Publicly Disclosed
PoC Exploits

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter versions 7.3.2 and earlier, which allows attackers to execute crafted requests that can lead to unauthorized deletion of arbitrary files from the system. This issue poses a significant risk as it can compr...

OpenSTAManager, an open source tool for managing technical support and invoicing, contains a vulnerability in its Payment Schedule module. The application improperly validates array entries used in SQL queries, enabling attackers to execute malicious SQL commands. This could lead to unauthorized ...

A double free vulnerability has been identified in Apache HTTP Server that may lead to remote code execution, particularly concerning the HTTP/2 protocol. This issue affects version 2.4.66, and it is crucial for users to upgrade to version 2.4.67 to mitigate any potential security risks associate...

A vulnerability exists in the Linux kernel's OverlayFS subsystem that enables a local user to gain unauthorized access to a setuid file with capabilities. This issue arises when a user copies a capable file from a nosuid mount to another mount, leading to potential privilege escalation. The uid m...

A security flaw exists within the SourceCodester Class and Exam Timetabling System version 1.0, specifically in the /edit_class.php file. This vulnerability allows an attacker to manipulate the argument ID, resulting in a SQL injection that can be exploited remotely. The risk of unauthorized acce...

A SQL injection vulnerability has been identified in the CodeAstro Human Resource Management System, specifically in the emselectByCode function located in the application/models/Employee_model.php file. This vulnerability permits an attacker to manipulate the emid argument, enabling remote explo...

A security vulnerability has been identified in CherryHQ's cherry-studio, specifically in the MCP OAuth Local Callback Server's handling of the OAuth callback. This issue affects versions up to 1.9.6, allowing remote attackers to manipulate authorization arguments. Exploiting this vulnerability p...

A vulnerability exists in the ISOBMFF Parser component of GPAC that can be exploited through local manipulation of highly compressed data. This issue, identified in the file src/utils/base_encoding.c, allows an attacker to execute an attack that may lead to uncontrolled resource consumption. The ...

A SQL injection vulnerability has been detected in the SourceCodester Class and Exam Timetabling System, specifically within the /preview5.php file. This vulnerability stems from improper handling of the 'course_year_section' argument, allowing remote attackers to manipulate SQL queries. As a res...

A SQL injection vulnerability exists in the itsourcecode Hospital Management System 1.0, specifically within the /appointmentapproval.php file of the Appointment Handler component. This issue arises due to improper handling of the 'editid' argument, allowing an attacker to manipulate SQL queries ...

A vulnerability exists in the Tenda JD12L router within the fromNatStaticSetting functionality of the /goform/NatStaticSetting file. The issue arises from improper handling of the argument 'page', which can lead to a stack-based buffer overflow. This vulnerability can be exploited remotely, allow...

A stack-based buffer overflow vulnerability has been identified in the Tenda JD12L router, specifically within the fromSetWifiGusetBasic function located in the /goform/WifiGuestSet file. An attacker can remotely execute this exploit by manipulating the 'shareSpeed' argument. The exploit is now p...

A security vulnerability has been identified in the Tenda JD12L router, specifically within the function formSetPPTPServer located in the /goform/SetPptpServerCfg file. This vulnerability arises from improper handling of the argument startIp, resulting in a stack-based buffer overflow. Attackers ...

A vulnerability has been identified in the Chess Play and Learn App on Android, specifically affecting versions up to 4.9.42. This issue arises from improper handling of the AndroidManifest.xml file within the application's component com.chess. Exploiting this vulnerability could lead to unauthor...

A security flaw has been identified in MyScaleDB, specifically in the SegmentId::getCacheKey function within the src/VectorIndex/Common/SegmentId.h library. This vulnerability leads to insufficient verification of data authenticity, allowing remote attackers to potentially exploit affected system...

A security flaw has been discovered in the Tenant Handler component of Databend, specifically within the ClientSessionManager::state_key function. This vulnerability enables unauthorized access by manipulating session states, effectively bypassing authorization checks. The issue is present in Dat...

An improper authorization vulnerability exists in the VoltAgent Memory REST API, specifically in the handleGetMemoryConversation function found in packages/server-core/src/handlers/memory.handlers.ts. By manipulating the conversationId argument, an attacker may exploit this issue remotely. Althou...

A vulnerability in the SimStudioAI sim product exposes an issue within the Password Protection Handler found in the library apps/sim/lib/core/security/deployment.ts. This weakness allows for manipulation that leads to the utilization of a weak hash for password protection. Remotely exploitable, t...

A path traversal vulnerability exists in the RAGapp Knowledge File Handler, affecting versions up to 0.1.5. The flaw resides in the 'FileHandler.upload_file' and 'FileHandler.remove_file' functions within the 'src/ragapp/backend/controllers/files.py' file. This vulnerability allows attackers to m...

A security flaw exists in the khoj-ai Khoj product affecting its conversation sharing handler. An issue has been identified in the file src/khoj/routers/api_chat.py, specifically within the handling of the argument conversation.agent. This vulnerability may allow unauthorized access and manipulat...

A vulnerability exists within the ngx_http_dav_module of NGINX Open Source and NGINX Plus that can be exploited to trigger a buffer overflow in the NGINX worker process. This scenario is possible when configuration files utilize the DAV module's MOVE or COPY methods combined with specific prefix ...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A cross site scripting vulnerability exists in code-projects Project Management System version 1.0, specifically within the /mail.php file used for the Mail Compose Page. This flaw allows attackers to manipulate the code remotely, potentially injecting malicious scripts that could compromise user...

A path traversal vulnerability exists in the getImportedVocabFile function of ANTLR4's TokenVocabParser.java, allowing attackers to manipulate file paths. This can potentially lead to unauthorized access to system files. The issue has been publicly disclosed, and remediation is crucial as it can ...

A time-of-check time-of-use vulnerability was discovered in the antlr ANTLR4 Maven Plugin, affecting versions up to 4.13.2. This flaw is located in the ObjectInputStream.readObject function within the GrammarDependencies.java file. It allows for potential local execution exploits due to improper ...

A security vulnerability has been identified in the antlr ANTLR4 tool, specifically within the GoTarget function found in the GoTarget.java file. This vulnerability is categorized as a command injection risk, allowing an attacker to execute arbitrary commands on the host system. The attack must o...

A vulnerability has been discovered in ANTLR4, specifically within the Grammar Action Block Handler component. The weakness resides in an unspecified function of the OutputFile.java file, allowing for potential code injection through manipulated input. This flaw can be exploited remotely, and fol...

A security flaw has been identified in the registration component of the yashpokharna2555 restaurant management system. An issue resides within the login_register.php file, where improper handling of the Username argument can lead to a Cross Site Scripting (XSS) vulnerability. This allows attacke...

A vulnerability has been detected in the Yashpokharna2555 Restaurant Management System, specifically within the forgotpassword.php file. This flaw in the POST Parameter Handler allows attackers to manipulate the 'email' parameter, leading to SQL injection vulnerabilities that can be exploited rem...

A vulnerability exists in the itsourcecode Hospital Management System version 1.0 that allows remote attackers to exploit an unknown function in the file /appointment.php. By manipulating the 'editid' argument, attackers can execute SQL injection attacks, potentially compromising the underlying d...

A significant SQL injection vulnerability exists in the itsourcecode Hospital Management System version 1.0, specifically within the /ajaxmedicine.php file. The issue arises from improper handling of the 'medicineid' parameter, allowing attackers to craft malicious SQL queries. This vulnerability...

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...

A vulnerability in the itsourcecode Hospital Management System allows for SQL injection through the manipulation of the 'loginid' parameter in the /adminprofile.php file. This issue can be exploited remotely, potentially compromising the integrity of the database and exposing sensitive informatio...

A vulnerability has been identified in AIDC-AI ComfyUI-Copilot versions up to 2.0.28, located in the Workflow Checkpoint Restore Handler's conversation_api.py file. This flaw enables an attacker to manipulate and improperly control resource identifiers, potentially leading to unauthorized access ...

A vulnerability has been identified in the 78 xiaozhi-esp32 product regarding the MQTT Goodbye Handler. It allows for remote exploitation, where manipulated arguments to the GetInstance function can lead to a denial of service. This exploit presents a significant risk as it is publicly available ...

A vulnerability has been identified in version 2.2.6 and earlier of the Xiaozhi-ESP32 product, specifically within the MCP Response Handler's ParseMessage function located in the main/mcp_server.cc file. This vulnerability leads to improper synchronization, which could be exploited remotely. Due ...

A notable security flaw has been identified in the SourceCodester Class and Exam Timetabling System, specifically within the /preview7.php file. This vulnerability allows for SQL injection through manipulation of the 'course_year_section' argument. Attackers can exploit this weakness remotely, le...

A vulnerability exists in the SourceCodester Class and Exam Timetabling System 1.0, specifically affecting an unprotected function in the /archive.php file. This flaw allows attackers to manipulate parameters, resulting in SQL injection exploits that can be initiated remotely. The potential for u...

A vulnerability exists in the SourceCodester Class and Exam Timetabling System that allows for SQL injection via the '/preview6.php' file. An attacker can exploit this by manipulating the 'course_year_section' parameter, enabling unauthorized database queries leading to the potential exposure of ...

A vulnerability exists in the SourceCodester Class and Exam Timetabling System 1.0 that allows remote attackers to execute SQL injection through the manipulation of the 'course_year_section' argument in the /preview.php file. This flaw can lead to unauthorized access to the database, potentially ...

OpenSTAManager versions up to and including 2.10 contain a vulnerability that allows an attacker to upload arbitrary files via the module update functionality. This flaw exists in the 'upload_modules.php' script, which does not adequately validate file uploads, potentially enabling unauthorized a...

A vulnerability exists in the MLflow's Experiment-scoped Label Schema CRUD API, allowing attackers to manipulate its functionality due to missing authorization checks. This issue can be exploited remotely, posing risks to data integrity. Despite the high complexity associated with the attack, the...

A significant flaw has been identified in arc53's DocsGPT, specifically within the Credential Storage component. The vulnerability arises from the encrypt_credentials function in the application/security/encryption.py file. This issue permits insufficient verification of data authenticity, allowi...

Craft CMS, a customizable content management system, has a remote code execution vulnerability present in specific versions. Attackers could exploit this flaw to execute arbitrary code on the server, posing a significant security risk. The affected versions span from 3.0.0-RC1 to just before 3.9....

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vu...

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

A vulnerability exists in multiple versions of Splunk Enterprise and Cloud Platform, where low-privileged users can execute arbitrary code remotely via the Splunk Secure Gateway app. This flaw is due to unsafe deserialization of App Key Value Store (KV Store) data facilitated by the 'jsonpickle' ...

The Paid Membership Plugin for WordPress prior to version 4.16.17 is affected by an Insecure Direct Object Reference vulnerability. This flaw allows any authenticated user with Subscriber role or higher to cancel active subscriptions of other users without verifying ownership of the subscription....