Publicly Disclosed
PoC Exploits

The V2Board and Xboard platforms expose sensitive authentication tokens through the HTTP response body of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is activated. Attackers can exploit this vulnerability by sending a POST request to the endpoint using a known emai...

The IndieWeb plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input validation in the 'Telephone' parameter. Authenticated users with author level access and above can exploit this weakness to inject malicious scripts. These scripts execute when othe...

The Contact List plugin for WordPress is vulnerable to Stored Cross-Site Scripting through the '_cl_map_iframe' parameter. This vulnerability exists due to inadequate input sanitization and output escaping routines, specifically in the handling of the Google Maps iframe custom field. The saveCust...

The EventPrime plugin for WordPress is susceptible to a vulnerability that allows unauthorized image file uploads. This security flaw exists in versions up to and including 4.2.8.4, due to improper registration of the upload_file_media AJAX action. It is publicly accessible without necessary auth...

The Tutor LMS plugin for WordPress is susceptible to Insecure Direct Object References (IDOR) due to a lack of proper authorization checks. Specifically, functions such as `course_list_bulk_action()`, `bulk_delete_course()`, and `update_course_status()` allow authenticated users with Tutor Instru...

A path traversal vulnerability exists in Xibo CMS, which allows an authenticated user to upload a specially crafted zip file through the layout import function. This can lead to the creation of files outside the designated CMS library directory, enabling the potential upload of a PHP web shell wi...

The MyRewards – Loyalty Points and Rewards for WooCommerce plugin for WordPress has a significant flaw that lacks proper user authorization checks in its 'ajax' function. This insufficiency allows authenticated users with subscriber access or higher to make unauthorized changes to loyalty program...

The G.SKILL Trident Z Lighting Control driver (ene.sys) prior to version 1.00.08 has significant security flaws that allow local non-privileged users to map and unmap physical memory. This vulnerability also permits reading and writing to Model Specific Register (MSR) registers, as well as unauth...

A security flaw has been identified in the CGI Handler of the Totolink A7100RU, specifically in the function setStorageCfg within the file /cgi-bin/cstecgi.cgi. This vulnerability allows an attacker to manipulate the sambaEnabled argument, resulting in the potential for OS command injection. The ...

A vulnerability exists in the Totolink A7100RU router, specifically within the CGI Handler's setDmzCfg function. An attacker can exploit this vulnerability by manipulating the wanIdx argument in requests directed at /cgi-bin/cstecgi.cgi, allowing for OS command injection. Due to the nature of the...

A security vulnerability has been identified in FoundationAgents MetaGPT, specifically in the get_mime_type function located in the common.py file. This flaw allows for remote OS command injection, which can be exploited by attackers to execute arbitrary commands on the vulnerable system. Althoug...

A vulnerability in FoundationAgents MetaGPT versions up to 0.8.1 allows for os command injection through the Terminal.run_command function in metagpt/tools/libs/terminal.py. This flaw enables remote attackers to execute arbitrary commands, posing significant security risks. The exploit has been p...

The V2Board and Xboard platforms expose sensitive authentication tokens through the HTTP response body of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is activated. Attackers can exploit this vulnerability by sending a POST request to the endpoint using a known emai...

A vulnerability exists in FoundationAgents' MetaGPT versions up to 0.8.1, where the XML Handler's ActionNode.xml_fill function in action_node.py is susceptible to eval injection. This flaw allows an attacker to manipulate directives in dynamically evaluated code, potentially leading to unauthoriz...

A vulnerability exists in the FoundationAgents MetaGPT software, specifically within the HumanEvalBenchmark/MBPPBenchmark component, affecting versions up to 0.8.1. The issue arises from flawed handling in the check_solution function, allowing an attacker to perform code injection remotely. This ...

A path traversal vulnerability has been identified in Tenda CH22 version 1.0.0.6(468), specifically within the R7WebsSecurityHandlerfunction of the httpd component. This issue allows an attacker to manipulate the file paths, potentially granting unauthorized access to sensitive data. The vulnerab...

A security vulnerability exists in the Simple IT Discussion Forum version 1.0, specifically targeting the 'post_id' parameter within the /topic-details.php file. This flaw can be exploited through SQL injection, allowing attackers to manipulate database queries remotely. The ability of an attacke...

A vulnerability has been discovered in the Patient Record Management System by Code-Projects. The issue resides in the SQL Database Backup File Handler, specifically targeting the /db/hcpms.sql file. This weakness can be exploited remotely, allowing attackers to manipulate the system and potentia...

FontForge, a popular font editing software, has a command injection vulnerability within its Splinefont module. This issue allows attackers to exploit crafted archives or compressed files, potentially leading to unauthorized command execution. Users are urged to update their installations to miti...

A security vulnerability has been identified in the Totolink A7100RU model, specifically within the setWiFiEasyCfg function of the CGI Handler component. This flaw permits an attacker to manipulate the merge argument, facilitating an OS command injection. The exploit can be executed remotely, mak...

A security vulnerability has been identified in the Totolink A7100RU firmware version 7.4cu.2313_b20191024, specifically within the CGI Handler component, which allows for remote command injection via the setIpv6LanCfg function in the file /cgi-bin/cstecgi.cgi. An attacker can manipulate the addr...

A command injection vulnerability has been detected in the Totolink A7100RU router, specifically within the function setIptvCfg found in the CGI Handler at /cgi-bin/cstecgi.cgi. This flaw allows an attacker to manipulate the argument igmpVer, potentially enabling them to execute arbitrary OS comm...

A security vulnerability has been identified in the Totolink A7100RU router, specifically within the setUPnPCfg function of the CGI Handler component located at /cgi-bin/cstecgi.cgi. This flaw allows for OS command injection through improper handling of the enable argument. Attackers can exploit ...

A vulnerability exists in the Totolink A7100RU router, specifically within the CGI Handler's setVpnPassCfg function. This flaw allows an attacker to manipulate the pptpPassThru parameter, potentially leading to OS command injection. Remote exploitation is feasible, making this a significant secur...

A path traversal vulnerability exists in Tenda i12 version 1.0.0.11(3862), primarily affecting the HTTP Handler component. By exploiting this weakness, attackers can manipulate the system remotely, allowing unauthorized access to files outside the intended directory. This exploitation poses a sig...

A code injection vulnerability has been identified in the jeecgboot JimuReport component, specifically in the function DriverManager.getConnection located in the /drag/onlDragDataSource/testConnection file. By manipulating the dbUrl argument, an attacker can execute arbitrary code, potentially le...

Apache ActiveMQ Broker is prone to a code injection vulnerability due to improper input validation in the Jolokia JMX-HTTP bridge. By default, this bridge exposes a web console that allows the execution of operations on all ActiveMQ MBeans. An authenticated attacker can exploit this vulnerability...

A vulnerability exists in the Movie Ticketing System, specifically within the SQL Database Backup File Handler component. An unknown function in the /db/moviedb.sql file allows remote attackers to manipulate this system, potentially leading to unauthorized access to sensitive information. This ex...

A security weakness has been identified in D-Link DIR-882 routers, particularly in the HNAP1 SetNetworkSettings functionality within the prog.cgi file. This vulnerability allows an attacker to manipulate the IPAddress argument, potentially enabling OS command injection from a remote location. Exp...

A security vulnerability has been discovered in Decolua's 9Router affecting versions up to 0.3.47. The issue lies within an unspecified function of the Administrative API Endpoint, where improper permissions allow for authorization bypass. This vulnerability can be exploited remotely, potentially...

A vulnerability has been identified in the Tenda i3 1.0.0.6(2204) affecting the R7WebsSecurityHandler within the HTTP Handler component. This weakness enables attackers to perform path traversal attacks remotely, allowing unauthorized access to sensitive files. Publicly available exploits can fac...

A security flaw in the PHPGurukul News Portal Project 4.1 affects the functionality within the /admin/check_availability.php file. This vulnerability enables an attacker to conduct a SQL injection by manipulating the 'Username' argument, which can lead to unauthorized database access. Due to the ...

A vulnerability has been identified in the PHPGurukul News Portal Project 4.1 that involves the improper handling of a specific argument in the /admin/add-subcategory.php file. This vulnerability allows for SQL injection, which can be exploited by remote attackers to manipulate the database via u...

A vulnerability in the Linux kernel's ICMP protocol handling could lead to a kernel panic upon receiving specific ICMP Fragmentation Needed errors. The issue arises from the unconditional dereference of an unregistered protocol's handler, which may result in a NULL pointer dereference. This occur...

An SQL injection vulnerability exists in SonicWall SMA1000 series appliances, enabling a remote authenticated attacker with read-only access to escalate their privileges to that of a primary administrator. This flaw results from improper neutralization of special elements in SQL commands, allowin...

A vulnerability has been identified in the PHPGurukul News Portal Project version 4.1, specifically affecting the /admin/add-subadmins.php file. This issue allows an attacker to manipulate the 'sadminusername' parameter, leading to potential SQL injection attacks. The exploit can be executed remo...

A security flaw has been identified in PHPGurukul News Portal Project version 4.1, specifically within the /news-details.php file. This vulnerability allows for SQL injection through manipulation of the Comment argument, potentially enabling attackers to execute unauthorized commands on the datab...

A serious cross site scripting vulnerability has been identified in code-projects' Online Shoe Store version 1.0. This vulnerability affects the functionality of the file /admin/admin_product.php, where the manipulation of the 'product_name' argument can lead to unauthorized script execution in u...

Pterodactyl, a widely used free and open-source game server management panel, has a significant vulnerability that allows unauthorized remote code execution. This occurs through the /locales/locale.json endpoint when specific query parameters are manipulated. Attackers exploiting this flaw can ex...

A vulnerability exists in the Online Shoe Store 1.0, specifically impacting the /admin/admin_football.php file. An attacker can exploit this flaw by manipulating the product_name argument, facilitating a cross site scripting (XSS) attack. This method allows remote execution, potentially compromis...

A vulnerability exists in the Online Shoe Store version 1.0 by code-projects, specifically in the /admin/admin_running.php file. This vulnerability allows an attacker to manipulate the 'product_name' argument, leading to cross site scripting (XSS) attacks. The exploitation of this flaw can occur ...

A security vulnerability in Awwaiid's MCP-Server-Taskwarrior up to version 1.0.1 allows local attackers to execute arbitrary commands via manipulated arguments in the setRequestHandler function within index.ts. The issue has been publicly disclosed, and a patch (1ee3d282debfa0a99afeb41d22c4b2fd5a...

A vulnerability has been discovered in the atototo API Lab MCP up to version 0.2.1, specifically affecting the function analyze_api_spec/generate_test_scenarios/test_http_endpoint within the HTTP Interface component. This weakness allows for remote manipulation of input parameters, leading to ser...

A stack-based buffer overflow vulnerability exists in the Tenda AC15 router, specifically in the websGetVar function within the SysToolChangePwd endpoint. Attackers can manipulate password parameters such as oldPwd, newPwd, and cfmPwd, potentially leading to unauthorized code execution. The explo...

A SQL injection vulnerability has been identified in the Simple IT Discussion Forum 1.0, specifically in an undisclosed function within the /pages/content.php file. The manipulation of the 'post_id' argument can lead to unauthorized database access, allowing remote attackers to execute malicious ...

A SQL injection vulnerability exists in Code-Projects' Simple IT Discussion Forum version 1.0, specifically within an unknown function in the /functions/addcomment.php file. This vulnerability allows attackers to manipulate the 'postid' argument, potentially leading to unauthorized access to the ...

A vulnerability in the Vite frontend tooling framework allows unauthorized access to arbitrary files on the server. If an attacker connects to the Vite development server's WebSocket without an Origin header, they can exploit the custom WebSocket event 'vite:invoke' to retrieve file contents as J...

A cross site scripting vulnerability resides in the Simple IT Discussion Forum 1.0 within the /edit-category.php file. This flaw allows an attacker to manipulate the 'Category' argument, which can lead to execution of malicious scripts in the context of users' browsers. The issue is exploitable r...

A cross-site scripting vulnerability exists in the Simple Laundry System version 1.0, specifically in the /delmemberinfo.php file. By manipulating the 'userid' argument, attackers can execute unauthorized scripts remotely, potentially compromising user data and session integrity. This vulnerabili...

A vulnerability has been identified in the Simple Laundry System application, specifically in the userchecklogin.php file. This flaw allows for SQL injection attacks through manipulation of the 'userid' argument. This vulnerability could be exploited remotely, potentially leading to unauthorized ...