Publicly Disclosed
PoC Exploits

The File Manager plugin for WordPress prior to version 6.9 contains a vulnerability that permits remote attackers to upload and execute arbitrary PHP code. The issue arises from the renaming of an insecure example elFinder connector file to have a .php extension. This flaw facilitates attackers t...

An identified vulnerability in OpenClaw products before version 2026.1.29 allows the software to retrieve a gateway URL from a query string. This triggers an automatic WebSocket connection, which then sends a sensitive token value without user interaction. This flaw may expose users to unauthoriz...

The LangChain framework, designed for building agents and LLM-powered applications, contains a serialization injection vulnerability in its dumps() and dumpd() functions. This flaw arises from the handling of user-controlled data, specifically when dictionaries containing 'lc' keys are serialized...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The Relevanssi – A Better Search plugin for WordPress presents a vulnerability that allows time-based SQL injection through the cats and tags query parameters. This issue affects all versions up to and including 4.24.4 for free and 2.27.4 for premium users. The vulnerability arises from inadequat...

The CUPS printing system, which is widely used for managing print jobs, has a vulnerability in its cups-browsed component that allows for network printing functionality such as auto-discovery of print services. This component binds to INADDR_ANY:631, which leads to a scenario where it will accept...

OpenCart version 3.0.3.7 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that enables attackers to modify user passwords. By sending carefully crafted requests to the account/password endpoint, an attacker can manipulate authenticated users into executing actions without their...

The Picture Gallery plugin for WordPress, version 1.4.2, is susceptible to a stored cross-site scripting (XSS) vulnerability. This security flaw allows authenticated users to utilize the Edit Content URL field in the Access Control settings to inject malicious JavaScript code. The injected script...

Advanced Guestbook version 2.4.4 contains a persistent cross-site scripting vulnerability that affects the smilies administration interface. Authenticated attackers can exploit this flaw by injecting malicious scripts through the s_emotion parameter. When administrators access the smilies tab, an...

CyberPanel 2.1 is affected by a command execution vulnerability that enables authenticated attackers to exploit symlink attacks via the filemanager controller endpoint. By manipulating the completeStartingPath parameter in POST requests directed to /filemanager/controller, adversaries can create ...

The GetPaid Plugin for WordPress, version 2.4.6, is vulnerable to an HTML injection flaw that allows authenticated users to inject arbitrary HTML code into the Help Text field within payment forms. This exploitation can lead to the insertion of malicious content, including scripts and images, whi...

Projectsend r1295 has a vulnerability that allows authenticated attackers to exploit a stored cross-site scripting flaw. By submitting specially crafted input through the 'name' parameter in files-edit.php, attackers can embed malicious JavaScript. This script executes in the browsers of users wh...

OpenCart 3.0.36 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that can be exploited by attackers to manipulate user account details. This issue resides in the /account/edit endpoint, permitting unauthorized alterations to victim account information. By luring users into visi...

The Argus Surveillance DVR 4.0 is susceptible to a local privilege escalation vulnerability due to an unquoted service path in the DVRWatchdog service. Attackers can exploit this flaw by placing a malicious executable in the Program Files directory. Upon starting the service, the malicious execut...

memono Notepad version 4.2 is susceptible to a denial of service vulnerability that can be exploited by attackers to crash the application. By pasting excessively long character buffers—around 350,000 repeated characters—into the note fields, attackers can cause the application to become unstable...

TextPattern CMS 4.8.7 has a significant flaw that allows authenticated users to upload malicious PHP files through a file upload feature. This vulnerability enables attackers to execute arbitrary commands on the server by leveraging the content management system's file handling capabilities. By u...

TextPattern CMS 4.8.7 has a significant flaw that allows authenticated users to upload malicious PHP files through a file upload feature. This vulnerability enables attackers to execute arbitrary commands on the server by leveraging the content management system's file handling capabilities. By u...

The Survey & Poll plugin for WordPress, specifically version 1.5.7.3, is susceptible to an SQL injection vulnerability. This issue permits unauthenticated attackers to execute arbitrary SQL queries through the wp_sap cookie parameter. By crafting malicious SQL payloads, an attacker can potentiall...

The Download From Files plugin for WordPress, up to version 1.48, is vulnerable to an arbitrary file upload issue that can be exploited by unauthenticated attackers. By sending POST requests to the admin-ajax.php endpoint with specifically crafted payloads, attackers can manipulate the allowExt p...

Evolution CMS version 3.1.6 has a security flaw that enables authenticated users with module creation permissions to inject malicious PHP code, leading to potential remote code execution. By crafting crafted POST requests to /manager/index.php with harmful code in the 'post' parameter, an attacke...

ImpressCMS 1.4.2 has a vulnerability in the autotasks administrative interface that enables authenticated users to execute arbitrary PHP code. This is accomplished by injecting malicious code into the sat_code parameter. When attackers authenticate and send a POST request to /modules/system/admin...

The e107 CMS version 2.3.0 is susceptible to a remote code execution vulnerability, granting authenticated users with theme installation permissions the ability to exploit the system. By uploading specially crafted theme files through the theme.php endpoint, attackers can deploy web shells in the...

Sentry 8.2.0 is vulnerable to a remote code execution attack that can be exploited by authenticated superusers. By injecting malicious pickle-serialized objects into the audit log entry data parameter, attackers can send specially crafted POST requests to the admin audit log endpoint. This exploi...

OpenCATS version 0.9.4 is susceptible to a remote code execution vulnerability that enables unauthenticated attackers to execute arbitrary commands on the server. This exploit occurs when malicious PHP files, disguised as resume attachments, are uploaded through the careers job application endpoi...

The MStore API version 2.0.6 for WordPress is susceptible to an arbitrary file upload vulnerability. Unauthenticated attackers can exploit this weakness by crafting POST requests directed at the REST API endpoint, specifically the config_file endpoint. This flaw allows attackers to upload malicio...

TheCartPress version 1.5.3.6 for WordPress contains a vulnerability that permits attackers to escalate privileges without authentication. By sending specially crafted POST requests to the AJAX handler, specifically through the tcp_register_and_login_ajax action with the tcp_role parameter set to ...

The Balbooa Joomla Forms Builder 2.0.6 is susceptible to an unauthenticated SQL injection vulnerability in its form submission handler. This flaw enables remote attackers to send specially crafted POST requests containing malicious JSON payloads in the 'id' field parameter. Exploiting this vulner...

Exponent CMS version 2.6 is susceptible to a stored cross-site scripting vulnerability that enables authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. This flaw permits the insertion of iframe payloads that can execute arb...

The Filterable Portfolio Gallery plugin version 1.0 for WordPress contains a stored XSS vulnerability that allows authenticated users to inject malicious JavaScript. By entering harmful payloads into the title field, attackers can execute JavaScript code, such as image tags with onerror attribute...

The Opencart TMD Vendor System 3.x is susceptible to a blind SQL injection flaw that enables unauthorized attackers to manipulate SQL queries via the product_id parameter. By leveraging time-based or content-based blind techniques, an attacker can extract sensitive information, such as usernames,...

WP Symposium Pro version 2021.10 is vulnerable to a stored cross-site scripting attack due to inadequate sanitization of user inputs, specifically in the forum name parameter. This flaw allows authenticated users to inject malicious JavaScript payloads via POST requests to the admin setup page, p...

Contact Form to Email version 1.3.24 contains a stored XSS vulnerability that permits authenticated attackers to inject harmful JavaScript code into the form name field. When other logged-in users visit the form management page, the malicious scripts execute, potentially leading to session hijack...

CMDBuild 3.3.2 is affected by multiple stored cross-site scripting vulnerabilities that enable authenticated attackers to insert arbitrary web scripts or HTML. This can be exploited through malicious inputs in the card creation and file upload processes. Specifically, XSS payloads can be introduc...

A stored cross-site scripting (XSS) vulnerability has been identified in version 5.8.2 of the Ultimate Product Catalog, allowing authenticated users to inject malicious HTML or JavaScript into the product's price field. This vulnerability can be exploited through crafted POST requests to the post...

Slider by Soliloquy version 2.6.2 contains a vulnerability that allows authenticated attackers to exploit the title parameter to inject malicious JavaScript payloads. This can lead to the execution of unauthorized scripts in the browsers of users interacting with both administrative and frontend ...

OpenCart 3.0.3.8 is susceptible to a session fixation vulnerability, whereby attackers can manipulate the OCSESSID cookie to inject arbitrary values. By doing so, they can hijack user sessions, potentially granting unauthorized access to user accounts and confidential information. This flaw empha...

AccessPress Social Icons version 1.8.2 is vulnerable to a stored cross-site scripting (XSS) attack. The vulnerability allows authenticated users to inject malicious JavaScript payloads through the 'icon title' field. Once the payload is stored, it can be executed when other users access the plugi...

Rocket LMS version 1.1 is susceptible to a persistent cross-site scripting (XSS) vulnerability found in its support ticket module. This flaw permits authenticated users to inject malicious HTML/JavaScript payloads through the title parameter of the support ticket. Such payloads can be triggered w...

The AAWP WordPress plugin version 3.16 is susceptible to a reflected cross-site scripting (XSS) vulnerability. This flaw allows authenticated users to be targeted by attackers who can manipulate the 'tab' parameter within the aawp-settings admin page. By crafting specific URLs containing maliciou...

uBidAuction 2.0.1 is susceptible to a reflected cross-site scripting vulnerability in its backend mailingLog/manage module. This issue arises because the parameters date_created, date_from, date_to, and created_at in the filter functionality are not effectively sanitized. As a result, attackers c...

uBidAuction 2.0.1 is susceptible to a reflected cross-site scripting vulnerability in its backend mailingLog/manage module. This issue arises because the parameters date_created, date_from, date_to, and created_at in the filter functionality are not effectively sanitized. As a result, attackers c...

The IP2Location Country Blocker plugin for WordPress version 2.26.7 is susceptible to a stored cross-site scripting vulnerability. This flaw allows authenticated users to inject arbitrary JavaScript code via the Frontend Settings interface. Specifically, attackers can exploit the URL field in the...

The International Sms For Contact Form 7 Integration plugin for WordPress version 1.2 has a reflected cross-site scripting vulnerability. This issue arises from unsafe handling of the 'page' parameter in the admin settings interface, allowing attackers to inject arbitrary JavaScript code. When ex...

The WordPress Contact Form Builder version 1.6.1 is susceptible to a reflected cross-site scripting vulnerability. This flaw allows unauthenticated attackers to manipulate the form_id parameter, injecting malicious scripts through crafted URLs targeting code_generator.php. Successful exploitation...

The Jetpack plugin for WordPress version 9.1 is susceptible to a reflected cross-site scripting (XSS) vulnerability. This occurs when attackers exploit the post_id parameter, enabling them to inject malicious scripts into URLs that target the grunion-form-view.php endpoint. By manipulating this p...

The Drupal avatar_uploader version 7.x-1.0-beta8 is vulnerable to a reflected cross-site scripting attack. Unauthenticated attackers can exploit this vulnerability by manipulating the 'file' parameter in URLs. This allows arbitrary JavaScript code injection, which executes in the browsers of unsu...

The Amministrazione-Aperta plugin for WordPress version 3.7.3 has a local file read vulnerability that enables unauthenticated attackers to exploit insufficient input validation in the 'open' parameter of dispatcher.php. By manipulating file paths through the 'open' GET parameter, attackers can r...

The Curtain plugin for WordPress version 1.0.2 is susceptible to cross-site request forgery (CSRF), enabling attackers to manipulate site maintenance settings. By sending specially crafted requests, malicious actors can deceive authenticated administrators into toggling the maintenance mode state...

The Videos Sync PDF plugin for WordPress, version 1.7.4, contains a vulnerability that allows authenticated users to exploit unsanitized parameters, leading to stored cross-site scripting. This vulnerability enables attackers to inject malicious scripts via the plugin's options panel, which can e...

The cab-fare-calculator plugin version 1.0.3 for WordPress is vulnerable to local file inclusion, allowing unauthenticated users to access arbitrary files on the server. By exploiting the controller parameter in tblight.php, attackers can introduce path traversal sequences, enabling them to inclu...