Publicly Disclosed
PoC Exploits

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerabili...

A security flaw in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance and Threat Defense Software permits unauthorized remote access to restricted URL endpoints. This vulnerability arises from inadequate validation of user-supplied input in HTTP(S) requests. Attackers can exp...

A vulnerability exists in the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance and Threat Defense Software. This flaw permits an authenticated, remote attacker to execute arbitrary code on the implicated device due to improper validation of user-supplied input in HTTP...

CVE-2023-26360 is a critical vulnerability affecting Adobe ColdFusion 2018 Update 15 and earlier, as well as ColdFusion 2021 Update 5 and earlier. This improper access control vulnerability can be exploited remotely by unauthenticated attackers to achieve arbitrary code execution without user int...

The backup routine in IPFire 2.25-core155 is vulnerable due to improper file ownership of the backup script located at /var/ipfire/backup/bin/backup.pl. This script could potentially be owned by an unprivileged user, allowing a malicious actor to inject a Trojan horse script. If executed, this co...

Flowise, a user-friendly platform for creating customized large language model flows, has a significant vulnerability in version 3.0.5 that allows for remote code execution. The flaw lies within the CustomMCP node, where user input is inadequately sanitized. Specifically, the mcpServerConfig stri...

The vulnerability in Git enables attackers to exploit path traversal issues by supplying crafted input to the `git apply` command. This allows manipulation that results in the potential overwriting of files situated outside the intended working tree. Such operations can occur under the privileges...

A vulnerability in the DMG file parser of ClamAV allows unauthenticated remote attackers to exploit XML entity substitution. This flaw enables attackers to submit a crafted DMG file for scanning, potentially leading to the leakage of sensitive information from files accessed during the scanning p...

The vulnerability occurring in UNISOC's BootRom allows a possible unchecked write address, enabling local escalation of privilege without requiring additional execution privileges. This flaw poses a significant security risk, as it can be exploited by malicious actors to gain unauthorized access ...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

An unauthenticated denial-of-service vulnerability exists in multiple models of ZTE routers, allowing an attacker to send an oversized application/x-www-form-urlencoded POST body to the management interface. This can render the device unresponsive until it is rebooted. Devices running firmware ve...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

An out of bounds memory access vulnerability in the V8 JavaScript engine of Google Chrome allows potential exploitation by remote attackers. This security flaw can be triggered through specially crafted HTML pages, leading to possible heap corruption, which could compromise the integrity of the b...

The Burst Statistics plugin for WordPress contains a security flaw that allows unauthenticated attackers to exploit incorrect handling of return values in the authentication process. This leads to a vulnerability in the `is_mainwp_authenticated()` function, enabling attackers who know an administ...

The Next.js framework, utilized for building web applications, is exposed to a server-side request forgery vulnerability when using versions from 13.4.13 up to but not including 15.5.16 and 16.2.5. This flaw arises when self-hosted applications that employ the built-in Node.js server allow attack...

The Custom CSS-JS-PHP WordPress plugin prior to version 2.0.7 contains a vulnerability that allows attackers to inject malicious SQL code due to inadequate input sanitization. This flaw enables unauthenticated users to execute arbitrary PHP code on the server by passing unverified data to an eval...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

ProcessMaker 3.5.4 is prone to a local file inclusion vulnerability that can be exploited by unauthenticated attackers to gain unauthorized access to sensitive files. This vulnerability arises from insufficient validation of path traversal sequences, allowing attackers to manipulate input and acc...

The Anti-Malware Security and Bruteforce Firewall plugin for WordPress, specifically version 4.20.59, is susceptible to a directory traversal vulnerability. This flaw enables unauthenticated attackers to manipulate the file parameter in requests sent to the duplicator_download action via admin-aj...

A path traversal vulnerability exists in Home Assistant Community Store (HACS) 1.10.0 that enables unauthenticated attackers to exploit the /hacsfiles/ endpoint. This flaw allows attackers to traverse directories and read sensitive files, such as the .storage/auth file, which contains user creden...

bloofoxCMS version 0.5.2.1 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw allows attackers to execute administrative actions by misleading authenticated users into accessing compromised URLs. By designing deceptive hidden forms that target critical endpoint functio...

Quick.CMS version 6.7 is susceptible to a cross-site scripting (XSS) vulnerability that allows authenticated attackers to inject harmful scripts. This exploit is facilitated through the sliders form via the sDescription parameter, where attackers can submit crafted CSRF forms targeting the admin....

The Backup and Restore Plugin for WordPress version 1.0.3 is vulnerable to an arbitrary file deletion flaw. This vulnerability allows authenticated users to manipulate AJAX requests and delete files from the WordPress installation. By crafting specific POST requests to the admin-ajax.php endpoint...

Fuel CMS version 1.4.13 is susceptible to a blind SQL injection vulnerability that allows authenticated users to craft malicious SQL queries via the 'col' parameter in the Activity Log interface. Attackers can exploit this flaw by sending specially crafted requests to the logs endpoint, enabling ...

TextPattern CMS 4.9.0-dev has a vulnerability that enables authenticated attackers to exploit the plugin upload capability. By obtaining a CSRF token from the plugin event page, attackers can upload arbitrary PHP files to the 'textpattern/tmp/' directory, compromising server integrity and allowin...

WP Learn Manager version 1.1.2 is susceptible to a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript via the 'fieldtitle' parameter. By submitting crafted POST requests to the jslm_fieldordering page, attackers can execute malicious scr...

VX Search version 13.5.28 suffers from an unquoted service path vulnerability, affecting both the VX Search Server and VX Search Enterprise services. This flaw allows local attackers to escalate their privileges by placing malicious executables in unquoted path directories. When the affected serv...

The Sticky Notes Widget version 3.0.6 includes a denial of service vulnerability that can be exploited by an attacker to crash the application on iOS devices. By pasting excessively long character strings—up to 350,000 repeated characters—into the note field, the application can become unresponsi...

My Notes Safe version 5.3 is susceptible to a denial of service vulnerability that arises when excessively long character strings are pasted into note fields. Attackers can exploit this flaw by generating a payload consisting of 350,000 repeated characters and pasting it into a new note field twi...

The Sticky Notes & Color Widgets plugin version 1.4.2 has a denial of service vulnerability that can be exploited by attackers to crash the application. This is achieved by creating notes with excessively long character strings, where attackers may insert large payloads of repeated characters int...

Macaron Notes version 5.5 is susceptible to a denial of service vulnerability due to improper handling of input. Attackers can exploit this by creating notes that contain excessively long character strings, which can reach up to 350,000 repeated characters. This exploit results in the application...

Color Notes version 1.4 is susceptible to a denial of service attack. This vulnerability allows an attacker to crash the application by inputting excessively long character strings into note fields. By generating a payload of 350,000 repeated characters and pasting it into a new note twice, an at...

The Cookie Law Bar plugin version 1.2.1 for WordPress is vulnerable to stored cross-site scripting (XSS). This allows authenticated attackers to exploit the Bar Message field by injecting malicious scripts into the plugin settings page. Once these scripts are executed in the browsers of users vis...

EgavilanMedia PHPCRUD 1.0 is susceptible to an SQL injection flaw that permits unauthenticated attackers to manipulate database queries. By exploiting the firstname parameter through crafted POST requests to insert.php, attackers can inject malicious SQL code, potentially compromising sensitive d...

CouchCMS version 2.2.1 features a vulnerability that allows authenticated attackers to exploit the file upload functionality. By uploading malicious SVG files containing embedded JavaScript, attackers can execute arbitrary scripts within users' browsers when the files are accessed or previewed. T...

The remote code execution vulnerability in version 2.0.0 of Python jsonpickle arises when the library deserializes malicious JSON payloads. Attackers can exploit this flaw by crafting JSON strings that contain py/repr directives, leading to the invocation of the eval function on the server. This ...

LayerBB 1.1.4 features an SQL injection flaw that enables unauthenticated attackers to alter SQL queries through the 'search_query' parameter. By exploiting this vulnerability, attackers can send specially crafted POST requests to /search.php, utilizing CASE WHEN statements to gain access to sens...

The MyBB Timeline Plugin version 1.0 is susceptible to cross-site scripting (XSS) vulnerabilities, which permit attackers to inject harmful scripts via thread titles, post content, and profile fields such as Location and Bio. Additionally, a cross-site request forgery (CSRF) vulnerability allows ...

The Kite 4.2.0.1 U1 version contains an unquoted service path vulnerability in the KiteService Windows service. This flaw permits local attackers to escalate their privileges by exploiting the service’s binary path. By placing a malicious executable in the Program Files directory, attackers can e...

Supsystic Backup version 2.3.9 is susceptible to a local file inclusion vulnerability that enables attackers to read and potentially delete arbitrary files. This exploitation occurs through manipulation of the download path parameter in admin.php, utilizing directory traversal sequences. As a res...

Supsystic Digital Publications version 1.6.9 exhibits a severe path traversal vulnerability within the Folder input field, enabling attackers to manipulate directory traversal sequences to gain access to files outside the designated web root. In addition, the plugin has inadequate input field san...

The Supsystic Membership plugin version 1.4.7 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL commands. By manipulating 'search' and 'sidx' parameters through GET requests to the badges module, attackers can leverage techniques such as time-based blind ...

The Supsystic Pricing Table version 1.8.7 is exposed to an SQL injection vulnerability through the 'sidx' GET parameter, allowing unauthenticated individuals to execute arbitrary SQL queries via the getListForTbl action. Furthermore, it holds stored cross-site scripting vulnerabilities within the...

The Supsystic Ultimate Maps plugin version 1.1.12 is susceptible to an SQL injection vulnerability via the 'sidx' GET parameter. This flaw enables unauthenticated attackers to execute arbitrary SQL queries, potentially leading to the extraction of sensitive data from the database. By crafting spe...

Queue Management System version 4.0.0 contains a vulnerability that allows authenticated administrators to exploit stored cross-site scripting (XSS). This issue arises when malicious users can inject JavaScript code via the First Name, Last Name, and Email fields during the user creation process....

libbabl version 0.1.62 contains a significant vulnerability related to broken double free detection. By exploiting the flaw, attackers can manipulate memory safety checks through signature overwriting in freed chunks, enabling them to invoke the babl_free() function multiple times on the same poi...

CMS Made Simple 2.2.15 is susceptible to a stored cross-site scripting vulnerability. Authenticated users with Content Manager privileges can upload SVG files containing malicious scripts. Once these SVG files are uploaded, the embedded JavaScript executes when other authenticated users access th...

Composr CMS 10.0.34 is susceptible to a persistent cross-site scripting vulnerability that enables authenticated administrators to inject malicious scripts via the banner management interface. Attackers with admin access can manipulate the Description field when adding banners, resulting in the e...

The Wibar theme version 1.1.8 for WordPress is susceptible to a stored cross-site scripting vulnerability within the Brand component. This flaw enables authenticated users—specifically those with editor, administrator, contributor, or author roles—to inject malicious scripts by manipulating the L...

NewsLister, a product by NetArt Media, is susceptible to an authenticated persistent cross-site scripting (XSS) vulnerability. This flaw allows authenticated administrators to input malicious JavaScript payloads through the title parameter in the news addition interface. As a result, these inject...