Publicly Disclosed
PoC Exploits

A command injection vulnerability exists in the TRENDnet TEW-713RE router, allowing attackers to exploit an unknown function within the /goform/setSysAdm file. Through manipulating the 'admuser' argument, unauthorized command execution can occur, enabling remote exploitation. The vulnerability ha...

An issue has been identified that may allow an application to unexpectedly terminate the system or corrupt kernel memory due to inadequate memory handling protocols. Affected users are advised to update to the latest versions of iOS, iPadOS, macOS, tvOS, visionOS, and watchOS, where these vulnera...

The Performance Monitor plugin for WordPress, up to version 1.0.6, is prone to a security vulnerability where it does not properly validate certain parameters. This oversight could allow unauthorized users to execute Server-Side Request Forgery (SSRF) attacks, compromising the integrity of the se...

A command injection vulnerability exists in the TRENDnet TEW-713RE routers prior to version 1.02. Specifically, this issue pertains to the function sub_421494 located in the /goform/addRouting file. By manipulating the 'dest' argument, an attacker can remotely execute arbitrary commands, posing a...

A vulnerability exists in the SourceCodester Teacher Record System 1.0 that allows attackers to exploit the parameter handler via an SQL injection attack. By manipulating the 'searchteacher' argument, an attacker can execute arbitrary SQL code on the backend database, potentially leading to unaut...

The Java OpenWire protocol marshaller in Apache ActiveMQ is susceptible to a remote code execution vulnerability, allowing attackers with network access to execute arbitrary shell commands. By manipulating serialized class types in the OpenWire protocol, an attacker can cause the client or broker...

A vulnerability in SourceCodester's Simple Doctors Appointment System allows for unrestricted file uploads through manipulation of the 'img' argument in the /doctors_appointment/admin/ajax.php?action=save_category endpoint. This situation can lead to potential exploitation by remote attackers, wh...

A security flaw exists in the SourceCodester Simple Doctors Appointment System 1.0, specifically in the /admin/ajax.php?action=login2 endpoint. This vulnerability enables attackers to manipulate the email parameter, leading to SQL injection attacks. Consequently, this vulnerability allows unautho...

A SQL injection vulnerability has been identified in the SourceCodester Simple Doctors Appointment System version 1.0. This vulnerability exists within the /admin/login.php file, where improper handling of the Username parameter allows attackers to manipulate SQL queries. The issue can be exploit...

The Totolink A3300R router has a command injection vulnerability within the function setIptvCfg of the cstecgi.cgi file. By manipulating the vlanPriLan3 argument, an attacker can execute arbitrary commands on the affected device. This vulnerability allows for remote exploitation, posing a signifi...

The XWiki Platform prior to version 12.8 exhibits a vulnerability in the handling of escape functions within its property display logic. This flaw allows for improperly escaped content, which could lead to security implications such as script injection or other attacks where the application fails...

A command injection vulnerability has been identified in the Totolink A3300R router, specifically within the setWiFiBasicCfg function located in /cgi-bin/cstecgi.cgi. This weakness allows an attacker to manipulate the rxRate argument, potentially leading to unauthorized command execution on the d...

A security flaw has been identified in the Totolink A3300R router, particularly within the setSyslogCfg function located in /cgi-bin/cstecgi.cgi. This vulnerability allows an attacker to perform command injection by manipulating input arguments, which can lead to unauthorized command execution re...

On March 19, 2026, a supply chain attack targeted Aqua Security's Trivy when compromised credentials were used to publish a malicious version of Trivy (v0.69.4). The attacker force-pushed numerous version tags to the 'aquasecurity/trivy-action' repository, embedding credential-stealing malware. T...

A cross-site scripting vulnerability exists in the Online Food Ordering System 1.0, specifically within the 'Order Module' located in the /form/order.php file. An attacker could manipulate the 'cust_id' parameter to inject malicious scripts. This vulnerability can be exploited remotely, allowing ...

A vulnerability in the Tenda CH22 router version 1.0.0.1 has been identified, specifically within the 'formQuickIndex' function of the Parameter Handler component located at /goform/QuickIndex. This issue arises from manipulating the mit_linktype argument, leading to a stack-based buffer overflow...

A stack-based buffer overflow vulnerability exists in the Tenda CH22 router's 'AdvSetWan' function, located in the '/goform/AdvSetWan' file. This vulnerability arises from improper handling of the 'wanmode' argument, allowing attackers to exploit the flaw remotely. Successful exploitation could e...

A stack-based buffer overflow vulnerability has been identified in the Tenda CH22 router. This issue arises from the parameter handler component, specifically in the fromSetCfm function within the /goform/setcfm file. An attacker can exploit this vulnerability by manipulating the funcname argumen...

A command injection vulnerability has been identified in the Tenda CH22 router, specifically within the FormWriteFacMac function of the /goform/WriteFacMac file. This flaw allows attackers to manipulate the 'mac' argument to execute arbitrary commands remotely. The exploit has been publicly discl...

A stack-based buffer overflow vulnerability has been identified in the Tenda CH22 router affecting version 1.0.0.1. The issue arises in the formCreateFileName function located in the /goform/createFileName file, which allows an attacker to manipulate the fileNameMit argument. This manipulation ca...

A security issue has been identified in the Code-Projects Accounting System version 1.0, specifically impacting the file /viewin_costumer.php within the Parameter Handler component. This vulnerability allows for SQL injection through manipulations of the 'cos_id' argument, which can be exploited ...

A SQL injection vulnerability has been detected in YunaiV yudao-cloud, specifically affecting the /admin-api/system/mail-log/page file in versions up to 2026.01. This weakness allows an attacker to manipulate the 'toMail' argument, potentially leading to unauthorized database access. Exploitation...

A security vulnerability exists in YunaiV's yudao-cloud software that allows for SQL injection through manipulation of the 'website' parameter in the /admin-api/system/tenant/get-by-website endpoint. This flaw can be exploited remotely, enabling attackers to gain unauthorized access to the databa...

A vulnerability exists in the raine consult-llm-mcp software prior to version 2.5.4, specifically in the child_process.execSync function within the src/server.ts file. This flaw enables local attackers to manipulate parameters, such as git_diff.base_ref and git_diff.files, leading to potential OS...

A denial of service vulnerability exists in Device Monitoring Studio version 8.10.00.8925 that allows local attackers to cause the application to crash. This can be achieved by submitting an overly long string to the server connection dialog, particularly through the Tools menu's 'Connect to New ...

Navicat for Oracle version 12.1.15 is affected by a denial of service vulnerability. Local attackers can exploit this flaw by inputting an excessively long string, specifically a buffer of 550 repeated characters, into the password field during the Oracle connection setup. This action can lead to...

Core FTP/SFTP Server 1.2 is susceptible to a buffer overflow vulnerability that occurs when an attacker inputs an excessively long string in the User domain field. By sending a malicious payload consisting of up to 7000 bytes, attackers can cause the server application to crash, leading to a deni...

The NetworkActiv Web Server version 4.0 is susceptible to a buffer overflow vulnerability found in the username field of its Security options. This flaw allows local attackers to intentionally crash the application by submitting a username string that exceeds the allocated buffer size. By leverag...

The SmartFTP Client version 9.0.2615.0 has a vulnerability that permits local attackers to induce a denial of service by inputting an excessively long string into the Host field. By entering a buffer consisting of 300 repeated characters, an attacker can crash the application, disrupting normal o...

WebDrive version 18.00.5057 is susceptible to a denial of service vulnerability that enables local attackers to crash the application. This security flaw is triggered by entering an excessively long string—specifically, a buffer-overflow payload of up to 5000 bytes—in the username field while set...

Softros LAN Messenger version 9.2 is susceptible to a denial of service vulnerability that can be exploited by local attackers. By providing an excessively long string, specifically exceeding the expected limits for the custom log files location field, an attacker can cause the application to cra...

HeidiSQL 9.5.0.5196 contains a vulnerability that permits attackers to cause a denial of service by providing an overly long file path in the logging preferences. When this path is entered in the SQL log file field within the Preferences > Logging settings, it can result in an application crash. ...

Free IP Switcher 3.1 has a vulnerability that allows local attackers to exploit a buffer overflow by providing an overly long string in the Computer Name field. This exploit can trigger a denial of service, causing the application to crash when the malicious payload is activated. Users should tak...

The BulletProof FTP Server 2019.0.0.50 is prone to a denial of service vulnerability that can be exploited via the SMTP configuration interface. Local attackers can crash the application by providing an oversized input in the SMTP Server field. Specifically, an input of 257 'A' characters trigger...

NetSetMan version 4.7.1 is susceptible to a buffer overflow in its Workgroup feature. This vulnerability allows local attackers to exploit the application by supplying oversized input, resulting in a denial of service condition. By crafting a malicious configuration file with excessive data and p...

Valentina Studio version 9.0.4 contains a vulnerability that enables local attackers to induce a denial of service by sending an excessively long string in the Host field. This exploit can be executed by appending a 256-byte buffer filled with repeated characters into the Host parameter during se...

FTPShell Server version 6.83 contains a buffer overflow vulnerability that can be exploited by local attackers. By entering an excessively long string in the 'Account name to ban' field, attackers can crash the application, leading to a denial of service. This vulnerability highlights the importa...

A cross site scripting vulnerability exists in the Exam Form Submission application version 1.0, specifically within the /admin/update_fst.php file. This vulnerability is triggered due to improper handling of the 'sname' argument, allowing attackers to execute malicious scripts remotely. If explo...

An out-of-bounds read vulnerability exists in the Windows Common Log File System Driver, enabling authorized attackers to execute a local privilege escalation. This security flaw can be exploited to gain unauthorized access to system resources and execute arbitrary code with elevated privileges, ...

A command injection vulnerability exists in the Totolink A3300R router, specifically affecting the setVpnPassCfg function in the cgi-bin/cstecgi.cgi file. An attacker can manipulate the pptpPassThru argument to execute arbitrary commands on the device. This vulnerability permits remote exploitati...

A security vulnerability has been identified in the Totolink A3300R router, specifically in the setStaticRoute function located within the /cgi-bin/cstecgi.cgi file. An attacker can manipulate the IP argument, allowing for command injection from a remote location. This vulnerability poses a signi...

A significant vulnerability exists in LoLLMs WEBUI, allowing unauthenticated attackers to exploit the `@router.post("/api/proxy")` endpoint. This SSRF vulnerability enables unauthorized access to internal services, network scanning, and potentially exfiltration of sensitive cloud metadata, includ...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

A command injection vulnerability has been discovered in the Totolink A3300R Router's function setUPnPCfg, located in the file /cgi-bin/cstecgi.cgi. This flaw allows attackers to manipulate arguments and execute arbitrary commands remotely. The exploit has been publicly disclosed, raising concern...

A command injection vulnerability has been identified in the Totolink A3300R router, specifically in the setSmartQosCfg function within the /cgi-bin/cstecgi.cgi component. This flaw stems from improper handling of the qos_up_bw parameter, which can be manipulated by an attacker. The nature of thi...

A command injection vulnerability exists within the Totolink A3300R router, specifically influencing the setLanCfg function in the /cgi-bin/cstecgi.cgi component. By manipulating the 'lanIp' parameter, an attacker may execute arbitrary commands remotely. The exploit is publicly accessible, increa...

Hoverfly, an open source API simulation tool, is susceptible to a command injection vulnerability stemming from insufficient validation and sanitization of user inputs at the '/api/v2/hoverfly/middleware' endpoint. This vulnerability, found in versions 1.11.3 and earlier, allows an adversary to e...

A vulnerability in the HDF5 weight loading component of Google Keras versions 3.0.0 through 3.13.0 allows a remote attacker to trigger a denial of service (DoS). This occurs when a crafted .keras archive containing a valid model.weights.h5 file is processed, leading to memory exhaustion that can ...

The StanfordSegmenter module in NLTK is susceptible to arbitrary code execution due to inadequate input validation. It improperly handles external Java .jar files, allowing attackers to manipulate these files without verification. This flaw permits the execution of arbitrary Java bytecode when a ...

A critical flaw in the NLTK library enables path traversal attacks through multiple CorpusReader classes, such as WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These components do not adequately sanitize file paths, allowing unauthorized users to navigate through directo...