Publicly Disclosed
PoC Exploits

A vulnerability has been discovered in the fuyang_lipengjun platform version 1.0, specifically affecting the BrandController function found in the file /brand/queryAll. This weakness permits unauthorized manipulation of requests, leading to improper authorization. The exploit is accessible to att...

A security vulnerability has been identified in version 1.0 of the fuyang_lipengjun platform. This flaw specifically affects the AttributeController function located in the /attribute/queryAll file. If exploited, it allows attackers to manipulate user permissions improperly, leading to unauthoriz...

A path traversal vulnerability present in the Windows version of WinRAR could enable attackers to execute arbitrary code by crafting specially designed malicious archive files. This type of exploitation was observed in the wild, bringing attention to the efforts of security researchers, including...

A vulnerability has been found in the fuyang_lipengjun platform version 1.0, particularly within the AttributeCategoryController function located in /attributecategory/queryAll. This flaw allows unauthorized access through improper authorization checks, which can be exploited remotely. Attackers ...

A SQL Injection vulnerability exists within the itsourcecode Student Information Management System version 1.0, specifically in an unknown function located in the file /admin/modules/class/index.php. This flaw allows manipulation of the classId argument, enabling an attacker to execute arbitrary ...

AIBattery by whuan132 is affected by a vulnerability that allows for missing authentication within its BatteryXPCService.swift component. An attacker with local access can exploit this flaw, potentially leading to unauthorized actions. The vulnerability has been publicly disclosed and poses risks...

A vulnerability exists in the e-learning 1.0 product that affects the JWT Token Handler, specifically within the encryptSecret function. This flaw leads to the generation of insufficiently random values, which could compromise security. The attack can be executed remotely, although the complexity...

A security flaw exists in the Itsourcocode E-Logbook with Health Monitoring System for COVID-19 version 1.0. This vulnerability is associated with improper handling of the 'profile_id' parameter in the /check_profile.php file, allowing attackers to execute SQL injection attacks remotely. By manip...

A vulnerability has been identified in Airsonic-Advanced versions up to 10.6.0, specifically within the Playlist Upload Handler component. This flaw allows attackers to upload files without proper restrictions, leading to potential remote exploitation. The vulnerability is accessible to attackers...

A security vulnerability exists in the itsourcecode Online Discussion Forum version 1.0, specifically affecting the /members/compose_msg_admin.php file. This issue arises from improper handling of the ID argument, making it susceptible to SQL injection attacks. Attackers can remotely exploit this...

A vulnerability has been discovered in itsourcecode Online Discussion Forum version 1.0, specifically within the /members/compose_msg.php file. This flaw allows for SQL injection due to improper handling of input arguments, particularly the 'ID' argument. Attackers can exploit this weakness remot...

A security flaw has been identified in the D-Link DIR-825 router, specifically in the apply.cgi file's function sub_4106d4. This vulnerability arises from improper handling of the countdown_time argument, leading to a potential buffer overflow. It allows attackers to execute remote exploits on af...

A SQL injection vulnerability has been identified in the kidaze CourseSelectionSystem, specifically within the /Profilers/PProfile/COUNT3s3.php file. The issue arises when manipulating the 'csem' argument, potentially allowing remote exploitation of the system. As this product follows a rolling r...

A serious SQL injection vulnerability has been identified in PHPGurukul Small CRM version 4.0, specifically affecting the /create-ticket.php file. This flaw allows attackers to manipulate the 'subject' parameter, enabling unauthorized SQL commands to be executed. As a result, sensitive user infor...

A SQL injection vulnerability exists in the PHPGurukul Online Course Registration product version 3.1 that targets the '/my-profile.php' file. This flaw allows attackers to manipulate the 'cgpa' argument, facilitating unauthorized access to the database and potentially compromising sensitive info...

A vulnerability exists in SeaCMS versions up to 13.3, specifically within an unknown function found in the /admin_members.php?ac=editsave file. This flaw allows for SQL injection via manipulation of the 'ID' argument, enabling attackers to execute remote exploits. Public disclosure of this vulner...

The Ninja Forms plugin for WordPress, before version 3.11.1, contains a vulnerability that allows unauthenticated users to exploit PHP Object Injection through unserialization of user input in form fields. If the blog contains a suitable gadget, this flaw could be leveraged, potentially resulting...

The WP Hotel Booking plugin for WordPress prior to version 2.2.3 contains a vulnerability due to inadequate server-side validation of user-submitted review ratings. This flaw allows attackers to exploit the plugin by intercepting and modifying requests, enabling them to submit arbitrary rating va...

The Password Reset with Code for WordPress REST API plugin before version 0.0.17 is susceptible to security weaknesses due to its reliance on non-cryptographically sound algorithms for generating One-Time Password (OTP) codes. This flaw exposes users to the risk of account takeover, as attackers ...

The article discusses the CVE-2024-28397 vulnerability in js2py, a widely-used Python library with over 1 million monthly downloads. The vulnerability exposes millions of Python users to remote code execution (RCE) attacks, allowing attackers to execute arbitrary code via a crafted API call. This...

A command injection vulnerability has been discovered in the D-Link DIR-823X series routers due to an unsafe handling of environment variables in the /usr/sbin/goahead component, particularly within the sub_412E7C function. This flaw allows an attacker to manipulate arguments such as terminal_add...

A newly discovered security flaw in the itsourcecode Online Petshop Management System version 1.0 affects the Admin Dashboard component, specifically within the file availableframe.php. An unknown function in this file allows an attacker to manipulate input arguments related to names or addresses...

A cross site scripting vulnerability has been identified in the itsourcecode Online Petshop Management System version 1.0. The issue resides in the addcnp.php file, specifically within an unknown function tied to the Available Products Page. By manipulating the name or description argument, attac...

A command injection vulnerability has been identified in the D-Link DIR-852 router, specifically within the Simple Service Discovery Protocol Service's ssdpcgi_main function located in the component htodcs/cgibin. This issue arises from improper handling of the ST argument, enabling attackers to ...

A command injection vulnerability exists in the web management interface of D-Link DIR-852 devices, specifically affecting the hedwig.cgi file. This vulnerability allows remote attackers to execute arbitrary commands on the affected system. The issue arises from inadequate input validation, enabl...

A vulnerability has been identified in SourceCodester's Online Exam Form Submission software version 1.0, specifically targeting the /admin/delete_user.php file. This issue arises from improper handling of the ID parameter, allowing for SQL injection attacks that can be executed remotely. If expl...

A critical flaw exists in the SourceCodester Online Exam Form Submission 1.0 that allows an attacker to perform SQL injection via manipulation of the /admin/update_s3.php file. This vulnerability opens the door for remote exploitation, enabling unauthorized access to the database and potentially ...

An SQL injection vulnerability has been identified in the SourceCodester Online Exam Form Submission version 1.0, affecting the /user/dashboard.php?page=update_profile file. By manipulating the 'phone' argument, an attacker could potentially execute unauthorized SQL commands, leading to unauthori...

A security flaw has been identified in the PHPGurukul User Management System version 1.0, specifically affecting the /login.php file. This vulnerability arises when the emailid argument is improperly handled, allowing for remote SQL injection attacks. The exploit has already been publicly disclos...

A SQL injection vulnerability exists in the SourceCodester Hotel Reservation System 1.0, specifically within the deleteuser.php script. This flaw allows an attacker to manipulate the 'ID' parameter, potentially executing unauthorized SQL commands. The vulnerability can be exploited remotely, whic...

A vulnerability exists in the SourceCodester Hotel Reservation System 1.0, specifically within the 'editroomimage.php' file. An exploitation of this vulnerability allows for SQL injection via manipulation of the 'ID' argument. This issue can be exploited remotely, making it a significant risk for...

A vulnerability exists in the itsourcecode Online Clinic Management System version 1.0, specifically in the /editp2.php file. This flaw allows remote attackers to manipulate user input parameters like id, firstname, lastname, type, age, and address, leading to SQL injection attacks. When exploite...

A vulnerability identified in Sequa-AI's Sequa-MCP up to version 1.0.13 allows for OS command injection through manipulation of the redirectToAuthorization function found in node-oauth-client-provider.ts. This is particularly concerning as it enables the potential for remote exploitation. The ven...

The Online Clinic Management System by itsourcecode suffers from a SQL injection vulnerability within the transact.php file. This issue arises from improper handling of the 'firstname' parameter, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to sensitive da...

A SQL injection vulnerability has been identified in the SourceCodester Online Polling System 1.0 via the /admin/positions.php file. An attacker can exploit this weakness by manipulating the ID parameter, allowing for unauthorized execution of SQL queries. This vulnerability can be triggered remo...

A security flaw has been identified in the Itsourcecode E-Commerce Website version 1.0, specifically affecting the file /admin/users.php. This vulnerability permits an attacker to perform unrestricted uploads of files, which can lead to potential remote exploits. The flaw has been publicly disclo...

A vulnerability exists in the itsourcecode E-Commerce Website 1.0 that allows an attacker to manipulate the functionality linked to the /admin/products.php file. This manipulation enables unauthorized users to upload files without restrictions, which could result in malicious payloads being execu...

A significant cross-site scripting (XSS) vulnerability has been identified in the itsourcecode E-Logbook with Health Monitoring System for COVID-19 version 1.0. This flaw exists in the file /print_reports_prev.php, where manipulation of the 'profile_id' argument can result in unauthorized script ...

Langflow versions earlier than 1.3.0 are vulnerable to a code injection flaw located in the /api/v1/validate/code endpoint. This issue can be exploited by remote attackers without authentication, allowing them to send specially crafted HTTP requests, which may lead to the execution of arbitrary c...

A SQL injection vulnerability has been identified in the itsourcecode Student Information System 1.0 within the /leveledit1.php file. This vulnerability arises from improper handling of the level_id argument, allowing an attacker to manipulate SQL queries. The exploit can be executed remotely, po...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...

A security flaw in PHPGurukul Online Discussion Forum version 1.0 has been discovered, specifically in the /admin/edit_member.php file. This vulnerability allows attackers to manipulate the ID parameter, leading to SQL injection attacks. Since the issue can be exploited remotely, the potential fo...

A SQL injection vulnerability exists in the PHPGurukul Online Discussion Forum, specifically within the file /admin/admin_forum/search_result.php. This flaw allows attackers to manipulate the 'Search' argument, enabling unauthorized database queries to be executed. The vulnerability can be exploi...

A vulnerability exists in the SourceCodester Online Exam Form Submission version 1.0 that allows for SQL injection via the /admin/delete_s1.php file. By manipulating the ID parameter, unauthorized users can execute remote attacks, potentially gaining access to sensitive data. This vulnerability i...

Adobe Reader and Acrobat applications prior to specified versions on Windows and Mac OS X contain an input validation flaw within the Launch File warning dialog. This weakness allows attackers to manipulate text fields, misleading users into executing local programs while accessing seemingly beni...

A vulnerability affecting SourceCodester's Online Exam Form Submission version 1.0 arises from a flaw in the handling of user input in the /admin/index.php file. This flaw allows an attacker to manipulate the email parameter leading to SQL injection, which can be executed remotely. The disclosed ...

A security flaw has been identified in the SourceCodester Online Exam Form Submission version 1.0, specifically within the /register.php file. This vulnerability arises from improper handling of the 'img' argument, allowing attackers to perform unrestricted uploads. By exploiting this flaw, an at...

A security vulnerability exists in the itsourcecode Web-Based Internet Laboratory Management System 1.0, specifically within the User::AuthenticateUser function found in login.php. This flaw allows for SQL injection attacks due to improper handling of the user_email argument. Attackers could expl...

A security flaw exists in the SourceCodester Pet Grooming Management Software (version 1.0) that exposes it to SQL injection attacks. The vulnerability is found in the /admin/search_product.php file, where improper handling of the 'group_id' parameter allows an attacker to manipulate database que...

A vulnerability has been identified in the SourceCodester Online Exam Form Submission 1.0, located in the /index.php file. It allows an attacker to manipulate the 'usn' parameter, leading to SQL injection. This vulnerability can be exploited remotely, posing a significant risk as the exploit has ...