Publicly Disclosed
PoC Exploits

A deserialization vulnerability has been identified in the IPC module by Huawei, which may compromise the availability of the affected systems. This issue arises from improper handling of serialized data, allowing unauthorized access or manipulation. Exploiting this vulnerability could lead to si...

The WP Activity Log plugin for WordPress versions up to 5.6.3.1 is susceptible to an unauthenticated PHP Object Injection vulnerability. This flaw allows attackers to exploit the application by injecting malicious PHP objects, potentially leading to undesirable operations on the system. As a resu...

The Semantic Kernel Python SDK from Microsoft contains a flaw within the `InMemoryVectorStore` filter functionality that may allow an attacker to execute arbitrary code remotely. This vulnerability impacts versions of the SDK released prior to 1.39.4. Users are strongly advised to upgrade to vers...

Gophish version 0.12.1 exhibits a denial of service vulnerability that allows authenticated users with limited access (User role) to overwhelm server resources. By uploading a specially crafted Office document as an email template attachment, an attacker can exploit the ApplyTemplate() function. ...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

A vulnerability in the SP Page Builder for Joomla permits unauthenticated users to upload arbitrary files. This weakness can lead to the execution of PHP code, presenting significant security risks for Joomla websites using this extension.

A vulnerability in the Linux kernel affects the handling of shared-frag markers during packet coalescing. Specifically, the function skb_try_coalesce() can improperly transfer ownership of page-backed fragments without preserving the shared-frag marker. This loss can disrupt later processing, not...

The Bytes utility library, utilized for byte manipulation, is susceptible to an integer overflow issue. This vulnerability arises from the BytesMut::reserve function, where an unchecked addition could lead to an incorrect capacity assignment. When the allocated capacity is exceeded during certain...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The Advanced Linux Sound Architecture (ALSA) library prior to version 1.2.16.1 is susceptible to a double-free vulnerability located in the parse_def() function within src/conf.c. This vulnerability enables attackers to manipulate memory by providing specially crafted ALSA configuration files. Du...

The Gravity SMTP plugin for WordPress contains a vulnerability that allows unauthenticated visitors to access sensitive system configuration data through a REST API endpoint. Specifically, the endpoint at /wp-json/gravitysmtp/v1/tests/mock-data can be exploited due to a permission callback that a...

n8n, an open-source workflow automation platform, has a Remote Code Execution vulnerability affecting specific versions. Authenticated users can inadvertently supply expressions that, under certain circumstances, are evaluated in a context insufficiently isolated from the runtime. This flaw enabl...

The SP LMS component (com_splms) version prior to 4.1.4 by JoomShaper contains a vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. This issue arises from the unsanitized deserialization of user-controlled cookie data, posing significant security risks fo...

The Shahjada Download Manager is affected by a missing authorization vulnerability that allows attackers to exploit incorrectly configured access control security levels. This issue enables unauthorized users to gain access to restricted functionality, potentially leading to data exposure or furt...

The Transbank Webpay plugin for WordPress, prior to version 1.14.0, exposes a vulnerability due to improper sanitization and escaping of logs. This flaw allows unauthenticated attackers to execute Stored XSS attacks, potentially compromising the accounts of logged-in administrators. Such vulnerab...

The Vitepos WordPress plugin prior to version 3.4.2 contains a vulnerability that fails to adequately restrict user roles during the creation of new users via its REST API endpoints. This oversight permits authenticated users assigned with custom roles to elevate their permissions to that of an a...

The Motors WordPress plugin, prior to version 1.4.110, is susceptible to a security issue that lacks sufficient authorization and Cross-Site Request Forgery (CSRF) safeguards within one of its AJAX functions. This flaw allows unauthenticated attackers to manipulate arbitrary post metadata, which ...

The Pie Register WordPress plugin prior to version 3.8.4.10 contains a security flaw that stems from insufficient randomness in its account verification token generation. This weakness allows attackers without authorization to predict valid tokens. Consequently, they can activate accounts without...

The Ultimate WooCommerce Auction Pro plugin for WordPress before version 2.4.5 is vulnerable to reflected cross-site scripting (XSS). This vulnerability allows attackers to inject malicious scripts through unsanitized user input, specifically targeting the output displayed on the web page. As a r...

The Ultimate WooCommerce Auction Pro WordPress plugin versions up to 2.4.5 are susceptible to a Reflected Cross-Site Scripting vulnerability. This flaw arises due to improper handling of user input, allowing any attacker to craft a malicious link that, when accessed by high-privilege users such a...

This vulnerability allows an application to perform out-of-bounds read operations, potentially leading to unexpected system termination or unauthorized access to kernel memory. Apple has resolved this issue in the latest updates for its operating systems, enhancing their security by implementing ...

A significant security flaw has been identified in the Autobrowse Trace Artifact Handler component of Browserbase, affecting versions prior to 20260526. The issue involves incorrect default permissions, which could potentially allow unauthorized access or manipulation of sensitive files. This vul...

A significant security flaw has been identified in the Autobrowse Trace Artifact Handler component of Browserbase, affecting versions prior to 20260526. The issue involves incorrect default permissions, which could potentially allow unauthorized access or manipulation of sensitive files. This vul...

An infinite loop vulnerability exists in the pypdf library for Python, affecting versions prior to 6.6.2. An attacker can exploit this vulnerability by crafting a specially designed PDF file that triggers an infinite loop when accessing outlines or bookmarks. This can lead to unresponsive behavio...

The n8n workflow automation platform has a vulnerability in versions ranging from 1.65.0 to just below 1.121.0, which allows potential attackers to exploit specific form-based workflows. This flaw can enable unauthorized remote access to sensitive files on the underlying server, posing a signific...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in Git that affects how configuration values are read and written, particularly regarding trailing carriage returns. When a submodule path includes a trailing carriage return, it is altered when read back, which can cause the submodule to be checked out to an incorrect loca...

The Sudo software, prior to version 1.9.17p1, contains a vulnerability that enables local users to gain root access through improper handling of configuration files. Specifically, when the optional --chroot command is used, the software incorrectly processes the /etc/nsswitch.conf file from a use...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A stack overflow vulnerability exists in the wanMTU parameter of the /goform/AdvSetMacMtuWan endpoint in Tenda AC9 router version 1.0 V15.03.05.14_multi. This vulnerability could allow an attacker to execute arbitrary code remotely, potentially leading to unauthorized access and control over the ...

The XWiki Platform is vulnerable due to improper handling of inputs, allowing unauthenticated users to execute arbitrary code via the `SolrSearch` endpoint. This can result in significant breaches of confidentiality, integrity, and availability of the XWiki installation. Users are encouraged to u...

The vulnerability in Microsoft Windows File Explorer poses a security risk by allowing unauthorized access to sensitive information. In an environment where it is present, attackers can exploit this flaw to spoof identities over a network, potentially compromising data integrity and confidentiali...

An external control of file name or path in Windows NTLM enables unauthorized attackers to exploit a vulnerability, leading to potential spoofing attacks over a network. This situation poses a significant threat as attackers may gain access to sensitive information or systems.

A security vulnerability in the Comfast CF-WR631AX V3 router impacts the API Endpoint due to improper handling of input parameters in the mbox-config system. An attacker can exploit this vulnerability to inject arbitrary OS commands remotely, leading to potential system compromise. Despite attemp...

A vulnerability was identified in Activepieces up to version 0.83.0, specifically within the handleUrlFile function of the File URL Handler component. This flaw enables remote attackers to exploit server-side request forgery (SSRF), allowing them to send unauthorized requests from the server to i...

A cross-site scripting vulnerability has been identified in the Auth Endpoint of Kortix AI Suna, up to version 0.8.38. This issue allows a remote attacker to manipulate the returnURL parameter in the function router.replace/router.push within the file apps/frontend/src/app/auth/page.tsx. This vul...

A security flaw has been identified in the Edimax BR-6478AC V2 router, specifically in the POST Request Handler component. This vulnerability allows an attacker to manipulate the command argument in the function 'mp' of the file '/goform/mp', potentially executing unauthorized commands. The explo...

A command injection vulnerability exists in the Edimax BR-6478AC V2 router, specifically in the 'wiz_5in1_redirect' function within the /goform/wiz_5in1_redirect component. This flaw allows an attacker to manipulate the 'newpass' argument, potentially executing arbitrary commands on the device. G...

Claude Code, an advanced coding tool by Anthropic, had a critical flaw allowing code injection via the startup trust dialog. Attackers could potentially manipulate the application to execute arbitrary code in untrusted directories before the user acknowledges the trust dialog. Users operating wit...

A vulnerability exists in the Directus API management tool where the exact version number is revealed through the OpenAPI Specification at the '/server/specs/oas' endpoint without requiring authentication. This exposure allows attackers to identify potential weaknesses in the Directus core and it...

A command injection vulnerability exists in the Edimax BR-6478AC V2 router, specifically within the POST request handler for the 'stainfo' function. This flaw allows remote attackers to manipulate input arguments, enabling unauthorized execution of commands. The issue has been publicly disclosed,...

A critical command injection vulnerability exists in the Edimax BR-6478AC V2 router, specifically affecting the setWAN function within the POST Request Handler. This flaw allows attackers to manipulate parameters such as pppUserName, pptpUserName, and L2TPUserName to execute arbitrary commands re...

A buffer overflow vulnerability has been identified in the Edimax BR-6478AC V2 router, specifically within the function formWlSiteSurvey located in the /goform/formWlSiteSurvey component. This security flaw arises from improper handling of the selSSID argument, which can be manipulated remotely, ...

A security vulnerability has been identified in BerriAI litellm versions up to 1.82.2, stemming from an incomplete fix related to a prior issue. The vulnerability resides within the 'ui_view_users' function of the internal_user_endpoints.py file, allowing unauthorized users to gain access to sens...

A security vulnerability exists in BerriAI's litellm product, specifically in the MCP OpenAPI Spec Loader component. This flaw occurs in the function load_openapi_spec_async, located in openapi_to_mcp_generator.py. It allows an attacker to manipulate the spec_path argument, enabling server-side r...

A security vulnerability has been identified in BerriAI Litellm, specifically within the async_pre_call_hook function of the enterprise_hooks/banned_keywords.py component. This flaw allows for improper manipulation of the prompt argument, leading to incorrect authorization outcomes. The exploitat...

A vulnerability exists in Icecast versions up to 2.0.1, where a buffer overflow can be triggered by sending an HTTP request with an abnormal quantity of headers. This flaw can allow remote attackers to execute arbitrary code on the affected system. Users of affected Icecast versions should upgrad...

A security vulnerability in BerriAI's Litellm, specifically within the SSO Authentication Flow managed by the get_redirect_response_from_openid function in the file litellm/proxy/management_endpoints/ui_sso.py, has been identified. This flaw allows for session expiration manipulation, posing a ri...

A vulnerability exists in the BerriAI litellm software, specifically within the SSO Debug Flow located in the json.dumps function of the ui_sso.py file. This issue can result in missing authentication, allowing attackers to exploit the function remotely without necessary credentials. The exploit ...

A vulnerability has been identified in the Zhilink (Shenzhen) Technology Co., Ltd. ADP Application Developer Platform version 1.0.0. This issue arises from the XML Parser component's handling of external entity references in the file /adpweb/a/base/barcodeDetail/import. An attacker could exploit ...