Publicly Disclosed
PoC Exploits

Zoho ManageEngine Desktop Central prior to version 10.1.2137.8 contains a vulnerability that allows attackers to expose the internal hostname of the installed server. This information can be obtained through HTTP redirect responses, potentially leading to further exploits. Organizations using aff...

A code injection vulnerability exists in the Rockoa software version 2.3.2. This issue is located in the webmainConfig.php file within the Configuration File Handler component. Due to insufficient input validation, an attacker can manipulate the configuration file remotely, leading to potential e...

A vulnerability exists in the LIEF ELF Binary Parser prior to version 0.17.2, specifically within the Parser::parse_binary function. This flaw allows for a null pointer dereference, which can potentially be exploited by attackers with local access to launch attacks. It is crucial to update to ver...

A security flaw has been identified in Sangfor's Operation and Maintenance Management System prior to version 3.0.8. This vulnerability involves an undefined function within the file /fort/trust/version/common/common.jsp, which permits unrestricted file uploads when the argument 'File' is manipul...

A significant OS command injection vulnerability has been identified in Sangfor's Operation and Maintenance Management System prior to version 3.0.8. Specifically, the flaw resides in the SessionController function located within the /isomp-protocol/protocol/session file. Attackers can exploit th...

The XWiki Platform is vulnerable due to improper handling of inputs, allowing unauthenticated users to execute arbitrary code via the `SolrSearch` endpoint. This can result in significant breaches of confidentiality, integrity, and availability of the XWiki installation. Users are encouraged to u...

PyroCMS version 3.9 has a vulnerability that allows for remote code execution through a server-side template injection flaw. Exploiting this vulnerability enables attackers to send crafted commands directly to the server, which can lead to executing arbitrary code in the affected system. It prese...

The Web Console component in Ruby on Rails before version 2.1.3 fails to properly handle X-Forwarded-For headers, which leads to a situation where remote attackers can exploit this flaw to bypass the IP whitelisting security measures. By crafting specific requests, they can manipulate the client'...

A heap buffer overflow vulnerability exists in the Vulkan component of Google Chrome prior to version 107.0.5304.62. This flaw allows an attacker to potentially exploit heap corruption by using a specially crafted HTML page. Successful exploitation may allow an attacker to execute arbitrary code ...

A serious security flaw exists in the Sangfor Operation and Maintenance Management System, specifically in the WriterHandle.getCmd function located at /isomp-protocol/protocol/getCmd. Malicious manipulation of the sessionPath argument can lead to OS command injection, which enables attackers to e...

The n8n workflow automation platform, versions 0.123.1 through 1.119.1, contains a vulnerability that allows an attacker to execute arbitrary code on the host system by exploiting inadequate protections in the pre-commit hooks. When using the 'Add Config' operation, workflows can set malicious Gi...

A security issue has been identified in the Sangfor Operation and Maintenance Management System, specifically affecting versions up to 3.0.8. The vulnerability arises from improper handling of input parameters in the /isomp-protocol/protocol/getHis endpoint within the HTTP POST Request Handler. T...

A security vulnerability exists in the Sangfor Operation and Maintenance Management System, specifically in the function 'uploadCN' of the file VersionController.java. This flaw allows for remote attackers to manipulate the 'filename' argument, potentially leading to OS command injection. The vul...

ComfyUI-Manager versions prior to 3.38 have a vulnerability that allows remote attackers to manipulate application configurations and sensitive data. This issue arises from the application storing files in a web-accessible location, which can be exploited to gain unauthorized access and modify cr...

A security flaw exists in guchengwuyue's yshopmall application that allows for SQL injection via a manipulation of the 'sort' argument in the 'getPage' function located in /api/jobs. This vulnerability can be exploited remotely and was reported to the project maintainers, but no response or fix h...

A vulnerability exists within BiggiDroid Simple PHP CMS 1.0 that allows remote attackers to manipulate the image argument in the /admin/editsite.php file, resulting in unrestricted file uploads. This flaw can enable unauthorized users to upload arbitrary files, potentially leading to remote code ...

The AccessAlly WordPress plugin, prior to version 3.3.2, contains a vulnerability where the Login Widget processes the 'login_error' parameter as PHP code without authentication. This flaw allows an attacker to inject and execute arbitrary PHP commands on the WordPress server, potentially leading...

A SQL injection vulnerability has been identified in RainyGao's DocSys software up to version 2.02.37. This flaw resides in the UserMapper.xml file, where an attacker could exploit the Username argument to execute arbitrary SQL queries. The vulnerability allows for remote exploitation, potentiall...

A SQL injection vulnerability exists in RainyGao DocSys versions up to 2.02.36, specifically in the 'searchWord' argument of the ReposAuthMapper.xml file. This flaw allows attackers to execute unauthorized SQL queries remotely, potentially compromising the database. The vendor was informed of thi...

A vulnerability exists in RainyGao DocSys, where an unknown function in GroupMemberMapper.xml is susceptible to SQL injection via the searchWord argument. This flaw allows adversaries to execute unauthorized SQL queries remotely against the affected application. The exploit has been disclosed in ...

The vulnerability arises from mismatched length fields in Zlib compressed protocol headers within MongoDB Server, potentially allowing an unauthenticated client to access uninitialized heap memory. This could lead to unauthorized information exposure, affecting versions of MongoDB Server across m...

The GNU C Library contains a vulnerability related to the untrusted LD_LIBRARY_PATH environment variable, which can be exploited by attackers. This issue affects setuid binaries that utilize dynamic link library loading features through the dlopen function, particularly in scenarios involving int...

The NEX-Forms WordPress plugin prior to version 9.1.8 has a security flaw that allows attackers to exploit unsanitized and unescaped settings. This vulnerability can be leveraged by low-privileged users, like subscribers, to inject malicious scripts into web pages. Such attacks can result in the ...

Grafana, an open-source monitoring and observability platform, is susceptible to a directory traversal vulnerability in versions ranging from 8.0.0-beta1 to 8.3.0. This vulnerability enables unauthorized access to local files via specially crafted URL paths which include the identifier for any in...

The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The Hustle - Email Marketing, Lead Generation, Optins, Popups plugin for WordPress contains a vulnerability that results in Sensitive Information Exposure across all versions up to and including 7.8.3. This weakness arises from hardcoded API keys, which can be exploited by unauthenticated attacke...

The Elliptic package experiences a significant cryptographic vulnerability where the ECDSA implementation generates incorrect signatures. This flaw arises due to an improper computation of the interim value 'k', leading to potential truncation when it has leading zeros. As a result, an attacker c...

Webmin 1.900 possesses a vulnerability that allows remote attackers to execute arbitrary code. This exploitation can be carried out by utilizing the 'Java file manager' and 'Upload and Download' privileges. Attackers can upload a specially crafted .cgi file through the /updown/upload.cgi URI, lea...

A physical access vulnerability exists in the D-Link DIR-605L Router that can be exploited by an attacker with direct access to the UART pins. This flaw permits the execution of arbitrary commands due to unregulated root terminal access on a serial interface. Without proper access controls, this ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in the Linux kernel related to improper initialization of the 'flags' member of the new pipe buffer structure. This absence of proper initialization in the copy_page_to_iter_pipe and push_pipe functions can result in the presence of stale values. As a consequence, an unpriv...

The V-SOL GPON/EPON OLT Platform v2.03 is susceptible to multiple reflected cross-site scripting vulnerabilities. These arise from inadequate input sanitization in various script parameters. Malicious actors can exploit these security flaws by injecting harmful HTML and script code, enabling the ...

Yahei-PHP Prober version 0.4.7 has a vulnerability that permits remote HTML injection via the 'speed' GET parameter in prober.php. This flaw enables attackers to execute arbitrary HTML code, potentially leading to cross-site scripting (XSS) attacks affecting user sessions in their browsers. By ma...

The FaceSentry Access Control System version 6.4.8 contains a cross-site scripting vulnerability that affects the 'msg' parameter of the pluginInstall.php file. This vulnerability allows attackers to inject malicious scripts through unvalidated input. Once exploited, the injected JavaScript can e...

The SOCA Access Control System 180612 is vulnerable to a cross-site scripting (XSS) attack via the 'senddata' parameter in logged_page.php. This vulnerability enables attackers to execute arbitrary HTML and JavaScript code within the browser session of a victim when crafted POST requests are sent...

The INIM Electronics Smartliving SmartLAN/G/SI devices, running Linux versions up to 6.x, contain hard-coded credentials that are unchangeable through regular device operations. This vulnerability allows malicious actors to exploit these persistent credentials, facilitating unauthorized access to...

The INIM Electronics Smartliving SmartLAN/G/SI devices, running Linux versions up to 6.x, contain hard-coded credentials that are unchangeable through regular device operations. This vulnerability allows malicious actors to exploit these persistent credentials, facilitating unauthorized access to...

The Smartliving SmartLAN/G/SI product version 6.x and earlier is susceptible to an unauthenticated server-side request forgery (SSRF) vulnerability. This issue exists within the GetImage functionality, where attackers can exploit the 'host' parameter to send crafted requests through the onvif.cgi...

The SmartLiving SmartLAN versions up to 6.x are affected by a significant security vulnerability that allows authenticated users to execute arbitrary commands on the system. This vulnerability arises from the 'par' POST parameter within the web.cgi binary, specifically through the 'testemail' mod...

The SmartLiving SmartLAN versions up to 6.x are affected by a significant security vulnerability that allows authenticated users to execute arbitrary commands on the system. This vulnerability arises from the 'par' POST parameter within the web.cgi binary, specifically through the 'testemail' mod...

The Smartliving SmartLAN/G/SI product version 6.x and earlier is susceptible to an unauthenticated server-side request forgery (SSRF) vulnerability. This issue exists within the GetImage functionality, where attackers can exploit the 'host' parameter to send crafted requests through the onvif.cgi...

The V-SOL GPON/EPON OLT Platform version 2.03 is susceptible to an open redirect vulnerability due to improper validation of user input in its redirect mechanism. This flaw enables attackers to craft deceptive links that exploit the functionality of the 'parent' GET parameter. When exploited, log...

The FaceSentry Access Control System version 6.4.8 is susceptible to a vulnerability that involves the insecure storage of passwords. This flaw allows attackers to access unencrypted credentials stored in the device's SQLite database. Specifically, sensitive login information can be directly read...

The FaceSentry Access Control System version 6.4.8 is affected by a cleartext transmission vulnerability. This issue allows remote attackers to intercept sensitive authentication credentials via man-in-the-middle attacks. If an attacker gains access to the network, they can capture HTTP cookie in...

The NREL BEopt 2.8.0.0 software is susceptible to a DLL hijacking vulnerability that permits attackers to load arbitrary dynamic link libraries. This attack vector exploits users opening application files sourced from remote shares, enabling malicious actors to execute unauthorized code by levera...

The Devolo dLAN Cockpit 4.3.1 is vulnerable due to an unquoted service path in the 'DevoloNetworkService'. This weakness allows local non-privileged users to insert malicious code into the system's root path, which can potentially lead to arbitrary code execution with elevated privileges upon app...

The Leica Geosystems GNSS products (GR10, GR25, GR30, and GR50) with version 4.30.063 are susceptible to a cross-site request forgery vulnerability. This flaw enables attackers to deceive authenticated users into executing unintended actions, effectively compromising the application’s security. B...

The Leica Geosystems GNSS products (GR10, GR25, GR30, and GR50) with version 4.30.063 are susceptible to a cross-site request forgery vulnerability. This flaw enables attackers to deceive authenticated users into executing unintended actions, effectively compromising the application’s security. B...

The firmware version 8.0.0.64 of the FLIR Thermal Camera PT-Series is susceptible to multiple unauthenticated remote command injection vulnerabilities. These issues arise due to unsanitized POST parameters within the controllerFlirSystem.php script, particularly through the execFlirSystem() funct...