Publicly Disclosed
PoC Exploits

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

An improper restriction of names for files and other resources in Active Directory Domain Services enables an authorized attacker to exploit this vulnerability, allowing them to gain elevated privileges over a network. This could result in unauthorized access to sensitive resources and data. Prop...

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

The vulnerability CVE-2024-20399 affects Cisco NX-OS Software and allows an authenticated, local attacker to execute arbitrary commands as root on the affected device. This is a command injection vulnerability with a CVSS risk score of 6.0, and it has been exploited by the Chinese hacker group Ve...

An OS command injection vulnerability exists in Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw arises from improper neutralization of special elements used in operating system commands. An attacker can exploit this vulnerability to execute unauthorized commands, potentially comprom...

A path traversal vulnerability exists in Fortinet's FortiSandbox, affecting versions 5.0.0 through 5.0.5 and 4.4.0 through 4.4.8. This vulnerability may enable attackers to exploit the system by manipulating file directories, potentially leading to privilege escalation. Proper input validation is...

The weMail plugin for WooCommerce, versions prior to 2.1.3, is susceptible to Reflected Cross-Site Scripting (XSS). This arises from inadequate escaping of user-supplied parameters reflected in HTML attributes within non-nonce-protected AJAX responses. As a result, unauthenticated attackers can e...

The WP Magnific Popup plugin for WordPress fails to properly escape URLs provided by users before inserting them into the Document Object Model (DOM) to display image load error messages. This flaw allows authenticated users with Author-level access or higher to execute Stored Cross-Site Scriptin...

The Taskbuilder plugin for WordPress, versions prior to 5.0.8, is susceptible to a Reflected Cross-Site Scripting vulnerability due to improper sanitization of a URL parameter. This flaw allows an attacker to inject malicious JavaScript code into a frontend page that utilizes one of the plugin's ...

The LearnPress plugin for WordPress, versions prior to 4.3.7, contains a vulnerability in one of its REST endpoints that allows unauthenticated attackers to access sensitive user information. Without proper access controls, malicious users can retrieve a list of every user’s roles, capabilities, ...

An SQL Injection vulnerability exists in Drupal Core that arises from improper neutralization of special elements utilized in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Affected versions include those from 8.9....

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

The DBCPConnectionPool and HikariCPConnectionPool services in Apache NiFi versions 0.0.2 through 1.21.0 are susceptible to a vulnerability that allows an authenticated and authorized user to configure a Database URL leveraging the H2 driver, leading to potential execution of custom code. The reco...

A vulnerability in Vite's frontend development tooling allows attackers to bypass file access restrictions. Specifically, versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 expose the risk where app URLs can be manipulated with trailing query parameters such as '?raw?' or '?import&raw?' t...

A vulnerability exists in the Samba printing subsystem that allows remote attackers to execute arbitrary commands on affected systems. The flaw occurs due to improper handling of the client-controlled job description string, which is passed directly to the configured print command without escapin...

An issue has been identified in the Redis open-source database that impacts all versions with Lua scripting enabled. Authenticated users can exploit this vulnerability by executing specially crafted Lua scripts that manipulate the garbage collector. This can result in a use-after-free situation, ...

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager enables an authenticated remote attacker to create or overwrite files on the system's filesystem. This issue arises from inadequate validation of user inputs during file uploads. An attacker, using a crafted HTTP request directed at t...

The LiteSpeed cPanel plugin prior to version 2.4.8 is susceptible to improper handling of symbolic links on shared hosting servers that run CloudLinux/CageFS. This vulnerability allows attackers with FTP or web shell access to exploit symlink behaviors, potentially leading to unauthorized file ac...

A vulnerability in LiteLLM prior to version 1.83.14 allows an authenticated internal user to generate API keys with access to restricted routes. The vulnerability allows the 'allowed_routes' field to be set without proper validation against the user's role permissions. As a result, keys can be cr...

Nezha Monitoring, a self-hostable tool for monitoring servers and websites, has a path traversal vulnerability prior to version 2.0.13. The NoRoute handler in the dashboard improperly validates URLs, treating any URL that begins with '/dashboard' as an admin-frontend asset request. This flaw allo...

This vulnerability arises from uncontrolled resource consumption within the HTTP/2 protocol, which can be exploited by unauthorized attackers to launch Denial of Service (DoS) attacks over a network. This attack could potentially disrupt the availability of services that rely on HTTP/2, making it...

Discuz! X5.0 versions released between 20260320 and 20260501 exhibit a local file inclusion vulnerability that allows authenticated administrators to exploit improperly sanitized input. By importing plugin configurations containing path traversal sequences, attackers can bypass input validation p...

In Roundcube Webmail versions 1.6.x prior to 1.6.16 and 1.7.x prior to 1.7.1, a vulnerability exists due to an unsanitized subject field within the draft restore functionality. This flaw can potentially allow attackers to inject malicious HTML or CSS code into shared mailboxes, leading to stored ...

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

The Sliced Invoices plugin for WordPress, version 3.8.2, is affected by an authenticated SQL injection vulnerability that enables attackers with valid credentials to craft malicious database queries. By manipulating the 'post' parameter during requests to the admin.php endpoint with an action=dup...

CherryFramework Themes version 3.1.4 for WordPress is affected by an information disclosure vulnerability. This flaw enables unauthenticated attackers to exploit the download_backup.php endpoint, allowing them to download sensitive backup files stored on the server. By directly accessing the down...

The Baggage Freight Shipping Plugin for WordPress version 0.1.0 is susceptible to an arbitrary file upload vulnerability caused by inadequate validation of uploaded files through the upload-package.php endpoint. This flaw permits unauthenticated attackers to remotely upload malicious files to the...

The More Fields Plugin version 2.1 for WordPress is susceptible to a cross-site request forgery vulnerability. This flaw enables malicious actors to execute unauthorized actions on behalf of logged-in administrators by circumventing CSRF token validation. By luring administrators to visit crafted...

The Appointment Booking Calendar plugin for WordPress version 1.1.24 is susceptible to multiple vulnerabilities that could allow unauthenticated attackers to escalate privileges. Through manipulation of parameters in the admin.php file, attackers can modify calendar settings and inject persistent...

The Abtest plugin for WordPress has a local file inclusion vulnerability, enabling unauthenticated attackers to exploit the action parameter in abtest_admin.php. By crafting specific GET requests with compromised action values, attackers can include arbitrary files from the admin directory. This ...

The Brandfolder plugin for WordPress, specifically versions 3.0 and earlier, is susceptible to a local file inclusion vulnerability in its callback.php file. This flaw permits unauthenticated attackers to manipulate the wp_abspath parameter, potentially allowing them to include arbitrary files. B...

The HB Audio Gallery Lite plugin for WordPress (version 1.0.0) is susceptible to a path traversal vulnerability that enables unauthenticated attackers to exploit the file_path parameter. By sending specially crafted requests to the audio-download.php endpoint, attackers can traverse directories a...

The Dharma Booking plugin for WordPress, specifically versions 2.28.3 and earlier, is susceptible to a local file inclusion vulnerability due to improper sanitation of the gateway parameter. This flaw permits unauthenticated attackers to manipulate file paths and execute directory traversal or nu...

The IMDb Profile Widget version 1.0.8 for WordPress contains a local file inclusion vulnerability that can be exploited by unauthenticated attackers. By manipulating the `url` parameter through directory traversal sequences in GET requests to `pic.php`, attackers can potentially access sensitive ...

The Photocart Link plugin version 1.6 for WordPress is impacted by a local file inclusion vulnerability due to insufficient input validation in its decode.php file. This flaw enables unauthenticated attackers to supply malicious base64-encoded file paths through the 'id' parameter. By exploiting ...

The WordPress Simple-Backup plugin version 2.7.11 is susceptible to vulnerabilities that allow unauthenticated attackers to exploit the application through improper input validation. By manipulating the parameters in the tools.php file, attackers can conduct directory traversal attacks to delete ...

The WordPress Ultimate Product Catalog version 3.8.6 is susceptible to an arbitrary file upload vulnerability. Authenticated users with roles such as contributor, editor, author, or administrator can exploit this weakness through the custom fields feature in the Products tab. This allows attacker...

The Lazy Content Slider Plugin version 3.4 for WordPress exhibits a cross-site request forgery vulnerability, enabling attackers to execute unauthorized actions. This is achieved by tricking authenticated administrators into inadvertently submitting malicious POST requests to the plugin's setting...

The Answer My Question 1.3 plugin for WordPress is susceptible to an SQL injection vulnerability, enabling attackers to execute unauthorized SQL code through the 'id' POST parameter. This security flaw occurs when malicious users exploit the modal.php endpoint, allowing them to submit crafted SQL...

The BBS e-Franchise plugin for WordPress suffers from an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands. By manipulating the 'uid' parameter in requests, attackers can craft specific requests that exploit this flaw. This manipulation enables th...

The Booking Calendar Contact Form 1.0.23 plugin for WordPress is susceptible to privilege escalation and stored XSS vulnerabilities. These flaws arise from inadequate verification of user privileges and insufficient input sanitation. An attacker with subscriber-level credentials can exploit these...

The 404 Redirection Manager plugin for WordPress version 1.0 is susceptible to an unauthenticated SQL injection vulnerability. This flaw enables remote attackers to exploit improperly sanitized user inputs, thereby injecting malicious SQL code through crafted GET requests. As a result, attackers ...

WordPress CP Polls version 1.0.8 is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw permits attackers to craft malicious HTML pages that can execute unauthorized poll actions when visited by authenticated administrators. If an administrator inadvertently accesses such ...

The WP MAPS PRO plugin for WordPress contains a serious vulnerability that allows an unauthenticated attacker to create an administrator account without proper authorization. This security flaw is facilitated by an AJAX action that is registered publicly, exposing a valid nonce that can be access...

The Form Builder CP plugin for WordPress, prior to version 1.2.47, is susceptible to stored cross-site scripting (XSS) attacks due to inadequate sanitization of form configuration values. This vulnerability allows authenticated users with Editor-level access or higher to inject malicious scripts ...

The WP Go Maps plugin for WordPress prior to version 10.0.10 has a significant flaw in its public single-marker REST endpoint. Due to a lack of approval-state filtering, this vulnerability allows unauthenticated users to access marker records that have not been approved by an administrator for pu...

The WP Go Maps plugin for WordPress prior to version 10.0.10 is susceptible to a security flaw that fails to properly enforce a marker approval filter in its admin-ajax fallback. This oversight enables unauthorized individuals to access sensitive marker data, which has not been vetted for public ...

A security vulnerability has been identified in DVDFab Virtual Drive version 2.0.0.5, specifically affecting the Signed Kernel Driver component (dvdfabio.sys). This vulnerability allows for improper privilege management, which can be exploited locally by an attacker to gain elevated privileges. T...

A vulnerability has been identified in Duktape up to version 2.99.99 that affects its memory management through the file duk_api_bytecode.c. By manipulating the argument count_instr, a local attacker could exploit this weakness to cause memory corruption. This issue is particularly concerning as ...

A security flaw has been identified in Qihoo 360 Total Security 6.0 that impacts the Nucleus Engine Monitoring Logic. This issue lies within the RpcStringBindingComposeW function, where a manipulation of the NetworkAddr argument can lead to a failure in the protection mechanisms. This vulnerabili...