Publicly Disclosed
PoC Exploits

A security vulnerability has been identified in the Dashboard API of AstrBot, specifically within the create_template function located at astrbot/dashboard/routes/t2i.py. The flaw allows for improper neutralization of special elements utilized in a template engine, which can potentially enable re...

A server-side request forgery issue has been identified in Pagekit up to version 1.0.18. This vulnerability arises from the manipulation of the 'url' argument in the /index.php/admin/system/update/download functionality. An attacker can exploit this loophole to send unauthorized requests from the...

A server-side request forgery vulnerability was identified in the AiraHub component of IhateCreatingUserNames2's AiraHub2. This flaw exists within the connect_stream_endpoint/sync_agents function of the AiraHub.py file, allowing attackers to manipulate server requests. Exploitation of this vulner...

A command injection vulnerability exists in the GitPilot-MCP product developed by Divyanshu-hash. This issue is rooted in the manipulation of the argument within the repo_path function located in main.py. Attackers can exploit this vulnerability remotely by crafting malicious input that alters th...

A vulnerability exists in PackageKit, specifically in versions 1.0.2 to 1.3.4, allowing unprivileged users to exploit a time-of-check time-of-use (TOCTOU) race condition. This flaw enables attackers to manipulate transaction flags, facilitating the installation of arbitrary RPM packages as root w...

A vulnerability in the devlikeapro WAHA API (up to version 2026.3.4) allows attackers to initiate server-side request forgery (SSRF) through an unknown function in the src/api/media.controller.ts file. This issue enables remote exploitation, potentially leading to unauthorized access to internal ...

A vulnerability has been identified in JiZhiCMS versions up to 2.5.6, affecting the htmlspecialchars_decode function located in /index.php/admins/Sys/addcache.html. This flaw allows an attacker to manipulate the sqls argument, leading to SQL injection attacks that can be executed remotely. The ex...

A security flaw has been identified in vanna-ai vanna versions up to 2.0.2, specifically within an unknown function of the Legacy Flask API. This vulnerability enables attackers to exploit improper authorization mechanisms, potentially granting unauthorized access to sensitive API endpoints. The ...

A vulnerability in WhatsApp allows unauthorized users to exploit incomplete authorization of linked device synchronization messages. This affects multiple versions of WhatsApp on iOS and Mac, enabling attackers to potentially trigger the processing of content from arbitrary URLs on targeted devic...

A serious backdoor vulnerability was discovered in vsftpd 2.3.4, affecting downloads made between June 30 and July 3, 2011. This vulnerability allows an attacker to exploit the software and open a remote shell on port 6200/tcp, granting unauthorized access to the system. It poses significant risk...

FUXA, a web-based Process Visualization software, is vulnerable to a path traversal flaw that permits an unauthenticated attacker to write files to arbitrary locations on the server's filesystem. This allows malicious actors to potentially compromise server integrity and execute unauthorized acti...

In Wing FTP Server prior to version 7.4.4, both user and admin web interfaces improperly handle null ('\0') bytes, which can lead to the injection of arbitrary Lua code into user session files. This vulnerability enables attackers to execute arbitrary system commands with the privileges of the FT...

CyberPanel versions before 2.4.4 are exposed to an authentication bypass vulnerability that affects the AI Scanner worker API endpoints. This flaw enables unauthenticated remote attackers to gain unauthorized access and potentially write arbitrary data to the database. By manipulating requests se...

A vulnerability exists in PackageKit, specifically in versions 1.0.2 to 1.3.4, allowing unprivileged users to exploit a time-of-check time-of-use (TOCTOU) race condition. This flaw enables attackers to manipulate transaction flags, facilitating the installation of arbitrary RPM packages as root w...

The Breeze Cache plugin for WordPress has a security flaw that allows unauthenticated attackers to perform arbitrary file uploads. This vulnerability is due to inadequate file type validation in the 'fetch_gravatar_from_remote' function. The risk is present in all versions up to 2.4.4, specifical...

The Breeze Cache plugin for WordPress has a security flaw that allows unauthenticated attackers to perform arbitrary file uploads. This vulnerability is due to inadequate file type validation in the 'fetch_gravatar_from_remote' function. The risk is present in all versions up to 2.4.4, specifical...

BridgeHead FileStore versions prior to 24A are vulnerable due to the exposure of the Apache Axis2 administration module on network-accessible endpoints using default credentials. This allows unauthenticated attackers to gain access to the admin console, upload malicious Java archives as web servi...

In the Linux kernel, a notable vulnerability related to memory management has been identified within the skb (socket buffer) heads concerning allocation and deallocation. The flaw arises when KFENCE is activated, leading to misclassification during the free path of allocated memory objects. Speci...

The Meshtastic networking solution presents an authentication bypass vulnerability due to its architecture, where a Node is identified by a NodeID derived from the MAC address instead of its public key. This weakness allows an attacker to exploit the HAM mode, which lacks encryption, and forge No...

The HTTP/2 protocol is susceptible to a denial of service vulnerability that can be exploited via rapid stream resets. This allows attackers to overwhelm servers by rapidly canceling requests, leading to significant resource consumption and potential service disruption. Exploitation of this vulne...

The Breeze Cache plugin for WordPress has a security flaw that allows unauthenticated attackers to perform arbitrary file uploads. This vulnerability is due to inadequate file type validation in the 'fetch_gravatar_from_remote' function. The risk is present in all versions up to 2.4.4, specifical...

The llama.cpp product has a critical vulnerability in its RPC backend where the deserialize_tensor() function fails to perform proper bounds validation if a tensor's buffer field is set to zero. This oversight allows unauthenticated attackers to exploit the system by reading and writing arbitrary...

A vulnerability exists in Whistle version 2.9.98, located in the file /cgi-bin/sessions/get-temp-file, which allows attackers to manipulate the filename argument. This leads to a path traversal issue that may enable unauthorized access to sensitive files on the server. Although the vendor was not...

An authentication flaw exists in Apache Tomcat and Apache Tomcat Native, where the CLIENT_CERT authentication process does not fail as expected under certain configurations when soft fail is disabled. This vulnerability potentially allows unauthorized access in scenarios where proper validation i...

KTransformers version 0.5.3 and earlier contains a serious vulnerability in its balance_serve backend that allows unsafe deserialization through the scheduler RPC server. The ZMQ ROUTER socket is bound to all network interfaces without proper authentication, enabling attackers to exploit this fla...

The radare2-mcp software, specifically version 1.6.0 and earlier, is susceptible to an os command injection vulnerability that allows remote attackers to execute arbitrary commands. This is done by circumventing command filters through the use of shell metacharacters within user-controlled input ...

radare2, prior to version 6.1.4, is susceptible to a path traversal vulnerability affecting its project notes handling feature. By exploiting a crafted .zrp archive containing a symlinked notes.txt file, an attacker can circumvent directory confinement measures. This can lead to unauthorized file...

The radare2 tool, prior to version 6.1.4, contains a path traversal vulnerability related to project deletion. This flaw enables local attackers to exploit absolute paths, allowing for the recursive deletion of directories outside the configured project storage boundary. By manipulating the proje...

LeRobot has a vulnerability that allows attackers to exploit unsafe deserialization within its async inference pipeline. The misuse of pickle.loads() for data deserialization over unauthenticated gRPC channels poses a significant risk. Attackers can send maliciously crafted pickle payloads throug...

Kofax Capture exposes a deprecated .NET Remoting HTTP channel on port 2424, accessible without authentication. This vulnerability allows an unauthenticated remote attacker to utilize .NET Remoting techniques to manipulate various system objects. By leveraging these techniques, attackers may read ...

An input validation issue in Microsoft Office SharePoint facilitates unauthorized spoofing attacks over the network. Attackers can exploit this vulnerability to impersonate legitimate users, potentially leading to unauthorized access and data breaches. Proper validation mechanisms must be in plac...

The reCaptcha plugin developed by WebDesignBy for WordPress prior to version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability arises from improper sanitization and escaping of the Site Key setting, which is outputted directly in a JavaScript context within the grecaptcha_js() fu...

The HT Mega Addons for Elementor plugin prior to version 3.0.7 contains a vulnerability where an unauthenticated AJAX action exposes personally identifiable information (PII) of customers who have made orders within the last week. This includes sensitive information such as full names, city, stat...

A vulnerability exists in the ByteDance verl product versions up to 0.7.0, specifically within the 'math_equal' function located in 'prime_math/grader.py'. This flaw allows for a potential sandbox escape, which could be exploited remotely. Although the complexity of executing an attack is relativ...

A vulnerability exists in the Ericc-ch Copilot-API up to version 0.7.0, which affects the Header Handler component in the /token file. This issue allows an attacker to manipulate the Host argument, which may result in unintended reliance on reverse DNS resolution. Such an exploit can be executed ...

Radare2 versions prior to 6.1.4 are susceptible to a command injection flaw within the PDB parser’s print_gvars() function. This vulnerability arises when an attacker crafts a malicious PDB file that incorporates newline characters within the symbol names. Through this manipulation, arbitrary com...

The SMBv1 protocol in various Microsoft Windows operating systems contains a vulnerability that enables remote attackers to execute arbitrary code by sending specially crafted packets to the server. This issue affects multiple versions of Windows, including desktop and server editions, allowing e...

Webmin versions up to 1.920 are susceptible to a command injection vulnerability through the 'old' parameter in the password_change.cgi script. An unauthenticated attacker can exploit this flaw to execute arbitrary commands on the server. This may lead to unauthorized access or further compromise...

Xerte Online Toolkits versions 3.15 and earlier are susceptible to an information disclosure flaw that permits unauthorized users to obtain the complete server-side filesystem path of the application root. By issuing a GET request to the /setup endpoint, attackers can exploit this vulnerability t...

The Beghelli Sicuro24 SicuroWeb application lacks a robust Content Security Policy (CSP), which exposes it to significant security risks. This failure allows attackers to load unauthorized external JavaScript resources, potentially leading to the execution of arbitrary remote payloads. When combi...

The Beghelli Sicuro24 SicuroWeb application lacks a robust Content Security Policy (CSP), which exposes it to significant security risks. This failure allows attackers to load unauthorized external JavaScript resources, potentially leading to the execution of arbitrary remote payloads. When combi...

A use-after-free vulnerability exists in the Android Binder service, which could allow attackers to elevate privileges from an application to the Linux Kernel. Exploitation of this vulnerability does not require any interaction from the user; however, it necessitates either the installation of a ...

Carbon Forum version 5.9.0 is susceptible to a persistent cross-site scripting vulnerability. This flaw enables authenticated administrators to insert malicious JavaScript code via the Forum Name field within the dashboard settings. When the malicious script is stored, it can be executed in the b...

The ELBA5 version 5.8.0 contains a significant vulnerability that enables remote code execution through improper database access. Attackers can leverage default connector credentials to connect to the database, potentially retrieving sensitive information, such as database administrator passwords...

TextPad 8.1.2 contains a denial of service vulnerability that enables local attackers to crash the application by providing an overly long buffer string via the Run command interface. By submitting a 5000-byte payload into the Command field through Tools > Run, the application is susceptible to a...

ICEWARP version 11.0.0.0 is susceptible to a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious HTML content into emails. By utilizing base64-encoded payloads embedded in object and embed tags, attackers can craft emails containing data URIs that execute embedded s...

ThinkPHP 5.0.23 has a vulnerability that allows unauthorized attackers to execute arbitrary PHP code remotely. This occurs through the manipulation of the routing parameters, where attackers can craft specific requests targeting the index.php endpoint. By supplying malicious function parameters, ...

LanSpy version 2.0.1.159 is susceptible to a local buffer overflow vulnerability. This issue arises when attackers provide oversized input to the scan field, allowing them to overwrite the instruction pointer. By crafting a specific payload composed of 688 bytes of padding followed by 4 bytes of ...

UltraISO 9.7.1.3519 is prone to a local buffer overflow vulnerability within the Output FileName field of the Make CD/DVD Image dialog. This flaw can be exploited by attackers who craft a malicious filename string containing 304 bytes of data followed by specially constructed SEH record overwrite...

Angry IP Scanner version 3.5.3 is susceptible to a buffer overflow vulnerability within its preferences dialog. This flaw enables local attackers to induce a denial of service by submitting an oversized string. The vulnerability can be exploited by creating a file filled with repeating characters...