Publicly Disclosed
PoC Exploits

The Intake package, designed for data management, contains a vulnerability where shell commands embedded in parameter defaults can be executed during catalog parsing, prior to version 2.0.9. This allows potential attackers to execute harmful commands via malicious catalog YAML files. The issue ha...

A stack-based buffer overflow has been identified in the gmt_remote_dataset_id function within the GMT command-line tools, specifically versions 6.6.0 and earlier. This vulnerability arises when a specifically crafted long string is provided as a dataset identifier through the which module, poten...

Dynaconf, a popular configuration management tool for Python, has been found to have a vulnerability that allows for Server-Side Template Injection (SSTI). This flaw arises from the unsafe evaluation of template expressions in configuration values, particularly when the jinja2 package is installe...

Nginx UI, a web interface for the Nginx web server, has a critical security flaw where the /api/backup endpoint is accessible without authentication. This vulnerability allows unauthenticated attackers to retrieve a complete system backup that includes sensitive information such as user credentia...

The Wahoo Fitness SYSTM App, up to version 7.2.1 on Android, contains a vulnerability due to hard-coded cryptographic keys within the BuildConfig.java file. This flaw allows local attackers to manipulate the SEGMENT_WRITE_KEY argument, potentially exposing sensitive data. The exploit has been mad...

A vulnerability exists in the Noelse Individuals & Pro App for Android, specifically in version 2.1.7. This issue relates to a function within the file com/reactnative/antelop/BuildConfig.java, where the SEGMENT_WRITE_KEY argument is manipulated to utilize a hard-coded cryptographic key. This wea...

A security flaw has been uncovered in the PropertyGuru AgentNet Singapore App affecting Android devices. This vulnerability stems from a function in the BuildConfig.java file, specifically relating to hard-coded cryptographic keys associated with SEGMENT_ANDROID_WRITE_KEY and SEGMENT_TOS_WRITE_KE...

OpenSSH versions up to 7.7 are affected by a user enumeration flaw that allows attackers to potentially identify valid usernames. This vulnerability arises from insufficient delay mechanisms for invalid authentication attempts, particularly during the parsing of requests in the user authenticatio...

A security flaw has been found in Align Technology's My Invisalign App version 3.12.4 for Android. This vulnerability resides in an undisclosed function within the BuildConfig.java file of the com.aligntech.myinvisalign.emea component. By manipulating the CDAACCESS_TOKEN argument, an attacker can...

In the Dialogue App version 4.3.2 on Android, a vulnerability exists due to improper handling of the SEGMENT_WRITE_KEY within the file res/raw/config.json. This flaw allows a local attacker to execute specific manipulations that could lead to the exposure of a hard-coded cryptographic key. The re...

A vulnerability exists in the GRID Organiser App for Android (up to version 1.0.5), specifically within the component co.gridapp.organiser. The vulnerability arises from a hardcoded cryptographic key used in the argument SegmentWriteKey, which can be manipulated by an attacker with local access t...

A vulnerability exists in the Rico só Vantagem pra Investir App for Android, specifically within the file br/com/rico/mobile/di/SegmentSettingsModule.java. This issue stems from improper handling of the SEGMENT_WRITE_KEY argument, leading to the exposure of a hard-coded cryptographic key. The att...

The UCC CampusConnect App for Android, up to version 14.3.5, contains a security flaw in the BuildConfig.java file where hard-coded cryptographic keys are utilized. This vulnerability allows for local exploitation, enabling an attacker to manipulate the application's code. If exploited, it can le...

An improper access control vulnerability in Microsoft SQL Server has been identified, enabling an attacker with authorized access to elevate their privileges over a network. This flaw may allow unauthorized users to gain excessive permissions, compromising the security and integrity of the databa...

A SpEL injection vulnerability has been identified in Spring AI's SimpleVectorStore component. This issue arises when a user-supplied value is utilized as a filter expression key, potentially allowing attackers to execute arbitrary code. Only applications utilizing SimpleVectorStore with user-sup...

A vulnerability in the Linux Kernel's memory management system was found, specifically affecting how the end of Virtual Memory Areas (VMAs) is updated. Previously, the end of a VMA was stored in a variable, which led to potential stale values when merging VMAs. This could result in incorrect memo...

A flaw exists in the OpenSSH package which allows attackers to exploit the server's memory management. When the SSH server receives a ping packet, it allocates corresponding pong packets in a memory buffer, maintaining them in a queue until the key exchange process is complete. This can be manipu...

A significant security flaw has been identified in the Shinrays Games Goods Triple App up to version 1.200. This vulnerability resides in a specific function of the jRwTX.java file within the component cats.goods.sort.sorting.games. The issue arises from improper handling of the AES_IV and AES_PA...

A vulnerability was discovered in Appsmith, specifically within the computeDisallowedHosts function in the WebClientUtils.java file, affecting versions up to 1.97. This security flaw allows remote attackers to exploit server-side request forgery, potentially leading to unauthorized data access or...

A vulnerability has been identified in Dataease SQLbot versions up to 1.6.0, specifically within the Elasticsearch Handler component. The issue lies in the function responsible for retrieving Elasticsearch data, where improper validation of the argument address can lead to server-side request for...

A cross site scripting vulnerability has been discovered in the Krayin Laravel CRM, specifically in the composeMail function within the Activities and Notes Modules. This flaw enables remote attackers to execute arbitrary scripts in the context of an affected user's browser session, potentially c...

A SQL injection vulnerability has been identified in the projectworlds Car Rental Project version 1.0. This issue arises from a manipulation of the 'uname' argument in the '/login.php' file within the Parameter Handler component. Exploitation of this vulnerability allows for the execution of arbi...

A type confusion vulnerability has been identified in Free5GC version 4.2.0, specifically within an undisclosed function of its aper component. This vulnerability allows an attacker to exploit the software remotely, showcasing a high degree of complexity in its execution. Given the known details ...

A vulnerability exists in the Trendnet TEW-657BRM router, specifically within the 'vpn_drop' function in the 'setup.cgi' file. This flaw allows attackers to inject operating system commands by manipulating the 'policy_name' argument. The vulnerability can be exploited remotely, posing a risk to u...

A security flaw exists in the Trendnet TEW-657BRM router, specifically in the vpn_connect function of the /setup.cgi file. This vulnerability can be exploited remotely through crafted manipulation of the policy_name argument, potentially allowing attackers to execute arbitrary commands on the hos...

A vulnerability exists in the Trendnet TEW-657BRM router's /setup.cgi file related to the ping_test function. This flaw allows attackers to manipulate the c4_IPAddr argument, leading to remote OS command injection. As the product has been discontinued since June 23, 2011, Trendnet no longer offer...

A vulnerability identified in the Trendnet TEW-657BRM router allows for OS command injection via the Edit function of the /setup.cgi file. This issue arises due to improper handling of the pcdb_list argument, enabling remote attackers to inject arbitrary commands. Notably, the affected product ha...

A vulnerability exists in the Trendnet TEW-657BRM router due to improper handling of the wl_enrolee_pin argument in the add_wps_client function within the setup.cgi file. This weakness allows for OS command injection, potentially enabling remote attackers to execute arbitrary commands on the devi...

A security vulnerability has been identified in the Trendnet TEW-657BRM router, specifically in the function update_pcdb within the /setup.cgi file. This issue arises from improper handling of the arg mac_pc_dba, leading to a stack-based buffer overflow. The threat actor can exploit this flaw rem...

A vulnerability has been detected in the Trendnet TEW-657BRM 1.00.1 router, specifically in the add_apcdb function of the setup.cgi file. Attackers can exploit this vulnerability through a remote method by manipulating the mac_pc_dba argument, potentially leading to a stack-based buffer overflow....

A vulnerability exists in huimeicloud HM Editor, specifically in the image-to-base64 endpoint. An attacker can exploit this issue through the client.get function within the src/mcp-server.js file by manipulating the URL argument, enabling potential server-side request forgery. This remote attack ...

An out-of-bounds read vulnerability exists in LibRaw affecting versions up to 0.22.0. This flaw occurs in the function LibRaw::nikon_load_padded_packed_raw, specifically within the decoding process of TIFF/NEF files. An attacker can exploit this vulnerability by manipulating certain function argu...

A command injection vulnerability exists in the Tenda G103's 'action_set_net_settings' function within the 'gpon.lua' file. This flaw allows remote attackers to manipulate several arguments, including authLoid, authPassword, and others, leading to potential unauthorized command execution. The vul...

A security flaw has been identified in the Tenda G103's version 1.0.0.5, specifically within the action_set_system_settings function of the system.lua file. This vulnerability allows an attacker to manipulate the 'lanIp' argument, potentially leading to command injection. As this issue could be e...

A SQL injection vulnerability has been discovered in the itsourcecode Online Enrollment System version 1.0, specifically within the Parameter Handler component. This weakness can be exploited through manipulation of the 'deptid' argument in the URL path /enrollment/index.php?view=edit&id=3. The v...

A security flaw in version 1.0 of the DefaultFunction Content-Management-System allows for command injection through improper handling of the 'host' argument in the /admin/tools.php file. This vulnerability can be exploited remotely, potentially enabling an attacker to execute arbitrary commands ...

A cross-site scripting vulnerability has been identified in the Xiaopi Panel version 1.0.0, specifically affecting the /demo.php script of the WAF Firewall component. Malicious manipulation of the 'param' argument can lead to unauthorized script execution in the user's browser. This flaw allows a...

A vulnerability in OpenCart 4.1.0.3 allows for path traversal through the Extension Installer Page's installer.php file. This flaw could enable attackers to manipulate file paths and gain unauthorized access to sensitive areas of the system. The exploit can be executed remotely, posing a signific...

An access control vulnerability exists in the User Delete Handler of the mayuri_k Best Courier Management System 1.0, specifically through the /ajax.php?action=delete_user endpoint. By manipulating the ID parameter in the request, an unauthenticated attacker may gain unauthorized access to delete...

A vulnerability has been detected in Modulithshop, specifically within the ProductItemDao interface, that allows attackers to exploit a SQL injection flaw through manipulation of the 'sidx' or 'sort' arguments. This issue is present in the file stored at src/main/java/com/suisung/shopsuite/pt/ser...

A security flaw has been identified in the Efforthye Fast-Filesystem-MCP product, specifically within the 'handleGetDiskUsage' function located in the src/index.ts file. This vulnerability allows an attacker to execute arbitrary commands through manipulation, potentially leading to unauthorized a...

A use after free vulnerability in the Dawn component of Google Chrome prior to version 146.0.7680.178 allows remote attackers, through a specially crafted HTML page, to execute arbitrary code in the context of the browser's renderer process. This issue represents a significant security risk, as i...

A vulnerability has been identified in the Priyankark a11y-mcp up to version 1.0.5, affecting the A11yServer function in the src/index.js file. This vulnerability could allow local attackers to initiate server-side request forgery (SSRF) exploits. Although the attack requires local access, it pos...

The Spam Protect for Contact Form 7 WordPress plugin allows an unauthorized attacker with editor access to log specific information to a PHP file. This behavior can be exploited to execute arbitrary code on the server by crafting a malicious header. As such, it poses a security risk to websites u...

An SQL Injection vulnerability has been discovered in the MCP Handler component developed by AlejandroArciniegas, specifically within the 'Request' function of the 'server.js' file. This flaw allows attackers to manipulate SQL queries, potentially exposing sensitive data. Given the nature of the ...

A vulnerability exists in vanna-ai's vanna application, specifically impacting versions up to 2.0.2. This issue arises from an insecure configuration in the FastAPI/Flask Server component, allowing attackers to manipulate the cross-domain policy. Such manipulation can result in permissive access ...

A vulnerability has been identified in the vanna-ai product, specifically within the Chat API Endpoint of version 2.0.2. The issue arises from a lack of required authentication, allowing remote attackers to manipulate the API without proper verification. This exposes the system to unauthorized ac...

A cross-site scripting vulnerability has been identified in the itsourcecode Payroll Management System, primarily through the manipulation of the 'page' argument in the /navbar.php file. This flaw allows an attacker to execute arbitrary scripts in the context of the user's browser, resulting in p...

A vulnerability has been discovered in LibRaw up to version 0.22.0, specifically within the JPEG DHT Parser component. The flaw exists in the HuffTable::initval function, which fails to properly validate input arguments leading to an out-of-bounds write condition. This may allow an attacker to ex...

A security flaw has been identified in the Nothings stb product, affecting versions up to 1.22. This vulnerability pertains to an out-of-bounds write in the start_decoder function found in stb_vorbis.c. An attacker can perform this exploit remotely, posing significant risk to affected systems. De...