Publicly Disclosed
PoC Exploits

ApostropheCMS is an open-source content management framework that has a vulnerability in the `@apostrophecms/import-export` package prior to version 3.5.3. The vulnerability lies within the `extract()` function in `gzip.js`, where file-write paths are constructed using `fs.createWriteStream(path....

The KiviCare – Clinic & Patient Management System for WordPress has a critical vulnerability that allows attackers to bypass authentication checks. The flaw exists in the `patientSocialLogin()` function, which does not properly verify the access token provided by social providers. As a result, an...

The Java OpenWire protocol marshaller in Apache ActiveMQ is susceptible to a remote code execution vulnerability, allowing attackers with network access to execute arbitrary shell commands. By manipulating serialized class types in the OpenWire protocol, an attacker can cause the client or broker...

An elevation of privilege vulnerability exists in the Windows Accessibility Infrastructure due to incorrect permission assignment for critical resources within ATBroker.exe. This flaw enables authorized attackers to gain elevated access to system resources, potentially allowing them to execute un...

On Debian-based operating systems, certain versions of OpenSSL utilize a flawed random number generator that produces predictable outputs. This vulnerability can facilitate brute force attacks, enabling adversaries to guess cryptographic keys with higher success rates. Organizations using affecte...

A local privilege escalation vulnerability in Snapd on Linux systems allows attackers to exploit the automatic cleanup of Snap's private /tmp directory. By re-creating this directory under certain configurations of systemd-tmpfiles, an attacker can potentially gain root privileges. This issue imp...

The Relevanssi – A Better Search plugin for WordPress presents a vulnerability that allows time-based SQL injection through the cats and tags query parameters. This issue affects all versions up to and including 4.24.4 for free and 2.27.4 for premium users. The vulnerability arises from inadequat...

The telnetd component of GNU Inetutils, specifically versions up to 2.7, is susceptible to an out-of-bounds write vulnerability. This flaw occurs in the LINEMODE SLC (Set Local Characters) suboption handler due to insufficient checks in the add_slc function, allowing for data to be written past t...

The OmniGen2-RL reward server component is vulnerable to an unauthenticated remote code execution flaw. By exploiting insecure pickle deserialization, an attacker can send specially crafted HTTP POST requests to execute arbitrary commands on the server. This vulnerability allows for potential una...

A Server-Side Request Forgery (SSRF) vulnerability exists in pdfmake versions 0.3.0-beta.2 through 0.3.5. This flaw enables a remote attacker to exploit the src/URLResolver.js component, potentially allowing access to sensitive information from the server. To mitigate this risk, version 0.3.6 int...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

The Get Use APIs plugin for WordPress versions before 2.0.10 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This security flaw enables users with low-level roles, such as contributors, to execute arbitrary JavaScript code through imported JSON data under specific server configurati...

A cross-origin vulnerability exists within the Navigation API that could allow maliciously crafted web content to bypass the Same Origin Policy. This issue has been rectified with enhanced input validation in version updates for iOS, iPadOS, and macOS, specifically in versions 26.3.1 and 26.3.2. ...

The SpaceX Starlink Wi-Fi router GEN 2 and Starlink Dish are susceptible to a Cross-Site Request Forgery (CSRF) attack, allowing malicious actors to exploit a DNS rebinding technique. This vulnerability permits unauthorized actions, such as rebooting the device without user consent, posing signif...

A stored cross-site scripting (XSS) vulnerability in the NotChatbot WebChat widget allows attackers to inject arbitrary JavaScript code. User input is inadequately sanitized before being stored and displayed in chat conversations. When the chat history is loaded, the injected scripts are executed...

A vulnerability in itsourcecode's University Management System 1.0 affects an undisclosed function within the /add_result.php file. This flaw allows for manipulation of the 'vr' argument, ultimately facilitating cross-site scripting attacks. Such vulnerabilities pose serious risks as they can be ...

A security flaw has been identified in Portabilis i-Educar 2.11, specifically affecting the endpoint located at /intranet/educar_servidor_curso_lst.php. This vulnerability allows remote attackers to conduct cross-site scripting (XSS) attacks by manipulating the 'Name' parameter. The exploitation ...

A Cross Site Scripting (XSS) vulnerability has been discovered in the TRENDnet TEW-824DRU's web interface, specifically within the apply_sec.cgi file's sub_420A78 function. Manipulating the Language argument allows for the execution of malicious scripts, which can be triggered remotely. The ease ...

A vulnerability in FreeFloat FTP Server 1.0 affects the NOOP Command Handler, allowing for remote buffer overflow attacks. This flaw can be exploited, leading to unauthorized data access and potential control of the affected system. The issue has been publicly disclosed, emphasizing the need for ...

A path traversal vulnerability was discovered in Ray Dashboard, hosted on the default port 8265, impacting versions prior to 2.8.1. This flaw arises from the inadequate validation and sanitization of user-supplied paths within the static file handling mechanism. An attacker can exploit this vulne...

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

A vulnerability in the Simple Food Order System 1.0 allows attackers to exploit the file /routers/add-item.php by manipulating the price argument, leading to SQL injection. This flaw can be targeted remotely, and the exploit code is publicly available, posing a significant risk to users of the sy...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A buffer overflow vulnerability exists in the UTT HiPER 810G model, specifically within the strcpy function of the /goform/formApLbConfig file. This flaw allows an attacker to manipulate the loadBalanceNameOld argument, potentially leading to unauthorized access or execution of arbitrary code. Th...

The Micro HTTP Server is susceptible to a buffer overflow due to improper handling of long URIs in the _ReadStaticFiles function within the lib/middleware.c file. This flaw allows attackers to send specially crafted requests that can exploit the vulnerability, potentially leading to remote code e...

A vulnerability has been discovered in frdel/agent0ai agent-zero version 0.9.7, specifically affecting the handle_pdf_document function located in python/helpers/document_query.py. This flaw enables remote attackers to execute server-side request forgery (SSRF) attacks, allowing them to send unau...

A security flaw has been identified in frdel's Agent-Zero product, specifically in version 0.9.7-10. This vulnerability is associated with the 'get_abs_path' function located in the 'python/helpers/files.py' file. It allows an attacker to manipulate file paths, resulting in unauthorized access to...

A SQL injection vulnerability exists in the Tiandy Easy7 Integrated Management Platform in versions up to 7.17.0, specifically within the /rest/preSetTemplate/getRecByTemplateId function. The vulnerability arises from improper validation of the ID argument, allowing attackers to manipulate SQL qu...

A vulnerability has been discovered in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically within an undisclosed function of the /rest/devStatus/getDevDetailedInfo endpoint. This issue allows attackers to manipulate the argument ID, potentially leading to SQL injection at...

A vulnerability has been identified in the Tiandy Easy7 Integrated Management Platform 7.17.0 that allows for SQL injection through an undisclosed function in the /rest/devStatus/queryResources endpoint. This security flaw enables attackers to manipulate the areaId argument, potentially allowing ...

A path traversal vulnerability exists within the Taoofagi Easegen-Admin software, specifically in the 'recognizeMarkdown' function of the 'Pdf2MdUtil.java' file. This vulnerability allows attackers to manipulate the 'fileUrl' argument, potentially gaining unauthorized access to the underlying fil...

A vulnerability exists in the Taoofagi Easegen-Admin product due to improper handling of the 'url' parameter in the downloadFile function of the PPT File Handler. This flaw allows an attacker to exploit server-side request forgery (SSRF) vulnerabilities, potentially leading to unauthorized access...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

A stack-based buffer overflow vulnerability affects Easy File Sharing (EFS) Web Server 7.2. This issue arises when attackers send a specially crafted POST request to the system while creating new topics in the forums. Successfully exploiting this vulnerability allows remote attackers to execute a...

The fontTools library, used for font manipulation in Python, contains an arbitrary file write vulnerability affecting versions from 4.33.0 to before 4.60.2. This flaw allows an attacker to execute remote code when a specially crafted .designspace file is processed through the fonttools varLib scr...

A vulnerability has been discovered in the Tenda AC8 router, specifically affecting the HTTP Endpoint component. This issue arises from improper handling of the argument local_2c in the doSystemCmd function located in the /goform/SysToolChangePwd file. Exploitation of this vulnerability can lead ...

A security vulnerability has been identified in the Tenda AC8 router, specifically affecting version 16.03.50.11. This flaw is found in the route_set_user_policy_rule function within the /cgi-bin/UploadCfg component of the web interface. By manipulating the wans.policy.list1 argument, an attacker...

A vulnerability exists in the REST Plugin of Apache Struts that allows for Remote Code Execution due to the use of an XStreamHandler without type filtering during XML payload deserialization. This flaw, present in specific versions of the software, can be exploited by attackers to execute arbitra...

A vulnerability has been identified in the Tenda AC8 router that affects the function handling IPv6 address checks, specifically the 'check_is_ipv6' function in the IPv6 Handler component. This flaw allows an attacker to exploit the reliance on the IP address for authentication purposes. When exp...

A data exposure vulnerability has been identified in the CityData CityChat app for Android devices, specifically affecting version 0.12.6. The vulnerability involves improper handling of sensitive information located in the credentials.json file, which can lead to unprotected storage of credentia...

A vulnerability exists in Albert Health for Android up to version 1.7.3 affecting the Google Cloud Service Account Key Handler located in the service-account.json file. This flaw allows for the manipulation of credential storage leading to unprotected access to sensitive information. The attack n...

A vulnerability has been discovered in the La Nacion App version 10.2.25 for Android, where improper handling of the API_KEY_WEBSOCKET_CV parameter may lead to unprotected storage of sensitive credentials. This flaw exists within a specific component of the application and is particularly concern...

A security flaw in the BabyChakra Pregnancy & Parenting App for Android has been identified, affecting versions up to 5.4.3.0. This vulnerability resides in the Configuration.java file within the app, specifically linked to the SEGMENT_WRITE_KEY argument. Exploiting this flaw can lead to unprotec...

A SQL injection vulnerability has been discovered in the itsourcecode College Management System version 1.0, specifically within an unknown function in the file /admin/time-table.php. This flaw allows attackers to manipulate the 'course_code' argument. Given its remote exploit capability, the vul...

A vulnerability in Open5GS up to version 2.7.6 can lead to a denial of service through specific functions within the CCA Handler, including smf_gx_cca_cb and smf_gy_cca_cb. This issue can be exploited remotely, allowing attackers to disrupt services without physical access. It is recommended to u...

A vulnerability in the Lagom WHMCS Template, specifically affecting versions up to 2.3.7, allows for unauthorized modification of object prototype attributes within the Datatables component. This security flaw can be exploited remotely, making it a significant concern for users. The vendor has be...

A vulnerability in the Lagom WHMCS Template, specifically affecting versions up to 2.3.7, allows for unauthorized modification of object prototype attributes within the Datatables component. This security flaw can be exploited remotely, making it a significant concern for users. The vendor has be...

A vulnerability in the itsourcecode College Management System version 1.0 has been identified, specifically affecting the file /admin/courses.php. This issue arises from inadequate validation of the course_code parameter, which can be manipulated to execute SQL injection attacks. Such exploitatio...

A SQL injection vulnerability exists in the itsourcecode Free Hotel Reservation System version 1.0, specifically within the /hotel/admin/mod_reports/index.php file. This flaw allows an attacker to manipulate the argument 'Home' to execute arbitrary SQL commands, potentially gaining unauthorized a...

A security vulnerability has been identified in the itsourcecode Online Enrollment System, specifically affecting an unspecified function within the file /enrollment/index.php?view=add. This vulnerability arises due to incorrect handling of the argument txtsearch/deptname/name, allowing for SQL i...