Publicly Disclosed
PoC Exploits

A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...

Certain versions of the Django web framework, specifically 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, exhibit a vulnerability due to the caching of parsed Accept-Language headers. This caching mechanism is intended to enhance performance by avoiding repetitive parsing. However, wh...

The Store Locator plugin for WordPress prior to version 1.6.9 fails to adequately sanitize and escape the metadata for store logos before saving and displaying it. This gap allows users with administrative privileges to execute Stored Cross-Site Scripting (XSS) attacks, even in scenarios where th...

The Store Locator plugin for WordPress prior to version 1.6.9 is susceptible to a path traversal vulnerability. This issue arises from improper validation of parameters used in file paths, permitting high-privilege users, such as administrators, to access sensitive files on the server. Malicious ...

A security flaw in Cisco Unified Communications Manager and its Session Management Edition allows unauthenticated remote attackers to exploit server-side request forgery (SSRF). By sending a specially crafted HTTP request, attackers may manipulate the affected device, leading to unauthorized file...

A security feature bypass vulnerability exists in Microsoft Windows, referred to as 'YellowKey.' This flaw could allow unauthorized access to restricted features, compromising system integrity. A proof of concept has been publicly released, contrary to established security practices. Users are ad...

In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.xml` submission in a way that allows them to handle HTTP requests afterwards. This can be used to ...

The Saleor e-commerce platform exhibits an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated users to retrieve sensitive information in plain text. Specifically, orders created prior to Saleor version 3.2.0 can have personally identifiable information (PII) exfiltrat...

A vulnerability has been detected in the CodeAstro Human Resource Management System version 1.0 that allows an SQL injection attack in the Invoice function of the Payroll.php controller. Manipulation of the ID argument permits attackers to execute arbitrary SQL commands. This flaw presents a sign...

A security flaw has been identified in the CodeAstro Human Resource Management System 1.0 that allows for cross-site scripting (XSS) attacks through the manipulation of the 'protitle' argument in the Projects Management Page. This vulnerability can be exploited remotely, potentially compromising ...

A cross site scripting vulnerability exists in CodeAstro's Human Resource Management System version 1.0, specifically within the Dashboard Interface component in the file /dashboard/add_tod. The issue arises due to inadequate input validation of the todo_data argument. This flaw permits remote at...

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk pose...

The Advanced Custom Fields: Extended plugin for WordPress is susceptible to a privilege escalation vulnerability due to a validation bypass in the after_validate_save_post() function. This function improperly trusts the attacker-controlled _acf_post_id POST parameter, which allows unauthorized us...

Versions 5.5.15 and earlier of SimpleHelp, along with pre-release 6.0 versions, are susceptible to an authentication bypass vulnerability in the OIDC authentication process. When configured to use OIDC authentication, the system fails to validate the cryptographic signatures of identity tokens du...

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password recov...

A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper authorization in handler for custom url scheme. It is possible to launch the attack on the physical...

A vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools that potentially allows an unauthenticated attacker to gain unauthorized access via HTTP, compromising the integrity and confidentiality of the system. If exploited, this could enable a malicious actor to take full control over ...

Vulnerability Title

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for e...

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message form...

Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signe...

A vulnerability exists in CMS Made Simple version 2.2.8, where the News module can be exploited through a specially crafted URL, allowing an unauthenticated attacker to perform blind time-based SQL injection utilizing the m1_idlist parameter. This can potentially expose sensitive information and ...

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

A vulnerability in PHPUnit's eval-stdin.php script prior to versions 4.8.28 and 5.6.3 permits remote attackers to execute arbitrary PHP code. This occurs through crafted HTTP POST requests containing PHP code snippets that initiate execution, particularly when /vendor folders are publicly accessi...

A significant use-after-free vulnerability has been identified in Apple’s iOS and macOS products, impacting versions prior to the latest updates. This flaw arises due to improper memory management, allowing maliciously crafted web content to trigger arbitrary code execution. Apple has acknowledge...

An OS Command Injection vulnerability exists in Ivanti Sentry versions before R10.5.2, R10.6.2, and R10.7.1, allowing an unauthenticated remote attacker to execute arbitrary commands with root privileges. This high-risk vulnerability could potentially compromise the integrity and security of the ...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...

A vulnerability exists in Arista EOS that affects devices with tunnel decapsulation configurations, such as VXLAN and GRE. The issue arises when the switch fails to verify the tunnel protocol type during the decapsulation process, allowing it to incorrectly process and forward unexpected tunneled...

A vulnerability present in the CLI of multiple Cisco Catalyst SD-WAN products allows an authenticated local attacker with netadmin privileges to execute arbitrary commands as the root user. This flaw arises from inadequate validation of user-supplied input, enabling an attacker to upload a specia...

An out of bounds read and write vulnerability exists in the V8 engine of Google Chrome prior to version 149.0.7827.103, allowing remote attackers to execute arbitrary code within a sandbox environment by utilizing a specially crafted HTML page. This vulnerability poses a significant risk, as it c...

The Discord Client contains a local privilege escalation vulnerability that enables local attackers to gain elevated privileges by exploiting the discord_rpc module. By triggering this vulnerability, an attacker with access to execute low-privileged code can manipulate the application's file load...

A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...

Multiple versions of Drupal, including those prior to 7.58 and various 8.x releases, are susceptible to a vulnerability that permits remote attackers to execute arbitrary code. This exploit takes advantage of configuration flaws in several subsystems, particularly those using default or common mo...

GLPI, a widely used asset and IT management software, is susceptible to SQL injection due to vulnerabilities in its Computer Virtual Machine form and inventory request feature. This flaw allows attackers to manipulate database queries, potentially compromising sensitive data. Users are encouraged...

A potential vulnerability exists in the ServiceNow AI Platform, which may allow an unauthenticated user to execute arbitrary code in the ServiceNow Sandbox under specific conditions. ServiceNow has released security updates to address this issue for both hosted and self-hosted customers. Users ar...

The IO::Compress module for Perl is vulnerable to arbitrary code execution due to its handling of user-supplied output glob strings. When the _parseOutputGlob() method wraps these strings in double quotes, it can inadvertently allow an attacker to inject Perl code. The vulnerability resides in th...

SolarWinds Serv-U is vulnerable to a denial of service attack in which specially crafted POST requests can crash the Serv-U service without requiring authentication. This vulnerability arises from the handling of the Content-Encoding: deflate header, which can lead to service disruption. Users ar...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...

A vulnerability has been identified in MediaTek Modem due to a missing bounds check, resulting in a possible out of bounds write. This flaw allows for remote code execution if an unwitting user connects to a malicious base station operated by an attacker. No local execution privileges or user int...

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to ...

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 m...

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

The Mirasvit Full Page Cache Warmer, specifically for Magento 2, is susceptible to a PHP object injection flaw that permits unauthenticated attackers to execute arbitrary code. This vulnerability arises from an unrestricted invocation of PHP's native unserialize() function when handling malformed...

The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any fil...

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks ...

The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user (incl...

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection