Publicly Disclosed
PoC Exploits

A security flaw in Keycloak allows an attacker to exploit a weakness in the invitation token's JSON Web Token (JWT) payload. By modifying the organization ID and target email without proper cryptographic signature verification, an attacker can self-register into an unauthorized organization. This...

The Windows Notepad App has a vulnerability that allows attackers to exploit improper neutralization of special command elements. This security flaw can enable unauthorized users to execute arbitrary code over a network, posing significant risks to systems that rely on this application. Users are...

A Local Privilege Escalation vulnerability exists in pam-config, part of the Linux Pluggable Authentication Modules (PAM). This flaw permits a local attacker, such as an SSH user, to escalate their privileges to those of a privileged console user. By exploiting this vulnerability, attackers can e...

The SportsPress plugin for WordPress is susceptible to a Local File Inclusion vulnerability, which affects all versions up to and including 2.7.26. By manipulating the 'template_name' attribute within shortcodes, authenticated users with contributor-level permissions and higher can include and ex...

A remote code execution vulnerability in Microsoft Outlook allows an attacker to run arbitrary code on a user's system. This can occur when the vulnerable version processes specially crafted email messages, which can result in unauthorized access or control over the affected system. Attackers can...

The WP eCommerce plugin for WordPress, up to version 3.15.1, contains a vulnerability that allows the unserialization of user input through ajax actions. This flaw can be exploited by unauthenticated users, potentially leading to PHP Object Injection if the right conditions are present. Attackers...

The Pix para Woocommerce plugin version 2.13.3 for WordPress allows any authenticated user to invoke AJAX actions without proper capability or nonce checks, enabling them to manipulate and reset payment gateway configuration settings. This significant flaw can lead to disruption of OpenPix paymen...

Adobe Experience Manager versions 6.5.23 and earlier contain a Misconfiguration vulnerability that allows attackers to execute arbitrary code. This security flaw can be exploited without user interaction, enabling attackers to bypass security measures easily and gain control over the affected sys...

Pterodactyl, a widely used free and open-source game server management panel, has a significant vulnerability that allows unauthorized remote code execution. This occurs through the /locales/locale.json endpoint when specific query parameters are manipulated. Attackers exploiting this flaw can ex...

Fortinet products, including FortiAnalyzer and FortiManager, are susceptible to a vulnerability that allows an attacker with a FortiCloud account to bypass authentication, granting unauthorized access to devices linked with different accounts. This issue can be exploited if FortiCloud SSO authent...

A vulnerability exists in the Drupal 11.x-dev platform that enables Full Path Disclosure (FPD) through the core/authorize.php script. This issue arises when the hash_salt value is derived from the file_get_contents function, utilizing a non-existent file. Consequently, even if error logging is di...

A security flaw in Keycloak allows an attacker to exploit a weakness in the invitation token's JSON Web Token (JWT) payload. By modifying the organization ID and target email without proper cryptographic signature verification, an attacker can self-register into an unauthorized organization. This...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The JUNG Smart Panel KNX firmware versions up to L1.12.22 exhibit a vulnerability in the embedded web interface, allowing unauthorized users to exploit improper file path validation. This flaw can be exploited to access sensitive files residing on the filesystem accessible to the web server. Atta...

A security vulnerability has been identified in the WebUploader component of Yuan1994's Tpadmin software. Found in the file /public/static/admin/lib/webuploader/0.1.5/server/preview.php, this flaw enables deserialization of untrusted data. Attackers can exploit this vulnerability remotely, puttin...

A vulnerability exists in the WordPress Simple File List plugin which allows unauthenticated attackers to upload malicious files due to improper validation mechanisms. Specifically, the plugin mistakenly permits the upload of PHP code masquerading as image files. An attacker can exploit the uploa...

JinJava, a template engine based on Django syntax for rendering Jinja templates, is susceptible to an arbitrary Java execution vulnerability via a bypass through the ForTag element. This flaw enables attackers to instantiate Java classes and access files, circumventing key sandbox restrictions. T...

A Local Privilege Escalation vulnerability exists in libblockdev that allows a physically present user with 'allow_active' permissions to escalate privileges. By exploiting the interaction between libblockdev and the udisks daemon, an attacker can create a specially crafted XFS image, tricking ud...

A memory leak vulnerability exists in the wasm3 project affecting versions up to 0.5.0, specifically within the NewCodePage function. This flaw allows local attackers to exploit the vulnerability, resulting in unintended memory consumption. The public disclosure may lead to increased exploitation...

A local security vulnerability has been found in the ckolivas lrzip, specifically in the ucompthread function of stream.c. This flaw allows for a null pointer dereference, which can lead to potential application crashes or unstable behavior. The issue can be exploited only from a local environmen...

A use after free vulnerability has been identified in the ckolivas lrzip software, specifically within the lzma_decompress_buf function in stream.c. This issue arises from improper handling of memory, leading to potential exploitation if a local attacker manipulates the system. Although the probl...

A security flaw in the Amidaware Tactical RMM allows low-privileged users with Report Viewer or Report Manager permissions to execute arbitrary commands on the server. This vulnerability arises from inadequate sanitization of the template_md parameter, leading to potential exploitation through Ji...

The HTTP/2 protocol is susceptible to a denial of service vulnerability that can be exploited via rapid stream resets. This allows attackers to overwhelm servers by rapidly canceling requests, leading to significant resource consumption and potential service disruption. Exploitation of this vulne...

An easily exploitable vulnerability in the Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in may allow unauthenticated attackers to gain access via HTTP. Attackers can compromise the server and potentially impact data integrity and confidentiality. This vulnerability can lead to unautho...

Bio-Formats versions up to and including 8.3.0 are susceptible to a vulnerability in the loci.formats.Memoizer class, which performs unsafe Java deserialization of .bfmemo files. This occurs during image processing when the application automatically loads and deserializes these memo files without...

In MediaTek's modem, a security flaw exists due to insufficient input validation, which could allow attackers to induce a system crash. This vulnerability particularly arises when a User Equipment (UE) connects to a maliciously controlled rogue base station. Notably, the exploitation of this flaw...

A Local Privilege Escalation vulnerability exists in pam-config, part of the Linux Pluggable Authentication Modules (PAM). This flaw permits a local attacker, such as an SSH user, to escalate their privileges to those of a privileged console user. By exploiting this vulnerability, attackers can e...

A command injection vulnerability exists in the D-Link DCS-931L camera model up to version 1.13.0, affecting the /goform/setSysAdmin endpoint. By manipulating the AdminID argument, an attacker can execute arbitrary OS commands remotely. This vulnerability is particularly concerning as it affects ...

Aardappel Lobster has a vulnerability within the lobster::Parser::ParseStatements function in the library dev/src/lobster/parser.h. This flaw, which affects versions up to 2025.4, allows for memory corruption triggered from a local environment. The public disclosure of this vulnerability raises t...

A memory corruption vulnerability exists in the aardappel lobster library, affecting versions up to 2025.4. The issue lies within the function WaveFunctionCollapse located in dev/src/lobster/wfc.h. This vulnerability can only be exploited locally, allowing an attacker to manipulate the function a...

Hikvision network camera devices suffer from an improper authentication vulnerability, which arises when the system fails to adequately authenticate users. This deficiency could enable an attacker to escalate privileges and obtain sensitive information, risking the integrity and confidentiality o...

A security issue in Docker Desktop has been discovered, enabling local running Linux containers to communicate with the Docker Engine API through the default Docker subnet. This issue can arise irrespective of whether Enhanced Container Isolation (ECI) is active or if the 'Expose daemon on tcp://...

A memory corruption vulnerability has been identified in the function apriltag_detector_detect of the Apriltag library. This issue allows for potential local exploitation, which may lead to unexpected behavior and security risks. Attackers with local access could manipulate the affected function,...

A vulnerability exists in CCExtractor affecting versions up to 183, specifically in the parse_PAT and parse_PMT functions within the MPEG-TS File Parser component. This issue arises from improper handling of input, leading to potential out-of-bounds read conditions. The exploit requires a local e...

A vulnerability has been identified in Janet, the programming language developed by Janet-lang, where a flaw in the 'janetc_if' function within 'src/core/specials.c' could allow for an out-of-bounds read. This security issue requires local execution for exploitation and has been publicly disclose...

A Local Privilege Escalation vulnerability exists in pam-config, part of the Linux Pluggable Authentication Modules (PAM). This flaw permits a local attacker, such as an SSH user, to escalate their privileges to those of a privileged console user. By exploiting this vulnerability, attackers can e...

n8n, the open-source workflow automation platform, has a vulnerability that allows authenticated users who can create or modify workflows to manipulate expressions in workflow parameters. This could lead to unintended command execution on the host system running n8n, posing a significant security...

A vulnerability has been identified in Janet Language versions prior to 1.40.1, specifically within the os_strftime function of the src/core/os.c file. This flaw allows local attackers to perform manipulations that could result in out-of-bounds reads. Such vulnerabilities can lead to unauthorized...

A vulnerability exists in the Janet programming language, specifically in the janetc_pop_funcdef function located in src/core/compile.c. This issue allows for out-of-bounds read operations, potentially exposing sensitive data when exploited. The attack must be executed locally. It is crucial for ...

A Local Privilege Escalation vulnerability exists in pam-config, part of the Linux Pluggable Authentication Modules (PAM). This flaw permits a local attacker, such as an SSH user, to escalate their privileges to those of a privileged console user. By exploiting this vulnerability, attackers can e...

The WeGIA Web Manager for charitable institutions contains an authenticated SQL Injection vulnerability in the Atendido_ocorrenciaControle endpoint, specifically through the id_memorando parameter. This security flaw can lead to full database exfiltration, exposing sensitive Personally Identifiab...

A command injection vulnerability exists in the D-Link DCS-931L camera's firmware, specifically in the 'doSystem' function located in the '/setSystemAdmin' file. This issue arises from improper handling of the 'AdminID' argument, allowing remote attackers to execute arbitrary commands. This vulne...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A significant vulnerability exists in DouPHP affecting versions up to 1.9, linked to improper handling of input in the file /admin/file.php, specifically concerning the ZIP File Handler. This flaw allows an attacker to manipulate the sql_filename argument, facilitating unrestricted file uploads. ...

A significant SQL injection vulnerability exists within the itsourcecode News Portal Project version 1.0. This flaw specifically targets the Administrator Login component, where improper handling of user input in the email argument of the /admin/index.php file allows attackers to manipulate SQL q...

A security flaw has been identified in the Online Reviewer System version 1.0 developed by Code-Projects that enables attackers to exploit the application through cross site scripting (XSS). The vulnerability specifically affects the file /system/system/admins/manage/users/btn_functions.php, wher...

A security vulnerability has been identified within the Online Reviewer System version 1.0 by Code-Projects. This issue is associated with a particular functionality in the file located at /system/system/students/assessments/pretest/take/index.php. An unvalidated manipulation of the argument ID c...

A vulnerability identified in Code-Projects' Online Reviewer System 1.0 can be exploited via the /login/index.php file. By manipulating the Username argument, attackers can execute SQL injection attacks remotely, potentially compromising the system's integrity. This security flaw has been made pu...

A vulnerability exists in the Code-Projects Online Reviewer System 1.0, specifically in the /system/system/admins/assessments/pretest/btn_functions.php file. This flaw can be exploited through remote manipulation of the difficulty_id parameter, enabling attackers to execute SQL injection attacks....

A command injection vulnerability exists in D-Link DCS-933L firmware versions up to 1.14.11 due to improper handling of parameters in the '/setSystemAdmin' functionality of the alphapd component. This flaw allows an attacker to remotely execute arbitrary commands by manipulating the AdminID argum...