Publicly Disclosed
PoC Exploits

The ElementsKit Elementor Addons and Templates plugin for WordPress is susceptible to a stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping on the 'ekit_tab_title' parameter within the Simple Tab widget. Authenticated users with contributor-level a...

A significant SQL injection vulnerability exists in the Happy Addons for Elementor plugin developed by HappyMonster. This flaw enables attackers to potentially execute unauthorized SQL commands by exploiting improper neutralization of special elements in SQL queries. Affected versions include all...

A vulnerability in the ericc-ch copilot-api prior to version 0.7.0 affects the CORS function in the Token Endpoint, found in the src/server.ts file. This flaw allows for a permissive cross-domain policy that can be exploited by untrusted domains, enabling remote attacks. Attackers can manipulate ...

The M365 Copilot product from Microsoft is susceptible to an information disclosure vulnerability that permits unauthorized attackers to disclose sensitive information over a network. This defect stems from a command injection flaw within the AI functionalities of M365 Copilot, emphasizing the ne...

A vulnerability has been identified in Z-BlogPHP version 1.7.5, specifically in the App::UnPack function within the app_upload.php file of the ZBA File Handler component. This flaw permits an attacker to upload files without any restriction, which can lead to serious security breaches. The vulner...

The Vvveb product prior to version 1.0.8.1 contains a stored cross-site scripting vulnerability. This issue allows authenticated users with media upload and rename permissions to exploit the application by executing arbitrary JavaScript. The vulnerability arises from the ability to bypass MIME ty...

A vulnerability exists in Qibo CMS 1.0 that enables an attacker to exploit the system through manipulated arguments to the /index/image/headers file. This can lead to server-side request forgery, allowing unauthorized remote access to internal services not intended for exposure. The vulnerability...

A security vulnerability has been discovered in the Internal Message Module of Qibo CMS 1.0, which allows for potential cross-site scripting (XSS) attacks. This vulnerability enables remote attackers to execute arbitrary scripts in the context of a user's session. The exploit has been publicly di...

A path traversal vulnerability has been identified in the p2r3 Convert API, specifically within the Bun.serve function of the buildCache.js file. This vulnerability is triggered by manipulating the pathname argument, allowing attackers to exploit the system remotely. The exploit has been made pub...

A vulnerability has been identified in Rowboat Labs' Rowboat, specifically in the tools_webhook component. The issue lies within the tool_call function in the apps/experimental/tools_webhook/app.py file, where manipulation of the X-Tools-JWE argument can lead to improper authentication. This coul...

A vulnerability exists in Usememos Memos versions up to 0.22.1 due to improper authorization in the memos_access_token function located in the UpdateInstanceSetting component (src/App.tsx). This weakness allows attackers to manipulate arguments such as additionalStyle and additionalScript, enabli...

A security issue has been identified in Yifang CMS versions up to 2.0.5, specifically within the Extended Management Module. This vulnerability resides in the 'store' function found in 'plugins/yifang_backend_account/logic/admin/L_rbac_admin.php'. Attackers can exploit this flaw to execute cross-...

A vulnerability exists in the Tenda F451 router affecting the SafeClientFilter functionality. Specifically, the fromSafeClientFilter function located in /goform/SafeClientFilter is susceptible to a buffer overflow due to improper handling of the 'menufacturer/Go' argument. This vulnerability perm...

A buffer overflow vulnerability exists in the Tenda F451 Router, specifically in the httpd component's fromwebExcptypemanFilter function. This vulnerability arises from improper handling of the 'page' argument, allowing attackers to manipulate it and potentially execute arbitrary code. The exploi...

A buffer overflow vulnerability exists in the Tenda F451 router due to improper handling of the 'dips' argument in the fromGstDhcpSetSer function within the httpd component. Attackers can exploit this vulnerability remotely, which may lead to unauthorized access and manipulation of the affected r...

A SQL injection vulnerability exists in the Metasoft 美特软件 MetaCRM within the function Statement.executeUpdate in sql.jsp. This issue allows attackers to manipulate SQL commands through the application, potentially leading to unauthorized access to sensitive data. The flaw can be exploited remotel...

A security flaw exists in phili67 Ecclesia CRM versions up to 8.0.0, impacting the ValidateInput function located in the /v2/query/view/ path of the Query Viewer Component. By manipulating the 'custom' parameter, an attacker can exploit this vulnerability to execute SQL injection attacks. This ex...

A significant vulnerability has been identified in Cockpit-HQ Cockpit versions up to 2.13.5, specifically within the Asset Handler and Aggregate Handler components. This flaw involves improper neutralization within data query logic, which could potentially be exploited by remote attackers. Despit...

A vulnerability has been identified in Mogu Blog v2 up to version 5.2, specifically in the LocalFileServiceImpl.uploadPictureByUrl function. This flaw allows attackers to exploit the Picture Storage Service, potentially initiating a server-side request forgery (SSRF) attack remotely. The nature o...

A cross site scripting vulnerability has been found in BichitroGan ISP Billing Software version 2025.3.20, specifically within the undocumented function in the Pool List Interface file. This weakness allows attackers to execute malicious scripts from a remote location, potentially compromising se...

A security flaw exists in the BichitroGan ISP Billing Software version 2025.3.20, specifically in the Profile Page Handler's users-view function. This vulnerability allows remote attackers to execute cross-site scripting (XSS) attacks by manipulating requests to the affected file. The potential i...

A cross site scripting (XSS) vulnerability has been found in BichitroGan ISP Billing Software version 2025.3.20, specifically within the Customer Handler component at the /?_route=customers/edit/ endpoint. This vulnerability allows attackers to execute scripts remotely, leading to potential explo...

A vulnerability exists in the 1024bit Extend-Deep library, particularly in the index.js file, where the manipulation of the __proto__ argument can lead to uncontrolled modifications of object prototype attributes. This weakness can be remotely exploited due to the insufficient handling and valida...

A security vulnerability exists in the file upload component of SonicCloudOrg's sonic-server. Specifically, the function Upload in FileTool.java is susceptible to path traversal attacks due to improper handling of the Type argument. This flaw allows remote attackers to manipulate the input and ac...

A cross-site scripting vulnerability exists in the image upload functionality of Langgenius Dify, specifically in the 'openInNewTab' function of 'image-preview.tsx'. This vulnerability allows attackers to manipulate the 'filename' argument, which can lead to the injection of malicious scripts. As...

A security flaw has been identified in LangGenius Dify (up to version 1.13.3) that allows for server-side request forgery (SSRF) due to improper handling of the URL argument in the 'parse_openai_plugin_json_to_tool_bundle' function located in 'api/core/tools/utils/parser.py'. This vulnerability c...

A vulnerability exists in LangGenius Dify affecting versions up to 0.6.9. This flaw is located in the get_api_tool_provider_remote_schema function within the api/services/tools/api_tools_manage_service.py file. An attacker can manipulate the URL argument, leading to server-side request forgery (S...

A security vulnerability has been found in the TransformerOptimus SuperAGI, specifically affecting the WebScraperTool component. The flaw resides in the functions extract_with_bs4, extract_with_3k, and extract_with_lxml located in the superagi/helper/webpage_extractor.py file. This vulnerability ...

A vulnerability has been identified in TransformerOptimus SuperAGI versions up to 0.0.14, specifically in the Multipart Upload Handler within the Upload function of superagi/controllers/resources.py. This issue allows attackers to manipulate the 'Name' argument, leading to a path traversal scenar...

A security flaw exists in the TransformerOptimus SuperAGI, specifically in the get_project/update_project/get_projects_organisation function located in superagi/controllers/project.py. This vulnerability allows attackers to bypass authorization controls, potentially leading to unauthorized access...

A vulnerability within TransformerOptimus SuperAGI allows unauthorized access through manipulated agent_id arguments in several functions, including delete_agent, stop_schedule, and get_schedule_data. This flaw permits remote exploitation, enabling attackers to bypass authorization checks effecti...

A security vulnerability in TransformerOptimus SuperAGI, specifically in the Agent Execution Endpoint, allows remote attackers to manipulate the argument agent_execution_id, enabling an authorization bypass. This issue arises in the get_agent_execution and update_agent_execution functions within ...

A significant vulnerability exists in the File Upload Endpoint of DjangoBlog, specifically within the djangoblog/settings.py file. This issue arises from a manipulation of the argument SECRET_KEY, resulting in the use of a hard-coded cryptographic key. Consequently, this flaw facilitates unauthor...

The Email Encoder plugin for WordPress prior to version 2.3.4 is susceptible to a Stored Cross-Site Scripting vulnerability. This flaw arises due to inadequate sanitization and escaping of certain settings, enabling users with high privileges, such as administrators, to execute XSS attacks. This ...

A security vulnerability has been identified in the Setting Handler component of DjangoBlog, specifically within the djangoblog/settings.py file. This flaw allows for manipulation of user credentials leading to hard-coded credentials, which poses a significant security risk. Although the exploit ...

A flaw in the DjangoBlog application developed by liangliangyy allows improper authorization due to a vulnerability within the function form_valid in oauth/views.py. The manipulation of the oauthid argument can enable attackers to exploit this flaw remotely, potentially leading to unauthorized ac...

A control flow vulnerability exists in the lm-sys FastChat application, specifically within the add_text function of the Arena Side-by-Side View Handler component, affecting all versions up to 0.2.36. This flaw allows remote attackers to manipulate the application, resulting in unexpected control...

A security issue has been identified in the lm-sys FastChat application, specifically affecting versions up to 0.2.36. This vulnerability is located in the api_generate function of the Worker API Endpoint, where improper handling can lead to excessive resource consumption. The attack can be execu...

A noted vulnerability exists within the ModelScope AgentScope application, specifically in the `_process_audio_block` function located in `src/agentscope/agent/_agent_base.py`. This exposure allows an attacker to manipulate the `url` argument, potentially resulting in unauthorized server-side req...

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causin...

A security flaw exists in ModelScope AgentScope versions up to 1.0.18, specifically within the _get_bytes_from_web_url function located in the _common.py file. This vulnerability allows for server-side request forgery (SSRF), enabling attackers to initiate remote exploits. The issue was reported ...

A vulnerability has been found in Modelscope Agentscope versions up to 1.0.18 that allows for a server-side request forgery attack. This issue is related to the handling of parameters in the function _parse_url/prepare_image/openai_audio_to_text within the Cloud Metadata Endpoint. Malicious actor...

A code injection vulnerability exists in modelscope agentscope affecting versions up to 1.0.18. The issue lies within the execute_python_code and execute_shell_command functions in the src/AgentScope/tool/_coding/_python.py file. This vulnerability can be exploited remotely, allowing an attacker ...

A vulnerability exists in the rickxy Hospital Management System due to improper validation of user inputs in the admin account management functionality. Specifically, the issue is associated with the argument 'ad_dpic,' which allows for unrestricted file uploads. This flaw can be exploited remote...

A resource consumption vulnerability has been discovered in the Lagom WHMCS Template, affecting versions up to 2.4.2. This vulnerability is associated with a particular function within the Datatables component, enabling potential remote exploitation. The lack of response from the vendor following...

A cross-site scripting (XSS) vulnerability has been identified in the langflow application, specifically within the Frontend React component rendering. This vulnerability affects versions up to 1.8.3 and can be exploited through manipulation of the affected script located in the src/frontend/src/...

A vulnerability exists in langflow-ai's Model Context Protocol Configuration API, specifically in the get_client_ip/install_mcp_config function located in src/backend/base/langflow/api/v1/mcp_projects.py. By manipulating the X-Forwarded-For argument, an attacker can execute an injection attack. T...

A security vulnerability has been identified in the langflow-ai software, specifically affecting versions up to 1.8.3. This vulnerability is located in the 'create_project/encrypt_auth_settings' function found in the 'src/backend/base/Langflow/api/v1/projects.py' file. Through the manipulation of...

A vulnerability has been detected in Langflow, affecting versions up to 1.8.3, where the 'remove_api_keys' and 'has_api_terms' functions in the core.py file allow for improper storage of sensitive API credentials. This flaw enables attackers to exploit the application via remote methods, potentia...

A header injection vulnerability exists in Apache APISIX that can be exploited by attackers through improper configuration in the forward-auth plugin. This flaw allows for the injection of malicious headers, posing a risk to the integrity and security of the application. Users are advised to upgr...