command injection. Such ma...

A security flaw exists in the Totolink A7100RU router, specifically within the setDdnsCfg function of the /cgi-bin/cstecgi.cgi file. This vulnerability allows an attacker to manipulate the 'provider' argument, potentially leading to OS command injection. Such attacks can be executed remotely, mak...

A vulnerability exists in the Tenda CX12L router, specifically within the fromNatStaticSetting function located in the /goform/NatStaticSetting file. This weakness allows an attacker to execute a stack-based buffer overflow by manipulating input arguments. The vulnerability can be exploited remot...

A security vulnerability has been identified in the Tenda CX12L router's handling of the RouteStatic function, specifically affecting the /goform/RouteStatic file. An attacker can exploit this flaw by manipulating the 'page' argument, leading to a stack-based buffer overflow. The nature of this v...

A stack-based buffer overflow vulnerability has been discovered in the Tenda CX12L router version 16.03.53.12, specifically within the fromAddressNat function located in the /goform/addressNat file. This flaw allows an attacker to remotely manipulate the argument page, potentially leading to expl...

A stack-based buffer overflow vulnerability exists in the Tenda CX12L router's webExcptypemanFilter function. By manipulating the 'page' argument within the '/goform/webExcptypemanFilter' endpoint, an attacker with local network access may exploit this issue, potentially leading to remote code ex...

A stack-based buffer overflow vulnerability exists in the Tenda CX12L device, specifically in the fromP2pListFilter function located in the /goform/P2pListFilter file. This vulnerability is triggered by manipulating the 'page' argument and can allow an attacker to execute arbitrary code. The expl...

The Meesho Online Shopping App for Android, specifically the component com.meesho.supply, has a vulnerability involving an unknown function within the /api/endpoint. This issue allows for the manipulation of cryptographic algorithms, potentially leading to insecure data handling. Although the com...

A SQL injection vulnerability has been identified in the itsourcecode sanitize or validate this input version 1.0, specifically within the borrowedequip.php file of the Parameter Handler component. This flaw allows attackers to manipulate the emp_id argument, enabling unauthorized SQL queries to ...

A security vulnerability has been identified in the Totolink A3300R router, specifically within the function vsetTr069Cfg located in the /cgi-bin/cstecgi.cgi file. This issue arises from improper handling of the stun_pass argument, allowing an attacker to execute arbitrary commands on the operati...

The Anthropic Claude Code CLI and Claude Agent SDK are susceptible to an OS command injection vulnerability in the authentication helper execution. This flaw arises from the lack of input validation in the execution of helper configuration values, allowing an attacker with the ability to manipula...

A security weakness has been discovered in the Totolink A7100RU router effective with the software version 7.4cu.2313_b20191024, specifically in the function setScheduleCfg located in /cgi-bin/cstecgi.cgi. This vulnerability allows attackers to manipulate the 'mode' argument, potentially enabling...

A security vulnerability has been identified in the Totolink A7100RU router, specifically within the CsteSystem function of the cgi-bin/cstecgi.cgi file. This flaw allows attackers to manipulate the resetFlags argument, thereby executing arbitrary OS commands remotely. The existence of this explo...

A significant vulnerability exists in the Totolink A8000R router, particularly within the 'setLanguageCfg' function located in the /cgi-bin/cstecgi.cgi file. This weakness stems from the improper handling of the 'langType' argument, resulting in a lack of required authentication for certain opera...

A vulnerability has been identified in the itsourcecode Construction Management System 1.0 that allows an SQL injection through the manipulation of the 'emp' argument in the 'borrowed_tool.php' file. This weakness enables remote attackers to execute unauthorized SQL commands, potentially compromi...

The Simple IT Discussion Forum version 1.0 by Code-Projects contains a vulnerability in the edit-category.php file within its Parameter Handler component. This flaw allows for SQL injection, where manipulating the cat_id parameter can enable an attacker to execute malicious SQL queries remotely. ...

A cross-site scripting vulnerability is present in the Cyber-III Student-Management-System within the Class Schedule Deletion Endpoint located at /admin/class%20schedule/delete_batch.php. This flaw allows an attacker to manipulate the 'batch' argument, potentially leading to the injection of mali...

A vulnerability in the Cyber-III Student-Management System allows for unrestricted file uploads through the manipulation of the 'File' parameter in the 'move_uploaded_file' function located in '/AssignmentSection/submission/upload.php'. This issue can be exploited remotely, enabling attackers to ...

A SQL injection vulnerability has been identified in the Cyber-III Student-Management System specifically affecting the /login.php file within the Parameter Handler component. This vulnerability allows for remote exploitation through manipulation of the Password argument, enabling attackers to ex...

A security flaw has been identified in the Cyber-III Student-Management-System, which impacts the /admin/Add%20notice/add%20notice.php file. This vulnerability arises from improper handling of the $_SERVER['PHP_SELF'] parameter, allowing a potential attacker to exploit cross-site scripting (XSS) ...

Twitch Studio versions up to 0.114.8 are vulnerable to a privilege escalation issue stemming from an unprotected XPC service in the application's privileged helper tool. This flaw allows local attackers to execute arbitrary code with root privileges. By exploiting the installFromPath:toPath:withR...

A vulnerability has been identified in the Online FIR System version 1.0, specifically within the file /complaints.sql related to the SQL Database Backup File Handler. This issue allows for the insecure storage of sensitive information, posing a risk of unauthorized access. The exploitation can b...

A security vulnerability has been identified in version 1.0 of the Online FIR System developed by Code-Projects. The issue arises from a flaw in the login functionality, specifically within the file /Login/checklogin.php. Attackers can exploit this vulnerability by manipulating the 'email' and 'p...

The web interface of multiple Omada switches lacks proper validation for certain external inputs, potentially allowing out-of-bounds memory access when processing specially crafted requests. This flaw creates an opportunity for an unauthenticated attacker with network access to exploit the affect...

A vulnerability has been discovered in the Free5GC 4.2.0 framework, affecting the NGSetupRequest Handler component. An attacker could exploit this vulnerability to initiate a denial of service attack, which can be executed remotely. The exploit is publicly accessible, posing significant risks to ...

A SQL injection vulnerability exists in the itsourcecode Construction Management System 1.0, specifically within an unknown function of the /borrowed_equip.php file related to parameter handling. This security flaw allows attackers to manipulate the 'emp' argument, which could lead to unauthorize...

A security vulnerability has been identified in the pytries datrie component, specifically affecting the Trie.load, Trie.read, and Trie.__setstate__ functions within the src/datrie.pyx file. This deserialization flaw can be exploited remotely, allowing an attacker to manipulate the data structure...

A vulnerability exists in the code-projects Online Application System for Admission 1.0, specifically within its database handling functionality. This flaw allows for the insecure storage of sensitive information, which can be remotely manipulated by an attacker. The risk of exploitation is signi...

A vulnerability in the Online Application System for Admission version 1.0 by Code-Projects has been identified, allowing for potential SQL injection attacks. This security flaw affects the file /enrollment/admsnform.php within the Endpoint component, enabling attackers to manipulate queries exec...

A SQL injection vulnerability has been identified in the Simple Laundry System version 1.0, specifically within the /userfinishregister.php file, related to the Parameter Handler component. This flaw allows for remote exploitation through manipulation of the 'firstName' argument, potentially enab...

A Cross Site Scripting vulnerability has been identified in the Code-Projects Online Shoe Store version 1.0. The issue is rooted in the 'product_name' parameter of the file '/admin/admin_feature.php' within the Add Product Page component. This vulnerability allows an attacker to manipulate the in...

A SQL injection vulnerability has been identified in the Easy Blog Site 1.0 product. Specifically, the vulnerability lies within the login.php file, where improper validation of the username and password arguments allows for the execution of arbitrary SQL queries. This flaw can be exploited remot...

An SQL injection vulnerability exists in the Projectworlds Car Rental System version 1.0, specifically within the '/pay.php' file's Parameter Handler component. This flaw can be exploited through a manipulation of the 'mpesa' argument, allowing attackers to execute arbitrary SQL code. The vulnera...

A security flaw has been identified in the Cyber-III Student-Management-System that allows an attacker to leverage an unknown function within the batch-notice.php file. By manipulating the $_SERVER['PHP_SELF'] argument, an attacker can execute cross site scripting (XSS) attacks remotely. This vul...

A cross site scripting vulnerability exists in the Cyber-III Student-Management-System, specifically within the Admin Add Endpoint. This issue arises due to manipulation of the $_SERVER['PHP_SELF'] argument in the notice.php file, allowing attackers to execute malicious scripts remotely. As the e...

A vulnerability exists in the Cyber-III Student Management System related to improper authorization due to an issue in the HTTP POST Request Handler located in /viva/update.php. The problem arises from manipulation of the argument 'Name', allowing for unauthorized access. This vulnerability can b...

An SQL injection vulnerability exists in the PHPGurukul Online Shopping Portal version 2.1, specifically within the /admin/update-image1.php file's Parameter Handler. Attackers can exploit this vulnerability by manipulating the 'filename' argument, potentially leading to unauthorized access and m...

A vulnerability exists in PHPGurukul's Online Shopping Portal Project 2.1, specifically within the '/admin/update-image2.php' file's Parameter Handler component. This issue arises from improper handling of the 'filename' argument, which can lead to SQL injection exploits. Attackers can potentiall...

A security flaw exists in the PHPGurukul Online Shopping Portal Project version 2.1, specifically within an unclassified function in the file /admin/update-image3.php. This vulnerability allows an attacker to manipulate the 'filename' argument, potentially leading to a remote SQL injection attack...