Publicly Disclosed
PoC Exploits

An improperly validated quantity input vulnerability in Slider Pro for WooCommerce by ShapedPlugin, LLC can allow attackers to implant malicious software. This flaw affects versions prior to 3.5.4, enabling potential exploitation through unauthorized code execution.

A server-side request forgery vulnerability exists in Microsoft Exchange Server, allowing an authorized attacker to craft requests that could lead to unauthorized access and privilege escalation within the network. This makes it crucial for organizations using Microsoft Exchange to apply the nece...

The Cornerstone WordPress plugin prior to version 7.8.9 has a flaw in its REST API routes, failing to enforce capability checks. This oversight allows any authenticated user to access metadata belonging to other users, potentially exposing sensitive information such as user roles, session token p...

The Cornerstone Page Builder plugin for WordPress prior to version 7.8.8 has a significant vulnerability due to a lack of enforced capability checks on a specific CSS-preview request handler. This flaw permits any logged-in user to access the nonce required for making requests, making it possible...

The Site Kit by Google WordPress plugin prior to version 1.176.0 contains a vulnerability that fails to adequately restrict a REST API write endpoint. This flaw allows users with lower privileges, such as Editors, who have been granted access to dashboard sharing, to modify site-wide settings tha...

The Post Duplicator WordPress plugin, prior to version 3.0.15, exhibits a security flaw that inadequately manages custom meta-data during post duplication processes. This oversight allows an attacker with Contributor-level access or higher to inject serialized PHP objects. By bypassing the WordPr...

The Shapedsmart-post-show-pro, Real Testimonials Pro, and Product Slider for WooCommerce Pro WordPress plugins have been compromised through a vendor's update server, allowing attackers to inject malicious code. This vulnerability enables unauthenticated users to execute a second-stage payload ca...

The AI Share & Summarize plugin for WordPress prior to version 2.0.4 has a significant security flaw, where it fails to properly sanitize and escape certain shortcode attributes prior to displaying them on web pages. This oversight allows users with contributor roles and above to execute Stored C...

Nextcloud, a popular open-source content collaboration platform, has been identified with a vulnerability related to missing signature verification in its User OIDC implementation. This flaw allows a malicious ID4me authority to impersonate any user, potentially leading to unauthorized access and...

A heap-based buffer overflow vulnerability in Microsoft Windows DNS can allow unauthorized attackers to execute arbitrary code remotely over the network. This can lead to potential data breaches and unauthorized access to sensitive information. Organizations are strongly encouraged to apply secur...

A vulnerability exists in Pivotal CRM version 6.6.04.08 that permits remote attackers to execute arbitrary code by manipulating components such as Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll. This flaw can compromise the integrity and confidentiality of the applicati...

MuPDF, a document rendering software, is vulnerable due to an uncontrolled recursion issue in its EPUB CSS rendering engine. This vulnerability allows remote attackers to exploit deeply nested HTML elements and inline CSS styles in specially crafted EPUB files. By triggering this vulnerability, a...

A vulnerability in the Windows Kernel allows an authorized attacker to exploit an untrusted pointer dereference, potentially enabling them to gain higher privileges on the affected system. This could lead to unauthorized access to sensitive data and administrative functionalities. It's critical f...

An out-of-bounds write vulnerability in Samsung's SveService prior to SMR May-2026 Release 1 allows local privileged attackers to exploit the flaw and execute arbitrary code. This security issue highlights the importance of promptly applying updates and securing environments against potential una...

An SQL injection vulnerability exists in The Events Calendar plugin developed by Liquid Web and StellarWP, allowing for unauthorized access to the database through specifically crafted SQL commands. This can lead to sensitive data exposure or manipulation, impacting the integrity and security of ...

The Simple Basic Contact Form plugin for WordPress, up to version 20250114, is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. This issue arises from inadequate escaping of user-supplied input, which can be exploited by unauthenticated attackers. By crafting malicious links o...

The Infility Global WordPress plugin prior to version 2.15.20 is susceptible to SQL injection due to improper sanitization and validation of input parameters in its admin page callbacks. This vulnerability allows authenticated users with Editor-level access or higher to manipulate SQL queries thr...

The Frontend File Manager Plugin for WordPress prior to version 23.6 has a security flaw that fails to properly sanitize and escape filenames submitted via the frontend file-rename endpoint. This oversight allows for the potential injection of malicious scripts. As a result, a user with Subscribe...

The Frontend File Manager Plugin for WordPress has a critical flaw in its nonce verification process on the file download handler. This weakness allows unauthorized users to download any files uploaded by users utilizing the plugin. Attackers can leverage this vulnerability by manipulating file i...

The Infility Global WordPress plugin, prior to version 2.15.19, is susceptible to a SQL Injection vulnerability caused by insufficient parameter sanitization and escaping. This flaw allows authenticated users with Subscriber-level access or higher to manipulate SQL queries, which could lead to un...

A deserialization vulnerability has been identified in the IPC module by Huawei, which may compromise the availability of the affected systems. This issue arises from improper handling of serialized data, allowing unauthorized access or manipulation. Exploiting this vulnerability could lead to si...

The WP Activity Log plugin for WordPress versions up to 5.6.3.1 is susceptible to an unauthenticated PHP Object Injection vulnerability. This flaw allows attackers to exploit the application by injecting malicious PHP objects, potentially leading to undesirable operations on the system. As a resu...

The Semantic Kernel Python SDK from Microsoft contains a flaw within the `InMemoryVectorStore` filter functionality that may allow an attacker to execute arbitrary code remotely. This vulnerability impacts versions of the SDK released prior to 1.39.4. Users are strongly advised to upgrade to vers...

Gophish version 0.12.1 exhibits a denial of service vulnerability that allows authenticated users with limited access (User role) to overwhelm server resources. By uploading a specially crafted Office document as an email template attachment, an attacker can exploit the ApplyTemplate() function. ...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

A vulnerability in the SP Page Builder for Joomla permits unauthenticated users to upload arbitrary files. This weakness can lead to the execution of PHP code, presenting significant security risks for Joomla websites using this extension.

A vulnerability in the Linux kernel affects the handling of shared-frag markers during packet coalescing. Specifically, the function skb_try_coalesce() can improperly transfer ownership of page-backed fragments without preserving the shared-frag marker. This loss can disrupt later processing, not...

The Bytes utility library, utilized for byte manipulation, is susceptible to an integer overflow issue. This vulnerability arises from the BytesMut::reserve function, where an unchecked addition could lead to an incorrect capacity assignment. When the allocated capacity is exceeded during certain...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The Advanced Linux Sound Architecture (ALSA) library prior to version 1.2.16.1 is susceptible to a double-free vulnerability located in the parse_def() function within src/conf.c. This vulnerability enables attackers to manipulate memory by providing specially crafted ALSA configuration files. Du...

The Gravity SMTP plugin for WordPress contains a vulnerability that allows unauthenticated visitors to access sensitive system configuration data through a REST API endpoint. Specifically, the endpoint at /wp-json/gravitysmtp/v1/tests/mock-data can be exploited due to a permission callback that a...

n8n, an open-source workflow automation platform, has a Remote Code Execution vulnerability affecting specific versions. Authenticated users can inadvertently supply expressions that, under certain circumstances, are evaluated in a context insufficiently isolated from the runtime. This flaw enabl...

The SP LMS component (com_splms) version prior to 4.1.4 by JoomShaper contains a vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. This issue arises from the unsanitized deserialization of user-controlled cookie data, posing significant security risks fo...

The Shahjada Download Manager is affected by a missing authorization vulnerability that allows attackers to exploit incorrectly configured access control security levels. This issue enables unauthorized users to gain access to restricted functionality, potentially leading to data exposure or furt...

The Transbank Webpay plugin for WordPress, prior to version 1.14.0, exposes a vulnerability due to improper sanitization and escaping of logs. This flaw allows unauthenticated attackers to execute Stored XSS attacks, potentially compromising the accounts of logged-in administrators. Such vulnerab...

The Motors WordPress plugin, prior to version 1.4.110, is susceptible to a security issue that lacks sufficient authorization and Cross-Site Request Forgery (CSRF) safeguards within one of its AJAX functions. This flaw allows unauthenticated attackers to manipulate arbitrary post metadata, which ...

The Vitepos WordPress plugin prior to version 3.4.2 contains a vulnerability that fails to adequately restrict user roles during the creation of new users via its REST API endpoints. This oversight permits authenticated users assigned with custom roles to elevate their permissions to that of an a...

The Pie Register WordPress plugin prior to version 3.8.4.10 contains a security flaw that stems from insufficient randomness in its account verification token generation. This weakness allows attackers without authorization to predict valid tokens. Consequently, they can activate accounts without...

The Ultimate WooCommerce Auction Pro WordPress plugin versions up to 2.4.5 are susceptible to a Reflected Cross-Site Scripting vulnerability. This flaw arises due to improper handling of user input, allowing any attacker to craft a malicious link that, when accessed by high-privilege users such a...

The Ultimate WooCommerce Auction Pro plugin for WordPress before version 2.4.5 is vulnerable to reflected cross-site scripting (XSS). This vulnerability allows attackers to inject malicious scripts through unsanitized user input, specifically targeting the output displayed on the web page. As a r...

This vulnerability allows an application to perform out-of-bounds read operations, potentially leading to unexpected system termination or unauthorized access to kernel memory. Apple has resolved this issue in the latest updates for its operating systems, enhancing their security by implementing ...

A significant security flaw has been identified in the Autobrowse Trace Artifact Handler component of Browserbase, affecting versions prior to 20260526. The issue involves incorrect default permissions, which could potentially allow unauthorized access or manipulation of sensitive files. This vul...

A significant security flaw has been identified in the Autobrowse Trace Artifact Handler component of Browserbase, affecting versions prior to 20260526. The issue involves incorrect default permissions, which could potentially allow unauthorized access or manipulation of sensitive files. This vul...

An infinite loop vulnerability exists in the pypdf library for Python, affecting versions prior to 6.6.2. An attacker can exploit this vulnerability by crafting a specially designed PDF file that triggers an infinite loop when accessing outlines or bookmarks. This can lead to unresponsive behavio...

The n8n workflow automation platform has a vulnerability in versions ranging from 1.65.0 to just below 1.121.0, which allows potential attackers to exploit specific form-based workflows. This flaw can enable unauthorized remote access to sensitive files on the underlying server, posing a signific...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in Git that affects how configuration values are read and written, particularly regarding trailing carriage returns. When a submodule path includes a trailing carriage return, it is altered when read back, which can cause the submodule to be checked out to an incorrect loca...

The Sudo software, prior to version 1.9.17p1, contains a vulnerability that enables local users to gain root access through improper handling of configuration files. Specifically, when the optional --chroot command is used, the software incorrectly processes the /etc/nsswitch.conf file from a use...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A stack overflow vulnerability exists in the wanMTU parameter of the /goform/AdvSetMacMtuWan endpoint in Tenda AC9 router version 1.0 V15.03.05.14_multi. This vulnerability could allow an attacker to execute arbitrary code remotely, potentially leading to unauthorized access and control over the ...