Publicly Disclosed
PoC Exploits

An improper input insertion vulnerability within the AiCloud feature of specific ASUS router models has been identified. This flaw can potentially allow an attacker to execute arbitrary commands on the affected devices, which poses a significant security risk. Users of ASUS routers are encouraged...

EspoCRM, an open source customer relationship management application, is vulnerable to a stored HTML injection. This vulnerability affects versions 9.3.3 and earlier, allowing authenticated users with standard privileges to inject malicious HTML code into system-generated email notifications. The...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the omec-project amf software affecting versions up to 2.1.1. This issue resides in the NGAP Message Handler component, where improper handling of inputs can lead to memory corruption. Attackers may exploit this flaw remotely, potentially compromising the in...

A command injection vulnerability exists in the D-Link DIR-816 router due to improper handling of the 'ip_address' parameter in the portForward function. This flaw allows remote attackers to execute arbitrary commands on the device, potentially leading to unauthorized access and control. With the...

A vulnerability has been identified in Apache Tomcat that arises from missing encryption mechanisms for sensitive data, which could lead to data exposure. This issue was introduced as a result of the fix for another vulnerability, allowing the EncryptInterceptor to be bypassed. Users running vers...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

A security vulnerability has been identified in the D-Link DIR-816 router, particularly within the function sub_445E7C located in /goform/singlePortForward. This vulnerability allows an attacker to manipulate the 'ip_address' argument, leading to remote command injection attacks. Due to its publi...

A command injection vulnerability has been discovered in the D-Link DIR-816 router, specifically within the sub_445E7C function of the /goform/formDMZ.cgi file. This weakness allows an attacker to manipulate commands remotely, making it possible to execute arbitrary code. The exploit has been pub...

A vulnerability has been identified in inkeep agents version 0.58.14, specifically within the createDevContext function of the runAuth.ts file in the runAuth Middleware component. This flaw allows an attacker to perform an authentication bypass via an alternate channel, potentially exposing sensi...

A security vulnerability exists in jishenghua's jshERP prior to version 3.6. This vulnerability affects the getUserByWeixinCode function within the UserService.java component of the updatePlatformConfigByKey endpoint. An attacker can manipulate the weixinUrl argument, enabling the execution of a ...

A weakness has been identified in aiwaves-cn agents, specifically within the 'recall_relevant_memories_to_working_memory' function of the 'stray_cat.py' file in the 'cheshire_cat_core' component. This vulnerability can lead to significant resource exhaustion if exploited, allowing attackers to co...

A security flaw in VectifyAI PageIndex has been identified within the PDF Table of Contents Handler, specifically in the toc_transformer function of page_index.py. This vulnerability allows an attacker to exploit the software remotely, triggering an infinite loop that disrupts normal operations. ...

Bitwarden Server versions prior to v2026.4.1 contain a critical flaw that allows authenticated users with SCIM management privileges to bypass the re-authentication requirement when accessing or rotating an organization's SCIM API key. This vulnerability enables unauthorized retrieval of sensitiv...

A vulnerability in Bitwarden Server versions prior to v2026.4.0 allows a provider service user to exploit a missing authorization mechanism. This flaw enables the user to add an arbitrary organization to their provider through a specific API endpoint, effectively taking over the target organizati...

A vulnerability in Bitwarden Server prior to v2026.4.1 allows any authenticated user to exploit a missing authorization check. By sending an empty `collections` array in a request to `POST /ciphers/import-organization`, attackers can bypass the server-side permission validation. This flaw enables...

A vulnerability has been identified in OpenClaw's Bluebubbles Webhook component, specifically in the handleBlueBubblesWebhookRequest function located in monitor.ts. This flaw can allow unauthorized access due to improper authentication mechanisms. Remote attackers may exploit this vulnerability, ...

A security flaw has been identified in the Open5GS framework, affecting versions up to 2.7.7. The vulnerability resides in the function yuarel_parse within the NRF component's library /lib/sbi/conv.c. Attackers can exploit this weakness by manipulating the hnrf-uri argument, potentially leading t...

The Contact Form by Supsystic plugin for WordPress is susceptible to a Server-Side Template Injection (SSTI) vulnerability that may lead to Remote Code Execution (RCE). This exposure affects all versions up to and including 1.7.36. The flaw arises from the plugin's integration of the Twig `Twig_L...

A vulnerability exists in the Linux kernel that concerns the handling of shared skb fragments during the decryption process in ESP-in-UDP packets. When pages are attached from a pipe directly to an skb using MSG_SPLICE_PAGES, the kernel marked these SKBs with SKBFL_SHARED_FRAG, which plays a cruc...

A vulnerability has been discovered in Open5GS versions up to 2.7.7, specifically within the ogs_nnrf_nfm_handle_nf_profile function in the NRF component's lib/sbi/nnrf-handler.c file. This issue allows for a remote attacker to cause a denial of service, potentially disrupting service availabilit...

A security flaw has been identified in the Open5GS SMF component, specifically in the smf_nsmf_handle_update_data_in_vsmf function within /src/smf/nsmf-handler.c. This vulnerability allows for remote exploitation, potentially leading to a denial of service condition. Attackers can leverage this i...

A vulnerability in Open5GS affects the SMF component, particularly the smf_nsmf_handle_update_data_in_vsmf function. This vulnerability arises from improper handling of the qosFlowProfile argument, leading to potential denial of service attacks. The exploitation can be conducted remotely, and pub...

A denial of service vulnerability has been identified in Open5GS software up to version 2.7.7. Specifically, the issue resides in the function gsm_handle_pdu_session_modification_qos_flow_descriptions located in the file src/smf/gsm-handler.c. By manipulating the argument n1SmMsg, an attacker can...

The Spring Framework MVC is susceptible to a Path Traversal Vulnerability when deployed on certain Servlet containers that do not adhere to compliance norms. The vulnerability arises when applications deployed as WAR files or with embedded Servlet containers accept unvalidated input leading to fi...

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

The Custom CSS-JS-PHP WordPress plugin prior to version 2.0.7 contains a vulnerability that allows attackers to inject malicious SQL code due to inadequate input sanitization. This flaw enables unauthenticated users to execute arbitrary PHP code on the server by passing unverified data to an eval...

The Airoha Bluetooth audio SDK contains a vulnerability that enables a permission bypass, granting unauthorized access to sensitive data associated with the RACE protocol via Bluetooth LE GATT service. This flaw allows potential escalations in privilege without requiring additional execution priv...

An integer coercion error has been identified in the MySQL Server component of Bettercap, affecting versions up to 2.41.5. This vulnerability can be exploited remotely, presenting a complex challenge for potential attackers. The flaw resides in the 'modules/mysql_server/mysql_server.go' file, whi...

A vulnerability has been identified in Bettercap's Zerogod IPP Service, specifically within the ippReadChunkedBody function in the zerogod_ipp_primitives.go file. This issue allows for potential exploitation through a remote attack that manipulates data, leading to an integer coercion error. The ...

A security vulnerability has been identified in Npitre cramfs-tools versions up to 2.1, specifically within the do_directory function in cramfsck.c. This issue allows local attackers to manipulate the path and access restricted directories through path traversal exploits. The problem has been pub...

A security flaw has been identified in the D-Link DNS-320, specifically in the /cgi-bin/webfile_mgr.cgi file management functionalities. This vulnerability allows attackers to perform OS command injection, enabling unauthorized remote manipulation of file operations such as delete, rename, copy, ...

A significant vulnerability has been found in the D-Link DNS-320 ShareCenter NAS, particularly in the network_mgr.cgi script. This vulnerability allows remote attackers to inject operating system commands via specific parameters in multiple CGI functions. Given that the exploit is already publicl...

A vulnerability exists in Open5GS up to version 2.7.7 within the SMF component's ogs_nas_parse_qos_rules function. An attacker can remotely exploit this flaw through crafted inputs, resulting in denial of service. The issue has been publicly disclosed, highlighting significant risks for users and...

A vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the SMF component in the function smf_nsmf_handle_create_sm_context. This vulnerability allows for manipulation that can lead to a denial of service, enabling remote exploitation. Despite being reported early...

A vulnerability in Open5GS’s SMF component, specifically within the OpenAPI_list_create function, allows a remote attacker to execute a denial of service attack. This issue has been disclosed publicly, making affected installations potentially vulnerable to disruptions. The Open5GS project was no...

A vulnerability has been identified in Open5GS versions up to 2.7.7, specifically in the SMF component's function smf_nsmf_handle_created_data_in_vsmf. This flaw allows attackers to initiate remote denial of service attacks, disrupting the service's functionality. Despite being reported, there ha...

A vulnerability exists in Open5GS versions up to 2.7.7, specifically in the gsm_build_pdu_session_establishment_accept function located in /src/smf/gsm-build.c. This flaw allows an attacker to remotely exploit the vulnerability, resulting in a denial of service. Despite initial reporting to the p...

A vulnerability exists within the Android kernel's binder subsystem, where improper locking in the binder_release_work function can result in a use-after-free condition. This flaw enables a local attacker to escalate their privileges on the device without requiring any additional execution permis...

A security vulnerability has been identified in the Tenda AC6 router firmware version 15.03.06.23, specifically in the get_log_file function of the httpd component. This issue arises from improper handling of the 'wans.flag' argument, which can lead to OS command injection attacks. Malicious acto...

A vulnerability has been discovered in the Tenda AC6 router affecting firmware version 15.03.06.23. Specifically, the flaw resides within the formWifiApScan function located in the httpd component of the router's software. By manipulating the wl2g.public.country or wl5g.public.country arguments, ...

A security flaw exists in the Tenda AC6 router's firmware version 15.03.06.49_multi_TDE01, specifically in the functionality associated with the fromSetWirelessRepeat function. This vulnerability allows for OS command injection through manipulation of the mac/ssid parameters within the /goform/Wi...

A vulnerability in Devs Palace ERP Online versions up to 4.0.0 allows attackers to execute arbitrary JavaScript code via an inadequate validation mechanism in the /accounts/chart-save endpoint. This flaw can be exploited remotely and poses a risk for users as it enables the injection of malicious...

A vulnerability affecting Squirrel versions up to 3.2 is identified, stemming from issues in the SQFunctionProto::Load function located in the squirrel/sqobject.cpp file. This vulnerability enables a heap-based buffer overflow, which can be triggered through local execution. Publicly disclosed ex...

A buffer overflow vulnerability affects the D-Link DCS-935L camera models running firmware versions up to 1.10.01. The flaw exists in the SetDeviceSettings function of the HNAP Service, located at /web/cgi-bin/hnap/hnap_service. This vulnerability enables an attacker to manipulate the AdminPasswo...

A vulnerability has been discovered in the Tenda AC6 router affecting the HTTP daemon component, specifically within the '/goform/telnet' function. This issue arises from improper handling of the 'lan.ip' argument, which can lead to OS command injection. Attackers can exploit this vulnerability r...

A vulnerability has been identified in the Squirrel library, particularly affecting versions up to 3.2. This flaw exists within the 'validate_format' function located in 'sqstdlib/sqstdstring.cpp'. An attacker with local access can manipulate this function, leading to a stack-based buffer overflo...

A vulnerability in WebAssembly Binaryen's BrOn Parser has been identified, which can lead to a Denial of Service condition. Specifically, the issue lies within the function IRBuilder::makeBrOn in the wasm-ir-builder.cpp file. Manipulation of this function could trigger a reachable assertion failu...

A significant vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the SMF component's function smf_nsmf_handle_create_data_in_hsmf. This issue allows attackers to exploit a null pointer dereference, which can lead to denial of service. Importantly, this vulnerab...

A denial of service vulnerability has been identified in the Open5GS SMF, specifically in the function update_authorized_pcc_rule_and_qos located in the file /src/smf/npcf-handler.c. This vulnerability allows an attacker to disrupt the service functionality remotely by performing manipulation on ...