Publicly Disclosed
PoC Exploits

A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/Pdf2MdUtil.java. Such ...

A vulnerability exists in the Taoofagi Easegen-Admin product due to improper handling of the 'url' parameter in the downloadFile function of the PPT File Handler. This flaw allows an attacker to exploit server-side request forgery (SSRF) vulnerabilities, potentially leading to unauthorized access...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

A stack-based buffer overflow vulnerability affects Easy File Sharing (EFS) Web Server 7.2. This issue arises when attackers send a specially crafted POST request to the system while creating new topics in the forums. Successfully exploiting this vulnerability allows remote attackers to execute a...

The fontTools library, used for font manipulation in Python, contains an arbitrary file write vulnerability affecting versions from 4.33.0 to before 4.60.2. This flaw allows an attacker to execute remote code when a specially crafted .designspace file is processed through the fonttools varLib scr...

A vulnerability has been discovered in the Tenda AC8 router, specifically affecting the HTTP Endpoint component. This issue arises from improper handling of the argument local_2c in the doSystemCmd function located in the /goform/SysToolChangePwd file. Exploitation of this vulnerability can lead ...

A security vulnerability has been identified in the Tenda AC8 router, specifically affecting version 16.03.50.11. This flaw is found in the route_set_user_policy_rule function within the /cgi-bin/UploadCfg component of the web interface. By manipulating the wans.policy.list1 argument, an attacker...

A vulnerability exists in the REST Plugin of Apache Struts that allows for Remote Code Execution due to the use of an XStreamHandler without type filtering during XML payload deserialization. This flaw, present in specific versions of the software, can be exploited by attackers to execute arbitra...

A vulnerability has been identified in the Tenda AC8 router that affects the function handling IPv6 address checks, specifically the 'check_is_ipv6' function in the IPv6 Handler component. This flaw allows an attacker to exploit the reliance on the IP address for authentication purposes. When exp...

A data exposure vulnerability has been identified in the CityData CityChat app for Android devices, specifically affecting version 0.12.6. The vulnerability involves improper handling of sensitive information located in the credentials.json file, which can lead to unprotected storage of credentia...

A vulnerability exists in Albert Health for Android up to version 1.7.3 affecting the Google Cloud Service Account Key Handler located in the service-account.json file. This flaw allows for the manipulation of credential storage leading to unprotected access to sensitive information. The attack n...

A vulnerability has been discovered in the La Nacion App version 10.2.25 for Android, where improper handling of the API_KEY_WEBSOCKET_CV parameter may lead to unprotected storage of sensitive credentials. This flaw exists within a specific component of the application and is particularly concern...

A security flaw in the BabyChakra Pregnancy & Parenting App for Android has been identified, affecting versions up to 5.4.3.0. This vulnerability resides in the Configuration.java file within the app, specifically linked to the SEGMENT_WRITE_KEY argument. Exploiting this flaw can lead to unprotec...

A SQL injection vulnerability has been discovered in the itsourcecode College Management System version 1.0, specifically within an unknown function in the file /admin/time-table.php. This flaw allows attackers to manipulate the 'course_code' argument. Given its remote exploit capability, the vul...

A vulnerability in Open5GS up to version 2.7.6 can lead to a denial of service through specific functions within the CCA Handler, including smf_gx_cca_cb and smf_gy_cca_cb. This issue can be exploited remotely, allowing attackers to disrupt services without physical access. It is recommended to u...

A vulnerability in the Lagom WHMCS Template, specifically affecting versions up to 2.3.7, allows for unauthorized modification of object prototype attributes within the Datatables component. This security flaw can be exploited remotely, making it a significant concern for users. The vendor has be...

A vulnerability in the Lagom WHMCS Template, specifically affecting versions up to 2.3.7, allows for unauthorized modification of object prototype attributes within the Datatables component. This security flaw can be exploited remotely, making it a significant concern for users. The vendor has be...

A vulnerability in the itsourcecode College Management System version 1.0 has been identified, specifically affecting the file /admin/courses.php. This issue arises from inadequate validation of the course_code parameter, which can be manipulated to execute SQL injection attacks. Such exploitatio...

A SQL injection vulnerability exists in the itsourcecode Free Hotel Reservation System version 1.0, specifically within the /hotel/admin/mod_reports/index.php file. This flaw allows an attacker to manipulate the argument 'Home' to execute arbitrary SQL commands, potentially gaining unauthorized a...

A security vulnerability has been identified in the itsourcecode Online Enrollment System, specifically affecting an unspecified function within the file /enrollment/index.php?view=add. This vulnerability arises due to incorrect handling of the argument txtsearch/deptname/name, allowing for SQL i...

A SQL injection vulnerability has been detected in itsourcecode's Online Enrollment System version 1.0 through the manipulation of the user_email parameter in the /sms/login.php file. This flaw allows unauthorized users to execute arbitrary SQL queries against the underlying database remotely. Th...

A security flaw has been found in SSCMS version 7.4.0, specifically within the DDL Handler component's SitesAddController.Submit.cs file. This vulnerability allows remote attackers to manipulate the argument 'tableHandWrite', leading to potential SQL injection attacks. The exploit for this vulner...

A vulnerability in ThingsGateway version 12 allows for path traversal through an exploitation of the file download API. Specifically, manipulation of the 'fileName' argument could enable attackers to access files that are outside of the intended directory, facilitating the unauthorized retrieval ...

A vulnerability exists in the Tiandy Integrated Management Platform version 7.17.0 that allows attackers to manipulate the userId argument in the '/rest/user/getAuthorityByUserId' file. This manipulation could lead to an SQL injection attack, enabling potential unauthorized access to sensitive da...

Microsoft Exchange Server Remote Code Execution Vulnerability

A server-side request forgery (SSRF) vulnerability exists in the vanna-ai product up to version 2.0.2, specifically within the update_sql/run_sql function located in the src/vanna/legacy/flask/__init__.py file of the Endpoint component. This flaw allows an attacker to manipulate requests, potenti...

A SQL injection vulnerability exists in vanna-ai's Vanna product, specifically in the update_sql function located within the src/vanna/legacy/flask/__init__.py file of its Endpoint component. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized access...

A security flaw exists in Vanna-AI's Vanna software, specifically in the remove_training_data function located within the bigquery_vector.py file. This vulnerability allows attackers to manipulate input arguments, leading to SQL injection attacks that can be executed remotely. Published exploits ...

A path traversal flaw in setuptools prior to version 78.1.1 allows attackers to write files to arbitrary locations on the filesystem by exploiting the vulnerabilities in the PackageIndex component. This issue could lead to significant security risks, including the potential for remote code execut...

A command injection vulnerability is present in the LB-LINK BL-WR9000 version 2.4.9, specifically within the function sub_458754 located in the /goform/set_wifi file. This critical flaw allows attackers to execute arbitrary commands on the device remotely, potentially compromising network securit...

A security flaw exists in the LB-LINK BL-WR9000 router, specifically within the sub_44D844 function located in /goform/get_hidessid_cfg. This vulnerability allows for a remote attacker to manipulate the function, leading to a buffer overflow. Such an exploit presents significant risks, as it may ...

A stack-based buffer overflow vulnerability has been found in the LB-LINK BL-WR9000 router, specifically in the function sub_44E8D0 of the /goform/get_virtual_cfg file. This vulnerability can be exploited remotely, allowing attackers to manipulate the function and overflow the stack. Publicly ava...

A security vulnerability exists in the User Management Module of CMS Made Simple versions up to 2.2.21. An attacker could exploit this flaw by manipulating the 'Message' argument in the 'admin/listusers.php' file to execute arbitrary JavaScript in the context of the user’s session. This remote ex...

A vulnerability in FontForge allows remote attackers to execute arbitrary code by exploiting a flaw in the parsing of SFD files. This vulnerability arises due to inadequate validation of data supplied by users, which leads to the deserialization of untrusted data. Attackers must induce user inter...

A SQL injection vulnerability has been discovered in the itsourcecode Payroll Management System 1.0, specifically affecting the /manage_employee.php file. This vulnerability allows attackers to manipulate the ID argument, potentially leading to unauthorized access to sensitive data. The exploit c...

A significant path traversal vulnerability exists in SSCMS, affecting versions up to 7.4.0. This flaw occurs in the PathUtils.RemoveParentPath function within the /api/admin/plugins/install/actions/download file. An attacker could exploit this vulnerability remotely by manipulating the path argum...

A vulnerability exists in the Tiandy Easy7 Integrated Management Platform version 7.17.0 that allows for unrestricted file uploads via the /rest/file/uploadLedImage endpoint. This issue arises from improper validation of uploaded files, which can lead to unauthorized file storage and potential ex...

A path traversal flaw in setuptools prior to version 78.1.1 allows attackers to write files to arbitrary locations on the filesystem by exploiting the vulnerabilities in the PackageIndex component. This issue could lead to significant security risks, including the potential for remote code execut...

A vulnerability exists in Technologies Integrated Management Platform version 7.17.0, where manipulation of the 'targetPath/Suffix' argument in the SetWebpagePic.jsp file allows for unrestricted file uploads. This flaw can be exploited remotely, posing significant security risks. Despite early di...

An identified flaw in the YWF BPOF APGCS App version 1.0.2 for Android allows for unauthorized access to hard-coded credentials through manipulation of the ACCESS_KEY/HASH_KEY arguments. This vulnerability is limited to local execution, meaning that an attacker must have physical access to the de...

FontForge, a popular font editing software, has a command injection vulnerability within its Splinefont module. This issue allows attackers to exploit crafted archives or compressed files, potentially leading to unauthorized command execution. Users are urged to update their installations to miti...

An information disclosure vulnerability has been found in the myAEDES App for Android, specifically within the file 'aedes/me/beta/utils/EngageBayUtils.java'. This issue arises when the AUTH_KEY argument is manipulated, potentially exposing sensitive information. The vulnerability requires local ...

A security vulnerability has been identified in the XREAL Nebula App for Android, specifically in versions up to 3.2.1. This vulnerability stems from improper handling of sensitive information within the 'ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java' file. It allows for the unprotected s...

A security weakness has been discovered in the i-SENS SmartLog App for Android, specifically in version 2.6.8, relating to the component air.SmartLog.android. This vulnerability involves hard-coded credentials available in a developer mode intended for configuration during Bluetooth pairing with ...

A security flaw has been identified in FlowCI's flow-core-x, specifically within the SMTP Host Handler's Save function. This vulnerability allows attackers to perform server-side request forgery (SSRF), enabling them to interact with internal services on the server from a remote location. The fla...

A vulnerability has been identified in multiple D-Link DNS devices that affects the UPnP_AV_Server_Path_Setting functionality within the /cgi-bin/app_mgr.cgi file. This flaw allows for a stack-based buffer overflow, which can be exploited remotely. Successful exploitation could lead to arbitrary ...

A vulnerability exists within various D-Link network storage devices due to a stack-based buffer overflow in the cgi_myfavorite_del_user and cgi_myfavorite_verify functions located in /cgi-bin/gui_mgr.cgi. Remote exploitation of this vulnerability may lead to unauthorized access or denial of serv...

An authorization bypass vulnerability in GitHub Enterprise Server allows attackers to merge unauthorized pull requests into repositories. This issue particularly affects repositories that permit forking and occurs when attackers exploit the enable_auto_merge mutation through their own fork. The a...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

A vulnerability has been identified in multiple D-Link network storage devices involving a stack-based buffer overflow in the Downloads_Schedule_Info function of the /cgi-bin/download_mgr.cgi file. This issue can be exploited remotely, allowing attackers to manipulate the function and potentially...