Publicly Disclosed
PoC Exploits

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

The Paid Membership Plugin for WordPress prior to version 4.16.17 is affected by an Insecure Direct Object Reference vulnerability. This flaw allows any authenticated user with Subscriber role or higher to cancel active subscriptions of other users without verifying ownership of the subscription....

The Shariff for WordPress plugin, up to version 1.0.11, contains a vulnerability that allows high-privilege users, such as administrators, to inject malicious scripts through unsanitized input. When the shariff_infourl setting is outputted in the frontend HTML via the generateshariff() function, ...

The Flowise platform contains a significant vulnerability in its `forgot-password` endpoint, which can return sensitive information, including a valid password reset token, without the necessary authentication or verification. This flaw allows attackers to generate reset tokens for arbitrary user...

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

A significant remote code execution vulnerability exists in Microsoft's Server Message Block 3.1.1 (SMBv3) protocol. The flaw arises from the handling of certain requests, allowing an attacker to execute arbitrary code on the target system. This could lead to unauthorized access and potentially c...

Ghost CMS, a widely used Node.js content management system, contains a vulnerability that enables unauthenticated attackers to execute arbitrary reads from its database. This security flaw affects versions 3.24.0 through 6.19.0, posing a significant risk to the confidentiality of sensitive data s...

The Registration Form for WooCommerce plugin, up to version 1.0.9, is susceptible to an unauthenticated privilege escalation vulnerability. Attackers can exploit this flaw to gain elevated privileges without the need for authentication, potentially allowing unauthorized access to sensitive inform...

Pagekit CMS 1.0.18 is affected by a vulnerability that enables authenticated users with the 'user: manage users' permission to elevate their privileges. This occurs due to inadequate authorization checks within the UserApiController::saveAction() function. An attacker can exploit this flaw to ass...

Ghost CMS, a widely used Node.js content management system, contains a vulnerability that enables unauthenticated attackers to execute arbitrary reads from its database. This security flaw affects versions 3.24.0 through 6.19.0, posing a significant risk to the confidentiality of sensitive data s...

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...

The YMC Filter WordPress plugin prior to version 3.11.3 suffers from a critical access control vulnerability. It fails to properly authorize requests to a REST API endpoint, allowing unauthorized users to exploit this flaw. Attackers can leverage this vulnerability to access and retrieve the titl...

The SALESmanago & Leadoo WordPress plugin prior to version 3.11.3 is susceptible to SQL injection due to inadequate input sanitization and escaping within its AJAX functionality. This oversight permits authenticated users, including those with minimal permissions, to exploit the vulnerability by ...

The Printcart Web to Print Product Designer for WooCommerce plugin, up to version 2.4.8, is prone to a path traversal vulnerability. This flaw allows an attacker to exploit the plugin, potentially gaining access to the directory listings of arbitrary locations on the server. Successful exploitati...

The Frontend File Manager Plugin for WordPress prior to version 23.6 contains a critical flaw in its post deletion functionality. It fails to correctly verify ownership of posts, enabling authenticated users with author-level access or higher to delete any posts or pages. This issue is exacerbate...

The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to u...

The GameDriverX64.sys kernel-mode anti-cheat driver from Hotta Studio has a vulnerability that enables local attackers to execute denial of service attacks. By sending specially crafted IOCTL requests, an attacker can induce crashes in arbitrary processes, leading to potential disruptions in game...

A buffer overflow vulnerability exists in the Sahara protocol utilized within Qualcomm's Snapdragon mobile platforms. This flaw can lead to the unintended overwriting of secure configuration data, potentially compromising system integrity and security across a range of Snapdragon products, includ...

A security vulnerability has been identified in the Tenda AC8 router, specifically affecting version 16.03.50.11. This flaw is found in the route_set_user_policy_rule function within the /cgi-bin/UploadCfg component of the web interface. By manipulating the wans.policy.list1 argument, an attacker...

A vulnerability exists in the Linux kernel's netfilter module that affects the nft_map_catchall_activate() function. This function encounters an inverted element activity check, leading to a failure in appropriately handling catchall map elements during a failed transaction. The bug arises when t...

Bitwarden Server versions prior to 2026.5.0 are susceptible to a JSON injection vulnerability in the IntegrationTemplateProcessor.ReplaceTokens() method. This flaw allows authenticated users to introduce JSON metacharacters into event integration templates, specifically tokens that are derived fr...

Bitwarden Server versions prior to 2026.5.0 exhibit a broken access control vulnerability that permits authenticated users to retrieve unauthorized organization billing data. By exploiting the PreviewInvoiceController endpoints, attackers can submit arbitrary organization IDs without proper membe...

A privilege escalation vulnerability in Bitwarden Server versions prior to 2026.5.0 allows authenticated Custom users with ManageUsers permission to exploit a lack of role hierarchy verification. This vulnerability permits an attacker to remove Admin accounts from an organization through a malici...

The CANBoat application prior to version 6.22 is susceptible to an off-by-one global buffer overflow vulnerability within the searchForPgn() function, located in analyzer/pgn.c. This flaw may be exploited by remote attackers who deliver specially crafted NMEA-2000 messages containing out-of-range...

RTKLIB versions up to 2.4.3 are susceptible to a heap buffer overflow vulnerability within the readrnxobsb function found in src/rinex.c. This security flaw arises when the software does not properly clamp satellite count values specified in RINEX epoch headers. By crafting malicious RINEX files ...

RTKLIB versions up to 2.4.3 have a vulnerability in the getcodepri function that can be exploited when handling unrecognized RINEX observation codes. Attackers can craft RINEX files with unknown observation types to manipulate the processing, prompting negative array indexing into the codepris ta...

RTKLIB versions up to 2.4.3 are susceptible to an off-by-one out-of-bounds read vulnerability, specifically within the decode_ssr3 function. This issue permits remote attackers to instigate a global buffer overflow by transmitting specially crafted RTCM3 SSR messages that include manipulated sign...

RTKLIB versions up to 2.4.3 are affected by an out-of-bounds write vulnerability in the decode_type1033 function. This flaw arises from the failure to properly clamp length counters to the destination buffer size, allowing attackers to exploit it via crafted RTCM3 messages. By manipulating the NT...

The MaxKB application, prior to version 2.10.0, contains a vulnerability allowing authenticated users to exploit server-side request forgery. By manipulating unvalidated parameters such as 'downloadCallbackUrl' and 'download_url' within tool creation and update endpoints, attackers with default U...

In Kanboard versions up to 1.2.52, a flaw in the UserViewController::removeSession method allows authenticated users to delete other users' Remember Me sessions without proper session ID validation. This vulnerability can be exploited by attackers who are able to enumerate sequential session IDs,...

The vulnerability in libais arises from VdmStream::AddLine utilizing an unchecked sentinel value as a vector index. This flaw occurs when processing AIS sentences that contain empty or out-of-range sequential message IDs. Malicious actors can exploit this by sending specially crafted AIVDM senten...

The Huly Platform prior to commit 68cbf8a is exposed to an authenticated server-side request forgery vulnerability in its /import endpoint. This flaw allows workspace users to manipulate server requests by submitting malicious URLs, thereby compromising the system's integrity. Attackers could exp...

HTMLy CMS versions up to 3.1.1 are impacted by a path traversal vulnerability that enables low-privileged authenticated attackers to relocate files arbitrarily. This occurs through the incorporation of unvalidated directory traversal sequences in the 'oldfile' parameter via the admin autosave end...

A command injection vulnerability has been identified in the Lantronix EDS5000 product version 2.1.0.0R3. This flaw arises from the HTTP RPC module, which improperly handles user authentication log failures. Specifically, the module executes shell commands using a username that is directly concat...

Winstone Servlet Engine versions up to 0.9.10 are susceptible to a path traversal vulnerability that enables unauthenticated attackers to access arbitrary files. This occurs when attackers send specially crafted HTTP GET requests that include dot-dot-slash sequences, which are not properly saniti...

A race condition exists in the Linux kernel that allows local users to gain elevated privileges. By exploiting improper handling of copy-on-write (COW) memory mappings, an attacker could modify files that are meant to be read-only. This vulnerability, known as 'Dirty COW', was notably used in att...

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...

An issue has been identified in GitLab Community and Enterprise Editions where improper validation of image files allows an attacker to execute arbitrary commands remotely. This vulnerability affects all versions from 11.9 onwards and poses significant security risks, particularly when image file...

The InPost PL WordPress plugin for WooCommerce lacks proper request verification, enabling attackers to exploit this vulnerability by altering the shipping destination of pending or processing orders without authorization. This flaw allows unauthorized users to silently redirect orders, posing a ...

The Email Address Encoder WordPress plugin versions prior to 1.0.25 and the email-encoder-premium WordPress plugin before version 0.3.12 exhibit security flaws in their email replacement functionality. This imperfection allows unauthenticated attackers to execute Stored Cross-Site Scripting (XSS)...

The Masteriyo LMS WordPress plugin prior to version 2.2.1 has a significant security flaw where it fails to enforce proper authorization checks within its course-progress REST API controller. This oversight permits unauthenticated users to access and even delete sensitive course progress records ...

Craft CMS, a customizable content management system, has a remote code execution vulnerability present in specific versions. Attackers could exploit this flaw to execute arbitrary code on the server, posing a significant security risk. The affected versions span from 3.0.0-RC1 to just before 3.9....

A vulnerability in the SP Page Builder for Joomla permits unauthenticated users to upload arbitrary files. This weakness can lead to the execution of PHP code, presenting significant security risks for Joomla websites using this extension.

An out-of-bounds write vulnerability has been identified in the libavcodec library of FFmpeg, particularly within the MagicYUV decoder. This flaw may lead to denial-of-service conditions and has the potential to be exploited for remote code execution. The issue arises from improper handling of ce...

An unsafe deserialization vulnerability in Feast prior to version 0.63.0 enables unauthorized parties to execute arbitrary code remotely. This flaw arises from the mishandling of the user_defined_function.body field within the OnDemandFeatureView specification. The field is decoded from base64 an...

An improperly validated quantity input vulnerability in Slider Pro for WooCommerce by ShapedPlugin, LLC can allow attackers to implant malicious software. This flaw affects versions prior to 3.5.4, enabling potential exploitation through unauthorized code execution.

A server-side request forgery vulnerability exists in Microsoft Exchange Server, allowing an authorized attacker to craft requests that could lead to unauthorized access and privilege escalation within the network. This makes it crucial for organizations using Microsoft Exchange to apply the nece...

libssh2 contains an out-of-bounds write vulnerability in the ssh2_transport_read() function that fails to impose proper limits on the packet_length field. This flaw allows remote attackers to exploit the vulnerability by sending specially crafted SSH packets with excessively large packet_length v...