Publicly Disclosed
PoC Exploits

A vulnerability has been discovered in version 1.0 of the SourceCodester Pharmacy Sales and Inventory System, specifically affecting the `/ajax.php?action=delete_receiving` file. This weakness allows attackers to manipulate an ID argument, potentially leading to SQL injection attacks. As the expl...

A security vulnerability has been identified in the SourceCodester Pharmacy Sales and Inventory System 1.0, which allows attackers to manipulate the ID parameter in the ajax.php file, leading to SQL injection. This vulnerability can be exploited remotely, posing a significant risk to the integrit...

A vulnerability exists in the Totolink A8000RU router, specifically in the setWiFiEasyCfg function within the CGI Handler component located at /cgi-bin/cstecgi.cgi. This issue allows an attacker to manipulate the merge argument, facilitating OS command injection. As a result, remote attackers cou...

A command injection vulnerability exists in the CGI Handler of the Totolink A8000RU, specifically within the setIpv6LanCfg function of the /cgi-bin/cstecgi.cgi file. By manipulating the addrPrefixLen argument, an attacker can execute arbitrary operating system commands remotely. This vulnerabilit...

A security flaw in the Totolink A8000RU, specifically in the function setIptvCfg of the cgi-bin/cstecgi.cgi file, allows for OS command injection. This vulnerability can be exploited remotely by manipulating the argument in setIptvCfg, potentially leading to unauthorized access and command execut...

A critical OS command injection vulnerability has been identified in the Totolink A8000RU router, specifically within the setUPnPCfg function of the CGI component located in the /cgi-bin/cstecgi.cgi file. This flaw allows attackers to craft malicious requests, potentially executing arbitrary comm...

A security flaw has been identified in the Totolink A8000RU router, specifically within the setWizardCfg function of the CGI Handler located in /cgi-bin/cstecgi.cgi. This vulnerability allows for os command injection via manipulation of input arguments. It can be exploited remotely, presenting a ...

A vulnerability in the Tenda HG3 2.0 router allows attackers to exploit an unknown function in the file /boaform/formCountrystr. By manipulating the 'countrystr' argument, attackers can execute arbitrary OS commands from a remote location. This vulnerability poses a significant security risk as t...

A security vulnerability exists in the Employee Management System version 1.0 developed by Code-Projects, specifically within the cancel.php file. This flaw is triggered by improper handling of the 'id/token' arguments, allowing remote attackers to execute SQL injection attacks. The remote exploi...

A security flaw has been found in the Employee Management System (version 1.0) by Code-Projects, specifically in the 'approve.php' file. An attacker can manipulate the 'id/token' parameters, leading to SQL injection vulnerabilities that can be exploited remotely. The exploit is publicly available...

A security flaw exists in the Employee Management System 1.0 developed by Code-Projects, specifically affecting the handling of the file `370project/mark.php`. This vulnerability can lead to cross-site scripting (XSS) attacks, allowing remote attackers to manipulate content and execute scripts in...

A security flaw has been discovered in the code-projects Employee Management System version 1.0, specifically within the delete.php file. This vulnerability allows remote attackers to manipulate the 'ID' argument, leading to potential SQL injection attacks. The exploit can be easily executed, pos...

A vulnerability has been identified in the Employee Management System 1.0 developed by code-projects, specifically within the edit.php file. This vulnerability allows for SQL injection attacks through manipulation of the argument ID. Attackers can exploit this security flaw remotely, which poses ...

The Hustle plugin for WordPress contains a vulnerability that allows authenticated users with lower-privileged roles, such as Subscribers, to upload arbitrary files due to insufficient file type validation. This flaw is present in all versions up to and including 7.8.9.2 and could potentially lea...

An issue has been discovered in NousResearch hermes-agent version 0.8.0, where the Webhooks Endpoint's _INSECURE_NO_AUTH argument allows for missing authentication controls. This vulnerability enables remote attackers to exploit it without authentication, potentially leading to unauthorized acces...

A security flaw exists in the NousResearch hermes-agent version 0.8.0 involving the function _check_auth located in the file gateway/platforms/api_server.py. This vulnerability allows for improper authentication, potentially enabling remote attackers to manipulate user access and permissions. Alt...

A vulnerability exists in the Code-Projects Invoice System version 1.0, where an exploitation of the file /item allows attackers to manipulate input parameters related to item names and descriptions. This manipulation can lead to Cross-Site Scripting (XSS) attacks, enabling remote attackers to ex...

A vulnerability has been identified in the Code-Projects Invoice System, specifically within the API Endpoint related to the '/item' function. This flaw enables improper authorization, allowing attackers to manipulate requests and gain unauthorized access. The impact is significant as the attack ...

A security vulnerability has been found in the Invoice System developed by Code-Projects, specifically in version 1.0, which is susceptible to cross-site request forgery (CSRF) attacks. This vulnerability allows malicious actors to perform unauthorized actions on behalf of users without their con...

A vulnerability has been discovered in the Code-Projects Invoice System, impacting version 1.0. The issue arises from an undefined function within the '/company' file, allowing attackers to manipulate the 'logo' argument and execute unrestricted file uploads. This vulnerability is exploitable rem...

A command injection vulnerability has been identified in the Tenda F456 product, specifically within the FromWriteFacMac function of the /goform/WriteFacMac file. This flaw allows attackers to manipulate the 'mac' argument, leading to unauthorized command execution. Remote exploitation of this vu...

A significant vulnerability has emerged in the Tenda F456 router, specifically in version 1.0.0.5. This flaw arises from the 'fromWrlclientSet' function within the '/goform/WrlclientSet' file of the httpd component, leading to a buffer overflow. The vulnerability could allow an attacker to exploi...

A vulnerability exists in the Tenda F456 router's HTTP service, specifically within the fromNatlimitof function in the httpd component. This flaw can be exploited remotely, potentially allowing an attacker to manipulate the affected function and trigger a buffer overflow. Exploitation of this vul...

A buffer overflow vulnerability has been identified in the Tenda F456 router. Specifically, the vulnerability lies in the function formQuickIndex located in the /goform/QuickIndex file of the httpd component. By manipulating the 'mit_linktype' argument, an attacker can cause a buffer overflow, wh...

A critical security vulnerability has been identified in the Tenda F456 router version 1.0.0.5, specifically in the fromDhcpListClient function within the /goform/DhcpListClient component. This vulnerability allows remote attackers to manipulate the arguments passed to the function, leading to a ...

The SSL Protocol 3.0 vulnerability allows attackers to exploit the nondeterministic CBC padding method used in OpenSSL, enabling man-in-the-middle attacks. This vulnerability can lead to the exposure of sensitive cleartext data via a padding-oracle attack, commonly referred to as the 'POODLE' exp...

A vulnerability in the Tenda F456 version 1.0.0.5 has been identified, which affects the httpd component, specifically within the function fromwebExcptypemanFilter. This vulnerability is caused by inadequate validation of input parameters, enabling attackers to exploit the argument 'page' to perf...

A vulnerability has been identified in Tenda HG3 2.0 version 300003070 that allows an attacker to exploit the function formgponConf in the file /boaform/admin/formgponConf. By manipulating the argument fmgpon_loid, remote command execution can be achieved, putting devices at risk of unauthorized ...

A cross site scripting vulnerability has been discovered in the Employee Management System version 1.0 developed by Code-Projects. This vulnerability exists in the file located at 370project/edit.php, where the manipulation of the argument ID can be exploited. Attackers can initiate this remotely...

A vulnerability exists in ShadowCloneLabs GlutamateMCPServers that allows a remote attacker to manipulate URL arguments, potentially leading to server-side request forgery. This flaw is located in the file src/puppeteer/index.ts within the puppeteer_navigate component. Despite being reported earl...

A vulnerability exists in the Code-Projects Invoice System for Laravel 1.0, specifically within the Invoice Endpoint component. This issue arises from an improper authorization mechanism related to manipulation of the argument ID in the /invoice/ file. A remote attacker could exploit this vulnera...

A vulnerability has been identified in the Code-Projects Invoice System, specifically in the Profile Handler component. This issue arises from the manipulation of the argument ID, leading to improper authorization which could allow unauthorized access to sensitive user profiles. The flaw can be e...

A security flaw has been identified in the Code-Projects Invoice System implemented in Laravel 1.0, specifically within an undisclosed function of the User Management Handler that handles user authentication. This vulnerability allows for unauthorized access, enabling potential remote exploitatio...

A vulnerability has been identified in the code-projects Chat System 1.0, specifically in the /admin/send_message.php file within the Chat Interface component. This flaw allows attackers to exploit the argument 'msg' to execute malicious scripts, leading to cross-site scripting (XSS). The nature ...

A security flaw has been identified in the Home Service System 1.0 related to the Appointment Booking component. This vulnerability arises from improper handling of user-input arguments, specifically fname and lname, in the /booking.php file. Attackers can exploit this flaw to inject malicious sc...

A critical weakness has been discovered in the Pharmacy Sales and Inventory System, specifically within the /ajax.php?action=save_receiving file. This vulnerability allows an attacker to manipulate the parameter ID, which can lead to unauthorized SQL queries being executed on the database. This e...

A critical SQL injection flaw has been identified in the SourceCodester Pharmacy Sales and Inventory System version 1.0, specifically within the /ajax.php?action=save_sales function. This vulnerability allows attackers to manipulate the argument ID to execute arbitrary SQL queries on the database...

A security vulnerability has been detected in the Toonflow app by HBAI-Ltd, specifically affecting the updateStoryboardUrl function within the replaceUrl.ts file. This flaw permits unauthorized attackers to potentially exploit path traversal, allowing access to file system paths that should remai...

A vulnerability exists in the HBAI-Ltd Toonflow-app affecting the z.url functionality in the downloadApp endpoint, which can be exploited to achieve path traversal. This flaw allows an attacker to potentially manipulate the URL parameter exploited remotely. The complexity of this attack is high d...

A vulnerability was identified in HBAI-Ltd's Toonflow app, specifically in version 1.1.1. The issue resides in the getCodeByLink endpoint, where improper handling of input parameters allows an attacker to perform server-side request forgery (SSRF). This exploit can be executed remotely, posing si...

A SQL injection vulnerability exists in the Likeadmin-Likeshop platform, specifically within the queryResult function of the DataTableLists.php file. This flaw allows remote attackers to manipulate SQL queries, potentially compromising the database and access sensitive data. Despite being reporte...

A buffer overflow vulnerability exists in the Tenda F456 router, specifically within the 'formWrlExtraSet' function of the httpd component. By manipulating the argument 'Go', an attacker can exploit this flaw to execute arbitrary code remotely, potentially compromising the device's security. The ...

ZoneMinder, a popular open-source closed-circuit television software, has a vulnerability that exposes versions v1.37.* up to and including v1.37.64 to a boolean-based SQL injection attack through the web/ajax/event.php endpoint. This flaw can allow an attacker to manipulate SQL queries, potentia...

A buffer overflow vulnerability exists within the Tenda F456 router, specifically in the function fromGstDhcpSetSer of the httpd component. An attacker can exploit this weakness by manipulating the dips argument, allowing the execution of arbitrary code remotely. Given that the exploit details ar...

A security vulnerability has been identified in Tenda F456 version 1.0.0.5, specifically in the PPTPUserSetting function within the httpd component. An argument manipulation in the delno parameter can lead to a buffer overflow, which exposes the system to potential remote exploitation. This vulne...

A buffer overflow vulnerability has been discovered in the Tenda F456 router, specifically within the fromAdvSetWan function of the httpd component. This vulnerability arises from improper handling of the wanmode argument, allowing an attacker to manipulate the input and potentially execute arbit...

A security flaw has been identified in the Tenda F456 router, specifically in the function fromSetIpBind located in the /goform/SetIpBind component of the httpd service. This vulnerability stems from improper handling of the argument page, leading to a buffer overflow condition. Attackers can exp...

A vulnerability in the itsourcecode Courier Management System 1.0 has been discovered, specifically within an unidentified function in the edit_parcel.php file. This weakness allows for SQL injection through the manipulation of the 'ID' argument. The SQL injection can be executed remotely, thereb...

Protobuf.js, a library that compiles protocol buffer definitions into JavaScript functions, is susceptible to a vulnerability that enables attackers to inject arbitrary code via the 'type' fields in protobuf definitions. This injected code can be executed during the decoding of the corresponding ...

A vulnerability exists in the itsourcecode Courier Management System version 1.0, specifically within the /edit_branch.php file. This flaw enables attackers to execute SQL injection attacks by manipulating the ID argument. The potential for remote exploitation of this vulnerability raises serious...