Publicly Disclosed
PoC Exploits

A vulnerability has been discovered in the niklasso minisat product, specifically within its DIMACS File Parser component. The issue arises in the Solver::value function located in the core/SolverTypes.h file, where an improper handling of the variable index can lead to an out-of-bounds read when...

A security vulnerability has been identified in The Silver Searcher, a popular code searching tool. This vulnerability is present in the 'search_stream' function within 'src/search.c', which can lead to a null pointer dereference. Local access is required to exploit this vulnerability, making it ...

The Video Conferencing with Zoom plugin for WordPress prior to version 4.6.6 contains a significant security issue in its AJAX handler. The nonce verification mechanism, which is crucial for preventing unauthorized access, has been commented out, exposing a critical vulnerability. This flaw allow...

A vulnerability has been identified in the universal-ctags tool, specifically within the V Language Parser. This weakness, found in the function parseExpression and parseExprList of the file parsers/v.c, allows for uncontrolled recursion to occur. When exploited, this can lead to detrimental perf...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A security vulnerability has been identified in Softland FBackup up to version 9.9 that allows local attackers to exploit an issue within the HID.dll library. This flaw, linked to the Backup/Restore functionality, enables unauthorized manipulation resulting in link following. The exposure allows ...

A vulnerability has been identified in Blossom versions up to 1.17.1, specifically affecting the file upload functionality in the BLOSManager.java component. This issue allows an attacker to manipulate input in a way that can lead to unauthorized access to files through path traversal techniques....

A security vulnerability has been identified in Blossom, specifically affecting the Article Title Handler component. The vulnerable function, located in the ArticleController.java file, is susceptible to cross site scripting (XSS) attacks, allowing remote attackers to manipulate the content proce...

A security vulnerability exists in the Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0, specifically affecting the /SISReport/WebReport20/Proxy/AsyncTreeProxy.aspx file. An attacker can exploit this vulnerability through the manipulation of the PGUID parameter, leading to poten...

A vulnerability in the Huace Monitoring and Early Warning System allows attackers to exploit the functionality of the file /Web/SysManage/ProjectRole.aspx. By manipulating the ID argument, an attacker can execute SQL injection attacks remotely. This exploitation has been publicly disclosed, posin...

A vulnerability exists in Beetel 777VR1 routers that affects the SSH Service, where weak encryption algorithms may be exploited remotely. The complexity of the attack is considered high, making it challenging for potential exploiters. The issue stems from the use of cryptographically broken proto...

A security flaw has been identified in the Beetel 777VR1, specifically affecting its Telnet and SSH services. This vulnerability allows for insecure default initialization of resources, potentially enabling unauthorized access within a local network context. As the exploit for this vulnerability ...

A security vulnerability has been identified in the Beetel 777VR1 router affecting versions up to 01.00.09. The vulnerability involves hard-coded credentials found within the Web Management Interface, which poses a significant risk as it allows unauthorized access. To exploit this vulnerability, ...

A security flaw has been identified in the Wavlink WL-NU516U1 router related to the singlePortForwardDelete function within the /cgi-bin/firewall.cgi file. By manipulating the del_flag argument, an attacker can exploit this vulnerability to execute arbitrary commands on the device. This means tha...

The vulnerability in the Python tarfile module allows for arbitrary filesystem writes when extracting untrusted tar archives with the filter parameter set to 'data' or 'tar'. This issue arises specifically in Python 3.12 or later. Users who employ the TarFile.extractall() or TarFile.extract() met...

The Frontend File Manager Plugin for WordPress, up to version 23.5, presents a significant security risk by permitting unauthenticated users to send emails from the site, bypassing necessary security protocols. This loophole allows malicious actors to exploit the WordPress site as a relay for spa...

The tarfile module in Python versions 3.12 and later has a vulnerability that allows the extraction filter to be bypassed. This exploitation can lead to the extraction of symlink targets that point outside of the intended destination directory and unauthorized modification of file metadata. This ...

LightLLM, a product by ModelTC, has a vulnerability in versions 1.1.0 and earlier that allows unauthenticated remote code execution. In the PD (prefill-decode) disaggregation mode, the PD master node exposes WebSocket endpoints that accept binary frames and directly process them through the `pick...

The tarfile module in Python versions 3.12 and later has a vulnerability that allows the extraction filter to be bypassed. This exploitation can lead to the extraction of symlink targets that point outside of the intended destination directory and unauthorized modification of file metadata. This ...

Pterodactyl, a widely used free and open-source game server management panel, has a significant vulnerability that allows unauthorized remote code execution. This occurs through the /locales/locale.json endpoint when specific query parameters are manipulated. Attackers exploiting this flaw can ex...

The Wavlink WL-NU516U1 device exhibits a stack-based buffer overflow vulnerability in the /cgi-bin/nas.cgi file's function sub_401218. An attacker can exploit this flaw by manipulating the User1Passwd argument, which may lead to unauthorized access or potential control over the affected system. T...

Smoothwall Express 3.1-SP4-polar-x86_64-update9 is vulnerable to multiple stored cross-site scripting (XSS) issues within the preferences.cgi script. Malicious actors can exploit these vulnerabilities by injecting harmful scripts into the HOSTNAME, KEYMAP, and OPENNESS parameters. By submitting s...

A stack-based buffer overflow vulnerability has been identified in the Wavlink WL-NU516U1 device, specifically within the handling of the firmware_url argument in the /cgi-bin/adm.cgi file. This flaw potentially allows remote attackers to execute arbitrary code by manipulating the input parameter...

A stack-based buffer overflow vulnerability has been identified in the Wavlink WL-NU516U1 device specifically in the function sub_40785C located in /cgi-bin/adm.cgi. This flaw arises from improper handling of the time_zone argument, enabling remote attackers to potentially exploit the affected sy...

A vulnerability exists in the JingDong JD Cloud Box AX6600, specifically within the jdcapp_rpc component's controlDevice functions. Exploiting this flaw allows an attacker to escalate privileges remotely, potentially gaining unauthorized access to sensitive system functionalities. The affected ve...

A vulnerability exists in the JingDong JD Cloud Box AX6600, specifically within the jdcweb_rpc component's cast_streen function in the jdcapi. This flaw allows remote attackers to escalate privileges through manipulation of the 'File' argument. The vulnerability has been publicly disclosed, and e...

A security flaw has been identified in JingDong JD Cloud Box AX6600, affecting versions up to 4.5.1.r4533. The issue lies within the 'web_get_ddns_uptime' function located in the '/jdcapi' path of the 'jdcweb_rpc' component. This vulnerability allows attackers to perform remote privilege escalati...

A vulnerability in kalcaddle's kodbox affects the Media File Preview Plugin, specifically within the 'run' function of the VideoResize.class.php file. This flaw allows an attacker to manipulate the 'localFile' argument, which could lead to the execution of arbitrary operating system commands on t...

A security flaw has been identified in GeekAI versions up to 4.2.4, where improper handling of the URL argument in the Download function of api/handler/net_handler.go can lead to server-side request forgery. This vulnerability allows attackers to potentially exploit the server by sending requests...

A vulnerability has been identified in the file upload functionality of cskefu, specifically within the MediaController.java file. This issue allows attackers to execute cross site scripting (XSS) attacks by manipulating upload processes. The vulnerability can be exploited remotely, exposing user...

A security vulnerability has been identified in cskefu up to version 8.0.1, located in the MediaController.java file. This vulnerability permits an attacker to manipulate the URL argument, potentially leading to server-side request forgery. This type of attack could allow unauthorized access to i...

A security vulnerability has been identified in the Tushar-2223 Hotel Management System affecting the HTTP POST Request Handler component, specifically the file /home.php. This flaw allows an attacker to manipulate arguments such as Name and Email, leading to SQL injection attacks that can be exe...

A security flaw has been identified in ZenTao's Backup Handler, specifically within the delete function of the file editor/control.php. This vulnerability arises from improper handling of the 'fileName' argument, leading to path traversal issues. Attackers can exploit this vulnerability remotely ...

A security flaw exists in the EFM iptime A6004MX router version 14.18.2 within the commit_vpncli_file_upload function of the /cgi/timepro.cgi script. This vulnerability enables remote attackers to upload files without restriction, which can lead to arbitrary code execution or further exploitation...

An improper access control vulnerability has been identified in the zhanghuanhao LibrarySystem, specifically within the BookController.java file. This flaw allows an attacker to manipulate access controls, potentially enabling unauthorized actions through remote exploitation. Although the vulnera...

A cross-site scripting vulnerability has been identified in the LigeroSmart AgentDashboard function, specifically in the /otrs/index.pl file. This vulnerability occurs due to improper handling of the Subaction argument, allowing attackers to inject and execute malicious scripts remotely. The expl...

A vulnerability has been identified in LigeroSmart software versions up to 6.1.26, specifically within the /otrs/index.pl file. This issue arises from improper handling of the SortBy argument, enabling the execution of malicious scripts in the user's browser. The vulnerability can be exploited re...

A cross-site scripting vulnerability has been identified in LigeroSmart, affecting versions up to 6.1.26. This weakness is associated with the file /otrs/index.pl?Action=AgentTicketSearch, where an attacker can manipulate the argument 'Profile' to execute arbitrary JavaScript in the context of th...

The vulnerability in the Python tarfile module allows for arbitrary filesystem writes when extracting untrusted tar archives with the filter parameter set to 'data' or 'tar'. This issue arises specifically in Python 3.12 or later. Users who employ the TarFile.extractall() or TarFile.extract() met...

The tarfile module in Python versions 3.12 and later has a vulnerability that allows the extraction filter to be bypassed. This exploitation can lead to the extraction of symlink targets that point outside of the intended destination directory and unauthorized modification of file metadata. This ...

The RegistrationMagic WordPress plugin prior to version 6.0.7.2 exposes a significant security flaw by lacking adequate capability checks. This vulnerability permits users with subscriber privileges and higher to improperly create forms on the website, potentially leading to unauthorized data col...

A command injection vulnerability has been detected in Comfast CF-E4 version 2.6.0.1, specifically within the HTTP POST Request Handler. The flaw exists in the /cgi-bin/mbox-config?method=SET&section=ntp_timezone component, allowing attackers to manipulate the timestr argument. This could lead to...

A vulnerability has been identified in the opencc JFlow Workflow Engine prior to version 20260129. This issue originates from mishandling XML inputs in the WF_Admin_AttrFlow.java component, particularly within the Imp_Done function. The flaw allows for XML External Entity (XXE) references to be e...

The vulnerability in the Python tarfile module allows for arbitrary filesystem writes when extracting untrusted tar archives with the filter parameter set to 'data' or 'tar'. This issue arises specifically in Python 3.12 or later. Users who employ the TarFile.extractall() or TarFile.extract() met...

A command injection vulnerability exists in the Comfast CF-N1 V2 router version 2.6.0.2, specifically affecting the sub_44AB9C function within the mbox-config interface. Exploitation occurs through manipulation of the 'channel' argument, allowing remote attackers to execute arbitrary commands. Th...

The Comfast CF-N1 V2 version 2.6.0.2 contains a command injection vulnerability within the sub_44AC4C function located in the /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth file. This flaw allows attackers to manipulate the 'bandwidth' argument, potentially leading to unauthorized comman...

A vulnerability exists in Tosei Self-service Washing Machine version 4.02 which can be exploited through the cgi-bin/tosei_datasend.php file. An attacker can manipulate the argument adr_txt_1, leading to unauthorized command execution on the device. This flaw allows for potential remote attacks, ...

Hikvision network camera devices suffer from an improper authentication vulnerability, which arises when the system fails to adequately authenticate users. This deficiency could enable an attacker to escalate privileges and obtain sensitive information, risking the integrity and confidentiality o...

A security flaw in MindsDB allows for server-side request forgery through improper handling of file uploads. The vulnerability affects the 'clear_filename' function in the security.py module, potentially permitting attackers to exploit this issue remotely. It is crucial to apply the patch identif...

A command injection vulnerability exists in the Wavlink WL-WN579A3 wireless router, specifically affecting the AddMac functionality in the wireless.cgi file. This weakness allows an attacker to manipulate the macAddr argument, leading to the possibility of remote execution of arbitrary commands. ...