Publicly Disclosed
PoC Exploits

An infinite loop vulnerability exists in the pypdf library for Python, affecting versions prior to 6.6.2. An attacker can exploit this vulnerability by crafting a specially designed PDF file that triggers an infinite loop when accessing outlines or bookmarks. This can lead to unresponsive behavio...

The n8n workflow automation platform has a vulnerability in versions ranging from 1.65.0 to just below 1.121.0, which allows potential attackers to exploit specific form-based workflows. This flaw can enable unauthorized remote access to sensitive files on the underlying server, posing a signific...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in Git that affects how configuration values are read and written, particularly regarding trailing carriage returns. When a submodule path includes a trailing carriage return, it is altered when read back, which can cause the submodule to be checked out to an incorrect loca...

The Sudo software, prior to version 1.9.17p1, contains a vulnerability that enables local users to gain root access through improper handling of configuration files. Specifically, when the optional --chroot command is used, the software incorrectly processes the /etc/nsswitch.conf file from a use...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A stack overflow vulnerability exists in the wanMTU parameter of the /goform/AdvSetMacMtuWan endpoint in Tenda AC9 router version 1.0 V15.03.05.14_multi. This vulnerability could allow an attacker to execute arbitrary code remotely, potentially leading to unauthorized access and control over the ...

The XWiki Platform is vulnerable due to improper handling of inputs, allowing unauthenticated users to execute arbitrary code via the `SolrSearch` endpoint. This can result in significant breaches of confidentiality, integrity, and availability of the XWiki installation. Users are encouraged to u...

The vulnerability in Microsoft Windows File Explorer poses a security risk by allowing unauthorized access to sensitive information. In an environment where it is present, attackers can exploit this flaw to spoof identities over a network, potentially compromising data integrity and confidentiali...

An external control of file name or path in Windows NTLM enables unauthorized attackers to exploit a vulnerability, leading to potential spoofing attacks over a network. This situation poses a significant threat as attackers may gain access to sensitive information or systems.

Claude Code, an advanced coding tool by Anthropic, had a critical flaw allowing code injection via the startup trust dialog. Attackers could potentially manipulate the application to execute arbitrary code in untrusted directories before the user acknowledges the trust dialog. Users operating wit...

A vulnerability exists in the Directus API management tool where the exact version number is revealed through the OpenAPI Specification at the '/server/specs/oas' endpoint without requiring authentication. This exposure allows attackers to identify potential weaknesses in the Directus core and it...

A command injection vulnerability exists in the Edimax BR-6478AC V2 router, specifically within the POST request handler for the 'stainfo' function. This flaw allows remote attackers to manipulate input arguments, enabling unauthorized execution of commands. The issue has been publicly disclosed,...

A critical command injection vulnerability exists in the Edimax BR-6478AC V2 router, specifically affecting the setWAN function within the POST Request Handler. This flaw allows attackers to manipulate parameters such as pppUserName, pptpUserName, and L2TPUserName to execute arbitrary commands re...

A buffer overflow vulnerability has been identified in the Edimax BR-6478AC V2 router, specifically within the function formWlSiteSurvey located in the /goform/formWlSiteSurvey component. This security flaw arises from improper handling of the selSSID argument, which can be manipulated remotely, ...

A security vulnerability has been identified in BerriAI litellm versions up to 1.82.2, stemming from an incomplete fix related to a prior issue. The vulnerability resides within the 'ui_view_users' function of the internal_user_endpoints.py file, allowing unauthorized users to gain access to sens...

A security vulnerability exists in BerriAI's litellm product, specifically in the MCP OpenAPI Spec Loader component. This flaw occurs in the function load_openapi_spec_async, located in openapi_to_mcp_generator.py. It allows an attacker to manipulate the spec_path argument, enabling server-side r...

A security vulnerability has been identified in BerriAI Litellm, specifically within the async_pre_call_hook function of the enterprise_hooks/banned_keywords.py component. This flaw allows for improper manipulation of the prompt argument, leading to incorrect authorization outcomes. The exploitat...

A vulnerability exists in Icecast versions up to 2.0.1, where a buffer overflow can be triggered by sending an HTTP request with an abnormal quantity of headers. This flaw can allow remote attackers to execute arbitrary code on the affected system. Users of affected Icecast versions should upgrad...

A security vulnerability in BerriAI's Litellm, specifically within the SSO Authentication Flow managed by the get_redirect_response_from_openid function in the file litellm/proxy/management_endpoints/ui_sso.py, has been identified. This flaw allows for session expiration manipulation, posing a ri...

A vulnerability exists in the BerriAI litellm software, specifically within the SSO Debug Flow located in the json.dumps function of the ui_sso.py file. This issue can result in missing authentication, allowing attackers to exploit the function remotely without necessary credentials. The exploit ...

A vulnerability has been identified in the Zhilink (Shenzhen) Technology Co., Ltd. ADP Application Developer Platform version 1.0.0. This issue arises from the XML Parser component's handling of external entity references in the file /adpweb/a/base/barcodeDetail/import. An attacker could exploit ...

A critical deserialization vulnerability exists in the Zhilink ADP Application Developer Platform 1.0.0, specifically within the testConnection endpoint. This vulnerability arises from improper handling of the jdbcUrl argument, allowing an attacker to perform remote exploits. Although the vendor ...

A security vulnerability has been identified in Ezbsystems UltraISO Premium Edition affecting the bootpt64.sys component within the Kernel Driver. This issue manifests due to improper access controls, necessitating local access for exploitation. The threat has been publicly disclosed, indicating ...

A significant access control vulnerability has been detected in IM-Magic Partition Resizer versions up to 7.9.0. This issue resides in the MDA_NTDRV.sys kernel driver, allowing local users to manipulate functions and bypass access restrictions. The potential for exploitation has been made public,...

A security flaw has been identified in EaseUS Partition Master versions up to 14.5, specifically affecting the EUEDKEPM.sys kernel driver. This vulnerability allows for improper access controls, creating opportunities for local privilege escalation attacks. The exploitation requires local access,...

A vulnerability exists in the EaseUS Partition Master due to improper access controls within the kernel driver epmntdrv.sys, affecting versions up to 14.5. This vulnerability requires local exploitation and can potentially allow unauthorized users to manipulate system components. The vendor has c...

A vulnerability exists in the AOMEI Backupper software, specifically within the kernel driver amwrtdrv.sys. This issue impacts an unspecified function within the driver, allowing for improper access controls to be exploited. An attacker needs to execute the exploit locally, which poses a signific...

A vulnerability exists in AOMEI Dynamic Disk Manager affecting its kernel driver ddmdrv.sys, which suffers from improper access controls. This local privilege escalation vulnerability allows an attacker with local access to manipulate operations within the library, potentially leading to unauthor...

A local privilege escalation vulnerability exists in AOMEI Partition Assistant versions up to 10.10.1, impacting the ampa10.sys kernel driver. This flaw allows an attacker to manipulate code execution due to improper access controls, leading to unauthorized access within the system. Local exploit...

A security flaw has been detected in Montodel House-Rental-Management that allows an attacker to execute SQL injection via the 'ID' argument in the index.php file. This vulnerability can be exploited remotely, presenting significant security risks by manipulating database queries. The vendor has ...

A vulnerability in the Montodel House-Rental-Management application, specifically within the /login.php file, allows for SQL injection through the manipulation of the 'Username' parameter. This serious issue enables remote attackers to execute unauthorized SQL commands, potentially compromising t...

A security vulnerability in BerriAI's litellm has been identified, affecting versions up to 1.82.2. This issue arises in the function _execute_with_mcp_client within the MCP Server Connection Testing component, specifically found in the file litellm/proxy/_experimental/mcp_server/rest_endpoints.p...

A vulnerability has been discovered in the BerriAI litellm's MCP Proxy that affects the UserAPIKeyAuth function within the user_api_key_auth_mcp.py file. This weakness can be exploited to achieve improper authentication, allowing unauthorized users to potentially gain access to privileged functio...

A vulnerability has been identified in BerriAI's litellm software, specifically affecting version 1.82.2 and earlier. The issue arises in the user authentication process within the PROXY_ADMIN database API Key Generator, located in the authenticate_user function of the login_utils.py file. Attack...

A security flaw has been identified in BerriAI's Litellm product, specifically affecting versions up to 1.82.2. The vulnerability resides in an unknown function within the file litellm/proxy/auth/user_api_key_auth.py, part of the M2M JWT Handler. This vulnerability allows for improper authorizati...

A vulnerability exists in BerriAI's litellm, affecting versions up to 1.63.1, specifically in the Admin Key Handler component. The issue arises from an unknown function within the file litellm/proxy/management_endpoints/key_management_endpoints.py, leading to improper authorization that can be ex...

An issue has been identified in Microsoft Defender that could allow an authorized attacker to gain elevated privileges through improper link resolution before file access, also known as link following. This vulnerability could enable attackers to manipulate file paths, potentially leading to unau...

WooCommerce version 7.1.0 has a vulnerability that allows remote code execution. This flaw enables attackers to execute arbitrary PHP code by injecting untrusted shell commands through the product-type parameter. By sending crafted requests to the class-wc-meta-box-product-images.php endpoint, at...

The Time Capsule Plugin version 1.21.16 for WordPress has a significant authentication bypass vulnerability. This allows unauthenticated attackers to gain administrative access by sending specially crafted POST requests that leverage the IWP_JSON_PREFIX header. Exploiting this weakness grants att...

The Ultimate Addons for Beaver Builder version 1.2.4.1 is affected by an authentication bypass vulnerability that allows attackers to gain unauthorized access. This can be achieved through exploiting the social media login form functionality, specifically by sending a crafted POST request to the ...

Liquidfiles versions prior to 4.2.12 exhibit a broken access control vulnerability that allows for privilege escalation. An attacker with Admin privileges in a secondary domain can exploit this vulnerability to gain Sysadmin access by manipulating group settings within their managed non-default g...

The vulnerability in Redis arises from a packaging issue specific to Debian, which exposes the system to a Lua sandbox escape. This flaw could potentially allow attackers to execute arbitrary code remotely, compromising the security and integrity of applications that rely on Redis as a persistent...

NGINX Open Source contains a significant vulnerability in its HTTP/3 QUIC module. When this module is enabled, an unauthenticated remote attacker might exploit conditions beyond their control to send specially crafted HTTP/3 requests that can reopen a QPACK encoder stream. This situation can lead...

A flaw in Polkit allows an unprivileged local attacker to bypass credential checks for D-Bus requests. This can lead to the elevation of privileges to that of the root user, enabling the attacker to execute commands with elevated permissions. This vulnerability poses a significant threat to the c...

A security flaw was identified in the Ray dashboard, specifically within the cpu_profile URL parameter, which is vulnerable to command injection. This allows remote attackers to execute arbitrary OS commands on the machine running the dashboard without requiring authentication. The issue has been...

An authentication bypass vulnerability exists in Ivanti Sentry versions prior to R10.5.2, R10.6.2, and R10.7.1, enabling remote unauthenticated attackers to create arbitrary administrative accounts. This flaw compromises the security model of the application, allowing malicious users full adminis...

The com_booking component for Joomla version 2.4.9 suffers from an information disclosure vulnerability that permits unauthenticated users to enumerate user accounts. By leveraging the getUserData function within the customer controller, attackers can send crafted GET requests to the index.php fi...

The Joomla! Component JoomProject 1.1.3.2 is vulnerable to an information disclosure flaw. This vulnerability enables unauthenticated attackers to access sensitive information, including user IDs, names, and email addresses. By manipulating requests to the relevant projects endpoint, attackers ca...

JoomCRM version 1.1.1 is susceptible to an SQL injection vulnerability due to improper validation of user input within the deal_id parameter. Authenticated attackers can exploit this flaw by crafting GET requests to index.php with specific parameters that allow them to execute arbitrary SQL queri...