Publicly Disclosed
PoC Exploits

A vulnerability exists within the ngx_http_dav_module of NGINX Open Source and NGINX Plus that can be exploited to trigger a buffer overflow in the NGINX worker process. This scenario is possible when configuration files utilize the DAV module's MOVE or COPY methods combined with specific prefix ...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A time-of-check time-of-use vulnerability was discovered in the antlr ANTLR4 Maven Plugin, affecting versions up to 4.13.2. This flaw is located in the ObjectInputStream.readObject function within the GrammarDependencies.java file. It allows for potential local execution exploits due to improper ...

A security vulnerability has been identified in the antlr ANTLR4 tool, specifically within the GoTarget function found in the GoTarget.java file. This vulnerability is categorized as a command injection risk, allowing an attacker to execute arbitrary commands on the host system. The attack must o...

A vulnerability has been discovered in ANTLR4, specifically within the Grammar Action Block Handler component. The weakness resides in an unspecified function of the OutputFile.java file, allowing for potential code injection through manipulated input. This flaw can be exploited remotely, and fol...

A security flaw has been identified in the registration component of the yashpokharna2555 restaurant management system. An issue resides within the login_register.php file, where improper handling of the Username argument can lead to a Cross Site Scripting (XSS) vulnerability. This allows attacke...

A vulnerability has been detected in the Yashpokharna2555 Restaurant Management System, specifically within the forgotpassword.php file. This flaw in the POST Parameter Handler allows attackers to manipulate the 'email' parameter, leading to SQL injection vulnerabilities that can be exploited rem...

A vulnerability exists in the itsourcecode Hospital Management System version 1.0 that allows remote attackers to exploit an unknown function in the file /appointment.php. By manipulating the 'editid' argument, attackers can execute SQL injection attacks, potentially compromising the underlying d...

A significant SQL injection vulnerability exists in the itsourcecode Hospital Management System version 1.0, specifically within the /ajaxmedicine.php file. The issue arises from improper handling of the 'medicineid' parameter, allowing attackers to craft malicious SQL queries. This vulnerability...

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...

A vulnerability in the itsourcecode Hospital Management System allows for SQL injection through the manipulation of the 'loginid' parameter in the /adminprofile.php file. This issue can be exploited remotely, potentially compromising the integrity of the database and exposing sensitive informatio...

A vulnerability has been identified in AIDC-AI ComfyUI-Copilot versions up to 2.0.28, located in the Workflow Checkpoint Restore Handler's conversation_api.py file. This flaw enables an attacker to manipulate and improperly control resource identifiers, potentially leading to unauthorized access ...

A vulnerability has been identified in the 78 xiaozhi-esp32 product regarding the MQTT Goodbye Handler. It allows for remote exploitation, where manipulated arguments to the GetInstance function can lead to a denial of service. This exploit presents a significant risk as it is publicly available ...

A vulnerability has been identified in version 2.2.6 and earlier of the Xiaozhi-ESP32 product, specifically within the MCP Response Handler's ParseMessage function located in the main/mcp_server.cc file. This vulnerability leads to improper synchronization, which could be exploited remotely. Due ...

A notable security flaw has been identified in the SourceCodester Class and Exam Timetabling System, specifically within the /preview7.php file. This vulnerability allows for SQL injection through manipulation of the 'course_year_section' argument. Attackers can exploit this weakness remotely, le...

A vulnerability exists in the SourceCodester Class and Exam Timetabling System 1.0, specifically affecting an unprotected function in the /archive.php file. This flaw allows attackers to manipulate parameters, resulting in SQL injection exploits that can be initiated remotely. The potential for u...

A vulnerability exists in the SourceCodester Class and Exam Timetabling System that allows for SQL injection via the '/preview6.php' file. An attacker can exploit this by manipulating the 'course_year_section' parameter, enabling unauthorized database queries leading to the potential exposure of ...

A vulnerability exists in the SourceCodester Class and Exam Timetabling System 1.0 that allows remote attackers to execute SQL injection through the manipulation of the 'course_year_section' argument in the /preview.php file. This flaw can lead to unauthorized access to the database, potentially ...

OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...

A vulnerability exists in the MLflow's Experiment-scoped Label Schema CRUD API, allowing attackers to manipulate its functionality due to missing authorization checks. This issue can be exploited remotely, posing risks to data integrity. Despite the high complexity associated with the attack, the...

A significant flaw has been identified in arc53's DocsGPT, specifically within the Credential Storage component. The vulnerability arises from the encrypt_credentials function in the application/security/encryption.py file. This issue permits insufficient verification of data authenticity, allowi...

Craft CMS, a customizable content management system, has a remote code execution vulnerability present in specific versions. Attackers could exploit this flaw to execute arbitrary code on the server, posing a significant security risk. The affected versions span from 3.0.0-RC1 to just before 3.9....

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

The Paid Membership Plugin for WordPress prior to version 4.16.17 is affected by an Insecure Direct Object Reference vulnerability. This flaw allows any authenticated user with Subscriber role or higher to cancel active subscriptions of other users without verifying ownership of the subscription....

The Shariff for WordPress plugin, up to version 1.0.11, contains a vulnerability that allows high-privilege users, such as administrators, to inject malicious scripts through unsanitized input. When the shariff_infourl setting is outputted in the frontend HTML via the generateshariff() function, ...

The Flowise platform contains a significant vulnerability in its `forgot-password` endpoint, which can return sensitive information, including a valid password reset token, without the necessary authentication or verification. This flaw allows attackers to generate reset tokens for arbitrary user...

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

A significant remote code execution vulnerability exists in Microsoft's Server Message Block 3.1.1 (SMBv3) protocol. The flaw arises from the handling of certain requests, allowing an attacker to execute arbitrary code on the target system. This could lead to unauthorized access and potentially c...

Ghost CMS, a widely used Node.js content management system, contains a vulnerability that enables unauthenticated attackers to execute arbitrary reads from its database. This security flaw affects versions 3.24.0 through 6.19.0, posing a significant risk to the confidentiality of sensitive data s...

The Registration Form for WooCommerce plugin, up to version 1.0.9, is susceptible to an unauthenticated privilege escalation vulnerability. Attackers can exploit this flaw to gain elevated privileges without the need for authentication, potentially allowing unauthorized access to sensitive inform...

Pagekit CMS 1.0.18 is affected by a vulnerability that enables authenticated users with the 'user: manage users' permission to elevate their privileges. This occurs due to inadequate authorization checks within the UserApiController::saveAction() function. An attacker can exploit this flaw to ass...

Ghost CMS, a widely used Node.js content management system, contains a vulnerability that enables unauthenticated attackers to execute arbitrary reads from its database. This security flaw affects versions 3.24.0 through 6.19.0, posing a significant risk to the confidentiality of sensitive data s...

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...

The YMC Filter WordPress plugin prior to version 3.11.3 suffers from a critical access control vulnerability. It fails to properly authorize requests to a REST API endpoint, allowing unauthorized users to exploit this flaw. Attackers can leverage this vulnerability to access and retrieve the titl...

The Printcart Web to Print Product Designer for WooCommerce plugin, up to version 2.4.8, is prone to a path traversal vulnerability. This flaw allows an attacker to exploit the plugin, potentially gaining access to the directory listings of arbitrary locations on the server. Successful exploitati...

The Frontend File Manager Plugin for WordPress prior to version 23.6 contains a critical flaw in its post deletion functionality. It fails to correctly verify ownership of posts, enabling authenticated users with author-level access or higher to delete any posts or pages. This issue is exacerbate...

The SALESmanago & Leadoo WordPress plugin prior to version 3.11.3 is susceptible to SQL injection due to inadequate input sanitization and escaping within its AJAX functionality. This oversight permits authenticated users, including those with minimal permissions, to exploit the vulnerability by ...

The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to u...

The GameDriverX64.sys kernel-mode anti-cheat driver from Hotta Studio has a vulnerability that enables local attackers to execute denial of service attacks. By sending specially crafted IOCTL requests, an attacker can induce crashes in arbitrary processes, leading to potential disruptions in game...

A buffer overflow vulnerability exists in the Sahara protocol utilized within Qualcomm's Snapdragon mobile platforms. This flaw can lead to the unintended overwriting of secure configuration data, potentially compromising system integrity and security across a range of Snapdragon products, includ...

A security vulnerability has been identified in the Tenda AC8 router, specifically affecting version 16.03.50.11. This flaw is found in the route_set_user_policy_rule function within the /cgi-bin/UploadCfg component of the web interface. By manipulating the wans.policy.list1 argument, an attacker...

A vulnerability exists in the Linux kernel's netfilter module that affects the nft_map_catchall_activate() function. This function encounters an inverted element activity check, leading to a failure in appropriately handling catchall map elements during a failed transaction. The bug arises when t...

Bitwarden Server versions prior to 2026.5.0 are susceptible to a JSON injection vulnerability in the IntegrationTemplateProcessor.ReplaceTokens() method. This flaw allows authenticated users to introduce JSON metacharacters into event integration templates, specifically tokens that are derived fr...

Bitwarden Server versions prior to 2026.5.0 exhibit a broken access control vulnerability that permits authenticated users to retrieve unauthorized organization billing data. By exploiting the PreviewInvoiceController endpoints, attackers can submit arbitrary organization IDs without proper membe...

A privilege escalation vulnerability in Bitwarden Server versions prior to 2026.5.0 allows authenticated Custom users with ManageUsers permission to exploit a lack of role hierarchy verification. This vulnerability permits an attacker to remove Admin accounts from an organization through a malici...

The CANBoat application prior to version 6.22 is susceptible to an off-by-one global buffer overflow vulnerability within the searchForPgn() function, located in analyzer/pgn.c. This flaw may be exploited by remote attackers who deliver specially crafted NMEA-2000 messages containing out-of-range...

RTKLIB versions up to 2.4.3 are susceptible to a heap buffer overflow vulnerability within the readrnxobsb function found in src/rinex.c. This security flaw arises when the software does not properly clamp satellite count values specified in RINEX epoch headers. By crafting malicious RINEX files ...

RTKLIB versions up to 2.4.3 have a vulnerability in the getcodepri function that can be exploited when handling unrecognized RINEX observation codes. Attackers can craft RINEX files with unknown observation types to manipulate the processing, prompting negative array indexing into the codepris ta...