Publicly Disclosed
PoC Exploits

The Vendure open-source headless commerce platform has a vulnerability in the `NativeAuthenticationStrategy.authenticate()` method, which is susceptible to timing attacks. This flaw allows malicious actors to differentiate between valid and invalid usernames by exploiting the timing discrepancies...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

A buffer overflow vulnerability exists in the UTT 进取 520W router, specifically in the strcpy function located in the /goform/formPolicyRouteConf file. This flaw allows an attacker to manipulate the GroupName argument, potentially leading to unauthorized access and exploitation. The vulnerability ...

A significant vulnerability has been identified in the ggml-org llama.cpp, specifically in the function llama_grammar_advance_stack found in the GBNF Grammar Handler component. This vulnerability allows an attacker to exploit a stack-based buffer overflow, necessitating local access for successfu...

A vulnerability exists in the UTT 进取 520W version 1.7.7-180627 that allows an attacker to exploit the strcpy function in the /goform/formSyslogConf file. By manipulating the ServerIp argument, an attacker can trigger a buffer overflow, posing a significant risk of remote exploitation. This vulner...

A security vulnerability has been identified in the UTT 进取 520W router with version 1.7.7-180627. This flaw specifically lies within the strcpy function in the /goform/formTimeGroupConfig file, where improper handling of the 'year1' argument leads to a buffer overflow. This vulnerability can be e...

A vulnerability has been found in the UTT 进取 520W device version 1.7.7-180627. The flaw resides in the strcpy function implemented in the /goform/formIpGroupConfig file. By manipulating the groupName argument, an attacker can trigger a buffer overflow, enabling a potential remote exploitation of ...

The calibre e-book manager, developed by Kovid Goyal, is vulnerable to a Server-Side Template Injection (SSTI) issue in versions prior to 9.2.0. This flaw arises from its Templite templating engine, where users can execute arbitrary code by utilizing a malicious custom template file during ebook ...

A significant security flaw has been identified in the Flycatcher Toys smART Pixelator 2.0 related to its Bluetooth Low Energy Interface. This vulnerability allows attackers on the local network to exploit functionalities that lack proper authentication measures. The potential for unauthorized ac...

A cross site scripting vulnerability exists in Portabilis i-Educar versions up to 2.10, specifically in the User Data Page component located at /intranet/meusdadod.php. An attacker can exploit this vulnerability by manipulating file argument inputs, which allows for the execution of arbitrary scr...

A significant security flaw has been identified in the D-Link DIR-823X router's web management interface, specifically within the /goform/set_ac_server file. This vulnerability allows attackers to manipulate the ac_server argument, leading to unauthorized OS command injection. Remote exploitation...

A vulnerability identified in the Open5GS PGW S5U Address Handler can lead to a null pointer dereference through the functions sgwc_s5c_handle_modify_bearer_response and sgwc_sxa_handle_session_modification_response. This issue can be exploited remotely, potentially allowing attackers to cause a ...

The D-Link DIR-823X router contains a vulnerability within the function sub_424D20 located in the /goform/set_ipv6 file. This issue allows an attacker to perform OS command injection remotely, potentially compromising the device and the network it connects to. The exploit has been publicly disclo...

An SQL injection vulnerability has been identified in the Simple Blood Donor Management System, specifically in the file /simpleblooddonor/editcampaignform.php. By manipulating the argument ID, an attacker can execute unauthorized SQL commands, potentially compromising the database. This vulnerab...

A SQL injection vulnerability was identified in the Medical Center Portal Management System 1.0, specifically within the emp_edit1.php file. This vulnerability arises from inadequacies in input validation, allowing attackers to manipulate the 'ID' argument remotely, leading to unauthorized access...

The BlueStacks App Player version 2.4.44.62.57 is susceptible to an unquoted service path vulnerability within the BstHdLogRotatorSvc service. This flaw allows local attackers to exploit the unquoted service path located in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe. By doing so, ...

SecurOS Enterprise 10.2 by Intelligent Security System exposes an unquoted service path vulnerability in its SecurosCtrlService. This flaw enables local users to potentially execute arbitrary code with elevated privileges by exploiting the unquoted service path located in C:\Program Files (x86)\I...

JumpStart 0.6.0.0 contains a significant security flaw due to an unquoted service path in the jswpbapi service, which operates with LocalSystem privileges. This vulnerability allows attackers to craft a path that injects and executes malicious code under elevated system permissions, potentially c...

Acer Launch Manager version 6.1.7600.16385 has a vulnerability in the DsiWMIService that stems from an unquoted service path. This oversight allows local users to exploit the unquoted path located at C:\Program Files (x86)\Launch Manager\dsiwmis.exe, enabling them to execute arbitrary code with e...

The Millhouse-Project version 1.414 is susceptible to a persistent cross-site scripting (XSS) vulnerability, primarily found in the comment submission feature. This flaw enables attackers to inject malicious JavaScript code via the 'content' parameter in the add_comment_sql.php file. As a result,...

TheJshen Content Management System version 1.04 is susceptible to an SQL injection vulnerability due to improper handling of the 'id' GET parameter. This flaw allows attackers to execute various SQL injection techniques, including boolean-based, time-based, and UNION-based methods, potentially co...

RimbaLinux AhadPOS 1.11 is susceptible to SQL injection through the 'alamatCustomer' parameter. This vulnerability allows attackers to craft specific POST requests that can manipulate database queries. By leveraging time-based and boolean-based blind SQL injection techniques, attackers may extrac...

The Globitek CMS version 1.4 developed by thejshen is susceptible to SQL injection via the 'id' GET parameter, allowing attackers to execute unauthorized database queries. This vulnerability enables the use of various techniques such as boolean-based, time-based, and UNION-based SQL injections, p...

html5_snmp version 1.11 is vulnerable to a persistent cross-site scripting (XSS) attack. This flaw allows attackers to inject malicious JavaScript through the 'Remark' parameter in the 'add_router_operation.php' file. By crafting a specific POST request containing a script payload in the Remark f...

The html5_snmp 1.11 product by LolyPop is susceptible to multiple SQL injection vulnerabilities that can be exploited via the Router_ID and Router_IP parameters. These vulnerabilities allow attackers to manipulate database queries using various techniques, including error-based, time-based, and u...

The Alps HID Monitor Service version 8.1.0.10 is susceptible to an unquoted service path vulnerability. This issue allows local attackers to exploit the unquoted path in 'C:\Program Files\Apoint2K\HidMonitorSvc.exe'. By leveraging this vulnerability, attackers can potentially execute arbitrary co...

The Wondershare Application Framework Service version 2.4.3.231 is susceptible to an unquoted service path vulnerability. This issue enables local attackers to execute arbitrary code with elevated privileges. By placing malicious executables in designated directories, an attacker can exploit this...

A vulnerability has been discovered in the CloudClassroom-PHP-Project developed by Mathurvishal, specifically within the /postquerypublic.php file. This flaw allows for SQL injection through manipulation of the 'gnamex' argument. The vulnerability enables remote attackers to execute arbitrary SQL...

A newly discovered SQL injection vulnerability in the SourceCodester Medical Center Portal Management System 1.0 compromises the /login.php file. This issue arises from improper handling of the User input parameter, allowing attackers to execute remote SQL commands. Given that details of this exp...

A security flaw has been identified in D-Link DIR-605L and DIR-619L routers, specifically in the /wan_connection_status.asp file within the DHCP Connection Status Handler. This vulnerability can lead to unauthorized information disclosure, allowing remote attackers to exploit it. Notably, these p...

The Lobe Chat framework, designed for chatbot development with capabilities like speech synthesis and a multimodal plugin system, has a vulnerability in its /api/proxy endpoint prior to version 0.150.6. This flaw allows attackers to execute unauthorized Server-Side Request Forgery, enabling them ...

A significant security flaw has been identified in D-Link DIR-605L and DIR-619L routers. This vulnerability affects the Wifi Setting Handler component, allowing attackers to manipulate specific functions, which may lead to unauthorized information disclosure. The exploitation of this vulnerabilit...

A critical flaw has been identified in the itsourcecode School Management System version 1.0, specifically located within the /ramonsys/settings/controller.php file. This vulnerability arises from improper handling of the argument ID, enabling SQL injection attacks. As a result, attackers can pot...

A security flaw in Happyfish100's libfastcommon affects the base64_decode function located in src/base64.c. This vulnerability allows for a stack-based buffer overflow, requiring local access for exploitation. Given that this issue has been publicly disclosed, it is crucial to apply the recommend...

A vulnerability has been discovered in the Portabilis i-Educar system, specifically affecting the Final Status Import component and its FinalStatusImportService.php file. This vulnerability is due to improper authorization, which can be exploited by manipulating the school_id argument. The attack...

A security vulnerability has been identified in the itsourcecode Student Management System 1.0, specifically in the /ramonsys/billing/index.php file. The issue arises from improper handling of the ID argument, allowing for SQL injection attacks. This vulnerability can be exploited remotely, poten...

A security flaw in the itsourcecode Student Management System version 1.0 allows for SQL injection through improper handling of the ID argument in the file /ramonsys/soa/index.php. This vulnerability can be exploited remotely, making it a significant risk since potential attackers can manipulate ...

A vulnerability exists in the itsourcecode Student Management System version 1.0 located in the file /ramonsys/facultyloading/index.php. This flaw allows for SQL injection through the manipulation of the argument ID, enabling attackers to execute arbitrary SQL commands. The exploitation can be pe...

A security flaw was discovered in the itsourcecode Student Management System 1.0, specifically impacting an unidentified function within the /ramonsys/enrollment/controller.php file. This vulnerability allows for SQL injection attacks through the manipulation of the argument ID. As the exploit is...

A vulnerability exists in the Trade Payment Handler of Sanluan PublicCMS that allows for improper authorization due to manipulation of the paymentId parameter in the function Paid within the TradePaymentService.java file. This can be exploited remotely, leading to unauthorized access to trade pay...

A vulnerability exists in the SourceCodester Gas Agency Management System version 1.0, specifically within the processing of the createUser.php file. This flaw allows for improper access control measures, making it possible for attackers to manipulate the system remotely. With the exploit made pu...

A vulnerability exists in the abhiphile fermat-mcp product affecting the eqn_chart function within the eqn_chart.py file. By manipulating the argument 'equations', attackers can execute arbitrary code, leading to potential unauthorized access and remote exploitation. The rolling release nature of...

Camaleon CMS, a robust content management system built on Ruby on Rails, has a path traversal vulnerability in the MediaController's download_private_file method. This flaw permits authenticated users to potentially download any file stored on the web server, depending on file permissions configu...

A command injection vulnerability exists in the DCN DCME-320's web management backend. The issue lies within the apply_config function of the bridge_cfg.php file, where improper handling of the ip_list argument allows for unauthorized command execution. This vulnerability can be exploited remotel...

A vulnerability exists in MicroPython due to a flaw in the mp_import_all function located in py/runtime.c, which can lead to memory corruption. This issue requires local access for exploitation and has already been published. Users are advised to apply the available patch (commit 570744d06c5ba9db...

A vulnerability has been identified in libuvc up to version 0.0.7 that affects the function uvc_scan_streaming within the UVC Descriptor Handler located in the file src/device.c. This flaw leads to a null pointer dereference, which can potentially allow an attacker local access to disrupt operati...

A vulnerability has been identified in the Oat++ framework, specifically within the function oatpp::data::type::ObjectWrapper::ObjectWrapper located in src/oatpp/data/type/Type.hpp. This issue can lead to a null pointer dereference when accessed locally, making it essential for developers to be a...

A vulnerability exists in mruby versions up to 3.4.0, specifically in the mrb_vm_exec function within the JMPNOT-to-JMPIF Optimization component. This weakness allows an attacker to execute a manipulation that can result in a use after free condition. The attack needs to be launched locally, and ...

An improper limitation of a pathname to a restricted directory exists in Fortinet's FortiOS and FortiProxy products. This flaw, found in versions 6.0.0 through 6.0.4, 5.6.3 through 5.6.7, and 5.4.6 through 5.4.12 for FortiOS, as well as various versions of FortiProxy, allows unauthenticated attac...

A vulnerability exists in kalyan02 NanoCMS up to version 0.4, specifically within the User Information Handler component. This flaw allows unauthorized manipulation of the file /data/pagesdata.txt, resulting in direct access to sensitive data. The exploitation of this vulnerability can be initiat...