Publicly Disclosed
PoC Exploits

A vulnerability exists in the Tenda FH1201 router affecting version 1.2.0.14(408) due to improper handling of user input in the sprintf function within the SetIpBind endpoint. This flaw enables an attacker to manipulate the argument provided to this function, leading to a stack-based buffer overf...

A vulnerability exists in the Tenda FH1201 router affecting version 1.2.0.14(408) due to improper handling of user input in the sprintf function within the SetIpBind endpoint. This flaw enables an attacker to manipulate the argument provided to this function, leading to a stack-based buffer overf...

A vulnerability exists in Tenda's FH1201 and FH1206 routers due to a flaw in the HTTP Request Handler. Specifically, a stack-based buffer overflow can occur when the 'webSiteId' argument is manipulated in the 'strcat' function of the /goform/webtypelibrary file. This vulnerability allows attacker...

A vulnerability exists in Tenda's FH1201 and FH1206 routers due to a flaw in the HTTP Request Handler. Specifically, a stack-based buffer overflow can occur when the 'webSiteId' argument is manipulated in the 'strcat' function of the /goform/webtypelibrary file. This vulnerability allows attacker...

A vulnerability in the Linux kernel's networking subsystem affects the queuing discipline (qdisc) hierarchy, specifically in the cake scheduler. The issue arises during packet enqueueing in the cake_drop() function, which can lead to inconsistent queue length and backlog accounting due to an inco...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability identified in the Tenda AC18 router version 15.03.05.05 allows for a stack-based buffer overflow due to improper handling of the 'scanList' argument within the sprintf function of the HTTP Request Handler. This flaw can be exploited remotely, potentially enabling unauthorized acce...

A vulnerability identified in the Tenda AC18 router version 15.03.05.05 allows for a stack-based buffer overflow due to improper handling of the 'scanList' argument within the sprintf function of the HTTP Request Handler. This flaw can be exploited remotely, potentially enabling unauthorized acce...

A security vulnerability has been identified in the Tenda AC18 with firmware version 15.03.05.05, specifically affecting the strcpy function in the /goform/GetParentControlInfo of the HTTP Request Handler. This vulnerability can lead to a stack-based buffer overflow when the 'mac' argument is man...

A security vulnerability has been identified in the Tenda AC18 with firmware version 15.03.05.05, specifically affecting the strcpy function in the /goform/GetParentControlInfo of the HTTP Request Handler. This vulnerability can lead to a stack-based buffer overflow when the 'mac' argument is man...

A vulnerability has been discovered in Campcodes Complete Online Beauty Parlor Management System, specifically in the file /admin/bwdates-reports-details.php. This flaw allows an attacker to exploit an unknown function through the manipulation of the 'fromdate' argument, potentially enabling cros...

A security flaw has been identified in the Campcodes Complete Online Beauty Parlor Management System version 1.0, specifically affecting a function within the file /admin/view-appointment.php. This vulnerability arises from improper handling of the 'viewid' parameter, allowing for SQL injection a...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

An issue discovered in GetSimple CMS versions up to 3.3.15 allows authenticated users to upload files with arbitrary content, including PHP code. This vulnerability can potentially be exploited as the authentication mechanism can be bypassed. The vulnerability resides in the admin/theme-edit.php ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A remote code execution vulnerability has been identified in HPE OneView, allowing an attacker to execute arbitrary code on affected systems. Exploitation of this weakness could enable unauthorized control over system operations, leading to potential data breaches and system compromise. It is ess...

The Pure WC Variation Swatches plugin for WordPress lacks proper authorization checks when updating settings. This oversight enables any authenticated user to modify plugin settings, potentially leading to unauthorized changes and security risks within the application. It is essential for users o...

This vulnerability affects multiple versions of React Server Components by allowing malicious payloads sent through HTTP requests to Server Function endpoints to be unsafely deserialized. This can result in an infinite loop that hangs the server process, effectively blocking future HTTP requests ...

WebsiteBaker 2.13.3 suffers from a stored cross-site scripting vulnerability that enables authenticated users to inject malicious scripts during the creation of web pages. Attackers can exploit this vulnerability by crafting infected page titles, which execute arbitrary JavaScript when the compro...

InnovaStudio WYSIWYG Editor 5.4 is vulnerable to an unrestricted file upload due to improper handling of file extensions, allowing attackers to manipulate filenames and upload malicious files. By employing null byte techniques and various file extensions, attackers can evade upload controls, lead...

The FileZilla Client version 3.63.1 is susceptible to a DLL hijacking vulnerability that permits attackers to execute arbitrary code. By strategically placing a manipulated TextShaping.dll file within the application directory, malicious actors can initiate a reverse shell payload. This vulnerabi...

The Kimai 1.30.10 version features a vulnerability related to SameSite cookies that poses a risk of session hijacking. Attackers can exploit this flaw by tricking users into executing a malicious PHP script, which captures session cookie information and writes it to a file. This potential breach ...

The Flatnux product version 2021-03.25 is susceptible to an authenticated file upload vulnerability that permits administrative users to upload arbitrary PHP files using the file manager. This flaw enables attackers with administrator access to upload potentially harmful PHP scripts to the web ro...

The LDAP Tool Box Self Service Password version 1.5.2 is susceptible to a password reset vulnerability that enables attackers to exploit HTTP Host headers during the token generation process. By crafting malicious password reset requests, attackers can forge tokens and redirect them to their cont...

Dotclear 2.25.3 has a vulnerability that enables authenticated attackers to exploit the blog post creation interface to upload malicious PHP files with the .phar extension. Once uploaded, these files can contain executable PHP system commands that run on the server when accessed. This flaw poses ...

ActFax 10.10 has a flaw that exposes it to potential local privilege escalation due to an improperly configured service path for ActiveFaxServiceNT. This vulnerability allows attackers who have write access to Program Files directories to place a malicious ActSrvNT.exe executable, which would be ...

The Ever Gauzy application version 0.281.9 exhibits a vulnerability in its JWT authentication system, primarily due to a weak implementation of the HMAC secret key. This flaw enables attackers to exploit the exposed JWT token, allowing them to authenticate themselves and gain administrative permi...

AspEmail version 5.6.0.2 is affected by a binary permission vulnerability that could allow local users to escalate their privileges through manipulation of the Persits Software EmailAgent service. The vulnerability arises from excessive write permissions granted in the BIN directory, enabling mal...

Lilac-Reloaded for Nagios version 2.0.8 is susceptible to a remote code execution flaw within its autodiscovery feature. This vulnerability allows attackers to inject arbitrary commands by exploiting the inadequate input filtering of the nmap_binary parameter. By sending a specially crafted POST ...

OCS Inventory NG version 2.3.0.0 is susceptible to an unquoted service path vulnerability. This flaw enables local attackers to gain elevated privileges by placing a malicious executable in the service's unquoted path. When the service is restarted, it may execute this malicious code, potentially...

BrainyCP 1.0 is vulnerable to authenticated remote code execution due to improper handling of commands through the crontab configuration interface. This vulnerability allows logged-in users to exploit the crontab endpoint, enabling the injection of arbitrary commands, which can include launching ...

ArcSoft PhotoStudio version 6.0.0.172 contains a vulnerability related to unquoted service paths in the ArcSoft Exchange Service. This flaw allows local attackers to exploit the service by placing a malicious executable within the unquoted path, which may lead to unauthorized privilege escalation...

An SQL injection vulnerability exists in the Simple Stock System version 1.0, specifically within the /market/update.php file. The flaw arises from improper handling of the 'email' parameter, allowing an attacker to manipulate input to execute arbitrary SQL queries. This weakness can be exploited...

The Advanced Custom Fields: Extended plugin for WordPress contains a vulnerability that allows unauthenticated attackers to execute arbitrary code on the server. This occurs due to improper validation within the prepare_form() function, which processes user input through call_user_func_array() wi...

A vulnerability exists in the itsourcecode Student Management System that allows for SQL injection through the manipulation of the 'school_year' parameter in the /candidates_report.php file. This can lead to unauthorized access to the underlying database, allowing attackers to execute arbitrary S...

A SQL injection vulnerability exists in FastAdmin versions up to 1.7.0.20250506, specifically within the selectpage function of the Backend Controller component. This flaw arises from improper handling of the 'custom/searchField' argument, allowing attackers to manipulate database queries execute...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A SQL Injection vulnerability has been identified in the Themefic Hydra Booking plugin, which allows attackers to manipulate SQL queries executed by the application. This issue can lead to unauthorized access to sensitive data, including user information and administrative functionalities. The vu...

A cross-site scripting (XSS) vulnerability has been identified in the Simple Stock System version 1.0 developed by Code-Projects. This flaw resides within an unspecified function in the /market/chatuser.php file, allowing remote attackers to execute malicious scripts in the context of users inter...

A SQL injection vulnerability exists in the Simple Blood Donor Management System 1.0, specifically within the /editedcampaign.php file. An attacker can manipulate the campaignname parameter, potentially leading to unauthorized access to the database. This vulnerability allows remote execution of ...

A security vulnerability has been identified in the Simple Blood Donor Management System version 1.0, particularly impacting the /editeddonor.php file. An attacker can exploit this vulnerability through manipulation of the 'Name' argument, potentially leading to SQL injection attacks. This flaw a...

A vulnerability has been discovered in Simple Stock System 1.0 that allows remote attackers to exploit a SQL injection issue through improper processing of user input in the /market/signup.php file. This critical weakness permits unauthorized manipulation of the Username argument, facilitating po...

A significant security flaw has been identified within the floooh Sokol library, specifically in the _sg_pipeline_common_init function located in sokol_gfx.h. This vulnerability manifests as a heap-based buffer overflow, which could potentially be exploited by attackers with local access to the s...

A vulnerability has been discovered in the WebAssembly Binaryen that allows for a null pointer dereference due to improper handling of the arguments within the IRBuilder components. Specifically, the functions IRBuilder::makeLocalGet, IRBuilder::makeLocalSet, and IRBuilder::makeLocalTee can be af...

A vulnerability exists in WebAssembly Binaryen, specifically within the WasmBinaryReader::readExport function of the wasm-binary.cpp file. This issue can lead to a heap-based buffer overflow, which may allow an attacker to execute malicious code on the local host. This vulnerability has been publ...

A vulnerability exists in the PFCP component of Open5GS, specifically within the ogs_pfcp_handle_create_pdr function. This flaw leads to improper initialization, which can be exploited remotely. Although the attack exhibits high complexity and poses significant challenges for exploitation, it rem...

A reachable assertion vulnerability has been identified in the Open5GS library lib/pfcp/context.c, specifically within the functions ogs_pfcp_pdr_find_or_add, ogs_pfcp_far_find_or_add, ogs_pfcp_urr_find_or_add, and ogs_pfcp_qer_find_or_add. This flaw potentially allows remote attackers to manipul...

A null pointer dereference vulnerability has been identified in Open5GS versions up to 2.7.5, specifically in the function ogs_pfcp_handle_create_pdr within the FAR-ID Handler module. This flaw allows remote attackers to manipulate specific inputs, which can result in application crashes or unexp...

A vulnerability has been identified in Campcodes Supplier Management System version 1.0, specifically within the /admin/add_category.php file. This issue arises from improper handling of the txtCategoryName parameter, which allows attackers to perform SQL injection attacks remotely. The exploit c...

A security vulnerability has been identified in the Scholars Tracking System 1.0, specifically within an unknown function of the file /home.php. A remote attacker could exploit this weakness by manipulating the post_content argument, allowing for SQL injection attacks. This vulnerability has been...