Publicly Disclosed
PoC Exploits

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A buffer overflow vulnerability has been identified in the Shenzhen Libituo Technology LBT-T300-HW1 router, specifically within the start_lan function of the /apply.cgi file. This issue arises when user-controlled input is mishandled, allowing remote attackers to manipulate the Channel/ApCliSsid ...

A security flaw in the file upload mechanism of Apache Struts could allow an attacker to exploit file upload parameters. This vulnerability enables path traversal, leading to the possibility of uploading a malicious file that can facilitate remote code execution. To mitigate risks, users should u...

A vulnerability in the crmeb_java product version up to 1.3.4 has been identified that allows for unrestricted file uploads through the Admin Upload component. Specifically, the issue resides in the UploadServiceImpl.java file, where manipulation of the model argument can lead to unauthorized fil...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The CodeWise Tornet Scooter Mobile App version 4.75 for both iOS and Android is exposed to a vulnerability that allows for improper restriction of excessive authentication attempts through an undisclosed function in the file /TwoFactor. This flaw enables attackers to potentially exploit the syste...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The CodeWise Tornet Scooter Mobile App version 4.75 for both iOS and Android is exposed to a vulnerability that allows for improper restriction of excessive authentication attempts through an undisclosed function in the file /TwoFactor. This flaw enables attackers to potentially exploit the syste...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability exists in Jinher OA version 1.0, specifically within the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This flaw allows attackers to manipulate the DeptIDList argument, enabling SQL injection attacks that can be executed remotely. The exploit has been documented and potentially ...

The mod_sql module in ProFTPD prior to version 1.3.10rc1 contains a critical vulnerability that allows remote attackers to execute arbitrary code by sending specially crafted username requests. This occurs in scenarios where USER request logging is enabled with an expansion format like %U, combin...

An out-of-bounds read vulnerability has been identified in MikroTik RouterOS version 6.49.8, specifically within the ASN1_STRING_data function found in the library nova/lib/www/scep.p, which is part of the SCEP Endpoint component. This flaw arises from improper handling of the transactionID and m...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A vulnerability exists in Apache MINA's AbstractIoBuffer.resolveClass() method, where the check for allowed class names has not been properly enforced in specific version branches. This oversight permits arbitrary code execution when certain applications call IoBuffer.getObject(), making it criti...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

An authenticated Cacti user can exploit vulnerabilities in the graph creation and graph template features to execute arbitrary PHP scripts within the web root of the application. This unauthorized script execution can lead to significant security breaches, allowing attackers to compromise the ser...

An access control flaw in Microsoft Defender permits an authorized attacker to elevate their privileges within the system. This vulnerability arises due to insufficient granularity in access controls, potentially enabling local exploitation of the affected product capabilities. Organizations need...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A security flaw exists in the MCP Interface of r-huijts mcp-server-rijksmuseum versions up to 1.0.4 due to improper handling of the imageUrl argument in the open_image_in_browser function. This vulnerability enables attackers to execute arbitrary operating system commands remotely, potentially co...

A path traversal vulnerability exists in the Ruvnet Sublinear-Time-Solver product, specifically within the MCP Interface. This issue arises from inadequate validation in the export_state function located in the src/consciousness-explorer/mcp/server.js file. Attackers can exploit this vulnerabilit...

A vulnerability has been identified in the NextChat product of ChatGPTNextWeb, specifically within the addMcpServer function found in app/mcp/actions.ts. This issue allows for improper authorization, which could potentially enable remote attackers to exploit the vulnerability for unauthorized acc...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability identified in ChatGPTNextWeb's NextChat version 2.16.1 allows for a permissive CORS policy, placing users at risk for cross-domain attacks. The flaw resides in an unspecified function within the Next.js component of the API endpoint, which could be exploited to allow untrusted dom...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability in the pskill9 website-downloader allows for OS command injection via the download_website function in the MCP Interface. By manipulating the outputPath argument, attackers can execute arbitrary commands on the server. This vulnerability can be exploited remotely and has been publ...

A file inclusion vulnerability exists in the Totolink N300RH model affecting version 6.1c.1353_B20190305. Specifically, the function setUploadSetting located in the /cgi-bin/cstecgi.cgi file allows for remote manipulation of the FileName argument. This flaw can be exploited to include unauthorize...

A vulnerability exists in Code-Projects' Online Hospital Management System, specifically in the /viewappointment.php file. This flaw allows an attacker to manipulate the 'delid' argument, leading to SQL injection vulnerabilities. The attack can be executed remotely, providing potential access to ...

The Online Hospital Management System version 1.0 by Code-Projects contains a vulnerability in the Registration Handler component. An unknown function within this component improperly manages authorization based on user input. Specifically, manipulation of the 'Username' argument allows unauthori...

A vulnerability has been identified in the InnoShop component from innocommerce, specifically in the InstallServiceProvider::boot function within the Installation Endpoint. This flaw allows improper authentication, potentially enabling remote exploitation. The issue has been made public, and user...

A vulnerability has been discovered in the kleneway awesome-cursor-mpc-server affecting versions up to 2.0.1. The flaw exists within the runCodeReviewTool function in the codeReview.ts file, which is part of the Ccode-Review Tool component. This vulnerability allows an attacker to execute arbitra...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A command injection vulnerability exists in the crazyrabbitLTC mcp-code-review-server, specifically within the executeRepomix function located in src/repomix.ts. This flaw allows an attacker to execute arbitrary commands on the server, potentially leading to unauthorized actions. The vulnerabilit...

A security vulnerability exists in version 1.0.0 of 8nite Metatrader-4-MCP, specifically within the CallToolRequestSchema function in the software's src/index.ts file. This vulnerability arises due to improper handling of the 'ea_name' argument, allowing attackers to exploit path traversal issues...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A SQL injection vulnerability exists in itsourcecode Courier Management System version 1.0, specifically within the /edit_user.php file. By manipulating the 'ID' parameter, an attacker can execute unauthorized SQL commands, potentially compromising the database from a remote location. This vulner...

A vulnerability in the TRENDnet TEW-821DAP device's diagnostic tool exposes users to potential os command injection attacks. The flaw is located in the firmware's diagnostic function, specifically within the '/tmp/diagnostic' file, allowing malicious actors to execute arbitrary commands remotely....

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A significant vulnerability has been identified in the TRENDnet TEW-821DAP router models operating on firmware version 1.12B01. This vulnerability occurs in the tools_diagnostic function, which is susceptible to OS command injection. This allows attackers to execute arbitrary commands on the affe...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A security flaw has been identified in JeecgBoot, specifically in the function handling image upload, which can be exploited to perform server-side request forgery (SSRF). This vulnerability allows an attacker to manipulate requests in a way that may lead to unauthorized access to internal resour...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A serious vulnerability has been found in JeecgBoot affecting versions up to 3.9.1, specifically within the OpenApi Service's OpenApiController. This issue allows for server-side request forgery (SSRF) due to improper handling of the originUrl parameter. Attackers can exploit this flaw remotely, ...