Publicly Disclosed
PoC Exploits

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A significant security vulnerability exists within the MLflow platform developed by Databricks. This issue arises from the deserialization of untrusted data in versions 0.9.0 and later. Attackers exploit this vulnerability by uploading a malicious PyFunc model that, once interacted with, can exec...

The Ajax Load More plugin for WordPress prior to version 7.8.4 contains a security flaw that allows attackers to exploit a failure in sanitizing and escaping parameters. This oversight facilitates a Reflected Cross-Site Scripting attack, which can particularly endanger high-privilege users, such ...

The WP Photo Album Plus plugin for WordPress, prior to version 9.1.11.001, is susceptible to SQL injection due to insufficient sanitization and escaping of user-supplied data in SQL queries. This flaw allows unauthenticated attackers to execute arbitrary SQL commands, potentially leading to unaut...

The Autoptimize and other related WordPress plugins are susceptible to unauthenticated stored cross-site scripting (XSS) due to a flaw in the HTML minification process. This vulnerability originates from a predictable replacement hash, which attackers can exploit by injecting malicious HTML attri...

The WP Maps WordPress plugin, prior to version 4.9.3, contains a vulnerability that allows authenticated users to execute Local File Inclusion (LFI) attacks due to insufficient sanitization of a parameter used in file paths. This flaw can potentially lead to unauthorized access and disclosure of ...

The Feeds for YouTube plugin, which integrates YouTube video, channel, and gallery functionalities, is susceptible to unauthorized modifications due to a lack of capability checks on the 'actions' function. This vulnerability allows users with subscriber privileges or higher to delete the plugin'...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

An arbitrary file upload vulnerability exists in Mara CMS version 7.5 that allows an authenticated attacker to upload malicious PHP scripts. This can be exploited by sending a request to codebase/dir.php?type=filenew while in a valid admin or manager session. Once the malicious file is uploaded, ...

A vulnerability exists in the Tencent WeKnora Config API Endpoint, specifically in the getKnowledgeBaseForInitialization function within initialization.go. This issue allows unauthorized access due to improper validation of the kbId argument. The vulnerability can be exploited remotely, risking e...

A vulnerability exists in the Project Worlds Hospital Management System in PHP, specifically within the getAllPatientDetail function of the update_info.php file. This flaw arises from improper handling of the appointment_no parameter, which can be manipulated to execute SQL injection attacks. Suc...

An exploit in GitLab CE/EE allows an unauthenticated user to leverage a path traversal vulnerability. This issue is particularly impactful in version 16.0.0, enabling attackers to read an arbitrary file on the server if the target file is associated with an attachment within a public project that...

A vulnerability exists in npitre cramfs-tools versions up to 2.2, specifically within the change_file_status function in cramfsck.c. This vulnerability enables symlink following, allowing an attacker with local access to exploit the system. A patch has been released (commit b4a3a695c9873f824907bd...

A null pointer dereference vulnerability has been identified in the UERadioCapabilityCheckResponse function of omec-project AMF, affecting versions up to 2.1.3-dev. This flaw allows remote attackers to cause denial of service conditions through malicious manipulation. The vulnerability is exploit...

A vulnerability has been identified in the OMEC Project's AMF, specifically within the NGAP Message Handler component. This flaw allows for a null pointer dereference, which can lead to significant security risks, including potential remote exploitation. Attackers may utilize publicly available e...

A security flaw was identified in the omec-project's AMF up to version 2.1.3-dev, specifically within the RANConfiguration function in ngap/handler.go. This vulnerability allows for a null pointer dereference, which can facilitate remote exploitation by an attacker. The exploit's public release e...

A vulnerability has been identified in the omec-project AMF, specifically within the NGAP Message Handler component. This issue, located in the dispatcher.go file, can lead to memory corruption through manipulation. The attack can be executed remotely, posing a risk to security. Exploits for this...

A vulnerability has been identified in the OMEC Project AMF which affects the NGSetupRequest function found in the file ngap/handler.go. This issue can be exploited remotely through a manipulation of the InformationElement argument, resulting in memory corruption. This exploit has been publicly d...

A command injection vulnerability has been identified in the Edimax BR-6428NS router, specifically in the formStaDrvSetup function of the POST request handler. Attackers can exploit this vulnerability by manipulating the 'stadrv_ssid' argument, potentially allowing them to execute arbitrary comma...

A buffer overflow vulnerability exists in the Edimax BR-6428NS router, specifically within the formPPTPSetup function of the POST Request Handler. This vulnerability is triggered by improper validation of the pptpUserName argument, potentially allowing remote attackers to manipulate the device. T...

A buffer overflow vulnerability has been discovered in the Edimax BR-6428NS router with firmware version 1.10. The flaw resides in the POST Request Handler, specifically within the function formL2TPSetup. An attacker can exploit this vulnerability by manipulating the L2TPUserName argument, allowi...

A command injection vulnerability exists in the Edimax BR-6228NC router, specifically affecting the 'mp' function within the POST Request Handler at /goform/mp. Manipulating the 'command' argument allows attackers to execute arbitrary commands remotely. This exploitation could lead to unauthorize...

A vulnerability has been discovered in the linlinjava litemall product, particularly affecting its Admin Endpoint. This weakness allows for potential SQL injection attacks, which can be initiated remotely. The exploitation of this vulnerability could compromise the integrity of the database by ma...

A security flaw has been identified in the Linlinjava Litemall affecting the Front-end WeChat API. The vulnerability is located in the 'WxGoodsController' function of the component, allowing an attacker to exploit SQL injection techniques. This flaw can be remotely exploited, making it critical f...

A path traversal vulnerability has been identified in the Continuedev Continue product, specifically in version 1.2.22. The issue exists within the lsTool function located in core/tools/implementations/lsTool.ts of the JSON-RPC Server. By manipulating the 'dirPath' argument, an attacker could pot...

A vulnerability exists in Vercel AI affecting versions up to 3.0.97, specifically within the createJsonResponseHandler and createJsonErrorResponseHandler functions in the response-handler.ts file. This flaw can lead to uncontrolled resource consumption, allowing attackers to initiate an exploit r...

A vulnerability has been identified in Vercel AI, affecting versions up to 3.0.97. This issue resides in the validateDownloadUrl function within the packages/provider-utils/src/download-blob.ts file. The vulnerability allows for server-side request forgery (SSRF), where an attacker can manipulate...

Flowise, a user-friendly platform for creating customized large language model flows, has a significant vulnerability in version 3.0.5 that allows for remote code execution. The flaw lies within the CustomMCP node, where user input is inadequately sanitized. Specifically, the mcpServerConfig stri...

A vulnerability has been discovered in Vercel AI versions up to 3.0.97, specifically affecting the function run found in the .github/workflows/prettier-on-automerge.yml file. This flaw allows an attacker to manipulate the system through os command injection. The vulnerability can potentially be e...

A critical flaw has been detected in the Kilo-Org kilocode application, specifically in the Environment Variable Handler's Load function. This issue allows an attacker to manipulate the KILO_CONFIG_CONTENT argument, potentially leading to unauthorized information disclosure. The vulnerability can...

A vulnerability exists in Kilo-Org's kilocode up to version 7.0.47, specifically within the Bun.file function in the File Diff API Endpoint. This vulnerability allows attackers to perform a path traversal by manipulating the File argument, potentially leading to unauthorized access to sensitive f...

A security vulnerability has been identified in the H3C Magic B3 router, specifically in the UpdateWanParams function within the /goform/aspForm file. This flaw enables attackers to manipulate parameters, resulting in a potential buffer overflow. The attack can be executed remotely, posing a sign...

This vulnerability involves a memory corruption issue that arises when processing specially crafted media files, which can lead to unintended app termination or memory corruption in affected Apple devices. Apple has addressed this flaw with enhanced input validation in the latest versions of thei...

A vulnerability in the Linux kernel's ptrace functionality raises concerns regarding task memory image management. This issue relates to 'dumpability' checks for processes without an associated memory management structure (mm). The ptrace_may_access() function includes 'dumpable' checks for proce...

A vulnerability in the Linux kernel's ptrace functionality raises concerns regarding task memory image management. This issue relates to 'dumpability' checks for processes without an associated memory management structure (mm). The ptrace_may_access() function includes 'dumpable' checks for proce...

A vulnerability in the Linux kernel's ptrace functionality raises concerns regarding task memory image management. This issue relates to 'dumpability' checks for processes without an associated memory management structure (mm). The ptrace_may_access() function includes 'dumpable' checks for proce...

A security vulnerability has been identified in the xiandafu Beetl framework, specifically within the SpELFunction component. The issue arises from the improper handling of special characters in expression language statements, allowing attackers to exploit the function remotely. Despite receiving...

A vulnerability exists in Metasoft 美特软件 MetaCRM versions up to 6.4.0 Beta06 that allows for the unrestricted upload of files through the /common/jsp/upload3.jsp endpoint. By manipulating the File argument, an attacker can upload a malicious file without appropriate restrictions. This vulnerabilit...

A path traversal vulnerability exists in adenhq Hive versions up to 0.11.0, specifically in the _read_events_tail function within the delete request handler component of routes_sessions.py. An attacker may exploit this vulnerability remotely to gain unauthorized access to files outside the restri...

A path traversal vulnerability has been discovered in the fishaudio Bert-VITS2 Gradio interface, specifically within the generate_config function of the webui_preprocess.py file. This flaw allows attackers to manipulate the data_dir argument, potentially enabling unauthorized access to sensitive ...

A significant vulnerability has been detected in the fishaudio Bert-VITS2 product within the Model Handler component, specifically the function _get_all_models in hiyoriUI.py. This flaw allows attackers to exploit path traversal remotely, potentially compromising the integrity and confidentiality...

A path traversal vulnerability was identified in the AstrBot product up to version 4.23.5. The issue resides in the post_file function within astrbot/dashboard/routes/chat.py, where improper handling of the 'filename' argument allows remote attackers to manipulate file paths. This manipulation co...

Zechat 1.5 has a SQL injection vulnerability in the 'v' parameter, allowing unauthenticated attackers to exploit the system via time-based blind techniques. This SQL injection flaw enables the extraction of sensitive database information by employing sleep-based blind injection scenarios to confi...

Joomla jCart for OpenCart version 2.3.0.2 is susceptible to a cross-site request forgery vulnerability that enables attackers to alter user account details illicitly. By crafting malicious HTML forms targeting specific endpoints, unauthorized individuals can modify user credentials, passwords, an...

Joomla JoomOCShop 1.0 is susceptible to a cross-site request forgery vulnerability. This flaw allows attackers to exploit the trust established between authenticated users and the application. By crafting malicious HTML forms targeting specific account endpoints, such as /joomoc2/?route=account/e...

The Peugeot Music Plugin version 1.0 for WordPress is vulnerable to an arbitrary file upload issue, allowing unauthenticated attackers to upload malicious files. By exploiting the upload.php endpoint, attackers can manipulate the 'name' parameter within POST requests to bypass security measures a...

The Nordex N149/4.0-4.5 Wind Turbine Web Server version 4.0 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to craft malicious SQL queries. By exploiting this weakness through carefully structured POST requests targeting the login.php page, attackers can by...

GitBucket 4.23.1 is susceptible to an unauthenticated remote code execution vulnerability that can be exploited by attackers to execute arbitrary commands. This vulnerability arises from the use of weak secret token generation and insecure file upload functionality. Attackers may potentially brut...

The Zenar Content Management System has a vulnerability that allows unauthenticated attackers to inject malicious scripts via the current_page parameter in POST requests sent to the ajax.php endpoint. This vulnerability reflects unsanitized user input in the response HTML, enabling attackers to e...

The EkRishta 2.10 extension for Joomla! has been identified to contain serious security vulnerabilities, specifically persistent cross-site scripting (XSS) and SQL injection flaws. These vulnerabilities can be exploited by attackers who insert malicious code into user profile fields, such as the ...