Publicly Disclosed
PoC Exploits

The Get Use APIs plugin for WordPress versions before 2.0.10 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This security flaw enables users with low-level roles, such as contributors, to execute arbitrary JavaScript code through imported JSON data under specific server configurati...

A cross-origin vulnerability exists within the Navigation API that could allow maliciously crafted web content to bypass the Same Origin Policy. This issue has been rectified with enhanced input validation in version updates for iOS, iPadOS, and macOS, specifically in versions 26.3.1 and 26.3.2. ...

The SpaceX Starlink Wi-Fi router GEN 2 and Starlink Dish are susceptible to a Cross-Site Request Forgery (CSRF) attack, allowing malicious actors to exploit a DNS rebinding technique. This vulnerability permits unauthorized actions, such as rebooting the device without user consent, posing signif...

A vulnerability in itsourcecode's University Management System 1.0 affects an undisclosed function within the /add_result.php file. This flaw allows for manipulation of the 'vr' argument, ultimately facilitating cross-site scripting attacks. Such vulnerabilities pose serious risks as they can be ...

A security flaw has been identified in Portabilis i-Educar 2.11, specifically affecting the endpoint located at /intranet/educar_servidor_curso_lst.php. This vulnerability allows remote attackers to conduct cross-site scripting (XSS) attacks by manipulating the 'Name' parameter. The exploitation ...

A Cross Site Scripting (XSS) vulnerability has been discovered in the TRENDnet TEW-824DRU's web interface, specifically within the apply_sec.cgi file's sub_420A78 function. Manipulating the Language argument allows for the execution of malicious scripts, which can be triggered remotely. The ease ...

A vulnerability in FreeFloat FTP Server 1.0 affects the NOOP Command Handler, allowing for remote buffer overflow attacks. This flaw can be exploited, leading to unauthorized data access and potential control of the affected system. The issue has been publicly disclosed, emphasizing the need for ...

A path traversal vulnerability was discovered in Ray Dashboard, hosted on the default port 8265, impacting versions prior to 2.8.1. This flaw arises from the inadequate validation and sanitization of user-supplied paths within the static file handling mechanism. An attacker can exploit this vulne...

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

A vulnerability in the Simple Food Order System 1.0 allows attackers to exploit the file /routers/add-item.php by manipulating the price argument, leading to SQL injection. This flaw can be targeted remotely, and the exploit code is publicly available, posing a significant risk to users of the sy...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A buffer overflow vulnerability exists in the UTT HiPER 810G model, specifically within the strcpy function of the /goform/formApLbConfig file. This flaw allows an attacker to manipulate the loadBalanceNameOld argument, potentially leading to unauthorized access or execution of arbitrary code. Th...

The Micro HTTP Server is susceptible to a buffer overflow due to improper handling of long URIs in the _ReadStaticFiles function within the lib/middleware.c file. This flaw allows attackers to send specially crafted requests that can exploit the vulnerability, potentially leading to remote code e...

A vulnerability has been discovered in frdel/agent0ai agent-zero version 0.9.7, specifically affecting the handle_pdf_document function located in python/helpers/document_query.py. This flaw enables remote attackers to execute server-side request forgery (SSRF) attacks, allowing them to send unau...

A security flaw has been identified in frdel's Agent-Zero product, specifically in version 0.9.7-10. This vulnerability is associated with the 'get_abs_path' function located in the 'python/helpers/files.py' file. It allows an attacker to manipulate file paths, resulting in unauthorized access to...

A SQL injection vulnerability exists in the Tiandy Easy7 Integrated Management Platform in versions up to 7.17.0, specifically within the /rest/preSetTemplate/getRecByTemplateId function. The vulnerability arises from improper validation of the ID argument, allowing attackers to manipulate SQL qu...

A vulnerability has been discovered in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically within an undisclosed function of the /rest/devStatus/getDevDetailedInfo endpoint. This issue allows attackers to manipulate the argument ID, potentially leading to SQL injection at...

A vulnerability has been identified in the Tiandy Easy7 Integrated Management Platform 7.17.0 that allows for SQL injection through an undisclosed function in the /rest/devStatus/queryResources endpoint. This security flaw enables attackers to manipulate the areaId argument, potentially allowing ...

A path traversal vulnerability exists within the Taoofagi Easegen-Admin software, specifically in the 'recognizeMarkdown' function of the 'Pdf2MdUtil.java' file. This vulnerability allows attackers to manipulate the 'fileUrl' argument, potentially gaining unauthorized access to the underlying fil...

A vulnerability exists in the Taoofagi Easegen-Admin product due to improper handling of the 'url' parameter in the downloadFile function of the PPT File Handler. This flaw allows an attacker to exploit server-side request forgery (SSRF) vulnerabilities, potentially leading to unauthorized access...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

A stack-based buffer overflow vulnerability affects Easy File Sharing (EFS) Web Server 7.2. This issue arises when attackers send a specially crafted POST request to the system while creating new topics in the forums. Successfully exploiting this vulnerability allows remote attackers to execute a...

The fontTools library, used for font manipulation in Python, contains an arbitrary file write vulnerability affecting versions from 4.33.0 to before 4.60.2. This flaw allows an attacker to execute remote code when a specially crafted .designspace file is processed through the fonttools varLib scr...

A vulnerability has been discovered in the Tenda AC8 router, specifically affecting the HTTP Endpoint component. This issue arises from improper handling of the argument local_2c in the doSystemCmd function located in the /goform/SysToolChangePwd file. Exploitation of this vulnerability can lead ...

A security vulnerability has been identified in the Tenda AC8 router, specifically affecting version 16.03.50.11. This flaw is found in the route_set_user_policy_rule function within the /cgi-bin/UploadCfg component of the web interface. By manipulating the wans.policy.list1 argument, an attacker...

A vulnerability exists in the REST Plugin of Apache Struts that allows for Remote Code Execution due to the use of an XStreamHandler without type filtering during XML payload deserialization. This flaw, present in specific versions of the software, can be exploited by attackers to execute arbitra...

A vulnerability has been identified in the Tenda AC8 router that affects the function handling IPv6 address checks, specifically the 'check_is_ipv6' function in the IPv6 Handler component. This flaw allows an attacker to exploit the reliance on the IP address for authentication purposes. When exp...

A data exposure vulnerability has been identified in the CityData CityChat app for Android devices, specifically affecting version 0.12.6. The vulnerability involves improper handling of sensitive information located in the credentials.json file, which can lead to unprotected storage of credentia...

A vulnerability exists in Albert Health for Android up to version 1.7.3 affecting the Google Cloud Service Account Key Handler located in the service-account.json file. This flaw allows for the manipulation of credential storage leading to unprotected access to sensitive information. The attack n...

A vulnerability has been discovered in the La Nacion App version 10.2.25 for Android, where improper handling of the API_KEY_WEBSOCKET_CV parameter may lead to unprotected storage of sensitive credentials. This flaw exists within a specific component of the application and is particularly concern...

A security flaw in the BabyChakra Pregnancy & Parenting App for Android has been identified, affecting versions up to 5.4.3.0. This vulnerability resides in the Configuration.java file within the app, specifically linked to the SEGMENT_WRITE_KEY argument. Exploiting this flaw can lead to unprotec...

A SQL injection vulnerability has been discovered in the itsourcecode College Management System version 1.0, specifically within an unknown function in the file /admin/time-table.php. This flaw allows attackers to manipulate the 'course_code' argument. Given its remote exploit capability, the vul...

A vulnerability in Open5GS up to version 2.7.6 can lead to a denial of service through specific functions within the CCA Handler, including smf_gx_cca_cb and smf_gy_cca_cb. This issue can be exploited remotely, allowing attackers to disrupt services without physical access. It is recommended to u...

A vulnerability in the Lagom WHMCS Template, specifically affecting versions up to 2.3.7, allows for unauthorized modification of object prototype attributes within the Datatables component. This security flaw can be exploited remotely, making it a significant concern for users. The vendor has be...

A vulnerability in the Lagom WHMCS Template, specifically affecting versions up to 2.3.7, allows for unauthorized modification of object prototype attributes within the Datatables component. This security flaw can be exploited remotely, making it a significant concern for users. The vendor has be...

A vulnerability in the itsourcecode College Management System version 1.0 has been identified, specifically affecting the file /admin/courses.php. This issue arises from inadequate validation of the course_code parameter, which can be manipulated to execute SQL injection attacks. Such exploitatio...

A SQL injection vulnerability exists in the itsourcecode Free Hotel Reservation System version 1.0, specifically within the /hotel/admin/mod_reports/index.php file. This flaw allows an attacker to manipulate the argument 'Home' to execute arbitrary SQL commands, potentially gaining unauthorized a...

A security vulnerability has been identified in the itsourcecode Online Enrollment System, specifically affecting an unspecified function within the file /enrollment/index.php?view=add. This vulnerability arises due to incorrect handling of the argument txtsearch/deptname/name, allowing for SQL i...

A SQL injection vulnerability has been detected in itsourcecode's Online Enrollment System version 1.0 through the manipulation of the user_email parameter in the /sms/login.php file. This flaw allows unauthorized users to execute arbitrary SQL queries against the underlying database remotely. Th...

A security flaw has been found in SSCMS version 7.4.0, specifically within the DDL Handler component's SitesAddController.Submit.cs file. This vulnerability allows remote attackers to manipulate the argument 'tableHandWrite', leading to potential SQL injection attacks. The exploit for this vulner...

A vulnerability in ThingsGateway version 12 allows for path traversal through an exploitation of the file download API. Specifically, manipulation of the 'fileName' argument could enable attackers to access files that are outside of the intended directory, facilitating the unauthorized retrieval ...

A vulnerability exists in the Tiandy Integrated Management Platform version 7.17.0 that allows attackers to manipulate the userId argument in the '/rest/user/getAuthorityByUserId' file. This manipulation could lead to an SQL injection attack, enabling potential unauthorized access to sensitive da...

Microsoft Exchange Server Remote Code Execution Vulnerability

A server-side request forgery (SSRF) vulnerability exists in the vanna-ai product up to version 2.0.2, specifically within the update_sql/run_sql function located in the src/vanna/legacy/flask/__init__.py file of the Endpoint component. This flaw allows an attacker to manipulate requests, potenti...

A SQL injection vulnerability exists in vanna-ai's Vanna product, specifically in the update_sql function located within the src/vanna/legacy/flask/__init__.py file of its Endpoint component. This vulnerability allows attackers to manipulate SQL queries, potentially leading to unauthorized access...

A security flaw exists in Vanna-AI's Vanna software, specifically in the remove_training_data function located within the bigquery_vector.py file. This vulnerability allows attackers to manipulate input arguments, leading to SQL injection attacks that can be executed remotely. Published exploits ...

A path traversal flaw in setuptools prior to version 78.1.1 allows attackers to write files to arbitrary locations on the filesystem by exploiting the vulnerabilities in the PackageIndex component. This issue could lead to significant security risks, including the potential for remote code execut...

A command injection vulnerability is present in the LB-LINK BL-WR9000 version 2.4.9, specifically within the function sub_458754 located in the /goform/set_wifi file. This critical flaw allows attackers to execute arbitrary commands on the device remotely, potentially compromising network securit...

A security flaw exists in the LB-LINK BL-WR9000 router, specifically within the sub_44D844 function located in /goform/get_hidessid_cfg. This vulnerability allows for a remote attacker to manipulate the function, leading to a buffer overflow. Such an exploit presents significant risks, as it may ...

A stack-based buffer overflow vulnerability has been found in the LB-LINK BL-WR9000 router, specifically in the function sub_44E8D0 of the /goform/get_virtual_cfg file. This vulnerability can be exploited remotely, allowing attackers to manipulate the function and overflow the stack. Publicly ava...