Publicly Disclosed
PoC Exploits

An issue in the ASUS DriverHub update process stems from incorrect permission assignments, which can lead to privilege escalation. During the validation phase of the update process, inadequate protection of critical execution resources allows a local user to modify these resources without appropr...

A vulnerability has been identified in Apache Tomcat that arises from missing encryption mechanisms for sensitive data, which could lead to data exposure. This issue was introduced as a result of the fix for another vulnerability, allowing the EncryptInterceptor to be bypassed. Users running vers...

MikroORM, a TypeScript Object-Relational Mapper for Node.js, has a vulnerability that can lead to SQL injection. This issue arises when specially crafted objects are treated as raw SQL fragments, potentially allowing attackers to manipulate database queries. The vulnerability has been addressed i...

A potential vulnerability was identified in Lenovo Diagnostics and its associated HardwareScanAddin used in the Lenovo Vantage application. This flaw may allow a local authenticated user to write arbitrary files with elevated privileges during installation or when executing a hardware scan, poten...

A vulnerability in Roundcube Webmail prior to version 1.5.10 and 1.6.x before 1.6.11 allows authenticated users to exploit the _from parameter in the URL. This issue arises from a lack of validation in program/actions/settings/upload.php, leading to the potential for PHP Object Deserialization at...

A privilege escalation vulnerability was identified in the Below service prior to version 0.9.0. This vulnerability arises from the creation of a world-writable directory located at /var/log/below. As a result, local unprivileged users can exploit this flaw through symlink attacks, potentially ma...

The XWiki Platform is vulnerable due to improper handling of inputs, allowing unauthenticated users to execute arbitrary code via the `SolrSearch` endpoint. This can result in significant breaches of confidentiality, integrity, and availability of the XWiki installation. Users are encouraged to u...

A vulnerability exists in InvokeAI versions 5.3.1 through 5.4.2, allowing remote code execution through the /api/v2/models/install endpoint. This vulnerability is due to the unsafe deserialization of model files with torch.load, lacking proper validation of input data. Attackers can exploit this ...

Adobe Acrobat Reader is impacted by a Prototype Pollution vulnerability that allows attackers to execute arbitrary code within the context of the current user. This flaw is triggered only when a user interacts with a malicious file, making user awareness essential. It is crucial for users to keep...

OpenPrinting CUPS, an open-source printing system utilized across various Linux and Unix-like operating systems, is subject to a critical vulnerability that allows an authentication bypass. Specifically, in versions 2.4.12 and earlier, if the `AuthType` is set to anything other than `Basic`, the ...

A vulnerability exists in Moodle that stems from an input validation error occurring during the importation of lesson questions. This flaw allows for insufficient path checks, which can lead to arbitrary file reading via directory traversal attacks. It is important to note that access to this fea...

An OS command injection vulnerability exists in Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw arises from improper neutralization of special elements used in operating system commands. An attacker can exploit this vulnerability to execute unauthorized commands, potentially comprom...

The ProcessWire CMS versions 3.0.255 and earlier are susceptible to a server-side request forgery (SSRF) vulnerability found in the admin panel's 'Add Module From URL' feature. Authenticated administrators can input arbitrary URLs in the module download parameter, resulting in the server making u...

The CVE-2024-26229 vulnerability in the Windows CSC Service is being exploited with proof-of-concept (PoC) exploit code available on GitHub. This high-severity vulnerability could allow attackers to gain SYSTEM privileges on a Windows system, posing a significant risk. This type of elevation of p...

A local privilege escalation vulnerability exists within the pkexec utility of polkit, a setuid tool that allows unprivileged users to execute commands as privileged users based on predetermined policies. Due to insufficient handling of the calling parameters, pkexec can misinterpret environment ...

A vulnerability has been identified in Apache Tomcat that arises from missing encryption mechanisms for sensitive data, which could lead to data exposure. This issue was introduced as a result of the fix for another vulnerability, allowing the EncryptInterceptor to be bypassed. Users running vers...

A vulnerability has been identified in Apache Tomcat that arises from missing encryption mechanisms for sensitive data, which could lead to data exposure. This issue was introduced as a result of the fix for another vulnerability, allowing the EncryptInterceptor to be bypassed. Users running vers...

The WPvivid Backup & Migration plugin for WordPress is susceptible to an unauthenticated arbitrary file upload vulnerability due to improper error handling in the RSA decryption process and inadequate path sanitization during file uploads. This allows malicious attackers to exploit the system by ...

The WPExperts Post SMTP plugin contains an authentication bypass vulnerability that allows attackers to exploit alternate pathways for gaining unauthorized access. This issue affects versions from n/a up to 3.2.0, potentially compromising the security of WordPress installations using this plugin....

A vulnerability has been identified in the Android Framework that allows for potential exposure of sensitive information displayed on the screen. This may occur without the need for user interaction or elevated execution privileges, resulting in local information disclosure risks. The issue arise...

radare2, prior to version 6.1.4, is susceptible to a command injection vulnerability located in the PDB parser's print_gvars() function. This vulnerability allows attackers to execute arbitrary commands by inserting a newline byte into the PE section header name field of a maliciously crafted PDB...

A flaw has been identified in the GB18030 4-byte Decoder function within musl libc, specifically in the iconv implementation located in src/locale/iconv.c. This vulnerability manifests as inefficient algorithmic complexity that can be exploited through localized interactions. Attackers can manipu...

The Axios library, a popular promise-based HTTP client used in web applications and Node.js, has a significant vulnerability that enables a 'Gadget' attack chain. This flaw allows Prototype Pollution to exploit third-party dependencies, leading to potential Remote Code Execution (RCE). Attackers ...

The Axios library, a popular promise-based HTTP client used in web applications and Node.js, has a significant vulnerability that enables a 'Gadget' attack chain. This flaw allows Prototype Pollution to exploit third-party dependencies, leading to potential Remote Code Execution (RCE). Attackers ...

Marimo, a reactive Python notebook, exhibits a significant security vulnerability prior to version 0.23.0. The terminal WebSocket endpoint (/terminal/ws) allows unauthenticated access, enabling attackers to gain a complete pseudo-terminal shell and execute arbitrary commands on the host system. U...

A critical security flaw exists in the Nocobase plugin-workflow-javascript up to version 2.0.23. The vulnerability arises from the createSafeConsole function in the Vm.js file, where improper handling potentially allows attackers to exploit the sandbox environment. This issue facilitates remote c...

In versions of HummerRisk up to 1.5.0, a server-side request forgery (SSRF) vulnerability was discovered in the ServerService.addServer function within the ServerService.java file. This security flaw enables remote exploitation by manipulating the streamIp argument during server operations. As a ...

A command injection vulnerability exists in aandrew-me ytDownloader versions up to 3.20.2, specifically affecting the child_process.exec function in src/compressor.js. This vulnerability allows malicious users to execute arbitrary commands on the local system. Although the attack must be executed...

Flowise, a user-friendly platform for creating customized large language model flows, has a significant vulnerability in version 3.0.5 that allows for remote code execution. The flaw lies within the CustomMCP node, where user input is inadequately sanitized. Specifically, the mcpServerConfig stri...

A cross site scripting vulnerability exists in the 'createTextNode' function of the Error Details Panel in the aandrew-me ytDownloader, affecting versions up to 3.20.2. This flaw enables remote attackers to execute arbitrary scripts that may compromise user data or session information. The weakne...

A security flaw exists in the Code-Projects Easy Blog Site version 1.0, particularly within the 'post.php' file. This vulnerability allows attackers to exploit an unknown function by manipulating the 'tags' argument, resulting in SQL injection attacks. The nature of the flaw enables remote exploi...

A vulnerability was discovered in the CodeAstro Online Job Portal 1.0, specifically targeting the Delete Job Posting Handler component. The issue arises from improper access controls within the job-delete.php file. By manipulating the ID parameter, an attacker can potentially bypass security meas...

A vulnerability exists in the Tenda F456 router, specifically within the function 'formwebtypelibrary' located in the file '/goform/webtypelibrary'. This weakness is attributed to a stack-based buffer overflow caused by improper handling of the 'menufacturer/Go' argument. The vulnerability can be...

A stack-based buffer overflow vulnerability has been identified in the Tenda F456 router, specifically within the 'fromqossetting' function of the /goform/qossetting file. This vulnerability allows for remote exploitation, where an attacker can manipulate the 'page' argument, potentially leading ...

A security flaw has been identified in the Tenda F456 router version 1.0.0.5, specifically in the fromNatStaticSetting function located in the /goform/NatStaticSetting file. This vulnerability allows for remote exploitation through the manipulation of the argument 'page', resulting in a stack-bas...

A security vulnerability has been identified in the Tenda F456 version 1.0.0.5, targeting the formWrlsafeset function within the /goform/AdvSetWrlsafeset file. Manipulating the 'mit_ssid' argument can lead to a stack-based buffer overflow, potentially allowing remote attackers to exploit the weak...

A stack-based buffer overflow vulnerability has been identified in the Tenda F456 router, specifically within the fromexeCommand function of the /goform/exeCommand file. This flaw can be exploited remotely by manipulating the cmdinput argument, potentially allowing unauthorized access or control ...

A vulnerability has been identified in the Totolink A7100RU router, specifically within the function setPasswordCfg located in the CGI Handler component. This weakness allows an attacker to inject operating system commands through manipulation of the admpass argument. The exploitation can be perf...

A vulnerability in the Totolink A3002MU model, specifically in the HTTP Request Handler function sub_410188, has been identified. This weakness is triggered through an improper manipulation of the wan-url argument, resulting in a stack-based buffer overflow. This type of vulnerability allows for ...

A vulnerability has been identified in the PHPGurukul Daily Expense Tracking System version 1.1, specifically within the /register.php file. This flaw allows attackers to manipulate the 'email' argument, potentially leading to SQL injection attacks. The nature of the vulnerability enables remote ...

The uclouvain OpenJPEG library is susceptible to an integer overflow vulnerability within the function opj_pi_initialise_encode located in src/lib/openjp2/pi.c. This local attack can lead to unauthorized manipulation and exploitation of the library's functionality. It is crucial for users to be a...

A SQL injection vulnerability was found in itsourcecode's Construction Management System version 1.0, specifically within the handling of the 'Name' argument in the /equipments.php file. This flaw allows attackers to manipulate input parameters, leading to unauthorized database access and the pot...

A vulnerability exists in version 1.0 of the itsourcecode Construction Management System, specifically located in the file /employees.php. An attacker can exploit this vulnerability remotely by manipulating the 'Name' argument, leading to SQL injection. This security flaw allows unauthorized acce...

A security flaw has been identified in the SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the /ajax.php?action=login endpoint. The improper handling of the 'Username' parameter could allow attackers to execute SQL injection attacks remotely. This vulnerability has bee...

A vulnerability has been identified in the SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the /ajax.php?action=delete_sales function. This flaw allows remote attackers to manipulate parameters, leading to SQL injection. Attackers exploiting this weakness can perform u...

A vulnerability exists within the SourceCodester Pharmacy Sales and Inventory System 1.0 that allows for SQL injection through the manipulation of the ID argument in the /ajax.php?action=chk_prod_availability file. This security flaw could be exploited remotely, allowing attackers to execute unau...

A serious security issue exists within the UTT HiPER 1200GW, specifically in the strcpy function located in the /goform/formNatStaticMap file. This vulnerability can be exploited remotely through manipulation of the NatBind argument, leading to a buffer overflow that may compromise system integri...

A vulnerability exists in version 1.0 of Code-Projects' Simple Content Management System, specifically within the /web/admin/welcome.php file. By manipulating the 'News Title' argument, attackers can exploit this weakness to execute cross-site scripting attacks. Such exploits can be executed remo...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A security vulnerability has been identified in the Simple Content Management System 1.0 developed by Code-Projects. This flaw arises from improper handling of input parameters in the file /web/index.php, leading to SQL injection risks. Attackers may manipulate the argument ID, enabling them to e...