Publicly Disclosed
PoC Exploits

The vulnerability occurring in UNISOC's BootRom allows a possible unchecked write address, enabling local escalation of privilege without requiring additional execution privileges. This flaw poses a significant security risk, as it can be exploited by malicious actors to gain unauthorized access ...

A privilege escalation vulnerability is present in XAMPP versions prior to 7.2.29, 7.3.16, and 7.4.4 on Windows systems. An unprivileged user has the capability to modify the xampp-control.ini configuration file, potentially allowing unauthorized access to all users, including administrators. Thi...

A significant security vulnerability has been identified in the Tenda AC21 router, specifically within the mDMZSetCfg function located in the /goform/mDMZSetCfg file. This vulnerability allows an attacker to manipulate the dmzIp argument, leading to potential command injection that can be execute...

A type confusion vulnerability exists in Mozilla Firefox and Thunderbird, stemming from improper handling of JavaScript objects in the Array.pop function. This flaw can facilitate an exploitable crash, potentially compromising the stability and security of affected applications. Recent attacks in...

A stack-based buffer overflow vulnerability affects the Tenda AC21 router, specifically within the fromAdvSetMacMtuWan function located in the /goform/AdvSetMacMtuWan file. This flaw enables an attacker to potentially execute arbitrary code remotely. Given that exploits for this vulnerability are...

A stack-based buffer overflow exists in the goform/formExportDataLogs function within HP Power Manager, prior to version 4.2.10. This flaw enables remote attackers to execute arbitrary code by exploiting the vulnerability through a specially crafted long 'fileName' parameter. The issue poses a si...

SmarterMail versions earlier than build 9511 are susceptible to an unauthenticated remote code execution vulnerability via the ConnectToHub API method. An attacker can exploit this weakness by directing the application to a malicious HTTP server that delivers harmful OS commands, which are then e...

A command injection vulnerability has been identified in the Totolink A7000R router, specifically affecting the setUpgradeFW function within the /cgi-bin/cstecgi.cgi file. This weakness allows an attacker to manipulate the FileName parameter, enabling remote execution of arbitrary commands. Given...

A command injection vulnerability has been identified in the Totolink A7000R router, specifically affecting the setUpgradeFW function within the /cgi-bin/cstecgi.cgi file. This weakness allows an attacker to manipulate the FileName parameter, enabling remote execution of arbitrary commands. Given...

A security weakness has been found in the Totolink A7000R router, specifically within the setUploadUserData function located in the /cgi-bin/cstecgi.cgi file. By manipulating the FileName argument, attackers can execute arbitrary commands on the device, which poses a serious threat as the exploit...

A security weakness has been found in the Totolink A7000R router, specifically within the setUploadUserData function located in the /cgi-bin/cstecgi.cgi file. By manipulating the FileName argument, attackers can execute arbitrary commands on the device, which poses a serious threat as the exploit...

A recently identified security flaw in the Bdtask Bhojon All-In-One Restaurant Management System affects the Add-to-Cart submission endpoint. The vulnerability resides in an unspecified function of the file /hungry/addtocart, where improper manipulation of the parameters price or allprice can lea...

A recently identified security flaw in the Bdtask Bhojon All-In-One Restaurant Management System affects the Add-to-Cart submission endpoint. The vulnerability resides in an unspecified function of the file /hungry/addtocart, where improper manipulation of the parameters price or allprice can lea...

A vulnerability exists in the Bdtask Bhojon All-In-One Restaurant Management System's checkout functionality, specifically in the handling of parameters during the order process. An attacker may exploit this flaw by manipulating the arguments related to the calculation of total amounts, including...

A vulnerability exists in the Bdtask Bhojon All-In-One Restaurant Management System's checkout functionality, specifically in the handling of parameters during the order process. An attacker may exploit this flaw by manipulating the arguments related to the calculation of total amounts, including...

A cross-site scripting vulnerability exists in the User Information Module within the Bdtask Bhojon All-In-One Restaurant Management System, specifically in the '/dashboard/home/profile' file. By manipulating the 'fullname' argument, attackers can execute arbitrary code remotely, potentially comp...

A vulnerability has been identified in Bdtask SalesERP versions up to 20260116 that affects the Administrative Endpoint. This flaw allows an attacker to manipulate the 'ci_session' argument, leading to improper authorization. Exploitation can be performed remotely, posing a significant risk to us...

A vulnerability has been identified in Bdtask SalesERP versions up to 20260116 that affects the Administrative Endpoint. This flaw allows an attacker to manipulate the 'ci_session' argument, leading to improper authorization. Exploitation can be performed remotely, posing a significant risk to us...

A security vulnerability exists in Google Chrome versions before 137.0.7151.68, which allows remote attackers to exploit out-of-bounds read and write conditions in the V8 JavaScript engine. By crafting a specific HTML page, an attacker may manipulate heap memory, potentially leading to unauthoriz...

A security vulnerability exists in itsourcecode Society Management System version 1.0, specifically affecting the /admin/edit_student_query.php file. This vulnerability allows an attacker to manipulate the 'student_id' parameter, leading to SQL injection. The exploitation of this vulnerability ca...

A security vulnerability in the itsourcecode Society Management System version 1.0 allows for SQL injection through manipulation of the argument 'detail' in the /admin/add_expenses.php file. This flaw could enable remote attackers to execute unauthorized SQL commands, potentially compromising the...

A vulnerability has been discovered in itsourcecode's Society Management System version 1.0, specifically related to an inadequate security measure in the file /admin/edit_expenses_query.php. This issue allows an attacker to manipulate the 'detail' argument, potentially leading to SQL injection a...

The 10-Strike Bandwidth Monitor version 3.9 is susceptible to an unquoted service path vulnerability in various services. This flaw enables local attackers to exploit the service startup process by placing a malicious executable in specific directory paths. Successful exploitation allows attacker...

GOautodial 4.0 is affected by a persistent cross-site scripting vulnerability, enabling authenticated agents to inject malicious scripts through message subjects. Attackers can exploit this trust to craft messages containing JavaScript that execute upon being viewed by an administrator. This can ...

CodeMeter 6.60 features an unquoted service path vulnerability that permits local users to potentially execute arbitrary code with elevated system privileges. Exploiting this flaw involves manipulating the unquoted binary path utilized by the CodeMeter Runtime Server service, enabling attackers t...

SonarQube version 8.3.1 contains an unquoted service path vulnerability, which poses a significant risk for local attackers. By exploiting this flaw, malicious users can manipulate the service executable path to replace the legitimate 'wrapper.exe' with a malicious executable. This can lead to co...

BarcodeOCR version 19.3.6 has a vulnerability related to an unquoted service path, which can be exploited by local attackers. This flaw enables the injection of malicious executables that execute with elevated privileges during system startup. By exploiting this vulnerability, attackers can execu...

The Ruijie Networks Switch eWeb S29_RGOS 11.4 is susceptible to a directory traversal vulnerability that enables unauthorized users to exploit the /download.do endpoint. By leveraging specially crafted file path parameters containing '../' sequences, attackers can gain access to sensitive system ...

Gnome Fonts Viewer version 3.34.0 contains a heap corruption flaw that could be exploited by attackers to perform out-of-bounds writes. By crafting a malicious TTF font file with an oversized pattern, attackers can induce an infinite malloc() loop, potentially leading to the crash of the gnome-fo...

Audio Playback Recorder version 3.2.2 contains a local buffer overflow vulnerability that arises from improper handling of the eject and registration parameters. This flaw allows attackers to exploit the application by crafting malicious inputs that can overwrite the Structured Exception Handler ...

Audio Playback Recorder version 3.2.2 contains a local buffer overflow vulnerability that arises from improper handling of the eject and registration parameters. This flaw allows attackers to exploit the application by crafting malicious inputs that can overwrite the Structured Exception Handler ...

Tea LaTex 1.0 is susceptible to a remote code execution vulnerability that permits unauthenticated attackers to execute arbitrary shell commands. This vulnerability arises when a specially crafted malicious LaTeX payload is processed via the /api.php endpoint, notably during the execution of the ...

EasyPMS 1.0.0 is affected by an authentication bypass vulnerability, enabling unprivileged users to manipulate SQL queries through JSON requests. By exploiting inadequate input validation, attackers can inject single quotes into ID parameters, allowing them to gain unauthorized access to admin us...

BearShare Lite 5.2.5 has a vulnerability that enables buffer overflow through the Advanced Search keywords input. This flaw allows attackers to submit a specially crafted payload via the search input, leading to potential arbitrary code execution by overwriting the EIP register and running shellc...

MedDream PACS Server 6.8.3.751 is susceptible to an authenticated remote code execution vulnerability. This flaw permits authorized users to upload malicious PHP files through the uploadImage.php endpoint, enabling potential attackers to execute arbitrary system commands with elevated privileges....

Liman 0.7 contains a vulnerability that allows attackers to exploit cross-site request forgery (CSRF) weaknesses. By crafting malicious HTML forms, attackers can deceive logged-in users into submitting unauthorized requests, which may lead to the manipulation of their account settings, including ...

berliCRM version 1.0.24 is vulnerable to a SQL injection flaw in the 'src_record' parameter. This vulnerability permits remote attackers to submit crafted POST requests to the index.php endpoint, potentially allowing them to execute unintended SQL commands. As a result, attackers could extract se...

TimeClock Software 1.01 is susceptible to an authenticated time-based SQL injection vulnerability that enables attackers to enumerate valid usernames. By manipulating the 'notes' parameter in the add_entry.php endpoint, adversaries can inject conditional time delays. This allows them to ascertain...

The Ultimate Project Manager CRM PRO 2.0.5 is susceptible to a blind SQL injection vulnerability. This flaw can be exploited through the /frontend/get_article_suggestion/ endpoint, allowing malicious users to craft specially designed search parameters. By utilizing boolean-based inference techniq...

Ajenti version 2.1.36 is vulnerable to an authentication bypass that enables remote attackers to execute arbitrary commands post-login. By exploiting the /api/terminal/create API endpoint, attackers can send a netcat reverse shell payload to a designated IP address and port, potentially compromis...

Elaniin CMS version 1.0 contains a vulnerability that allows attackers to bypass authentication and gain unauthorized access to the admin dashboard. This exploitation is performed by manipulating login parameters, particularly by utilizing SQL injection techniques through crafted email and passwo...

Free MP3 CD Ripper 2.8 is affected by a stack buffer overflow vulnerability that permits remote attackers to execute arbitrary code. By crafting a malicious WAV file with an oversized payload, attackers can leverage this vulnerability to gain control over vulnerable Windows systems. This exploit ...

Frigate Professional version 3.36.0.9 contains a local buffer overflow vulnerability within the Pack File feature. This vulnerability allows attackers to craft a malicious payload that exploits the 'Archive To' input field, potentially leading to arbitrary code execution. By overflowing this fiel...

BacklinkSpeed 2.4 is vulnerable to a buffer overflow issue that can lead to corruption of the Structured Exception Handler (SEH) chain. By importing a specially crafted malicious file, attackers could overwrite SEH addresses, potentially allowing them to execute arbitrary code and take control of...

Mocha Telnet Lite for iOS version 4.2 is susceptible to a denial of service vulnerability due to improper handling of user input in the configuration settings. An attacker can exploit this weakness by entering an excessive amount of data, specifically 350 bytes of repeated characters in the 'User...

The QlikView application version 12.50.20000.0 contains a vulnerability in its FTP server address input field. This issue allows local attackers to crash the application by submitting a specially crafted request with a 300-character buffer. Exploiting this vulnerability compromises the applicatio...

A SQL injection vulnerability has been found in the itsourcecode School Management System version 1.0, specifically affecting the index.php file. This flaw allows attackers to manipulate an argument within the script, leading to unauthorized querying of the database. The vulnerability can be expl...

A SQL injection vulnerability exists within the itsourcecode School Management System version 1.0, particularly in the unknown function of the file /ramonsys/inquiry/index.php. This vulnerability allows attackers to manipulate the argument 'txtsearch' to execute unauthorized SQL commands. The exp...

A vulnerability exists in jishenghua jshERP versions up to 3.6, specifically within the install function found in the /jshERP-boot/plugin/installByPath file. This issue allows attackers to manipulate the path argument, enabling unauthorized access to files outside the intended directory structure...

A vulnerability has been identified in Open5GS that affects the SGWC component. Specifically, it resides in the function 'sgwc_s11_handle_modify_bearer_request' located in the file '/sgwc/s11-handler.c'. This flaw can be exploited to induce a denial of service, allowing a remote attacker to disru...