Publicly Disclosed
PoC Exploits

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

node-tar, a comprehensive Tar utility for Node.js, is susceptible to a symlink vulnerability that allows an attacker to craft a drive-relative symlink target. This exploitation can lead to the creation of symlinks that point to paths outside the targeted extraction directory. As a result, during ...

An OS command injection vulnerability exists in the Topsec TopACM 3.0 product, specifically within the HTTP Request Handler component linked to the file /view/systemConfig/management/nmc_sync.php. By manipulating the 'template_path' argument, an attacker can execute arbitrary OS commands remotely...

A vulnerability affecting Tecnick TCExam version 16.5.0 has been identified in the Group Handler component, particularly in the file /admin/code/tce_edit_group.php. This vulnerability allows for cross site scripting (XSS) attacks through the manipulation of the 'Name' argument. Remote attackers c...

A significant vulnerability has been identified in the Belkin F9K1122 router, specifically related to the 'formReboot' function in the /goform/formReboot file. This security flaw can be exploited by manipulating the argument 'webpage,' leading to a stack-based buffer overflow. Attackers may initi...

A cross site scripting vulnerability exists in the Wavlink WL-NU516U1 240425 due to improper handling of user input in the login.cgi script. This flaw allows an attacker to manipulate the homepage or hostname parameters, executing arbitrary JavaScript in the context of the affected user's session...

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case...

A vulnerability has been identified in the Wavlink WL-WN578W2, specifically in the functions Delete_Mac_list, SetName, and GuestWifi within the /cgi-bin/wireless.cgi file. This flaw allows attackers to perform command injection via manipulated POST requests. The issue can be exploited remotely, r...

A vulnerability exists in OpenSSL when parsing CMS AuthEnvelopedData structures that employ AEAD ciphers like AES-GCM. This flaw arises from the improper handling of oversized Initialization Vectors (IVs) crafted within ASN.1 parameters, leading to a stack buffer overflow. An attacker can exploit...

The RustFS object storage system, prior to version 1.0.0-alpha.77, suffers from a significant authentication vulnerability due to the use of a hardcoded static token, 'rustfs rpc'. This token is exposed in the source code and is non-configurable, meaning it cannot be altered or rotated. As a resu...

A command injection vulnerability has been identified in the Wavlink WL-WN579A3 router, specifically affecting the SetName/GuestWifi function in the /cgi-bin/wireless.cgi component. This vulnerability allows attackers to remotely execute unauthorized commands by manipulating the POST request para...

MotionEye versions up to and including 0.43.1b4 are susceptible to OS Command Injection through improperly sanitized configuration parameters like image_file_name. This vulnerability allows remote authenticated users with administrative privileges to inject malicious commands into Motion configur...

Nginx UI, a web interface for the Nginx web server, has a critical security flaw where the /api/backup endpoint is accessible without authentication. This vulnerability allows unauthenticated attackers to retrieve a complete system backup that includes sensitive information such as user credentia...

A type confusion vulnerability has been identified in Apple's operating systems that could allow attackers to execute arbitrary code by processing specially crafted web content. Improved checks have been implemented in the latest versions of iOS, iPadOS, macOS, and tvOS to address this issue. App...

The Pix for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to a lack of capability checks and insufficient file type validation within the 'lkn_pix_for_woocommerce_c6_save_settings' function. This vulnerability exists across all versions through 1.5.0. An unauthenti...

A vulnerability in the Linux kernel's file handling mechanism, specifically in the fremovexattr() syscall, can lead to kernel memory exhaustion. The issue arises when fdget() is called to acquire a file reference, but if strncpy_from_user() fails on the name input, the function exits prematurely ...

The CUPS printing system, which is widely used for managing print jobs, has a vulnerability in its cups-browsed component that allows for network printing functionality such as auto-discovery of print services. This component binds to INADDR_ANY:631, which leads to a scenario where it will accept...

The pac4j-jwt library's JwtAuthenticator prior to versions 4.5.9, 5.7.9, and 6.3.3 is susceptible to an authentication bypass that could allow remote adversaries to create forged authentication tokens. By leveraging the server's RSA public key, attackers are able to craft a JWE-wrapped PlainJWT w...

A vulnerability exists in Microsoft Office that allows attackers to manipulate untrusted inputs, enabling them to bypass critical security measures locally. This flaw can expose systems to unauthorized actions, compromising the integrity of sensitive data. It is crucial for users to apply the lat...

Budibase, a low code platform for creating internal tools, exhibits a significant vulnerability in its server's authorization mechanism. In versions 3.31.4 and earlier, the 'authorized()' middleware designed to protect server-side API endpoints can be bypassed entirely by appending a specific web...

Multiple versions of Drupal, including those prior to 7.58 and various 8.x releases, are susceptible to a vulnerability that permits remote attackers to execute arbitrary code. This exploit takes advantage of configuration flaws in several subsystems, particularly those using default or common mo...

A security vulnerability exists in ProjectSend affecting versions up to r1945, specifically in the Auth.php file. This flaw allows for the manipulation of the ldap_email argument, which can cause discrepancies in the application's responses. An attacker may exploit this issue remotely, although t...

The Netartmedia Real Estate Portal 5.0 has an SQL injection vulnerability that can be exploited by attackers to manipulate database queries. By sending specially crafted POST requests to index.php with malicious SQL in the page parameter, unauthorized users can bypass security measures, extract s...

Netartmedia PHP Mall 4.1 has been found to contain multiple SQL injection vulnerabilities that enable unauthenticated attackers to manipulate database queries. By exploiting unvalidated parameters, such as 'id' in index.php and 'Email' in loginaction.php, threat actors can execute time-based blin...

202CMS v10 beta is vulnerable to a blind SQL injection flaw, which allows attackers to exploit the log_user parameter. Through carefully crafted POST requests to index.php, attackers can implement time-based blind injection techniques to execute arbitrary SQL commands. This vulnerability can lead...

Netartmedia Event Portal 2.0 is vulnerable to a time-based blind SQL injection, enabling unauthenticated attackers to insert SQL commands through the Email parameter. By sending manipulated POST requests to loginaction.php, attackers can extract sensitive data from the database, posing severe ris...

The Netartmedia PHP Real Estate Agency 4.0 software contains a serious SQL injection vulnerability that allows unauthenticated attackers to craft malicious POST requests. By exploiting the features[] parameter in the index.php file, attackers can execute arbitrary SQL queries that may lead to una...

The Netartmedia PHP Dating Site is vulnerable to SQL injection attacks via the Email parameter in the loginaction.php file. This allows unauthenticated attackers to inject malicious SQL code, potentially enabling them to extract sensitive data from the database. By sending specially crafted POST ...

The Netartmedia PHP Car Dealer contains a significant SQL injection vulnerability that enables attackers, without authentication, to execute arbitrary SQL queries. This flaw is exploited through the features[] parameter in POST requests to index.php, allowing malicious users to inject SQL payload...

Netartmedia's PHP Business Directory version 4.2 is susceptible to an SQL injection flaw that can be exploited by unauthenticated users. This vulnerability allows attackers to inject malicious SQL statements through the Email parameter when sending POST requests to the loginaction.php endpoint. S...

The Netartmedia Jobs Portal 6.1 is susceptible to an SQL injection vulnerability, which enables unauthenticated attackers to manipulate database queries. By sending carefully crafted POST requests to the loginaction.php file with malicious SQL code injected through the Email parameter, attackers ...

The Netartmedia Deals Portal is susceptible to an SQL injection vulnerability through the Email parameter in loginaction.php. This flaw enables unauthenticated attackers to execute crafted SQL queries via POST requests, providing them the capability to manipulate database operations. As a result,...

The uHotelBooking System is susceptible to an SQL injection vulnerability, which enables unauthenticated attackers to manipulate database queries. By exploiting the 'system_page' GET parameter, malicious users can inject SQL commands via crafted requests to index.php. This misuse can lead to the ...

Placeto CMS Alpha version 4 contains a vulnerability that enables authenticated attackers to exploit SQL injection through the 'page' parameter. By manipulating the parameter, attackers can craft GET requests to the admin/edit.php endpoint, leveraging techniques such as boolean-based blind, time-...

Inout EasyRooms Ultimate Edition v1.0 contains a security flaw that allows unauthorized users to execute SQL commands through the property1 parameter. By crafting specific POST requests to the search/searchdetailed endpoint, attackers can inject harmful SQL queries, potentially exposing sensitive...

XooGallery, a product by XooTheme, has a vulnerability that enables unauthorized individuals to execute SQL injection attacks through the 'p' parameter in a GET request to results.php. This means that attackers can pass crafted SQL code, compromising the integrity of the database. Such exploits c...

The Jettweb PHP Hazir Haber Sitesi Scripti V1 is susceptible to an authentication bypass vulnerability that allows attackers to circumvent authentication protections in the administration panel. Through improper SQL query validation, malicious users can inject SQL payloads into the username and p...

The Jettweb PHP Hazir Haber Sitesi Scripti V3 contains a significant security flaw that enables unauthenticated users to gain administrative access to the system. By exploiting the vulnerability present in the login.php administration panel, attackers can craft specific SQL syntax and manipulate ...

The Jettweb PHP Hazir Haber Sitesi Scripti V2 is susceptible to an authentication bypass vulnerability due to improper validation of SQL queries in the administration panel. This flaw allows unauthenticated attackers to exploit SQL injection payloads using the login form at admingiris.php, potent...

The XooDigital Latest product is susceptible to an SQL injection vulnerability via the 'p' parameter in the results.php file. This flaw enables unauthenticated attackers to craft GET requests with malicious 'p' values, allowing them to manipulate database queries and potentially extract sensitive...

The Jettweb PHP Hazir Ilan Sitesi Script V2 contains a significant SQL injection vulnerability that permits unauthenticated attackers to manipulate database queries through the 'kat' parameter. By sending specially crafted GET requests to the katgetir.php endpoint with malicious 'kat' values, att...

The Jettweb Hazir Rent A Car Script V4 is plagued by multiple SQL injection vulnerabilities within its admin panel. These flaws allow unauthenticated attackers to execute arbitrary SQL commands by manipulating GET parameters such as 'tur', 'id', and 'ozellikdil' in the admin/index.php endpoint. S...

The Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 is susceptible to an SQL injection flaw that allows attackers to exploit the 'arac_kategori_id' parameter. By crafting POST requests with malicious SQL code, unauthenticated users can manipulate database queries, potentially exposing sensitive in...

Inout RealEstate is susceptible to SQL injection, primarily affecting the agents/agentlistdetails endpoint. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting malicious SQL code through the city parameter. By sending crafted POST requests, attackers ca...

iScripts ReserveLogic is affected by an SQL injection vulnerability that enables unauthenticated attackers to exploit the jqSearchDestination parameter. By sending specially crafted POST requests to the search endpoint, attackers can inject malicious SQL code, allowing them to manipulate database...

Clinic Pro is exposed to a SQL injection vulnerability due to improper handling of user-supplied input through the month parameter. This flaw allows authenticated attackers to craft malicious POST requests targeting the monthly_expense_overview endpoint. By utilizing techniques such as boolean-ba...

A vulnerability in ProjectSend, specifically within the Delete Handler component's realpath function in the import-orphans.php file, allows for a path traversal exploit. By manipulating the argument files[], an attacker may gain unauthorized access to files on the server. This issue became public...

A security vulnerability has been identified in Tenda i12 firmware version 1.0.0.6(2204). This vulnerability arises from improper handling of the index parameter in the 'formwrlSSIDget' function within the '/goform/wifiSSIDget' file. An attacker can exploit this weakness to achieve a stack-based ...

A vulnerability in the Tenda i12 wireless router allows for a stack-based buffer overflow through the formWifiMacFilterGet function located in the /goform/WifiMacFilterGet file. This weakness could be exploited remotely, enabling potential attackers to manipulate index arguments. The exploit has ...

A security vulnerability has been identified in the Tenda i12 router, specifically within the vos_strcpy function located in the /goform/exeCommand file. This flaw allows an attacker to manipulate the cmdinput argument, leading to a stack-based buffer overflow. The vulnerability can be exploited ...