Publicly Disclosed
PoC Exploits

A vulnerability exists in Samsung's Exynos mobile and wearable processors due to improper validation on incoming USB packets. This lack of length checks can potentially lead to out-of-bounds writes, allowing attackers to modify memory contents and execute arbitrary code. The affected processors i...

A security issue in Docker Desktop has been discovered, enabling local running Linux containers to communicate with the Docker Engine API through the default Docker subnet. This issue can arise irrespective of whether Enhanced Container Isolation (ECI) is active or if the 'Expose daemon on tcp://...

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

The Smart Plant System by Gardyn contains a significant vulnerability involving hardcoded storage credentials within its mobile application and device firmware. These credentials not only lack sufficient restrictions on end-user permissions but also do not have an expiration mechanism in place. T...

The Gardyn IoT Hub exhibits a vulnerability where administrative credentials can be extracted via its application API responses, reverse engineering of the mobile application, and the device's firmware. This flaw may grant an attacker full administrative access to the IoT Hub, consequently puttin...

Weaver E-cology 10.0 prior to version 20260312 is exposed to an unauthenticated remote code execution vulnerability. This occurs in the /papi/esearch/data/devops/dubboApi/debug/method endpoint, which allows malicious actors to execute arbitrary commands. By crafting specific POST requests with at...

The Tianxin Internet Behavior Management System has a command injection vulnerability within its Reporter component. This issue allows unauthenticated attackers to execute arbitrary commands by manipulating the objClass parameter with crafted shell metacharacters and output redirection. If exploi...

Dolibarr ERP/CRM versions prior to 23.0.2 suffer from an authenticated remote code execution vulnerability in the dol_eval_standard() function. This flaw arises from inadequate string checks in whitelist mode and a failure to recognize PHP dynamic callable syntax. An attacker with administrator p...

The SQL Chart Builder plugin for WordPress, prior to version 2.3.8, is susceptible to SQL injection due to insufficient input sanitization. Malicious actors could exploit this vulnerability by injecting arbitrary SQL queries through user inputs that are directly concatenated into SQL statements, ...

The Link Whisper Free plugin for WordPress prior to version 0.9.1 has a serious issue where its REST API endpoint is publicly accessible. This flaw allows attackers to make unauthorized changes to plugin settings without the need for authentication, potentially leading to data exposure and modifi...

The Popup Box WordPress plugin versions prior to 5.5.0 have a critical vulnerability where nonces are not properly validated in the add_or_edit_popupbox() function. This flaw permits unauthenticated attackers to execute Cross-Site Request Forgery attacks. If an admin inadvertently visits a compro...

A heap-based buffer overflow vulnerability exists in the __vsyslog_internal function of the glibc library, which is crucial for logging system events through the syslog and vsyslog functionalities. The issue arises if the openlog function is not invoked or if it is invoked with a NULL ident argum...

The gRPC-Go server has a vulnerability that allows an attacker to bypass authorization checks due to improper input validation on the HTTP/2 ':path' pseudo-header. Specifically, versions before 1.79.3 accepted requests with omitted leading slashes in the ':path', allowing unauthorized access to s...

The PJSIP multimedia communication library has a vulnerability related to a heap-based buffer overflow in the DNS parser's name length handler. This issue impacts applications using PJSIP's integrated DNS resolver, which is configured through pjsua_config.nameserver or UaConfig.nameserver setting...

A vulnerability exists within the ngx_http_dav_module of NGINX Open Source and NGINX Plus that can be exploited to trigger a buffer overflow in the NGINX worker process. This scenario is possible when configuration files utilize the DAV module's MOVE or COPY methods combined with specific prefix ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in the itsourcecode Construction Management System 1.0, specifically within the argument handling in the borrowedtool.php file. By manipulating the input parameters, an attacker can execute SQL injection attacks remotely, jeopardizing the security of the system and potentia...

Pydio Cells allows users to create external users for file sharing. However, by altering the HTTP request during this process, it is possible to assign arbitrary roles to new external users. This vulnerability enables an attacker to grant themselves or any other unauthorized user access to all ce...

The parquet-avro module of Apache Parquet versions 1.15.0 and earlier contains a schema parsing vulnerability that enables attackers to execute arbitrary code. It is crucial for users to upgrade to version 1.15.1 or later to mitigate this risk and secure their systems against potential exploitation.

A cross-site scripting vulnerability exists in the Online Hotel Booking 1.0 software, specifically affecting the /booknow.php component. This flaw allows attackers to manipulate the roomname parameter, enabling them to execute arbitrary scripts in the context of another user's browser. The exploi...

A security flaw has been identified in the Totolink A7100RU router, specifically in the function setGameSpeedCfg located in /cgi-bin/cstecgi.cgi. This vulnerability allows for OS command injection through manipulation of the 'enable' argument, potentially enabling an attacker to execute arbitrary...

A security flaw has been identified in the Totolink A7100RU router, specifically within the setFirewallType function of the cstecgi.cgi file. This vulnerability allows attackers to manipulate the firewallType parameter, potentially leading to OS command injection. This threat can be exploited rem...

A vulnerability exists in the Totolink A7100RU router due to improper validation in the setRemoteCfg function of the cstecgi.cgi file. By manipulating the enable argument, an attacker can execute OS commands remotely, potentially compromising the device's security. This exploit has been publicly ...

A vulnerability has been identified in the Totolink A7100RU firmware version 7.4cu.2313_b20191024, specifically within the setNtpCfg function of the cgi-bin/cstecgi.cgi file. This issue arises from improper handling of the 'tz' argument, allowing attackers to perform OS command injection. Such ma...

A security flaw exists in the Totolink A7100RU router, specifically within the setDdnsCfg function of the /cgi-bin/cstecgi.cgi file. This vulnerability allows an attacker to manipulate the 'provider' argument, potentially leading to OS command injection. Such attacks can be executed remotely, mak...

A vulnerability exists in the Tenda CX12L router, specifically within the fromNatStaticSetting function located in the /goform/NatStaticSetting file. This weakness allows an attacker to execute a stack-based buffer overflow by manipulating input arguments. The vulnerability can be exploited remot...

A security vulnerability has been identified in the Tenda CX12L router's handling of the RouteStatic function, specifically affecting the /goform/RouteStatic file. An attacker can exploit this flaw by manipulating the 'page' argument, leading to a stack-based buffer overflow. The nature of this v...

A stack-based buffer overflow vulnerability has been discovered in the Tenda CX12L router version 16.03.53.12, specifically within the fromAddressNat function located in the /goform/addressNat file. This flaw allows an attacker to remotely manipulate the argument page, potentially leading to expl...

A stack-based buffer overflow vulnerability exists in the Tenda CX12L router's webExcptypemanFilter function. By manipulating the 'page' argument within the '/goform/webExcptypemanFilter' endpoint, an attacker with local network access may exploit this issue, potentially leading to remote code ex...

A stack-based buffer overflow vulnerability exists in the Tenda CX12L device, specifically in the fromP2pListFilter function located in the /goform/P2pListFilter file. This vulnerability is triggered by manipulating the 'page' argument and can allow an attacker to execute arbitrary code. The expl...

The Meesho Online Shopping App for Android, specifically the component com.meesho.supply, has a vulnerability involving an unknown function within the /api/endpoint. This issue allows for the manipulation of cryptographic algorithms, potentially leading to insecure data handling. Although the com...

A SQL injection vulnerability has been identified in the itsourcecode sanitize or validate this input version 1.0, specifically within the borrowedequip.php file of the Parameter Handler component. This flaw allows attackers to manipulate the emp_id argument, enabling unauthorized SQL queries to ...

A security vulnerability has been identified in the Totolink A3300R router, specifically within the function vsetTr069Cfg located in the /cgi-bin/cstecgi.cgi file. This issue arises from improper handling of the stun_pass argument, allowing an attacker to execute arbitrary commands on the operati...

The Anthropic Claude Code CLI and Claude Agent SDK are susceptible to an OS command injection vulnerability in the authentication helper execution. This flaw arises from the lack of input validation in the execution of helper configuration values, allowing an attacker with the ability to manipula...

A security weakness has been discovered in the Totolink A7100RU router effective with the software version 7.4cu.2313_b20191024, specifically in the function setScheduleCfg located in /cgi-bin/cstecgi.cgi. This vulnerability allows attackers to manipulate the 'mode' argument, potentially enabling...

A security vulnerability has been identified in the Totolink A7100RU router, specifically within the CsteSystem function of the cgi-bin/cstecgi.cgi file. This flaw allows attackers to manipulate the resetFlags argument, thereby executing arbitrary OS commands remotely. The existence of this explo...

A significant vulnerability exists in the Totolink A8000R router, particularly within the 'setLanguageCfg' function located in the /cgi-bin/cstecgi.cgi file. This weakness stems from the improper handling of the 'langType' argument, resulting in a lack of required authentication for certain opera...

A vulnerability has been identified in the itsourcecode Construction Management System 1.0 that allows an SQL injection through the manipulation of the 'emp' argument in the 'borrowed_tool.php' file. This weakness enables remote attackers to execute unauthorized SQL commands, potentially compromi...

The Simple IT Discussion Forum version 1.0 by Code-Projects contains a vulnerability in the edit-category.php file within its Parameter Handler component. This flaw allows for SQL injection, where manipulating the cat_id parameter can enable an attacker to execute malicious SQL queries remotely. ...

A cross-site scripting vulnerability is present in the Cyber-III Student-Management-System within the Class Schedule Deletion Endpoint located at /admin/class%20schedule/delete_batch.php. This flaw allows an attacker to manipulate the 'batch' argument, potentially leading to the injection of mali...

A vulnerability in the Cyber-III Student-Management System allows for unrestricted file uploads through the manipulation of the 'File' parameter in the 'move_uploaded_file' function located in '/AssignmentSection/submission/upload.php'. This issue can be exploited remotely, enabling attackers to ...

A SQL injection vulnerability has been identified in the Cyber-III Student-Management System specifically affecting the /login.php file within the Parameter Handler component. This vulnerability allows for remote exploitation through manipulation of the Password argument, enabling attackers to ex...

A security flaw has been identified in the Cyber-III Student-Management-System, which impacts the /admin/Add%20notice/add%20notice.php file. This vulnerability arises from improper handling of the $_SERVER['PHP_SELF'] parameter, allowing a potential attacker to exploit cross-site scripting (XSS) ...

Twitch Studio versions up to 0.114.8 are vulnerable to a privilege escalation issue stemming from an unprotected XPC service in the application's privileged helper tool. This flaw allows local attackers to execute arbitrary code with root privileges. By exploiting the installFromPath:toPath:withR...

A vulnerability has been identified in the Online FIR System version 1.0, specifically within the file /complaints.sql related to the SQL Database Backup File Handler. This issue allows for the insecure storage of sensitive information, posing a risk of unauthorized access. The exploitation can b...

A security vulnerability has been identified in version 1.0 of the Online FIR System developed by Code-Projects. The issue arises from a flaw in the login functionality, specifically within the file /Login/checklogin.php. Attackers can exploit this vulnerability by manipulating the 'email' and 'p...

The web interface of multiple Omada switches lacks proper validation for certain external inputs, potentially allowing out-of-bounds memory access when processing specially crafted requests. This flaw creates an opportunity for an unauthenticated attacker with network access to exploit the affect...

A vulnerability has been discovered in the Free5GC 4.2.0 framework, affecting the NGSetupRequest Handler component. An attacker could exploit this vulnerability to initiate a denial of service attack, which can be executed remotely. The exploit is publicly accessible, posing significant risks to ...

A SQL injection vulnerability exists in the itsourcecode Construction Management System 1.0, specifically within an unknown function of the /borrowed_equip.php file related to parameter handling. This security flaw allows attackers to manipulate the 'emp' argument, which could lead to unauthorize...