Publicly Disclosed
PoC Exploits

When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causin...

A header injection vulnerability exists in Apache APISIX that can be exploited by attackers through improper configuration in the forward-auth plugin. This flaw allows for the injection of malicious headers, posing a risk to the integrity and security of the application. Users are advised to upgr...

A vulnerability has been identified in ComfyUI affecting the LoadImage Node component, specifically within the function folder_paths.get_annotated_filepath of the folder_paths.py file. This issue stems from improper handling of input arguments, leading to a path traversal condition. By exploiting...

A path traversal vulnerability exists in ComfyUI versions up to 0.13.0, specifically affecting the model preview feature within the get_model_preview function in model_manager.py. This flaw enables attackers to manipulate file paths, potentially exposing sensitive files or executing arbitrary cod...

A security vulnerability has been identified in ComfyUI versions up to 0.13.0, specifically impacting the create_origin_only_middleware function within the server.py file. This vulnerability enables attackers to execute cross-site request forgery (CSRF) attacks, allowing unauthorized actions on b...

A vulnerability has been discovered in the Model API Endpoint of Serge-Chat, specifically in the function download_model/delete_model located in api/src/serge/routers/model.py. This flaw allows for remote manipulation, potentially leading to unauthorized access due to missing authentication contr...

An authorization bypass vulnerability has been discovered in the SuperAGI product from TransformerOptimus. This security flaw affects the `get_budget` and `update_budget` functions within the `budget.py` file of the Budget Endpoint component. Exploiting this vulnerability allows unauthorized mani...

A vulnerability exists in the organisation update function of TransformerOptimus SuperAGI, specifically in the update_organisation method located in the superagi/controllers/organisation.py file. This flaw allows for an authorization bypass due to improper handling of the organisation_id paramete...

A security flaw exists in TransformerOptimus SuperAGI affecting versions up to 0.0.14, specifically within the user update function. An attacker can exploit this vulnerability via remote techniques, leading to unauthorized access. The flaw arises from improper handling of the user_id argument in ...

A vulnerability exists in TransformerOptimus SuperAGI versions up to 0.0.14 within the API Key Management Endpoint, specifically in the delete_api_key/edit_api_key functions located in the superagi/controllers/api_key.py file. This issue allows an attacker to bypass authorization remotely, potent...

A flaw exists in the Vector Database Management Endpoint of TransformerOptimus SuperAGI, specifically in the function get_vector_db_details. This issue allows attackers to exploit missing authentication, potentially granting unauthorized access to sensitive operations. The vulnerability is exploi...

A buffer overflow vulnerability exists in the H3C Magic B1, specifically in the SetMobileAPInfoById function within the /goform/aspForm file. This issue allows for manipulation of the parameter input, potentially leading to remote code execution. The exploit is publicly known, and proactive measu...

A security vulnerability has been identified in Liangliangyy's DjangoBlog, specifically within the Amap API Call Handler. An unknown function in the file owntracks/views.py improperly handles input parameters, allowing the use of hard-coded cryptographic keys. This vulnerability can be exploited ...

A vulnerability has been detected in liangliangyy DjangoBlog versions up to 2.1.0.0, specifically within the Clean Endpoint component located in blog/views.py. This issue allows for unauthorized access due to the absence of proper authentication checks, potentially enabling malicious actors to ex...

A security flaw in the liangliangyy DjangoBlog allows for the manipulation of the SECRET_KEY argument within the settings.py file, leading to hard-coded credentials. This vulnerability can be exploited remotely, requiring a sophisticated level of technical knowledge. The potential for exploitatio...

A notable vulnerability exists in DjangoBlog by liangliangyy, impacting versions up to 2.1.0.0. This flaw resides within an undisclosed function in the logtracks Endpoint (owntracks/views.py), resulting in a lack of necessary authentication measures. As a result, unauthorized users can potentiall...

A command injection vulnerability has been identified in the WeChat Bot interface of DjangoBlog up to version 2.1.0.0. This flaw resides in the CommandHandler function of the servermanager/api/commonapi.py file, allowing remote attackers to manipulate the Source argument. If exploited, this vulne...

An improper access control issue exists in Fortinet's FortiClientEMS versions 7.4.5 and 7.4.6. This vulnerability may enable an unauthenticated attacker to send crafted requests that can lead to the execution of unauthorized code or commands. Organizations using affected versions should prioritiz...

EMQX Enterprise versions up to 6.1.0 contain a vulnerability in the session handling component that allows for improper authorization. This flaw enables remote attackers to manipulate access controls and potentially launch unauthorized actions within the system. Despite attempts to notify the ven...

A buffer overflow vulnerability exists in the functionality of H3C Magic B1 routers, specifically in the SetAPWifiorLedInfoById function located within the /goform/aspForm file. This vulnerability arises from improper handling of input parameters, allowing remote attackers to potentially exploit ...

A security flaw has been identified in the Dameng100 MuuCmf version 1.9.5.20260309, specifically within the getListByPage function found in the /index/Search/index.html file. This vulnerability allows attackers to manipulate the `keyword` argument, leading to potential SQL injection attacks. The ...

A vulnerability within EyouCMS versions up to 1.7.1 allows attackers to perform unrestricted file uploads via the edit_adminlogo function in the application/admin/controller/Index.php file. This flaw results from improper handling of the 'filename' argument, enabling remote attackers to upload ma...

A security vulnerability has been identified in H3C Magic B0 devices, specifically affecting the Edit_BasicSSID function of the /goform/aspForm file. This issue allows for a buffer overflow, enabling remote attackers to exploit the flaw and potentially execute arbitrary code. The vulnerability ha...

The Cockpit web service's remote login feature is susceptible to a serious vulnerability where it improperly processes user-supplied hostnames and usernames. This lack of validation allows an attacker with network access to manipulate HTTP requests to the login endpoint. As a result, malicious SS...

The Contact Form by Supsystic plugin for WordPress is susceptible to a Server-Side Template Injection (SSTI) vulnerability that may lead to Remote Code Execution (RCE). This exposure affects all versions up to and including 1.7.36. The flaw arises from the plugin's integration of the Twig `Twig_L...

Gogs, a self-hosted Git service, has a significant access control bypass vulnerability present in versions 0.13.4 and earlier. This issue allows any collaborator with Write permissions to delete protected branches, including the default branch, by sending a direct POST request. The vulnerability ...

The Nginx UI web interface, specifically versions 2.3.5 and earlier, is susceptible to a serious flaw due to improper authentication in its MCP (Model Context Protocol) integration. This vulnerability allows attackers, without any authentication, to exploit the /mcp_message endpoint. Although the...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The ThrottleStop driver, a legitimate component from TechPowerUp, presents a vulnerability due to insecure IOCTL interfaces that permit arbitrary read and write access to the physical memory through the MmMapIoSpace function. This flaw can be exploited by malicious applications running in user mo...

The WebStack theme for WordPress contains a vulnerability that permits arbitrary file uploads due to insufficient file type validation in the io_img_upload() function. Any attacker, even those without authentication, can exploit this weakness to upload malicious files to the server hosting the af...

The Picomatch library, used for glob pattern matching in JavaScript, is prone to a Regular Expression Denial of Service (ReDoS) attack when processing specially crafted extglob patterns. Specifically, versions before 4.0.4, 3.0.2, and 2.3.2 can become susceptible to catastrophic backtracking on c...

The MS-RPC functionality within the Samba server allows attackers to execute arbitrary commands remotely due to improper handling of shell metacharacters. When the 'username map script' configuration option is enabled, a malicious user can exploit the SamrChangePassword function to inject command...

Ghost CMS, a widely used Node.js content management system, contains a vulnerability that enables unauthenticated attackers to execute arbitrary reads from its database. This security flaw affects versions 3.24.0 through 6.19.0, posing a significant risk to the confidentiality of sensitive data s...

A remote code execution vulnerability in Microsoft Remote Desktop Services allows an unauthenticated attacker to connect to the target system via RDP and execute arbitrary code by sending specially crafted requests. This exploitation can lead to significant security breaches if not mitigated adeq...

Request-Baskets, up to version 1.2.1, contains a vulnerability that allows attackers to exploit Server-Side Request Forgery (SSRF) through a crafted API request targeting the /api/baskets/{name} endpoint. This security flaw enables unauthorized access to internal network resources and sensitive i...

The Nginx UI web interface, specifically versions 2.3.5 and earlier, is susceptible to a serious flaw due to improper authentication in its MCP (Model Context Protocol) integration. This vulnerability allows attackers, without any authentication, to exploit the /mcp_message endpoint. Although the...

The OpenRemote IoT platform, specifically versions 1.21.0 and below, is impacted by two related expression injection vulnerabilities. These flaws exist within the rules engine, allowing unauthorized users to execute arbitrary code on the server. The JavaScript rules engine processes user-defined ...

A vulnerability exists in TinyFileManager, specifically in the file upload functionality located at /filemanager.php?p=ajax=true&type=upload. This flaw allows an attacker to manipulate the uploadurl parameter, potentially leading to a server-side request forgery (SSRF) attack. Such an attack can ...

A vulnerability exists in prasathmani TinyFileManager versions up to 2.6, specifically within the POST Parameter Handler found in the file /filemanager.php. This issue arises from inadequate input validation, allowing attackers to manipulate the 'file[]' parameter to perform path traversal attack...

A security flaw has been identified in Rallly versions up to 4.7.4, specifically within the Reset Password Handler component. This vulnerability arises from improper handling of the 'redirectTo' argument, which may allow attackers to execute cross-site scripting (XSS) attacks remotely. If exploit...

A vulnerability exists in the arnobt78 Hotel Booking Management System, specifically within the health check endpoint, where an unknown function can be exploited to disclose sensitive information. This vulnerability allows remote attackers to perform unauthorized access, leading to potential info...

A security vulnerability exists in the libvips library prior to version 8.19, specifically within the im_minpos_vec function in the deprecated vips7compat.c file. This vulnerability allows for heap-based buffer overflow due to inadequate handling of the argument n, requiring local access for expl...

A SQL injection vulnerability exists in the QueryMine sms component, specifically within the admin/deletecourse.php file. This issue arises due to improper handling of the GET request parameter 'ID', allowing attackers to manipulate the input and execute unauthorized SQL queries. The attack can b...

A security flaw has been identified in QueryMine sms, specifically affecting the admin/addteacher.php file within the Background Management Page component. The vulnerability allows attackers to manipulate the image argument, leading to unrestricted file uploads. This can be exploited remotely, po...

A SQL injection vulnerability has been discovered in QueryMine sms that impacts the GET Request Parameter Handler in the editcourse.php file. This vulnerability arises from improper handling of the ID argument, allowing remote attackers to manipulate SQL queries. Due to the continuous delivery an...

The Ninja Forms - File Uploads plugin for WordPress contains a vulnerability allowing unauthenticated attackers to upload arbitrary files due to inadequate file type validation in the upload handling function. This oversight affects all versions upto and including 3.3.26, potentially enabling att...

A vulnerability exists in the Qihui jtbc5 CMS, specifically in the Code Endpoint component located in manage.php. This flaw allows attackers to manipulate input parameters related to file paths, leading to unauthorized access to files outside of the intended directory. The exploit can be executed...

A cross-site scripting vulnerability was identified in Classroom Bookings versions up to 2.17.0, specifically within the User Display Name Handler component. The vulnerability arises from improper handling of the 'displayname' argument in the file crbs-core/application/views/layout.php, allowing ...

A vulnerability has been identified in the Wavlink WL-WN530H4 model, specifically within the strcat and snprintf functions of the /cgi-bin/internet.cgi file. This security flaw enables remote attackers to inject operating system commands, potentially leading to unauthorized access and control ove...

The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to u...