Publicly Disclosed
PoC Exploits

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

A vulnerability exists in PyTorch 2.10.0 within an unknown function of the pt2 Loading Handler, which can lead to deserialization issues. This flaw is exploitable from a local environment, allowing potential attackers to manipulate the deserialization process. Although the issue was highlighted e...

A command injection vulnerability exists in the Cudy TR1200 router within the 'action_ipsec_conn' function, specifically located in the '/usr/bin/lib/lua/luci/controller/ipsec.lua' file. This flaw allows attackers to execute arbitrary commands remotely by manipulating input parameters, thereby co...

A stack-based buffer overflow vulnerability has been identified in the Tenda FH451 router, specifically within the WrlclientSet function located in the /goform/WrlclientSet file. This issue arises when an attacker manipulates the GO argument, allowing for remote code execution. Given that the exp...

A stack-based buffer overflow vulnerability exists in the Tenda FH451 router, specifically within the formWrlExtraSet function located in the /goform/WrlExtraSet file. This flaw arises from improper handling of the GO argument, allowing remote attackers to exploit the device. Successful exploitat...

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

An SQL injection vulnerability has been identified in the Simple Food Ordering System version 1.0, specifically within the all-tickets.php file. The vulnerability arises when the argument 'Status' is manipulated, allowing attackers to execute arbitrary SQL queries against the database. This may r...

A security vulnerability has been identified in the Simple Food Ordering System, specifically affecting the Database Backup Handler component. This issue arises from a flaw in the file /food/sql/food.sql, allowing unauthorized access to files or directories. The vulnerability can be exploited rem...

A security flaw has been identified in the apconw Aix-DB software, specifically affecting the functionality in the file agent/text2sql/rag/terminology_retriever.py. This vulnerability allows for SQL injection through manipulation of the 'Description' argument. The nature of the exploit necessitat...

A vulnerability exists in the D-Link DHP-1320 router, specifically in the SOAP Handler's redirect_count_down_page function. This vulnerability allows for remote exploitation, which could lead to a stack-based buffer overflow. The affected product version is no longer supported by the vendor, incr...

The Meta-box GalleryMeta plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability that affects all versions up to and including 3.0.1. This issue arises from inadequate input sanitization and output escaping within the admin settings. Authenticated attackers with at leas...

A vulnerability has been identified in Trueleaf ApiFlow version 0.9.7 within the URL Validation Handler. The flaw resides in the validateUrlSecurity function found in the http_proxy.service.ts file, enabling malicious users to exploit this vulnerability for server-side request forgery. This could...

Wazuh, a widely-used open-source platform for threat detection and response, exhibits a vulnerability that allows for Remote Code Execution due to faulty deserialization of untrusted data. This issue affects deployments utilizing cluster mode wherein an attacker can gain full control of the maste...

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

The i-doit CMDB version 1.12 contains a vulnerability that permits authenticated attackers to exploit an arbitrary file download issue via the 'file_manager' parameter in index.php. By crafting specific GET requests to index.php, attackers can manipulate the 'file' parameter to access sensitive f...

The i-doit CMDB 1.12 software has a serious SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious payloads through the objGroupID parameter. Attackers can manipulate URL GET requests, sending crafted SQL queries...

ownDMS 4.7 contains a vulnerability that permits unauthorized attackers to execute arbitrary SQL commands through manipulation of the IMG parameter. By sending carefully crafted GET requests to specific PHP files such as pdfstream.php or imagestream.php, attackers can exploit this weakness to ext...

phpTransformer 2016.9 is susceptible to an SQL injection vulnerability that permits remote attackers to execute arbitrary SQL queries. By manipulating the idnews parameter in GET requests to GeneratePDF.php, attackers can craft SQL payloads, potentially leading to unauthorized access to sensitive...

The phpTransformer version 2016.9 contains a directory traversal vulnerability, allowing unauthenticated attackers to exploit the path parameter. By manipulating this parameter and utilizing traversal sequences like ../../../../../../, attackers can send crafted requests to the jQueryFileUploadma...

SeoToaster Ecommerce 3.0.0 is susceptible to a local file inclusion flaw that enables authenticated attackers to access arbitrary files on the server. This vulnerability arises from the ability to manipulate path parameters in backend theme endpoints. By sending crafted POST requests to specified...

The Kepler Wallpaper Script version 1.1 has been identified to contain a SQL injection vulnerability that permits unauthenticated attackers to interact with the database. By manipulating the 'category' parameter through crafted GET requests, attackers can introduce harmful SQL statements. This vu...

SimplePress CMS version 1.0.7 is vulnerable to SQL injection, enabling attackers to execute arbitrary SQL queries via the 'p' and 's' parameters in GET requests. This exposure allows unauthorized users to craft malicious payloads, potentially leading to the extraction of sensitive information fro...

Green CMS 2.x is vulnerable to a path traversal flaw, enabling authenticated attackers to manipulate file download mechanisms. By injecting directory traversal sequences via the theme_name parameter or using base64-encoded file paths, attackers can access and download sensitive files from directo...

Green CMS 2.x is vulnerable to SQL injection attacks that can be exploited by authenticated users. By maliciously manipulating the 'cat' parameter in HTTP GET requests directed at index.php with specific parameters, attackers can execute arbitrary SQL queries. This vulnerability allows them to ma...

The fontTools library, used for font manipulation in Python, contains an arbitrary file write vulnerability affecting versions from 4.33.0 to before 4.60.2. This flaw allows an attacker to execute remote code when a specially crafted .designspace file is processed through the fonttools varLib scr...

A significant injection vulnerability exists in Foundation Agents' MetaGPT before version 0.8.1, specifically within the unknown code of the file metagpt/actions/di/write_analysis_code.py, related to the DataInterpreter component. This flaw allows remote attackers to manipulate code execution, po...

NordVPN version 6.19.6 is liable to a denial of service vulnerability that enables local attackers to disrupt the application by providing an excessively long input in the email field. Specifically, attackers can crash the application by inputting a string of up to 100,000 characters during the l...

RealTerm Serial Terminal version 2.0.0.70 is susceptible to a denial of service vulnerability triggered by the Port input field. Local attackers can exploit this flaw by entering an excessively long string, specifically 1000 characters. When the open button is clicked, the application crashes, re...

MediaMonkey 4.1.23 has a vulnerability that enables local attackers to crash the application. This originates from a specially crafted MP3 file containing an excessively long URL string. When the malicious file is opened through the File > Open URL dialog, it triggers a crash due to the buffer be...

RealTerm Serial Terminal version 2.0.0.70 is susceptible to a stack-based buffer overflow vulnerability within the Echo Port field. This flaw enables local attackers to manipulate the application by injecting a specially crafted input string, which contains 268 bytes of padding and specific overw...

Memu Play version 6.0.7 is susceptible to an insecure file permissions vulnerability. This weakness allows low-privileged users to escalate their privileges by replacing the MemuService.exe executable in the installation directory with a malicious version. When the service is restarted after a re...

TransMac 12.3 is susceptible to a buffer overflow vulnerability within the volume name field, allowing local attackers to crash the application. By providing an excessively long string, such as a malicious file containing 1000 repeated characters, attackers can trigger the application to fail dur...

Valentina Studio version 9.0.5 for Linux is susceptible to a buffer overflow vulnerability within the Host field of its connection dialog. This flaw allows local attackers to crash the application by submitting an excessively long input string, specifically one that exceeds 264 bytes. The vulnera...

Magic Iso Maker version 5.5 build 281 is susceptible to a buffer overflow vulnerability located in the Serial Code registration field. This flaw allows local attackers to exploit the application by providing an excessively large input during the registration process. Specifically, an attacker can...

The PCHelpWareV2 1.0.0.5 application is susceptible to a denial of service attack due to improper handling of input in the Group field. Local attackers can leverage this vulnerability by submitting an excessively long string into the Group property field, which can lead to an application crash. T...

PCHelpWareV2 version 1.0.0.5 is susceptible to a denial of service vulnerability that allows local attackers to crash the application. This can be achieved by submitting a specially crafted BMP file with an oversized buffer while using the Create SC feature, leading to application instability. Pr...

jetAudio version 8.1.7 has a vulnerability in its video converter component that allows local attackers to exploit a buffer overflow via the File Naming field. By submitting an oversized string, specifically a malicious buffer of 512 bytes, attackers can induce a crash of the application upon cli...

Lyric Maker 2.0.1.0 is susceptible to a buffer overflow vulnerability that enables local attackers to create a denial of service condition. By inputting an excessively long string—up to 5000 bytes—in the Title field, an attacker can crash the application, rendering it unusable. This flaw highligh...

Lyric Video Creator 2.1 is susceptible to a denial of service vulnerability arising from improper handling of malformed MP3 files. Attackers can exploit this flaw by crafting a specifically designed MP3 file that contains an oversized buffer. When the affected application processes this file, it ...

SpotPaltalk 1.1.5 is vulnerable to a denial of service attack due to insufficient input validation in the registration code input field. An attacker can exploit this vulnerability by entering a string that exceeds the expected length, specifically by using a lengthy buffer of 1000 characters in t...

Selfie Studio 2.17 is susceptible to a denial of service attack via its Resize Image function. By inputting excessively long strings into the New Width or New Height fields, local attackers can exploit a buffer overflow, leading to a crash of the application. This vulnerability highlights the sig...

TwistedBrush Pro Studio 24.06 is susceptible to a denial of service vulnerability, which enables local attackers to crash the application by importing specially crafted .srp script files. An attacker can create a .srp file containing an excessively large buffer and import it through the Script Pl...

TwistedBrush Pro Studio 24.06 has a vulnerability in the Resize Image function that enables local attackers to induce a denial of service condition. By entering an excessively long buffer in the New Width or New Height field, attackers can cause a buffer overflow, leading to application crashes. ...

TwistedBrush Pro Studio 24.06 features a vulnerability within its Script Recorder component that could allow a local attacker to induce a denial of service. By providing an excessively large input, specifically a string with 500,000 characters, an attacker can effectively crash the application. T...

Tomabo MP4 Converter version 3.25.22 is susceptible to a denial of service vulnerability that arises from improper handling of user input. Attackers can exploit this issue by entering an excessively long string into the Name field when configuring a preset in the Video/Audio Formats settings. If ...

CEWE PHOTO IMPORTER version 6.4.3 is susceptible to a denial of service attack, which can be executed by local attackers. By importing a specially crafted image file, an attacker can crash the application. This vulnerability is exploited through the import feature, where a malformed JPG file with...

The CEWE PHOTO SHOW version 6.4.3 has a vulnerability that can lead to denial of service. By inputting an excessively lengthy string into the password field during the application upload process, an attacker can cause the application to crash. This vulnerability can be exploited by submitting a l...

Sandboxie 5.30 is vulnerable to a denial of service issue that allows local attackers to crash the application. By inputting an excessively long string—specifically, a buffer of 5000 characters—in the Program Alerts configuration field, an attacker can effectively trigger an application crash. Th...

Encrypt PDF 2.3 contains a vulnerability that enables local attackers to crash the application by entering excessively long strings in the password fields. Specifically, by inputting a 1000-byte buffer into either the User Password or Master Password fields in the application’s Settings dialog, a...

VeryPDF PCL Converter 2.7 is susceptible to a denial of service attack that allows local users to cause the application to crash. This vulnerability is exploited by providing an exceptionally long password, specifically a 3000-byte string, within the PDF Security encryption settings. When process...