Publicly Disclosed
PoC Exploits

A critical security flaw exists in the Nocobase plugin-workflow-javascript up to version 2.0.23. The vulnerability arises from the createSafeConsole function in the Vm.js file, where improper handling potentially allows attackers to exploit the sandbox environment. This issue facilitates remote c...

In versions of HummerRisk up to 1.5.0, a server-side request forgery (SSRF) vulnerability was discovered in the ServerService.addServer function within the ServerService.java file. This security flaw enables remote exploitation by manipulating the streamIp argument during server operations. As a ...

A command injection vulnerability exists in aandrew-me ytDownloader versions up to 3.20.2, specifically affecting the child_process.exec function in src/compressor.js. This vulnerability allows malicious users to execute arbitrary commands on the local system. Although the attack must be executed...

A cross site scripting vulnerability exists in the 'createTextNode' function of the Error Details Panel in the aandrew-me ytDownloader, affecting versions up to 3.20.2. This flaw enables remote attackers to execute arbitrary scripts that may compromise user data or session information. The weakne...

A security flaw exists in the Code-Projects Easy Blog Site version 1.0, particularly within the 'post.php' file. This vulnerability allows attackers to exploit an unknown function by manipulating the 'tags' argument, resulting in SQL injection attacks. The nature of the flaw enables remote exploi...

A vulnerability was discovered in the CodeAstro Online Job Portal 1.0, specifically targeting the Delete Job Posting Handler component. The issue arises from improper access controls within the job-delete.php file. By manipulating the ID parameter, an attacker can potentially bypass security meas...

A vulnerability exists in the Tenda F456 router, specifically within the function 'formwebtypelibrary' located in the file '/goform/webtypelibrary'. This weakness is attributed to a stack-based buffer overflow caused by improper handling of the 'menufacturer/Go' argument. The vulnerability can be...

A stack-based buffer overflow vulnerability has been identified in the Tenda F456 router, specifically within the 'fromqossetting' function of the /goform/qossetting file. This vulnerability allows for remote exploitation, where an attacker can manipulate the 'page' argument, potentially leading ...

A security flaw has been identified in the Tenda F456 router version 1.0.0.5, specifically in the fromNatStaticSetting function located in the /goform/NatStaticSetting file. This vulnerability allows for remote exploitation through the manipulation of the argument 'page', resulting in a stack-bas...

A security vulnerability has been identified in the Tenda F456 version 1.0.0.5, targeting the formWrlsafeset function within the /goform/AdvSetWrlsafeset file. Manipulating the 'mit_ssid' argument can lead to a stack-based buffer overflow, potentially allowing remote attackers to exploit the weak...

A stack-based buffer overflow vulnerability has been identified in the Tenda F456 router, specifically within the fromexeCommand function of the /goform/exeCommand file. This flaw can be exploited remotely by manipulating the cmdinput argument, potentially allowing unauthorized access or control ...

A vulnerability has been identified in the Totolink A7100RU router, specifically within the function setPasswordCfg located in the CGI Handler component. This weakness allows an attacker to inject operating system commands through manipulation of the admpass argument. The exploitation can be perf...

A vulnerability in the Totolink A3002MU model, specifically in the HTTP Request Handler function sub_410188, has been identified. This weakness is triggered through an improper manipulation of the wan-url argument, resulting in a stack-based buffer overflow. This type of vulnerability allows for ...

A vulnerability has been identified in the PHPGurukul Daily Expense Tracking System version 1.1, specifically within the /register.php file. This flaw allows attackers to manipulate the 'email' argument, potentially leading to SQL injection attacks. The nature of the vulnerability enables remote ...

The uclouvain OpenJPEG library is susceptible to an integer overflow vulnerability within the function opj_pi_initialise_encode located in src/lib/openjp2/pi.c. This local attack can lead to unauthorized manipulation and exploitation of the library's functionality. It is crucial for users to be a...

A SQL injection vulnerability was found in itsourcecode's Construction Management System version 1.0, specifically within the handling of the 'Name' argument in the /equipments.php file. This flaw allows attackers to manipulate input parameters, leading to unauthorized database access and the pot...

A vulnerability exists in version 1.0 of the itsourcecode Construction Management System, specifically located in the file /employees.php. An attacker can exploit this vulnerability remotely by manipulating the 'Name' argument, leading to SQL injection. This security flaw allows unauthorized acce...

A security flaw has been identified in the SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the /ajax.php?action=login endpoint. The improper handling of the 'Username' parameter could allow attackers to execute SQL injection attacks remotely. This vulnerability has bee...

A vulnerability has been identified in the SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the /ajax.php?action=delete_sales function. This flaw allows remote attackers to manipulate parameters, leading to SQL injection. Attackers exploiting this weakness can perform u...

A vulnerability exists within the SourceCodester Pharmacy Sales and Inventory System 1.0 that allows for SQL injection through the manipulation of the ID argument in the /ajax.php?action=chk_prod_availability file. This security flaw could be exploited remotely, allowing attackers to execute unau...

A serious security issue exists within the UTT HiPER 1200GW, specifically in the strcpy function located in the /goform/formNatStaticMap file. This vulnerability can be exploited remotely through manipulation of the NatBind argument, leading to a buffer overflow that may compromise system integri...

A vulnerability exists in version 1.0 of Code-Projects' Simple Content Management System, specifically within the /web/admin/welcome.php file. By manipulating the 'News Title' argument, attackers can exploit this weakness to execute cross-site scripting attacks. Such exploits can be executed remo...

A security vulnerability has been identified in the Simple Content Management System 1.0 developed by Code-Projects. This flaw arises from improper handling of input parameters in the file /web/index.php, leading to SQL injection risks. Attackers may manipulate the argument ID, enabling them to e...

A vulnerability has been discovered in the code-projects Simple Content Management System version 1.0, specifically affecting the /web/admin/login.php file. This vulnerability allows attackers to manipulate the User argument, leading to potential SQL injection attacks. The exploit can be executed...

An authenticated remote code execution vulnerability exists in LibreNMS versions prior to 26.3.0, which can be exploited by leveraging the Binary Locations configuration and the Netcommand functionality. Attackers with administrative privileges can exploit this flaw to execute arbitrary commands ...

LibreNMS versions prior to 26.3.0 have a vulnerability that allows authenticated users with administrative privileges to exploit cross-site scripting (XSS) on the showconfig page. This flaw can lead to unauthorized actions being taken against other users accessing the page, as attackers can poten...

A cross-site scripting vulnerability has been identified in the file ui/src/chat.ts of the MdPreview component of the MaxKB product by 1Panel-dev, specifically impacting versions up to 2.4.2. This flaw allows an attacker to execute arbitrary scripts in the context of the user's browser, potential...

A vulnerability has been identified in the TOTOLINK A7000R router, specifically within the function setWiFiEasyGuestCfg located in the /cgi-bin/cstecgi.cgi file. This vulnerability allows an attacker to exploit a stack-based buffer overflow by manipulating the ssid5g argument. Such an exploit pos...

A SQL injection vulnerability has been identified in the Faculty Management System 1.0 from Code-Projects. This flaw exists within the file /subject-print.php, where improper handling of the 'ID' argument can allow remote attackers to manipulate SQL queries. The ability to execute arbitrary SQL c...

A security vulnerability has been found in the Vehicle Showroom Management System version 1.0, specifically within the UpdateVehicleFunction.php file. The issue arises from improper handling of the VEHICLE_ID parameter, which can be exploited via SQL injection. This allows potential attackers to ...

The Product Filter for WooCommerce plugin by WBW prior to version 3.1.3 has a critical flaw where it fails to properly sanitize and escape user inputs before integrating them into SQL statements. This oversight exposes the application to SQL injection attacks, which can be exploited by unauthenti...

The Form Maker by 10Web plugin for WordPress exhibits a vulnerability due to improper preparation of SQL queries when the 'MySQL Mapping' feature is enabled. This flaw could allow attackers to exploit SQL injection attacks under specific conditions, potentially compromising the integrity and secu...

A vulnerability has been discovered in the Vehicle Showroom Management System 1.0, specifically within the '/util/Login_check.php' file. This weakness can be exploited when an attacker manipulates the 'ID' argument, potentially enabling unauthorized SQL queries. The flaw allows remote execution o...

A security vulnerability has been identified in the Lost and Found Thing Management software by code-projects. The flaw resides in the /addcat.php file, where an improper handling of the 'cata' argument allows for SQL injection attacks. This vulnerability can be exploited remotely, enabling attac...

A SQL injection vulnerability exists in the Lost and Found Thing Management 1.0 application, specifically in the /catageory.php file. An attacker can manipulate the 'cat' argument to execute malicious SQL queries, potentially compromising the database. This vulnerability can be exploited remotely...

A cross-site scripting vulnerability exists in the PHPGurukul Company Visitor Management System version 2.0, specifically in the processing of the 'fromdate' parameter within the file /bwdates-reports-details.php. This vulnerability allows an attacker to execute malicious scripts in the context o...

A vulnerability in Simple ChatBox versions up to 1.0 has been identified, specifically in the insert.php file. This security flaw allows attackers to manipulate the 'msg' argument, facilitating SQL injection attacks. These attacks can be executed remotely, posing a significant risk to any systems...

A vulnerability has been detected in the Simple ChatBox 1.0 by Code-Projects, specifically within the SimpleChatbox_PHP function of the chatbox.sql file in the Endpoint component. This flaw allows attackers to remotely expose sensitive file and directory information. The details of this exploit h...

A vulnerability exists in the Simple ChatBox application by Code-Projects, specifically in the insert.php file of its Endpoint component. This issue allows an attacker to manipulate the 'msg' argument, leading to potential cross-site scripting attacks. The exploit can be executed remotely, posing...

A vulnerability exists in the Totolink N300RH wireless router, specifically within the function setUpgradeUboot in the upgrade.so file. An attacker can manipulate the FileName argument, which leads to os command injection. This issue can be exploited remotely, allowing unauthorized access and the...

A buffer overflow vulnerability has been identified in the Totolink A800R router, specifically within the setAppEasyWizardConfig function of the app.so library. The flaw arises from improper handling of the apcliSsid argument, allowing attackers to execute remote exploits that may compromise the ...

A security vulnerability exists in the Totolink A7100RU router, specifically within the setIpQosRules function of the CGI Handler component. The flaw allows an attacker to manipulate the 'Comment' argument, which can lead to OS command injection. This type of attack enables remote exploitation, w...

A security weakness has been discovered in the Totolink A7100RU router with firmware version 7.4cu.2313. This vulnerability lies in the CGI Handler, specifically within the function setWanCfg, located in the /cgi-bin/cstecgi.cgi file. By manipulating the pppoeServiceName argument, an attacker can...

A security vulnerability exists in the Totolink A7100RU firmware version 7.4cu.2313_b20191024, specifically within the CGI component's setWizardCfg function. This flaw allows for remote exploitation via OS command injection through manipulated arguments, which could lead to unauthorized command e...

A vulnerability exists within the Vehicle Showroom Management System 1.0, specifically in the /util/StaffDetailsFunction.php file. This vulnerability allows an attacker to manipulate the STAFF_ID argument, leading to SQL injection. The exploit can be executed remotely, putting systems at risk of ...

A vulnerability has been identified within the Vehicle Showroom Management System, specifically related to the processing of the file /util/StaffAddingFunction.php. This issue arises from improper handling of the STAFF_ID argument, enabling a potential SQL injection attack. The vulnerability allo...

A SQL injection vulnerability exists in the code of the Vehicle Showroom Management System 1.0, specifically in the file /util/PaymentStatusFunction.php. By manipulating the CUSTOMER_ID parameter, attackers can execute arbitrary SQL commands, potentially compromising the database. This vulnerabil...

A cross-site scripting vulnerability has been identified in Simple Laundry System version 1.0, specifically within the /checkupdatestatus.php file. This issue arises due to improper handling of the serviceId parameter, enabling attackers to execute arbitrary scripts in the context of user session...

A security vulnerability has been identified in the Vehicle Showroom Management System version 1.0, where improper handling of the BRANCH_ID parameter in the /util/BookVehicleFunction.php file can lead to SQL injection. This flaw allows attackers to manipulate SQL queries, potentially compromisin...

A vulnerability exists in the Vehicle Showroom Management System 1.0, specifically within the /util/MonthTotalReportUpdateFunction.php file. This flaw arises due to inadequate validation of the BRANCH_ID parameter, allowing remote attackers to execute arbitrary SQL commands. The remote exploitati...