Publicly Disclosed
PoC Exploits

A vulnerability in Apache HTTP Server 2.4.66 allows remote attackers to bypass Digest authentication through a timing attack on the mod_auth_digest module. This flaw can lead to unauthorized access to sensitive resources, posing significant risks to server integrity and confidentiality. To mitiga...

A vulnerability exists in the Linux kernel that concerns the handling of shared skb fragments during the decryption process in ESP-in-UDP packets. When pages are attached from a pipe directly to an skb using MSG_SPLICE_PAGES, the kernel marked these SKBs with SKBFL_SHARED_FRAG, which plays a cruc...

The PX4 Autopilot software, used widely in drones and unmanned vehicles, has a vulnerability that allows for a stack-based buffer overflow. This occurs through the MavlinkLogHandler when the sscanf function processes log file paths without a width specifier, enabling an attacker to overflow the b...

EspoCRM versions 9.3.3 and earlier exhibit a vulnerability that enables Server-Side Request Forgery (SSRF). This flaw arises from the HostCheck::isNotInternalHost() function, which inadequately verifies host addresses, particularly when alternative IPv4 representations are used. Attackers can exp...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The Apache JServ Protocol (AJP) Connector in Apache Tomcat allowed for misconfigured connections that could be exploited by attackers. By default, the AJP Connector is enabled, listening on all configured IP addresses. This elevated trust can lead to unauthorized access and manipulation of files ...

A vulnerability exists in the Linux kernel that concerns the handling of shared skb fragments during the decryption process in ESP-in-UDP packets. When pages are attached from a pipe directly to an skb using MSG_SPLICE_PAGES, the kernel marked these SKBs with SKBFL_SHARED_FRAG, which plays a cruc...

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, ...

RedisBloom, a probabilistic data structures module for Redis, has a vulnerability that allows an authenticated attacker to exploit improper validation of serialized values processed via the RESTORE command. This flaw can lead to invalid memory access and may enable remote code execution. To mitig...

A vulnerability exists in the Linux kernel that concerns the handling of shared skb fragments during the decryption process in ESP-in-UDP packets. When pages are attached from a pipe directly to an skb using MSG_SPLICE_PAGES, the kernel marked these SKBs with SKBFL_SHARED_FRAG, which plays a cruc...

An exploitable vulnerability exists within Oracle VM VirtualBox, specifically in its core components. A privileged attacker with access to the infrastructure can exploit this weakness to compromise the functionality of Oracle VM VirtualBox. Successful exploitation may result in a partial denial o...

The OttoKit: All-in-One Automation Platform WordPress plugin prior to version 1.1.23 is susceptible to an SQL injection vulnerability due to inadequate sanitization of user input in SQL statements. This flaw can be exploited by unauthenticated attackers, potentially allowing them to execute arbit...

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid is susceptible to unauthorized data modification due to a missing capability check on the 'wp_ajax_cli_cancel' function. This flaw affects all versions up to and including 1.17.1, allowing unauthenticated attackers to c...

A stack-based buffer overflow vulnerability exists in the Tenda CX12L router, specifically in the formSetPPTPServer function of the /goform/SetPptpServerCfg file. This flaw allows an attacker to manipulate the affected system remotely, potentially leading to unauthorized access and exploitation o...

A buffer overflow vulnerability exists in the Totolink X5000R router, specifically within the sub_458E40 function of the /boafrm/formDdns file. An attacker can manipulate the submit-url argument, which could lead to remote exploitation. This vulnerability has been publicly disclosed and poses sig...

A vulnerability has been identified in the SourceCodester Pharmacy Sales and Inventory System 1.0, specifically affecting the /index.php?page=users endpoint. By manipulating the 'Name' argument, an attacker can execute cross site scripting (XSS) attacks, potentially compromising user security. Th...

A vulnerability discovered in zyx0814 FilePress involves a SQL injection concern within the Shares Filelist API. This loophole allows attackers to manipulate the argument order of the admin.php file, facilitating unauthorized access to the database. Eager exploitation of this vulnerability has be...

A security weakness has been identified in the CodeAstro Leave Management System version 1.0, specifically within the login.php file. This flaw allows an attacker to manipulate the `txt_username` parameter, enabling SQL injection attacks. The vulnerability can be exploited remotely, posing a sign...

A security vulnerability has been identified in SourceCodester SUP Online Shopping 1.0, specifically within the /admin/replymsg.php file. The flaw arises from improper handling of the 'msgid' argument, which can be exploited to perform SQL injection attacks remotely. This vulnerability exposes th...

A vulnerability has been discovered in SourceCodester SUP Online Shopping 1.0 that enables an SQL injection attack through manipulation of the seenid argument in the /admin/message.php file. This flaw allows remote exploitation, making it crucial for affected users to address the issue. Public ex...

A vulnerability has been identified in SourceCodester's SUP Online Shopping platform, specifically in the wishlist.php file. Exploiting this flaw, an attacker can manipulate the delwlistid parameter to execute unauthorized SQL commands, potentially compromising database integrity and exposing sen...

A SQL injection vulnerability exists in SourceCodester SUP Online Shopping version 1.0, specifically within an unknown function of the file /admin/viewmsg.php. By manipulating the 'msgid' argument, attackers can execute arbitrary SQL queries against the database. This vulnerability can be exploit...

A security flaw has been identified in the eladmin framework that affects the checkLevel function in the Users API Endpoint. This vulnerability allows an attacker to manipulate access controls, potentially leading to unauthorized access. It can be exploited remotely, which raises significant conc...

A SQL injection vulnerability has been identified in the SourceCodester Comment System version 1.0, specifically within the post_comment.php file. This flaw enables attackers to manipulate the 'Name' parameter, leading to unauthorized access to the application's database. The vulnerability allows...

The Ollama application is susceptible to a heap out-of-bounds read vulnerability within its GGUF model loader. This issue arises when the /api/create endpoint processes an attacker-defined GGUF file where the tensor offset and size exceed the file’s actual length. During quantization, the server ...

A vulnerability has been identified in Code-Projects Simple Chat System version 1.0, specifically affecting the 'sendMessage.php' file. This flaw arises from improper handling of argument types and lengths, allowing attackers to manipulate parameters leading to SQL injection vulnerabilities. Expl...

A vulnerability in GPAC's sidx_box_read function within src/isomedia/box_code_base.c has been identified, which enables local attackers to manipulate resource allocation. This flaw could potentially be exploited to disrupt the services offered by affected systems. To mitigate risks, it is recomme...

A vulnerability exists in Open5GS's NSSF component, specifically within the ogs_sbi_discovery_option_add_snssais function in the /lib/sbi/message.c file. This flaw enables attackers to execute a denial of service attack remotely, potentially disrupting the service for users. The issue has been pu...

A vulnerability has been identified in the Open5GS project, specifically within the NSSF component where the function ogs_sbi_discovery_option_add_service_names is located. This flaw can lead to a denial of service (DoS), allowing remote attackers to exploit the situation. Although the issue was ...

A vulnerability has been identified in Open5GS NSSF up to version 2.7.7, specifically within the function ogs_sbi_parse_plmn_list located in the /lib/sbi/conv.c file. This flaw enables remote attackers to exploit the affected component, resulting in denial of service conditions. The issue was pre...

A vulnerability exists in the Open5GS NSSF component, specifically in the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf located in /src/nssf/nnssf-handler.c. This flaw allows a remote attacker to conduct a denial of service attack, potentially disrupting system availability. Despite...

A vulnerability has been identified in Open5GS NSSF impacting versions up to 2.7.7. The issue lies within the ogs_sbi_stream_find_by_id function in the nghttp2-server.c library, which when manipulated, can lead to a denial of service. This attack necessitates local access, and exploitation may re...

The Breeze Cache plugin for WordPress has a security flaw that allows unauthenticated attackers to perform arbitrary file uploads. This vulnerability is due to inadequate file type validation in the 'fetch_gravatar_from_remote' function. The risk is present in all versions up to 2.4.4, specifical...

A vulnerability has been identified in givanz Vvvebjs prior to version 2.0.5, specifically within the file upload functionality of the component File Upload Endpoint. This weakness stems from improper handling of the 'uploadAllowExtensions' parameter, which opens the door to cross-site scripting ...

A security vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0, specifically impacting the /admin/index.php file. This vulnerability allows attackers to manipulate arguments related to the page variable, leading to a cross-site scripting (XSS) attack. Such...

The ZTE ZX297520V3 BootROM is susceptible to an arbitrary memory write vulnerability that can be exploited via USB. This weakness stems from the lack of proper validation for target addresses during USB download mode, allowing attackers to manipulate memory locations within the BootROM runtime. B...

The WooCommerce Designer Pro plugin for WordPress has a significant vulnerability that allows unauthenticated attackers to perform arbitrary file uploads. This issue arises from inadequate file type validation in the 'wcdp_save_canvas_design_ajax' function. If exploited, this can lead to unauthor...

A vulnerability has been discovered in the huangjunsen0406 xiaozhi-mcphub project, specifically impacting the file src/controllers/dxtController.ts. This weakness allows an attacker to manipulate the argument manifest.name, leading to path traversal incidents. The exploit, which poses a significa...

A security flaw in the gyoridavid short-video-maker, up to version 1.3.4, allows attackers to exploit the REST API component. The issue arises from improper handling of user input, specifically the req.params.tmpFile argument, resulting in unauthorized file access through path traversal. This vul...

A SQL injection vulnerability has been discovered in the JeecgBoot application affecting versions up to 3.9.1. This vulnerability resides in the functionality of the file /sys/dict/loadTreeData within the JSON Object Handler, allowing attackers to manipulate input conditions. The exploit can be e...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A path traversal vulnerability has been identified in the 8421bit MiniClaw, specifically within the isPathInside function located in src/kernel.ts as part of the executeSkillScript component. This flaw allows an attacker to manipulate file paths, potentially leading to unauthorized access to crit...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A remote OS command injection vulnerability exists in the 8421bit MiniClaw due to improper handling of data in the executeCognitivePulse function found in src/kernel.ts. This flaw allows attackers to execute arbitrary commands on the system, posing a severe risk. The vulnerability can be exploite...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A security vulnerability has been identified in the Code-Projects Feedback System 1.0, specifically affecting an unprotected function in the /admin/checklogin.php file. By manipulating the email parameter, attackers can execute malicious SQL queries, allowing remote exploitation of the system. Th...

A security vulnerability has been identified in CodeAstro's Online Classroom 1.0 that enables SQL injection through improper handling of user inputs in the /askquery.php file. This flaw allows attackers to manipulate the 'squeryx' argument, which could lead to unauthorized data access or manipula...

A weakness exists in the OSGeo GDAL library, particularly within the GDfieldinfo function of the GDapi.c file, which may allow an out-of-bounds read. This vulnerability can be exploited locally with a specific manipulation on affected versions. Publicly available exploits highlight the urgency fo...