Publicly Disclosed
PoC Exploits

The Nginx UI web interface, specifically versions 2.3.5 and earlier, is susceptible to a serious flaw due to improper authentication in its MCP (Model Context Protocol) integration. This vulnerability allows attackers, without any authentication, to exploit the /mcp_message endpoint. Although the...

The OpenRemote IoT platform, specifically versions 1.21.0 and below, is impacted by two related expression injection vulnerabilities. These flaws exist within the rules engine, allowing unauthorized users to execute arbitrary code on the server. The JavaScript rules engine processes user-defined ...

A vulnerability exists in TinyFileManager, specifically in the file upload functionality located at /filemanager.php?p=ajax=true&type=upload. This flaw allows an attacker to manipulate the uploadurl parameter, potentially leading to a server-side request forgery (SSRF) attack. Such an attack can ...

A vulnerability exists in prasathmani TinyFileManager versions up to 2.6, specifically within the POST Parameter Handler found in the file /filemanager.php. This issue arises from inadequate input validation, allowing attackers to manipulate the 'file[]' parameter to perform path traversal attack...

A security flaw has been identified in Rallly versions up to 4.7.4, specifically within the Reset Password Handler component. This vulnerability arises from improper handling of the 'redirectTo' argument, which may allow attackers to execute cross-site scripting (XSS) attacks remotely. If exploit...

A vulnerability exists in the arnobt78 Hotel Booking Management System, specifically within the health check endpoint, where an unknown function can be exploited to disclose sensitive information. This vulnerability allows remote attackers to perform unauthorized access, leading to potential info...

A security vulnerability exists in the libvips library prior to version 8.19, specifically within the im_minpos_vec function in the deprecated vips7compat.c file. This vulnerability allows for heap-based buffer overflow due to inadequate handling of the argument n, requiring local access for expl...

A SQL injection vulnerability exists in the QueryMine sms component, specifically within the admin/deletecourse.php file. This issue arises due to improper handling of the GET request parameter 'ID', allowing attackers to manipulate the input and execute unauthorized SQL queries. The attack can b...

A security flaw has been identified in QueryMine sms, specifically affecting the admin/addteacher.php file within the Background Management Page component. The vulnerability allows attackers to manipulate the image argument, leading to unrestricted file uploads. This can be exploited remotely, po...

A SQL injection vulnerability has been discovered in QueryMine sms that impacts the GET Request Parameter Handler in the editcourse.php file. This vulnerability arises from improper handling of the ID argument, allowing remote attackers to manipulate SQL queries. Due to the continuous delivery an...

The Ninja Forms - File Uploads plugin for WordPress contains a vulnerability allowing unauthenticated attackers to upload arbitrary files due to inadequate file type validation in the upload handling function. This oversight affects all versions upto and including 3.3.26, potentially enabling att...

A vulnerability exists in the Qihui jtbc5 CMS, specifically in the Code Endpoint component located in manage.php. This flaw allows attackers to manipulate input parameters related to file paths, leading to unauthorized access to files outside of the intended directory. The exploit can be executed...

A cross-site scripting vulnerability was identified in Classroom Bookings versions up to 2.17.0, specifically within the User Display Name Handler component. The vulnerability arises from improper handling of the 'displayname' argument in the file crbs-core/application/views/layout.php, allowing ...

A vulnerability has been identified in the Wavlink WL-WN530H4 model, specifically within the strcat and snprintf functions of the /cgi-bin/internet.cgi file. This security flaw enables remote attackers to inject operating system commands, potentially leading to unauthorized access and control ove...

The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to u...

This vulnerability allows an attacker to execute arbitrary code with elevated privileges, potentially gaining control over the affected system. By exploiting the fault in the Windows Kernel, the attacker could leverage this to manipulate system processes and escalate privileges, making it a signi...

An issue has been identified in HAProxy's HTTP/3 parser prior to version 3.3.6, where the parser fails to ensure that the content length of received bodies corresponds with the previously set content-length. This oversight can lead to desynchronization with backend servers when the stream is term...

The n8n workflow automation platform has a vulnerability in versions ranging from 1.65.0 to just below 1.121.0, which allows potential attackers to exploit specific form-based workflows. This flaw can enable unauthorized remote access to sensitive files on the underlying server, posing a signific...

A SQL injection vulnerability exists in CodeAstro's Simple Attendance Management System version 1.0. This flaw allows remote, unauthenticated attackers to bypass authentication mechanisms by exploiting the username parameter in the index.php file. Successful exploitation of this vulnerability ena...

A significant vulnerability in Snipe-IT affects versions prior to 8.3.7, where sensitive user attributes are inadequately protected against mass assignment attacks. This flaw enables an authenticated, low-privileged user to manipulate API requests, altering restricted fields within another user's...

An issue in the ASUS DriverHub update process stems from incorrect permission assignments, which can lead to privilege escalation. During the validation phase of the update process, inadequate protection of critical execution resources allows a local user to modify these resources without appropr...

A vulnerability has been identified in Apache Tomcat that arises from missing encryption mechanisms for sensitive data, which could lead to data exposure. This issue was introduced as a result of the fix for another vulnerability, allowing the EncryptInterceptor to be bypassed. Users running vers...

MikroORM, a TypeScript Object-Relational Mapper for Node.js, has a vulnerability that can lead to SQL injection. This issue arises when specially crafted objects are treated as raw SQL fragments, potentially allowing attackers to manipulate database queries. The vulnerability has been addressed i...

A potential vulnerability was identified in Lenovo Diagnostics and its associated HardwareScanAddin used in the Lenovo Vantage application. This flaw may allow a local authenticated user to write arbitrary files with elevated privileges during installation or when executing a hardware scan, poten...

A vulnerability in Roundcube Webmail prior to version 1.5.10 and 1.6.x before 1.6.11 allows authenticated users to exploit the _from parameter in the URL. This issue arises from a lack of validation in program/actions/settings/upload.php, leading to the potential for PHP Object Deserialization at...

A privilege escalation vulnerability was identified in the Below service prior to version 0.9.0. This vulnerability arises from the creation of a world-writable directory located at /var/log/below. As a result, local unprivileged users can exploit this flaw through symlink attacks, potentially ma...

The XWiki Platform is vulnerable due to improper handling of inputs, allowing unauthenticated users to execute arbitrary code via the `SolrSearch` endpoint. This can result in significant breaches of confidentiality, integrity, and availability of the XWiki installation. Users are encouraged to u...

A vulnerability exists in InvokeAI versions 5.3.1 through 5.4.2, allowing remote code execution through the /api/v2/models/install endpoint. This vulnerability is due to the unsafe deserialization of model files with torch.load, lacking proper validation of input data. Attackers can exploit this ...

Adobe Acrobat Reader is impacted by a Prototype Pollution vulnerability that allows attackers to execute arbitrary code within the context of the current user. This flaw is triggered only when a user interacts with a malicious file, making user awareness essential. It is crucial for users to keep...

OpenPrinting CUPS, an open-source printing system utilized across various Linux and Unix-like operating systems, is subject to a critical vulnerability that allows an authentication bypass. Specifically, in versions 2.4.12 and earlier, if the `AuthType` is set to anything other than `Basic`, the ...

A vulnerability exists in Moodle that stems from an input validation error occurring during the importation of lesson questions. This flaw allows for insufficient path checks, which can lead to arbitrary file reading via directory traversal attacks. It is important to note that access to this fea...

An OS command injection vulnerability exists in Fortinet FortiSandbox versions 4.4.0 through 4.4.8. This flaw arises from improper neutralization of special elements used in operating system commands. An attacker can exploit this vulnerability to execute unauthorized commands, potentially comprom...

A vulnerability has been identified in Apache Tomcat that arises from missing encryption mechanisms for sensitive data, which could lead to data exposure. This issue was introduced as a result of the fix for another vulnerability, allowing the EncryptInterceptor to be bypassed. Users running vers...

The ProcessWire CMS versions 3.0.255 and earlier are susceptible to a server-side request forgery (SSRF) vulnerability found in the admin panel's 'Add Module From URL' feature. Authenticated administrators can input arbitrary URLs in the module download parameter, resulting in the server making u...

The CVE-2024-26229 vulnerability in the Windows CSC Service is being exploited with proof-of-concept (PoC) exploit code available on GitHub. This high-severity vulnerability could allow attackers to gain SYSTEM privileges on a Windows system, posing a significant risk. This type of elevation of p...

A local privilege escalation vulnerability exists within the pkexec utility of polkit, a setuid tool that allows unprivileged users to execute commands as privileged users based on predetermined policies. Due to insufficient handling of the calling parameters, pkexec can misinterpret environment ...

A vulnerability has been identified in Apache Tomcat that arises from missing encryption mechanisms for sensitive data, which could lead to data exposure. This issue was introduced as a result of the fix for another vulnerability, allowing the EncryptInterceptor to be bypassed. Users running vers...

A vulnerability has been identified in Apache Tomcat that arises from missing encryption mechanisms for sensitive data, which could lead to data exposure. This issue was introduced as a result of the fix for another vulnerability, allowing the EncryptInterceptor to be bypassed. Users running vers...

The WPvivid Backup & Migration plugin for WordPress is susceptible to an unauthenticated arbitrary file upload vulnerability due to improper error handling in the RSA decryption process and inadequate path sanitization during file uploads. This allows malicious attackers to exploit the system by ...

The WPExperts Post SMTP plugin contains an authentication bypass vulnerability that allows attackers to exploit alternate pathways for gaining unauthorized access. This issue affects versions from n/a up to 3.2.0, potentially compromising the security of WordPress installations using this plugin....

A vulnerability has been identified in the Android Framework that allows for potential exposure of sensitive information displayed on the screen. This may occur without the need for user interaction or elevated execution privileges, resulting in local information disclosure risks. The issue arise...

radare2, prior to version 6.1.4, is susceptible to a command injection vulnerability located in the PDB parser's print_gvars() function. This vulnerability allows attackers to execute arbitrary commands by inserting a newline byte into the PE section header name field of a maliciously crafted PDB...

A flaw has been identified in the GB18030 4-byte Decoder function within musl libc, specifically in the iconv implementation located in src/locale/iconv.c. This vulnerability manifests as inefficient algorithmic complexity that can be exploited through localized interactions. Attackers can manipu...

The Axios library, a popular promise-based HTTP client used in web applications and Node.js, has a significant vulnerability that enables a 'Gadget' attack chain. This flaw allows Prototype Pollution to exploit third-party dependencies, leading to potential Remote Code Execution (RCE). Attackers ...

The Axios library, a popular promise-based HTTP client used in web applications and Node.js, has a significant vulnerability that enables a 'Gadget' attack chain. This flaw allows Prototype Pollution to exploit third-party dependencies, leading to potential Remote Code Execution (RCE). Attackers ...

Flowise, a user-friendly platform for creating customized large language model flows, has a significant vulnerability in version 3.0.5 that allows for remote code execution. The flaw lies within the CustomMCP node, where user input is inadequately sanitized. Specifically, the mcpServerConfig stri...

Marimo, a reactive Python notebook, exhibits a significant security vulnerability prior to version 0.23.0. The terminal WebSocket endpoint (/terminal/ws) allows unauthenticated access, enabling attackers to gain a complete pseudo-terminal shell and execute arbitrary commands on the host system. U...

A critical security flaw exists in the Nocobase plugin-workflow-javascript up to version 2.0.23. The vulnerability arises from the createSafeConsole function in the Vm.js file, where improper handling potentially allows attackers to exploit the sandbox environment. This issue facilitates remote c...

In versions of HummerRisk up to 1.5.0, a server-side request forgery (SSRF) vulnerability was discovered in the ServerService.addServer function within the ServerService.java file. This security flaw enables remote exploitation by manipulating the streamIp argument during server operations. As a ...

A command injection vulnerability exists in aandrew-me ytDownloader versions up to 3.20.2, specifically affecting the child_process.exec function in src/compressor.js. This vulnerability allows malicious users to execute arbitrary commands on the local system. Although the attack must be executed...