Publicly Disclosed
PoC Exploits

In Roundcube Webmail versions 1.6.x prior to 1.6.16 and 1.7.x prior to 1.7.1, a vulnerability exists due to an unsanitized subject field within the draft restore functionality. This flaw can potentially allow attackers to inject malicious HTML or CSS code into shared mailboxes, leading to stored ...

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

The Sliced Invoices plugin for WordPress, version 3.8.2, is affected by an authenticated SQL injection vulnerability that enables attackers with valid credentials to craft malicious database queries. By manipulating the 'post' parameter during requests to the admin.php endpoint with an action=dup...

CherryFramework Themes version 3.1.4 for WordPress is affected by an information disclosure vulnerability. This flaw enables unauthenticated attackers to exploit the download_backup.php endpoint, allowing them to download sensitive backup files stored on the server. By directly accessing the down...

The Baggage Freight Shipping Plugin for WordPress version 0.1.0 is susceptible to an arbitrary file upload vulnerability caused by inadequate validation of uploaded files through the upload-package.php endpoint. This flaw permits unauthenticated attackers to remotely upload malicious files to the...

The More Fields Plugin version 2.1 for WordPress is susceptible to a cross-site request forgery vulnerability. This flaw enables malicious actors to execute unauthorized actions on behalf of logged-in administrators by circumventing CSRF token validation. By luring administrators to visit crafted...

The Appointment Booking Calendar plugin for WordPress version 1.1.24 is susceptible to multiple vulnerabilities that could allow unauthenticated attackers to escalate privileges. Through manipulation of parameters in the admin.php file, attackers can modify calendar settings and inject persistent...

The Abtest plugin for WordPress has a local file inclusion vulnerability, enabling unauthenticated attackers to exploit the action parameter in abtest_admin.php. By crafting specific GET requests with compromised action values, attackers can include arbitrary files from the admin directory. This ...

The HB Audio Gallery Lite plugin for WordPress (version 1.0.0) is susceptible to a path traversal vulnerability that enables unauthenticated attackers to exploit the file_path parameter. By sending specially crafted requests to the audio-download.php endpoint, attackers can traverse directories a...

The Brandfolder plugin for WordPress, specifically versions 3.0 and earlier, is susceptible to a local file inclusion vulnerability in its callback.php file. This flaw permits unauthenticated attackers to manipulate the wp_abspath parameter, potentially allowing them to include arbitrary files. B...

The Dharma Booking plugin for WordPress, specifically versions 2.28.3 and earlier, is susceptible to a local file inclusion vulnerability due to improper sanitation of the gateway parameter. This flaw permits unauthenticated attackers to manipulate file paths and execute directory traversal or nu...

The Photocart Link plugin version 1.6 for WordPress is impacted by a local file inclusion vulnerability due to insufficient input validation in its decode.php file. This flaw enables unauthenticated attackers to supply malicious base64-encoded file paths through the 'id' parameter. By exploiting ...

The IMDb Profile Widget version 1.0.8 for WordPress contains a local file inclusion vulnerability that can be exploited by unauthenticated attackers. By manipulating the `url` parameter through directory traversal sequences in GET requests to `pic.php`, attackers can potentially access sensitive ...

The WordPress Simple-Backup plugin version 2.7.11 is susceptible to vulnerabilities that allow unauthenticated attackers to exploit the application through improper input validation. By manipulating the parameters in the tools.php file, attackers can conduct directory traversal attacks to delete ...

The WordPress Ultimate Product Catalog version 3.8.6 is susceptible to an arbitrary file upload vulnerability. Authenticated users with roles such as contributor, editor, author, or administrator can exploit this weakness through the custom fields feature in the Products tab. This allows attacker...

The Lazy Content Slider Plugin version 3.4 for WordPress exhibits a cross-site request forgery vulnerability, enabling attackers to execute unauthorized actions. This is achieved by tricking authenticated administrators into inadvertently submitting malicious POST requests to the plugin's setting...

The Answer My Question 1.3 plugin for WordPress is susceptible to an SQL injection vulnerability, enabling attackers to execute unauthorized SQL code through the 'id' POST parameter. This security flaw occurs when malicious users exploit the modal.php endpoint, allowing them to submit crafted SQL...

The BBS e-Franchise plugin for WordPress suffers from an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands. By manipulating the 'uid' parameter in requests, attackers can craft specific requests that exploit this flaw. This manipulation enables th...

The Booking Calendar Contact Form 1.0.23 plugin for WordPress is susceptible to privilege escalation and stored XSS vulnerabilities. These flaws arise from inadequate verification of user privileges and insufficient input sanitation. An attacker with subscriber-level credentials can exploit these...

The 404 Redirection Manager plugin for WordPress version 1.0 is susceptible to an unauthenticated SQL injection vulnerability. This flaw enables remote attackers to exploit improperly sanitized user inputs, thereby injecting malicious SQL code through crafted GET requests. As a result, attackers ...

WordPress CP Polls version 1.0.8 is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw permits attackers to craft malicious HTML pages that can execute unauthorized poll actions when visited by authenticated administrators. If an administrator inadvertently accesses such ...

The WP MAPS PRO plugin for WordPress contains a serious vulnerability that allows an unauthenticated attacker to create an administrator account without proper authorization. This security flaw is facilitated by an AJAX action that is registered publicly, exposing a valid nonce that can be access...

The Form Builder CP plugin for WordPress, prior to version 1.2.47, is susceptible to stored cross-site scripting (XSS) attacks due to inadequate sanitization of form configuration values. This vulnerability allows authenticated users with Editor-level access or higher to inject malicious scripts ...

The WP Go Maps plugin for WordPress prior to version 10.0.10 has a significant flaw in its public single-marker REST endpoint. Due to a lack of approval-state filtering, this vulnerability allows unauthenticated users to access marker records that have not been approved by an administrator for pu...

The WP Go Maps plugin for WordPress prior to version 10.0.10 is susceptible to a security flaw that fails to properly enforce a marker approval filter in its admin-ajax fallback. This oversight enables unauthorized individuals to access sensitive marker data, which has not been vetted for public ...

A security vulnerability has been identified in DVDFab Virtual Drive version 2.0.0.5, specifically affecting the Signed Kernel Driver component (dvdfabio.sys). This vulnerability allows for improper privilege management, which can be exploited locally by an attacker to gain elevated privileges. T...

A vulnerability has been identified in Duktape up to version 2.99.99 that affects its memory management through the file duk_api_bytecode.c. By manipulating the argument count_instr, a local attacker could exploit this weakness to cause memory corruption. This issue is particularly concerning as ...

A security flaw has been identified in Qihoo 360 Total Security 6.0 that impacts the Nucleus Engine Monitoring Logic. This issue lies within the RpcStringBindingComposeW function, where a manipulation of the NetworkAddr argument can lead to a failure in the protection mechanisms. This vulnerabili...

A security flaw has been identified in the Intelbras iNVU 7016 FT web interface, specifically in the file /RPC2_Loadfile/syslog/. This issue allows for potential path traversal, where an attacker can exploit the vulnerability remotely. It is crucial for users of this device to upgrade to the patc...

A vulnerability has been identified in the universal-tool-calling-protocol python-utcp version 1.1.0, specifically within the utcp-gql/utcp-websocket component. This issue allows attackers to perform server-side request forgery (SSRF) by manipulating server requests, which can lead to unauthorize...

A vulnerability has been identified in versions of the RubyLouvre Avalon component up to 2.2.10 that allows for improperly controlled modifications of object prototype attributes. This flaw is located in an unspecified function within src/filters/index.js, undermining the integrity of application...

A vulnerability exists in jsonata-js versions up to 2.2.0 that allows for prototype pollution via the createFrame function in the Function Binding Frame System. This weakness enables an attacker to manipulate object prototype attributes in an improper manner. The attack can be executed remotely, ...

A security flaw has been identified in the medkey HTTP REST API, particularly in the function actionGetPatientById within the PatientController.php file. This vulnerability allows for improper control of resource identifiers by manipulating the argument ID. Such exploitation can be executed remot...

A vulnerability has been identified in Grit42 Grit, specifically affecting versions up to 0.11.0. The issue lies in the Grit::Assays::DataTableEntity function found in the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. This vulnerability enables attackers to perform a SQ...

A vulnerability in ShopXO versions up to 6.7.1 is linked to the Scheduled Task Endpoint functionality, specifically the OrderClose, OrderSuccess, PayLogOrderClose, and GoodsGiveIntegral functions. This flaw allows attackers to bypass authorization checks, enabling potential unauthorized access an...

A significant vulnerability has been discovered in Intelliants Subrion CMS versions up to 4.0.3, specifically within the Blocks Endpoint component. This security flaw enables attackers to manipulate the CSS class name argument, leading to potential cross-site scripting occurrences. Such exploits ...

A security flaw exists in IObit Malware Fighter versions up to 13.2.0, specifically related to its DLL Handler component. This vulnerability introduces permission issues that can be exploited by attackers with local access to the system. The exploit has already been made public, which raises conc...

The vulnerability arises from mismatched length fields in Zlib compressed protocol headers within MongoDB Server, potentially allowing an unauthenticated client to access uninitialized heap memory. This could lead to unauthorized information exposure, affecting versions of MongoDB Server across m...

A vulnerability has been identified in Ritlabs TinyWeb Server, specifically in the libeay32.dll.html component related to the Header Handler. This issue allows attackers to exploit an unknown function by manipulating the Authorization argument, leading to a stack-based buffer overflow. The potent...

A path traversal vulnerability has been discovered in Microweber up to version 2.0.20, specifically within the API Endpoint's userfiles_path function. By manipulating the cache_path_relative argument, an attacker can exploit this weakness to access unauthorized directories and potentially retriev...

A security flaw has been identified in the Ruijie EG105G-P version 2.340, affecting the JSON-RPC Diagnose Endpoint. The vulnerability resides in the nslookup function located in /cgi-bin/luci/api/diagnose. An attacker can exploit this flaw by manipulating the params.target argument, allowing for ...

A vulnerability exists within the VS Revo RevoUninstaller versions 2.5.x and 2.6.x. The issue is tied to the IOCtl_Handler function in the RevoDetector.sys driver, which is susceptible to heap-based buffer overflow. This manipulation requires local access, making the threat vector limited to user...

A vulnerability exists in the Moovit Bus & Public Transit App version 1.18 for Android, related to improper authorization within the component com.tranzmate. This flaw enables local attackers to exploit the URL scheme handler, which can lead to unauthorized actions within the application. The exp...

A SQL injection vulnerability exists in the GritEntityController component of Grit42 Grit, affecting versions up to 0.11.0. This issue can be exploited remotely by manipulating incoming data sent to the affected controller, leading to unauthorized access and potential data breaches. This exploit ...

A vulnerability exists in the GL.iNet GL-MT3000 router due to an issue in the Online Firmware Upgrade Handler component. This vulnerability allows for command injection through the 'one_click_upgrade' functionality, which can be exploited remotely. As a result of this flaw, an attacker could exec...

A command injection vulnerability exists in the GL.iNet GL-MT3000 due to improper handling in the Tor Proxy Service Configuration Handler, specifically in the replace_country function. This weakness allows remote attackers to execute arbitrary commands on the affected device. The issue is prevale...

A vulnerability present in the CLI of multiple Cisco Catalyst SD-WAN products allows an authenticated local attacker with netadmin privileges to execute arbitrary commands as the root user. This flaw arises from inadequate validation of user-supplied input, enabling an attacker to upload a specia...

In certain versions of Splunk Enterprise and Splunk Cloud Platform, an unauthenticated user may exploit a flaw in the PostgreSQL sidecar service endpoint, enabling them to create or truncate arbitrary files. This vulnerability arises from the absence of proper authentication mechanisms on the end...

The Iptanus File Upload WordPress plugin prior to version 5.1.7 is susceptible to a vulnerability that arises from improper file handling. Specifically, when the duplicatepolicy setting is configured to 'maintain both', a Time-of-Check to Time-of-Use (TOCTOU) race condition occurs between the fil...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...