Publicly Disclosed
PoC Exploits

Apex One, a security solution from Trend Micro, exhibits a directory traversal vulnerability that could potentially allow a pre-authenticated local attacker to manipulate a critical server-side database table. By leveraging access to the Apex One Server and possessing administrative credentials, ...

The Divi Form Builder plugin for WordPress is susceptible to privilege escalation due to its improper handling of user role parameters during the registration process. Specifically, it permits unauthenticated attackers to submit user registration requests manipulating the 'role' parameter without...

A vulnerability exists in Cisco Secure Workload's internal REST APIs that could permit an unauthenticated attacker to access sensitive site resources with Site Admin rights. This flaw arises from inadequate validation and authentication for REST API requests. By sending a specially crafted API re...

A command injection vulnerability exists in the ExifTool PNG File Parser, specifically in the SetMacOSTags function located in the lib/Image/ExifTool/MacOS.pm file. This vulnerability allows an attacker to manipulate the DateTimeOriginal argument, facilitating remote exploitation. Users are stron...

The Divi Form Builder plugin for WordPress is susceptible to privilege escalation due to its improper handling of user role parameters during the registration process. Specifically, it permits unauthenticated attackers to submit user registration requests manipulating the 'role' parameter without...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A buffer overflow vulnerability exists within the User-ID™ Authentication Portal of Palo Alto Networks PAN-OS software. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by manipulating specially crafted packets. To miti...

A security feature bypass vulnerability exists in Microsoft Windows, referred to as 'YellowKey.' This flaw could allow unauthorized access to restricted features, compromising system integrity. A proof of concept has been publicly released, contrary to established security practices. Users are ad...

LiteLLM versions before 1.83.10 have a vulnerability that allows users to change their own user_role through the /user/update endpoint. Although this endpoint restricts access to updating only the user's account, it fails to limit which fields can be modified. This oversight enables a user with a...

LiteLLM versions before 1.83.10 have a vulnerability that allows users to change their own user_role through the /user/update endpoint. Although this endpoint restricts access to updating only the user's account, it fails to limit which fields can be modified. This oversight enables a user with a...

An SQL Injection vulnerability exists in Drupal Core that arises from improper neutralization of special elements utilized in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Affected versions include those from 8.9....

IINA Media Player versions prior to 1.4.3 expose a vulnerability that could allow remote attackers to exploit command execution. By crafting malicious URLs that utilize the iina://open custom URL scheme, attackers can inject unvalidated command parameters into the mpv runtime. This can result in ...

The Divi Form Builder plugin for WordPress is susceptible to privilege escalation due to its improper handling of user role parameters during the registration process. Specifically, it permits unauthenticated attackers to submit user registration requests manipulating the 'role' parameter without...

Langflow, a tool designed for creating AI-driven agents and workflows, is affected by a path traversal vulnerability in its Knowledge Bases API (DELETE /api/v1/knowledge_bases). This flaw arises from the failure to properly sanitize and validate user-supplied knowledge base names, which are direc...

A security issue in GitLab CE and EE has been identified that allows an attacker to trigger a pipeline as an arbitrary user under specific conditions. This vulnerability affects multiple versions, including all releases from version 8.14 up to 17.1.7, as well as from version 17.2 up to 17.2.5 and...

A vulnerability exists in FreeBSD's setcred(2) system call, where an unprivileged local user can exploit a stack buffer overflow due to improper length validation of a user-supplied supplementary groups list. This oversight allows for an arbitrary code execution in the kernel context, potentially...

An SQL Injection vulnerability exists in Drupal Core that arises from improper neutralization of special elements utilized in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Affected versions include those from 8.9....

An SQL Injection vulnerability exists in Drupal Core that arises from improper neutralization of special elements utilized in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Affected versions include those from 8.9....

A serious Remote Code Execution vulnerability exists in the server-side template rendering mechanism of the Glassfish gadget handler. This flaw arises from the improper handling of user-supplied values in .xml files, which allows attackers to inject expressions that are evaluated without adequate...

A significant security vulnerability exists within the MLflow platform developed by Databricks. This issue arises from the deserialization of untrusted data in versions 0.9.0 and later. Attackers exploit this vulnerability by uploading a malicious PyFunc model that, once interacted with, can exec...

The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to u...

A local privilege escalation vulnerability exists within the pkexec utility of polkit, a setuid tool that allows unprivileged users to execute commands as privileged users based on predetermined policies. Due to insufficient handling of the calling parameters, pkexec can misinterpret environment ...

A significant logic error in the adbd_tls_verify_cert function of auth.cpp in various Android versions permits a bypass of the wireless ADB mutual authentication process. This flaw can lead to unauthorized remote code execution by exploiting the vulnerability as the shell user without requiring a...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The Ech0 Publishing Platform is susceptible to an arbitrary URL access vulnerability that allows attackers to exploit the GET /api/website/title endpoint. This endpoint accepts arbitrary URLs via the website_url query parameter and executes a server-side HTTP request without validating the host o...

A significant security vulnerability exists within the MLflow platform developed by Databricks. This issue arises from the deserialization of untrusted data in versions 0.9.0 and later. Attackers exploit this vulnerability by uploading a malicious PyFunc model that, once interacted with, can exec...

The Decent Comments plugin for WordPress prior to version 3.0.2 contains a vulnerability that fails to adequately restrict access to sensitive email addresses of comment authors and post authors via its REST API endpoint. As a result, this flaw allows unauthorized attackers to enumerate user emai...

The Email Encoder plugin for WordPress, prior to version 2.4.7, is susceptible to Stored Cross-Site Scripting (XSS) vulnerabilities. This flaw occurs due to the inadequate escaping of email addresses that are collected through user input, allowing potential attackers to inject malicious scripts. ...

Sparx Pro Cloud Server is exposed to Broken Access Control vulnerabilities, allowing low privileged users to execute arbitrary SQL queries against the database due to insufficient permission checks. This security flaw could potentially lead to data exposure or manipulation. Although version 6.1 (...

Exim versions prior to 4.99.3 are susceptible to a use-after-free vulnerability under specific GnuTLS configurations. This security flaw occurs when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a subsequent cleartext byte on the same TCP connection. Exploitat...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

A vulnerability exists in the Zyxel VMG3625-T50B firmware version V5.50(ABTL.0)b2k, where sensitive information from the configuration file can be exposed. This flaw allows authenticated attackers to access data stored in cleartext, posing a risk for data confidentiality and integrity. Users of a...

The ZTE ZXHN H298A (version 1.1) and ZXHN H108N (version 2.6) have a vulnerability that can lead to sensitive data exposure. An attacker can exploit this issue by sending a crafted request to the router's web interface, potentially revealing sensitive information such as the administrator passwor...

The LIVE555 RTSP server is susceptible to an authorization bypass vulnerability that arises from improper handling of session commands. This flaw can be exploited by attackers who gain access to valid session tokens via unauthenticated connections, allowing them to execute PLAY and TEARDOWN comma...

A security vulnerability in CodeIgniter's Validation library allows attackers to perform arbitrary code execution when Validation Placeholders are utilized. This risk extends to validation methods within controllers and model validation, which also utilize the affected Validation library internal...

In Flowise version 1.4.3, an arbitrary file read vulnerability exists within the `/api/v1/openai-assistants-file` endpoint located in `index.ts`. This security flaw arises from a lack of proper sanitization for the `fileName` body parameter, allowing unauthorized users to read sensitive files fro...

The Funnel Builder for WooCommerce Checkout plugin, prior to version 3.15.0.3, is affected by a missing authorization vulnerability in its public checkout endpoint. This flaw allows unauthenticated attackers to exploit internal methods, potentially writing arbitrary data to the plugin's External ...

HestiaCP versions 1.2.0 through 1.9.4 exhibit an IP spoofing vulnerability that permits unauthenticated remote attackers to evade authentication controls. By injecting a falsified IP address into the CF-Connecting-IP HTTP header, attackers can manipulate the system into trusting their requests as...

The Ollama software versions prior to 0.1.34 are susceptible to an input validation vulnerability that fails to correctly validate the format of the digest when retrieving the model path. This oversight allows for test cases that deviate from the expected sha256 format, including those with fewer...

A vulnerability exists in the Linux kernel that concerns the handling of shared skb fragments during the decryption process in ESP-in-UDP packets. When pages are attached from a pipe directly to an skb using MSG_SPLICE_PAGES, the kernel marked these SKBs with SKBFL_SHARED_FRAG, which plays a cruc...

The Fortis for WooCommerce plugin, prior to version 1.3.1, has a vulnerability that allows unauthenticated attackers to access sensitive API keys. This flaw enables them to query the Fortis API, potentially exposing sensitive customer data, including past orders and personally identifiable inform...

Netdata, an open-source observability tool, contains a vulnerability in the `ndsudo` utility bundled with certain versions of the Netdata Agent. This vulnerability arises from the `ndsudo` executable being set with the SUID bit, granting attackers the potential to execute arbitrary commands with ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The ZTE ZXHN H188A router exhibits a vulnerability in its wizard interface, allowing unauthenticated users on the local network to access sensitive credentials. This includes retrieval of the default administrator password, WLAN Pre-Shared Key (PSK), and PPPoE credentials from the router's web ma...

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17134, CVE-2020-17136.

An authentication bypass vulnerability has been identified in JetBrains TeamCity, allowing unauthorized users to perform administrative actions. This flaw exists in versions of TeamCity prior to 2023.11.4 and poses a significant risk to the security of systems utilizing this software. Exploitatio...

The getimagesize() function in PHP versions earlier than specified versions is affected by a vulnerability that results in the potential leak of uninitialized heap memory through the APPn segments when processing images in a multi-chunk mode. This can expose sensitive information from the server'...

A race condition vulnerability exists in the cryptodev_op() function of the OpenCrypto subsystem in NetBSD, leading to potential exploitation by local attackers. By concurrently executing CIOCCRYPT operations on the same session identifier in symmetrical multiprocessor (SMP) systems, attackers ca...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...