Publicly Disclosed
PoC Exploits

A vulnerability exists in Whistle version 2.9.98, located in the file /cgi-bin/sessions/get-temp-file, which allows attackers to manipulate the filename argument. This leads to a path traversal issue that may enable unauthorized access to sensitive files on the server. Although the vendor was not...

An authentication flaw exists in Apache Tomcat and Apache Tomcat Native, where the CLIENT_CERT authentication process does not fail as expected under certain configurations when soft fail is disabled. This vulnerability potentially allows unauthorized access in scenarios where proper validation i...

Kofax Capture exposes a deprecated .NET Remoting HTTP channel on port 2424, accessible without authentication. This vulnerability allows an unauthenticated remote attacker to utilize .NET Remoting techniques to manipulate various system objects. By leveraging these techniques, attackers may read ...

An input validation issue in Microsoft Office SharePoint facilitates unauthorized spoofing attacks over the network. Attackers can exploit this vulnerability to impersonate legitimate users, potentially leading to unauthorized access and data breaches. Proper validation mechanisms must be in plac...

The reCaptcha plugin developed by WebDesignBy for WordPress prior to version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability arises from improper sanitization and escaping of the Site Key setting, which is outputted directly in a JavaScript context within the grecaptcha_js() fu...

The HT Mega Addons for Elementor plugin prior to version 3.0.7 contains a vulnerability where an unauthenticated AJAX action exposes personally identifiable information (PII) of customers who have made orders within the last week. This includes sensitive information such as full names, city, stat...

A vulnerability exists in the ByteDance verl product versions up to 0.7.0, specifically within the 'math_equal' function located in 'prime_math/grader.py'. This flaw allows for a potential sandbox escape, which could be exploited remotely. Although the complexity of executing an attack is relativ...

A vulnerability exists in the Ericc-ch Copilot-API up to version 0.7.0, which affects the Header Handler component in the /token file. This issue allows an attacker to manipulate the Host argument, which may result in unintended reliance on reverse DNS resolution. Such an exploit can be executed ...

Radare2 versions prior to 6.1.4 are susceptible to a command injection flaw within the PDB parser’s print_gvars() function. This vulnerability arises when an attacker crafts a malicious PDB file that incorporates newline characters within the symbol names. Through this manipulation, arbitrary com...

The SMBv1 protocol in various Microsoft Windows operating systems contains a vulnerability that enables remote attackers to execute arbitrary code by sending specially crafted packets to the server. This issue affects multiple versions of Windows, including desktop and server editions, allowing e...

Webmin versions up to 1.920 are susceptible to a command injection vulnerability through the 'old' parameter in the password_change.cgi script. An unauthenticated attacker can exploit this flaw to execute arbitrary commands on the server. This may lead to unauthorized access or further compromise...

The Beghelli Sicuro24 SicuroWeb application lacks a robust Content Security Policy (CSP), which exposes it to significant security risks. This failure allows attackers to load unauthorized external JavaScript resources, potentially leading to the execution of arbitrary remote payloads. When combi...

The Beghelli Sicuro24 SicuroWeb application lacks a robust Content Security Policy (CSP), which exposes it to significant security risks. This failure allows attackers to load unauthorized external JavaScript resources, potentially leading to the execution of arbitrary remote payloads. When combi...

A use-after-free vulnerability exists in the Android Binder service, which could allow attackers to elevate privileges from an application to the Linux Kernel. Exploitation of this vulnerability does not require any interaction from the user; however, it necessitates either the installation of a ...

Carbon Forum version 5.9.0 is susceptible to a persistent cross-site scripting vulnerability. This flaw enables authenticated administrators to insert malicious JavaScript code via the Forum Name field within the dashboard settings. When the malicious script is stored, it can be executed in the b...

The ELBA5 version 5.8.0 contains a significant vulnerability that enables remote code execution through improper database access. Attackers can leverage default connector credentials to connect to the database, potentially retrieving sensitive information, such as database administrator passwords...

TextPad 8.1.2 contains a denial of service vulnerability that enables local attackers to crash the application by providing an overly long buffer string via the Run command interface. By submitting a 5000-byte payload into the Command field through Tools > Run, the application is susceptible to a...

ThinkPHP 5.0.23 has a vulnerability that allows unauthorized attackers to execute arbitrary PHP code remotely. This occurs through the manipulation of the routing parameters, where attackers can craft specific requests targeting the index.php endpoint. By supplying malicious function parameters, ...

ICEWARP version 11.0.0.0 is susceptible to a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious HTML content into emails. By utilizing base64-encoded payloads embedded in object and embed tags, attackers can craft emails containing data URIs that execute embedded s...

LanSpy version 2.0.1.159 is susceptible to a local buffer overflow vulnerability. This issue arises when attackers provide oversized input to the scan field, allowing them to overwrite the instruction pointer. By crafting a specific payload composed of 688 bytes of padding followed by 4 bytes of ...

UltraISO 9.7.1.3519 is prone to a local buffer overflow vulnerability within the Output FileName field of the Make CD/DVD Image dialog. This flaw can be exploited by attackers who craft a malicious filename string containing 304 bytes of data followed by specially constructed SEH record overwrite...

Angry IP Scanner version 3.5.3 is susceptible to a buffer overflow vulnerability within its preferences dialog. This flaw enables local attackers to induce a denial of service by submitting an oversized string. The vulnerability can be exploited by creating a file filled with repeating characters...

LanSpy 2.0.1.159 has a local buffer overflow vulnerability in the scanning functionality that enables local attackers to execute arbitrary code. This is achieved through exploitation of the structured exception handling (SEH) mechanisms, allowing attackers to craft malicious payloads utilizing eg...

Angry IP Scanner for Linux version 3.5.3 has a denial of service vulnerability that can be exploited by local attackers. By inputting a specially crafted malicious string into the port selection field within the application, an attacker can trigger a buffer overflow, leading to an unexpected appl...

Iperius Backup 5.8.1 features a local buffer overflow vulnerability in its structured exception handling (SEH) mechanism. This vulnerability allows local attackers to execute arbitrary code by providing a manipulated file path. By crafting a specific payload in the external file location field wh...

Terminal Services Manager 3.1 has a stack-based buffer overflow vulnerability in the computer names field, which can be exploited by local attackers. By crafting a specially formatted input file containing shellcode and jump instructions, attackers can overwrite the structured exception handler (...

MAGIX Music Editor 3.1 is susceptible to a buffer overflow vulnerability in its FreeDB Proxy Options dialog. This vulnerability allows local attackers to execute arbitrary code through misuse of structured exception handling. By crafting a malicious payload and entering it into the Server field v...

A vulnerability exists in AWS Auth Manager where the SAML authentication origin is utilized as provided by the client, without verification against the actual instance URL. This flaw potentially allows unauthorized access to different instances that may enforce diverse access controls, as attacke...

An OS command injection vulnerability exists in Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw arises from improper neutralization of special elements used in operating system commands. An attacker can exploit this vulnerability to execute unauthorized commands, potentially comprom...

A security flaw has been identified in the Comfast CF-N1-S 2.6.0.1 involving the file /cgi-bin/mbox-config?method=SET&section=ping_config. This vulnerability allows an attacker to manipulate the argument 'destination', resulting in command injection. The exploit can be executed remotely, posing a...

The first article discusses a vulnerability in the Bdtask Multi-Store Inventory Management System, which is susceptible to cross-site scripting. The vulnerability allows for remote attack through manipulation of certain arguments. The vendor has not responded to the disclosure, and the exploit ha...

A vulnerability exists in the Custom Scripts Handler component of Bagisto, affecting versions up to 2.3.15. This flaw allows for cross site scripting, enabling remote attackers to execute unauthorized scripts in the context of a user’s session. The issue has been publicly disclosed, and exploitat...

A reflected cross-site scripting vulnerability exists in the search plugin of Bludit CMS prior to the commit 6732dde. This issue allows unauthenticated attackers to craft malicious search queries that inject arbitrary JavaScript. When users visit impacted URLs, these scripts can be executed in th...

A security issue has been identified in Bagisto, specifically affecting the Downloadable Link Handler component. This vulnerability allows an attacker to perform server-side request forgery (SSRF) attacks, which can be exploited remotely. The flaw allows malicious users to send crafted requests t...

A cross site scripting vulnerability was identified in the Calendar component of WebSystems WebTOTUM 2026. This issue allows attackers to execute malicious scripts in the context of the user's session, potentially leading to data theft or session hijacking. The attack can be initiated remotely, m...

Seeyon OA A8 is vulnerable to an unauthenticated arbitrary file write issue within the /seeyon/htmlofficeservlet endpoint. This vulnerability allows remote attackers to send specially crafted POST requests containing base64-encoded payloads, enabling them to write arbitrary files to the web appli...

Seeyon OA A8 is vulnerable to an unauthenticated arbitrary file write issue within the /seeyon/htmlofficeservlet endpoint. This vulnerability allows remote attackers to send specially crafted POST requests containing base64-encoded payloads, enabling them to write arbitrary files to the web appli...

The ElementsKit Elementor Addons and Templates plugin for WordPress is susceptible to a stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping on the 'ekit_tab_title' parameter within the Simple Tab widget. Authenticated users with contributor-level a...

A significant SQL injection vulnerability exists in the Happy Addons for Elementor plugin developed by HappyMonster. This flaw enables attackers to potentially execute unauthorized SQL commands by exploiting improper neutralization of special elements in SQL queries. Affected versions include all...

A vulnerability in the ericc-ch copilot-api prior to version 0.7.0 affects the CORS function in the Token Endpoint, found in the src/server.ts file. This flaw allows for a permissive cross-domain policy that can be exploited by untrusted domains, enabling remote attacks. Attackers can manipulate ...

The M365 Copilot product from Microsoft is susceptible to an information disclosure vulnerability that permits unauthorized attackers to disclose sensitive information over a network. This defect stems from a command injection flaw within the AI functionalities of M365 Copilot, emphasizing the ne...

A vulnerability has been identified in Z-BlogPHP version 1.7.5, specifically in the App::UnPack function within the app_upload.php file of the ZBA File Handler component. This flaw permits an attacker to upload files without any restriction, which can lead to serious security breaches. The vulner...

The Vvveb product prior to version 1.0.8.1 contains a stored cross-site scripting vulnerability. This issue allows authenticated users with media upload and rename permissions to exploit the application by executing arbitrary JavaScript. The vulnerability arises from the ability to bypass MIME ty...

A vulnerability exists in Qibo CMS 1.0 that enables an attacker to exploit the system through manipulated arguments to the /index/image/headers file. This can lead to server-side request forgery, allowing unauthorized remote access to internal services not intended for exposure. The vulnerability...

A security vulnerability has been discovered in the Internal Message Module of Qibo CMS 1.0, which allows for potential cross-site scripting (XSS) attacks. This vulnerability enables remote attackers to execute arbitrary scripts in the context of a user's session. The exploit has been publicly di...

A path traversal vulnerability has been identified in the p2r3 Convert API, specifically within the Bun.serve function of the buildCache.js file. This vulnerability is triggered by manipulating the pathname argument, allowing attackers to exploit the system remotely. The exploit has been made pub...

A vulnerability has been identified in Rowboat Labs' Rowboat, specifically in the tools_webhook component. The issue lies within the tool_call function in the apps/experimental/tools_webhook/app.py file, where manipulation of the X-Tools-JWE argument can lead to improper authentication. This coul...

Apache ActiveMQ versions prior to 5.13.0 contain a vulnerability that permits remote attackers to execute arbitrary code. This occurs due to inadequate restrictions on the classes that may be serialized within the broker, specifically through a crafted serialized Java Message Service (JMS) Object...

A vulnerability exists in Usememos Memos versions up to 0.22.1 due to improper authorization in the memos_access_token function located in the UpdateInstanceSetting component (src/App.tsx). This weakness allows attackers to manipulate arguments such as additionalStyle and additionalScript, enabli...

A security issue has been identified in Yifang CMS versions up to 2.0.5, specifically within the Extended Management Module. This vulnerability resides in the 'store' function found in 'plugins/yifang_backend_account/logic/admin/L_rbac_admin.php'. Attackers can exploit this flaw to execute cross-...