Publicly Disclosed
PoC Exploits

A vulnerability affecting various Dahua security devices allows attackers to bypass the authentication mechanism during the login process. By crafting malicious data packets, attackers can exploit this flaw to gain unauthorized access to sensitive device functionalities, potentially compromising ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A security flaw has been discovered in the itsourcecode Online Enrollment System version 1.0. This vulnerability resides in the /sms/user/index.php?view=add file, specifically affecting the parameter handling mechanism. By manipulating the 'Name' argument, an attacker could execute a SQL injectio...

A Reflected Cross-Site Scripting (XSS) vulnerability is present in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This flaw permits attackers to inject and execute arbitrary JavaScript code through specially crafted input, which can lead to unauthorized interactions ...

A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier, enabling attackers to execute arbitrary JavaScript code. This exploit can lead to unauthorized access to sensitive information or unauthorized actions, posing significant...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

A Cross Site Scripting (XSS) vulnerability has been identified in the projectworlds Lawyer Management System version 1.0, affecting an unspecified function within the file /lawyer_booking.php. The vulnerability arises from improper handling of the 'Description' parameter, which allows attackers t...

A vulnerability has been identified in the SourceCodester Online Admission System version 1.0, specifically in the 'programmes.php' file. This flaw allows an attacker to manipulate the 'program' argument, leading to a SQL injection scenario. This issue can be exploited remotely, allowing unauthor...

A SQL injection vulnerability has been identified in the SourceCodester Online Library Management System version 1.0. The issue arises from an insufficiently validated input within an unspecified function of the file /home.php related to the Parameter Handler component. Attackers can manipulate t...

A vulnerability has been discovered in the DefaultFuction Jeson-Customer-Relationship-Management-System, specifically within the API Module located at /api/System.php. This vulnerability allows an attacker to manipulate the 'url' parameter, potentially leading to server-side request forgery (SSRF...

A security weakness has been identified in the SourceCodester Patients Waiting Area Queue Management System version 1.0, specifically within the ValidateToken function located in /php/api_patient_checkin.php. This vulnerability allows unauthorized manipulation of the Patient Check-In Module, maki...

A SQL injection vulnerability exists in the SourceCodester Online Catering Reservation 1.0 application, specifically within the /search.php file. The flaw allows attackers to manipulate the 'rcode' argument, potentially leading to unauthorized database access and data manipulation. This vulnerabi...

A vulnerability has been identified in the itsourcecode 'sanitize or validate this input' product, specifically within the Parameter Handler component located in the /admin/subjects.php file. This privilege can be exploited through manipulation of the argument subject_code, which results in SQL i...

A security issue has been identified in SourceCodester E-Commerce Site version 1.0, specifically within the /products.php file. This vulnerability allows for SQL injection via the manipulation of the Search argument, which can be exploited remotely by attackers. The public disclosure of this expl...

A SQL injection vulnerability exists in the itsourcecode Free Hotel Reservation System version 1.0, specifically within the file /hotel/admin/mod_users/index.php?view=edit&id=8. This vulnerability arises when the argument account_id is manipulated, allowing attackers to execute arbitrary SQL quer...

A security flaw has been identified in the Stream Proxy Query Handler of the wvp-GB28181-pro product, specifically involving the selectAll function in StreamProxyProvider.java. This vulnerability enables SQL injection attacks, which can be executed remotely, providing attackers the ability to man...

A cross-site scripting (XSS) vulnerability has been identified in Projectworlds Lawyer Management System version 1.0, specifically affecting the processing of parameters in the /lawyers.php file. This vulnerability allows remote attackers to inject malicious scripts via the 'first_Name' argument,...

A reflected cross-site scripting vulnerability exists in MailEnable versions prior to 10.55, affecting its webmail interface. This security flaw allows remote attackers to execute arbitrary JavaScript in a victim's browser. By crafting a malicious URL with an exploited StartDate parameter in the ...

A cross-site scripting (XSS) vulnerability has been identified within the Exam Form Submission 1.0 product from Code-Projects. This vulnerability is related to improper handling of the 'sname' argument within the /admin/update_s6.php file, potentially allowing remote attackers to inject malicious...

strongSwan versions ranging from 4.5.0 up to 6.0.4 are impacted by an integer underflow vulnerability in the EAP-TTLS AVP parser. This flaw enables unauthenticated remote attackers to disrupt service by submitting specially crafted AVP data with erroneous length fields during IKEv2 authentication...

A vulnerability has been identified in the Erupt Framework's EruptJpaUtils.java file, specifically within the geneEruptHqlOrderBy function. This flaw allows attackers to manipulate the sort.field argument, potentially leading to SQL injection attacks through an improperly validated input. The vul...

A significant vulnerability has been identified in the Erupt MCP Tool Interface, specifically within the EruptDataQuery function located in EruptDataQuery.java. This flaw allows for SQL injection via improper input validation, enabling remote attackers to manipulate database queries. The exploit ...

Blob Studio version 2.17 is susceptible to a denial of service vulnerability, which can be exploited by local attackers. By supplying malformed input through the key entry mechanism, an attacker can create a text file filled with excessively repeated characters. When this file is accessed by the ...

Liquid Studio 2.17 is affected by a denial of service vulnerability that enables local attackers to crash the application through malformed input via the keyboard interface. When arbitrary characters are entered during the application's runtime, it can lead to the application becoming unresponsiv...

Luminance Studio 2.17 is susceptible to a denial of service issue that arises when local attackers input malformed characters via the keyboard interface. By generating specially crafted text files with arbitrary character sequences, these attackers can cause the application to either freeze or te...

Paint Studio version 2.17 is susceptible to a denial of service vulnerability that allows local attackers to crash the application. By providing malformed input through the key entry mechanism, attackers can create a specially crafted text file that causes the application to consume excessive res...

Pixel Studio 2.17 contains a vulnerability that allows local attackers to disrupt the application’s functionality through malformed input via the keyboard interface. By entering arbitrary characters, an attacker can cause the application to become unresponsive or to terminate unexpectedly, leadin...

Tree Studio version 2.17 is vulnerable to a denial of service attack that can be exploited by local attackers. By providing malformed input via the keyboard interface, an attacker can cause the application to crash or become unresponsive. This vulnerability allows for the execution of arbitrary c...

A vulnerability has been identified in CodePhiliaX's Chat2DB, affecting versions up to 0.3.7. The issue resides in the JDBC Driver Upload functionality, specifically within the Upload method of the JdbcDriverController.java file. This flaw enables attackers to perform unauthorized file uploads, a...

An OS command injection vulnerability has been identified in the Tiandy Easy7 Integrated Management Platform, specifically affecting versions up to 7.17.0. This flaw resides in the Configuration Handler component, particularly within the ImportSystemConfiguration.jsp file. By manipulating the arg...

A flaw in the Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N poses a significant risk due to inappropriate handling of cardholder data. This vulnerability allows for the potential cleartext transmission of sensitive information over the local network, exposing it to unauthorized access. Exploiting ...

A vulnerability exists within the Bluetooth Handler of the Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This flaw enables an attacker to bypass authentication through capture-replay techniques. Exploitation requires the attacker to be on the same local network, complicating the attack process. D...

A security vulnerability has been identified in the Shenzhen HCC Technology MPOS M6 PLUS, specifically related to the Bluetooth component where authentication is absent. This vulnerability allows potential local network exploitation, although such attacks are complex and challenging to execute. D...

A significant SQL injection vulnerability has been discovered in the Simple Laundry System version 1.0, specifically affecting the /checklogin.php file within the Parameters Handler component. The flaw allows unauthorized manipulation of the Username argument, enabling remote attackers to execute...

A security vulnerability has been found in version 1.0 of the Code-Projects Simple Laundry System, specifically within the checkupdatestatus.php file related to the Parameters Handler component. An attacker can exploit this vulnerability by manipulating the serviceId argument, enabling a remote S...

A vulnerability in the Linux kernel allows for improper socket binding, leading to potential use-after-free scenarios. Specifically, the issue arises in the vsock module where socket bindings may not be preserved correctly during transport reassignment. This flaw can cause unintended memory acces...

A security flaw has been discovered in Simple Laundry System version 1.0, specifically within the Parameters Handler component. This vulnerability occurs in the /viewdetail.php file, where improper handling of the input parameter 'serviceId' can result in SQL injection. Attackers can exploit this...

A cross-site scripting vulnerability exists in the Exam Form Submission product developed by code-projects. This issue arises from improper validation of the 'sname' argument in the /admin/update_s3.php file. An attacker can exploit this vulnerability remotely by inputting malicious scripts, pote...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

A cross-site scripting vulnerability exists in the Code-Projects Exam Form Submission version 1.0, specifically in the '/admin/update_s4.php' file. Insufficient input validation allows an attacker to manipulate the 'sname' argument, leading to the execution of arbitrary scripts in the context of ...

The trx_addons WordPress plugin prior to version 2.38.5 contains a flaw in its AJAX action that improperly validates file types. This weakness enables unauthenticated users to upload malicious files, posing a significant threat to website security. The vulnerability stems from an unsuccessful fix...

A vulnerability in the code-projects Exam Form Submission software has been identified, specifically within the file /admin/update_s5.php. The flaw allows remote attackers to manipulate the 'sname' parameter, leading to Cross Site Scripting (XSS) attacks. This exploitation can potentially comprom...

A cross site scripting vulnerability exists in the Exam Form Submission 1.0 application, specifically in the handling of input within the /admin/update_s2.php file. The flaw allows an attacker to manipulate the 'sname' parameter, enabling remote code execution through malicious scripts. This coul...

A vulnerability has been identified in the SourceCodester Simple E-learning System 1.0, specifically within the User Profile Update Handler. This flaw allows an attacker to manipulate the 'firstName' argument, facilitating SQL injection attacks. Such an attack can be executed remotely, compromisi...

A security vulnerability has been discovered in the SourceCodester Simple E-learning System that allows an attacker to manipulate the HTTP GET parameter 'post_id' within the delete_post.php file. This flaw can lead to SQL injection, enabling remote attackers to execute unauthorized SQL commands a...

A vulnerability exists in the SourceCodester Sales and Inventory System version 1.0 that allows an attacker to exploit the HTTP POST request handler in the /view_product.php file. By manipulating the searchtxt parameter, an SQL injection attack can be executed remotely, leading to unauthorized ac...

A security flaw has been identified in the SourceCodester Sales and Inventory System 1.0, specifically within the '/view_payments.php' file associated with the HTTP POST Request Handler component. By manipulating the 'searchtxt' argument, an attacker can exploit this vulnerability to execute SQL ...

A vulnerability exists in the SourceCodester Sales and Inventory System 1.0, specifically within the /view_customers.php file. The HTTP POST Request Handler is susceptible to SQL injection due to improper validation of the 'searchtxt' parameter. An attacker can exploit this loophole remotely, all...

A SQL injection vulnerability exists in the SourceCodester Sales and Inventory System version 1.0, specifically within the /view_category.php file. The issue arises due to improper handling of the 'searchtxt' parameter in HTTP POST requests. This flaw allows attackers to manipulate the input to e...

A vulnerability in the SourceCodester Sales and Inventory System version 1.0 allows for SQL injection through improper handling of the 'sid' argument in the /update_supplier.php file. This weakness can be exploited remotely, potentially allowing attackers to execute arbitrary SQL commands and com...