Publicly Disclosed
PoC Exploits

The Lobe Chat framework, designed for chatbot development with capabilities like speech synthesis and a multimodal plugin system, has a vulnerability in its /api/proxy endpoint prior to version 0.150.6. This flaw allows attackers to execute unauthorized Server-Side Request Forgery, enabling them ...

A vulnerability has been discovered in the Portabilis i-Educar system, specifically affecting the Final Status Import component and its FinalStatusImportService.php file. This vulnerability is due to improper authorization, which can be exploited by manipulating the school_id argument. The attack...

A security vulnerability has been identified in the itsourcecode Student Management System 1.0, specifically in the /ramonsys/billing/index.php file. The issue arises from improper handling of the ID argument, allowing for SQL injection attacks. This vulnerability can be exploited remotely, poten...

A security flaw in the itsourcecode Student Management System version 1.0 allows for SQL injection through improper handling of the ID argument in the file /ramonsys/soa/index.php. This vulnerability can be exploited remotely, making it a significant risk since potential attackers can manipulate ...

A vulnerability exists in the itsourcecode Student Management System version 1.0 located in the file /ramonsys/facultyloading/index.php. This flaw allows for SQL injection through the manipulation of the argument ID, enabling attackers to execute arbitrary SQL commands. The exploitation can be pe...

A security flaw was discovered in the itsourcecode Student Management System 1.0, specifically impacting an unidentified function within the /ramonsys/enrollment/controller.php file. This vulnerability allows for SQL injection attacks through the manipulation of the argument ID. As the exploit is...

A vulnerability exists in the Trade Payment Handler of Sanluan PublicCMS that allows for improper authorization due to manipulation of the paymentId parameter in the function Paid within the TradePaymentService.java file. This can be exploited remotely, leading to unauthorized access to trade pay...

A vulnerability exists in the SourceCodester Gas Agency Management System version 1.0, specifically within the processing of the createUser.php file. This flaw allows for improper access control measures, making it possible for attackers to manipulate the system remotely. With the exploit made pu...

A vulnerability exists in the abhiphile fermat-mcp product affecting the eqn_chart function within the eqn_chart.py file. By manipulating the argument 'equations', attackers can execute arbitrary code, leading to potential unauthorized access and remote exploitation. The rolling release nature of...

Camaleon CMS, a robust content management system built on Ruby on Rails, has a path traversal vulnerability in the MediaController's download_private_file method. This flaw permits authenticated users to potentially download any file stored on the web server, depending on file permissions configu...

A command injection vulnerability exists in the DCN DCME-320's web management backend. The issue lies within the apply_config function of the bridge_cfg.php file, where improper handling of the ip_list argument allows for unauthorized command execution. This vulnerability can be exploited remotel...

A vulnerability exists in MicroPython due to a flaw in the mp_import_all function located in py/runtime.c, which can lead to memory corruption. This issue requires local access for exploitation and has already been published. Users are advised to apply the available patch (commit 570744d06c5ba9db...

A vulnerability has been identified in libuvc up to version 0.0.7 that affects the function uvc_scan_streaming within the UVC Descriptor Handler located in the file src/device.c. This flaw leads to a null pointer dereference, which can potentially allow an attacker local access to disrupt operati...

A vulnerability has been identified in the Oat++ framework, specifically within the function oatpp::data::type::ObjectWrapper::ObjectWrapper located in src/oatpp/data/type/Type.hpp. This issue can lead to a null pointer dereference when accessed locally, making it essential for developers to be a...

A vulnerability exists in mruby versions up to 3.4.0, specifically in the mrb_vm_exec function within the JMPNOT-to-JMPIF Optimization component. This weakness allows an attacker to execute a manipulation that can result in a use after free condition. The attack needs to be launched locally, and ...

An improper limitation of a pathname to a restricted directory exists in Fortinet's FortiOS and FortiProxy products. This flaw, found in versions 6.0.0 through 6.0.4, 5.6.3 through 5.6.7, and 5.4.6 through 5.4.12 for FortiOS, as well as various versions of FortiProxy, allows unauthenticated attac...

A vulnerability exists in kalyan02 NanoCMS up to version 0.4, specifically within the User Information Handler component. This flaw allows unauthorized manipulation of the file /data/pagesdata.txt, resulting in direct access to sensitive data. The exploitation of this vulnerability can be initiat...

A security vulnerability has been identified in the mcp-vegalite-server, specifically within the visualize_data function due to improper handling of the vegalite_specification argument. This flaw permits attackers to execute arbitrary code remotely, posing a significant threat to users of the aff...

A vulnerability has been discovered in the Free5GC product, specifically within the SessionDeletionResponse function of the SMF component. This flaw allows an attacker to remotely trigger a null pointer dereference, which could lead to service disruption. The vulnerability has been publicly discl...

A security flaw has been identified in Free5GC, affecting versions up to 4.1.0. The vulnerability arises from the identityTriggerType function in the pfcp_reports.go file, leading to a null pointer dereference. This flaw allows attackers to execute exploits remotely, putting systems at risk. It i...

A security flaw exists in the function ResolveNodeIdToIp of Free5GC's SMF component. This vulnerability can be exploited to trigger a denial of service condition, adversely affecting service availability. The vulnerability facilitates remote exploitation, and publicly available exploits are known...

A vulnerability in Free5GC's SMF component allows remote attackers to trigger a null pointer dereference through manipulation of the establishPfcpSession function. This can lead to potential service disruptions and is considered a critical security concern. It's essential for users to apply the l...

A vulnerability exists in the Edimax BR-6208AC router's authentication mechanism, specifically within the auth_check_userpass2 function. This flaw allows an attacker to exploit weak authentication by manipulating username and password inputs, subsequently gaining unauthorized access through defau...

An open redirect vulnerability has been identified in the Edimax BR-6258n, affecting version 1.18. This flaw resides within the 'formStaDrvSetup' function located in the /goform/formStaDrvSetup file. It allows remote attackers to manipulate the 'submit-url' argument, potentially leading to decept...

Camaleon CMS, a robust content management system built on Ruby on Rails, has a path traversal vulnerability in the MediaController's download_private_file method. This flaw permits authenticated users to potentially download any file stored on the web server, depending on file permissions configu...

Axigen Mail Server versions prior to 10.5.57 and 10.6.x before 10.6.26 are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface due to improper handling of the '_s' (breadcrumb) parameter. This allows attackers to send specially crafted URLs that, when execut...

Axigen Mail Server versions before 10.5.57 are susceptible to multiple stored Cross-Site Scripting (XSS) vulnerabilities within the WebAdmin interface. These vulnerabilities exist in various features, including the log file name parameter on the Local Services Log page, the content of certificate...

The Axigen Mail Server prior to version 10.5.57 contains a vulnerability in its WebAdmin interface, where a delegated admin account with no permissions can circumvent access controls, gaining unauthorized access to the SSL Certificates management endpoint. This flaw allows attackers to view, down...

P5 FNIP-8x16A and FNIP-4xSH versions 1.0.20 and 1.0.11 are susceptible to a stored cross-site scripting vulnerability. This flaw occurs due to insufficient sanitization of input received from multiple GET/POST parameters. As a result, attackers can inject malicious HTML and script code into users...

P5 FNIP-8x16A and FNIP-4xSH versions 1.0.20 and 1.0.11 are susceptible to a stored cross-site scripting vulnerability. This flaw occurs due to insufficient sanitization of input received from multiple GET/POST parameters. As a result, attackers can inject malicious HTML and script code into users...

P5 FNIP-8x16A and FNIP-4xSH versions 1.0.20 and 1.0.11 are susceptible to a stored cross-site scripting vulnerability. This flaw occurs due to insufficient sanitization of input received from multiple GET/POST parameters. As a result, attackers can inject malicious HTML and script code into users...

The Edimax EW-7438RPn Mini 1.27 is susceptible to a vulnerability that allows unauthenticated attackers to access the /wizard_reboot.asp page while in unsetup mode. This security flaw permits attackers to retrieve sensitive information, such as the Wi-Fi SSID and security key, by simply sending a...

PHP-Fusion 9.03.50 contains a vulnerability in the panels.php component, where improper input sanitization of the 'panel_content' POST parameter allows for cross-site scripting (XSS) attacks. This flaw permits attackers to inject and execute malicious JavaScript within the context of the affected...

The HRSALE 1.1.8 software contains a cross-site request forgery vulnerability that permits attackers to manipulate the employee registration process. By deploying a malicious HTML page, an attacker can deceive authenticated administrators into involuntarily registering new accounts with administr...

The Exagate SYSGuard 6001 software exhibits a cross-site request forgery (CSRF) vulnerability, which allows potential attackers to exploit the system by creating unauthorized administrative accounts. This risk arises when users are tricked into submitting a crafted HTML form to the endpoint /kuly...

ProficySCADA for iOS version 5.0.25920 contains a specific vulnerability that allows attackers to exploit the password input functionality. By injecting 257 bytes of repeated characters into the password field, an attacker can trigger an application crash, which prevents legitimate users from suc...

AIDA64 version 5.50.2100 is susceptible to a denial of service vulnerability that allows local attackers to manipulate the file open functionality. By generating a specific 450-byte buffer filled with repeated characters and pasting it into the file open dialog, attackers can trigger a crash of t...

The 10-Strike Network Inventory Explorer version 8.54 is susceptible to a buffer overflow due to improper handling of structured exceptions, which can be exploited by an attacker. By crafting a malicious payload aimed at the 'Computer' parameter in the 'Add' function, an attacker can potentially ...

The 10-Strike Network Inventory Explorer version 8.54 is susceptible to a buffer overflow due to improper handling of structured exceptions, which can be exploited by an attacker. By crafting a malicious payload aimed at the 'Computer' parameter in the 'Add' function, an attacker can potentially ...

The 10-Strike Network Inventory Explorer 9.03 is susceptible to a buffer overflow vulnerability due to faulty file import functionality. Attackers can exploit this flaw by sending a maliciously crafted text file that triggers a stack-based buffer overflow and allows arbitrary code execution. The ...

The application Odin Secure FTP Expert version 7.6.3 is susceptible to a local denial of service vulnerability. By manipulating site information fields, attackers can exploit this flaw to cause the application to crash via a buffer overflow. Specifically, inputting 108 bytes of repeated character...

ZOC Terminal version 7.25.5 is susceptible to a denial of service vulnerability that arises from improper handling of input in the private key file field. Attackers can exploit this flaw by inputting a specially crafted 2000-byte buffer into the private key file input. This manipulation can lead ...

The vulnerability in PHP-Fusion 9.03.50 is due to improper handling of POST data in the 'add_panel_form()' function, which leads to remote code execution. Attackers can exploit this flaw by crafting malicious 'panel_content' POST parameters sent to the panels.php administration endpoint, allowing...

UltraVNC Viewer 1.2.4.0 is susceptible to a denial of service flaw that enables attackers to compromise the application's stability. By crafting a malformed 256-byte payload and inserting it into the VNC Server connection dialog, an attacker can induce an application crash, disrupting service con...

The UltraVNC Launcher 1.2.4.0 is susceptible to a denial of service vulnerability due to improper handling of input in the Repeater Host configuration field. Attackers can exploit this flaw by entering a maliciously crafted string of over 300 characters, compelling the application to crash. This ...

Nsauditor 3.2.0.0 contains a vulnerability in its registration name input field that can be exploited by attackers to induce a denial of service. By crafting a malicious payload consisting of 1000 bytes of repeated characters and pasting it into the registration name field, an attacker can trigge...

UltraVNC Launcher version 1.2.4.0 is vulnerable to a denial of service attack due to improper handling of password configuration properties. An attacker with local access can input an excessively long 300-character string into the password field, leading to an application crash. This exploit disr...

Nsauditor Product Key Explorer version 4.2.2.0 contains a vulnerability that allows local attackers to cause a denial of service. By inputting a specially crafted registration key, an attacker can trigger an application crash. Specifically, sending a payload of repeated characters through the 'Ke...

Memu Play version 7.1.3 is affected by a security issue due to insecure folder permissions. This vulnerability allows low-privileged users to alter the MemuService.exe executable by replacing it with a malicious file upon system restart. By exploiting these unrestricted file modification permissi...

A security flaw in ZOC Terminal version 7.25.5 enables local attackers to create a denial of service condition by executing a specially crafted REXX script. This malformed script, constructed to include an excessive number of repetitive characters (up to 20,000), can lead to an application crash,...