Publicly Disclosed
PoC Exploits

A vulnerability exists in the code-projects Online Application System for Admission 1.0, specifically within its database handling functionality. This flaw allows for the insecure storage of sensitive information, which can be remotely manipulated by an attacker. The risk of exploitation is signi...

A vulnerability in the Online Application System for Admission version 1.0 by Code-Projects has been identified, allowing for potential SQL injection attacks. This security flaw affects the file /enrollment/admsnform.php within the Endpoint component, enabling attackers to manipulate queries exec...

A SQL injection vulnerability has been identified in the Simple Laundry System version 1.0, specifically within the /userfinishregister.php file, related to the Parameter Handler component. This flaw allows for remote exploitation through manipulation of the 'firstName' argument, potentially enab...

A Cross Site Scripting vulnerability has been identified in the Code-Projects Online Shoe Store version 1.0. The issue is rooted in the 'product_name' parameter of the file '/admin/admin_feature.php' within the Add Product Page component. This vulnerability allows an attacker to manipulate the in...

A SQL injection vulnerability has been identified in the Easy Blog Site 1.0 product. Specifically, the vulnerability lies within the login.php file, where improper validation of the username and password arguments allows for the execution of arbitrary SQL queries. This flaw can be exploited remot...

An SQL injection vulnerability exists in the Projectworlds Car Rental System version 1.0, specifically within the '/pay.php' file's Parameter Handler component. This flaw can be exploited through a manipulation of the 'mpesa' argument, allowing attackers to execute arbitrary SQL code. The vulnera...

A security flaw has been identified in the Cyber-III Student-Management-System that allows an attacker to leverage an unknown function within the batch-notice.php file. By manipulating the $_SERVER['PHP_SELF'] argument, an attacker can execute cross site scripting (XSS) attacks remotely. This vul...

A cross site scripting vulnerability exists in the Cyber-III Student-Management-System, specifically within the Admin Add Endpoint. This issue arises due to manipulation of the $_SERVER['PHP_SELF'] argument in the notice.php file, allowing attackers to execute malicious scripts remotely. As the e...

A vulnerability exists in the Cyber-III Student Management System related to improper authorization due to an issue in the HTTP POST Request Handler located in /viva/update.php. The problem arises from manipulation of the argument 'Name', allowing for unauthorized access. This vulnerability can b...

An SQL injection vulnerability exists in the PHPGurukul Online Shopping Portal version 2.1, specifically within the /admin/update-image1.php file's Parameter Handler. Attackers can exploit this vulnerability by manipulating the 'filename' argument, potentially leading to unauthorized access and m...

A vulnerability exists in PHPGurukul's Online Shopping Portal Project 2.1, specifically within the '/admin/update-image2.php' file's Parameter Handler component. This issue arises from improper handling of the 'filename' argument, which can lead to SQL injection exploits. Attackers can potentiall...

A security flaw exists in the PHPGurukul Online Shopping Portal Project version 2.1, specifically within an unclassified function in the file /admin/update-image3.php. This vulnerability allows an attacker to manipulate the 'filename' argument, potentially leading to a remote SQL injection attack...

A security flaw has been identified in the HerikLyma CPPWebFramework version 3.1 and below, which permits path traversal. This vulnerability enables attackers to manipulate file paths, potentially leading to unauthorized access to sensitive files outside the intended directory structure. The prob...

A security flaw has been identified in the Projectworlds Car Rental System 1.0, specifically within the /message_admin.php file's Parameter Handler component. This vulnerability allows for potential SQL injection via manipulation of the Message parameter, enabling attackers to execute malicious S...

A vulnerability exists in PHPGurukul Online Shopping Portal Project 2.1, specifically within the /cancelorder.php file of the Parameter Handler component. This weakness allows an attacker to exploit the argument 'oid', leading to SQL injection attacks that can be initiated remotely. The potential...

A security vulnerability exists in PHPGurukul Online Shopping Portal Project 2.1, specifically in the parameter handler located in /categorywise-products.php. An attacker can manipulate the 'cid' argument to execute unauthorized SQL commands, potentially leading to remote exploitation of the appl...

A SQL injection vulnerability has been discovered in the Projectworlds Car Rental Project version 1.0, specifically within the file /book_car.php. This issue arises from an inadequate handling of parameters in the Parameter Handler component, where the manipulation of the 'fname' argument can all...

A vulnerability has been identified in the assafelovic gpt-researcher, specifically in the ws Endpoint component. By manipulating the argument source_urls, an attacker can execute a server-side request forgery (SSRF) attack. This flaw can be exploited remotely, allowing unauthorized actions on th...

A vulnerability has been identified in the assafelovic gpt-researcher application, specifically affecting versions up to 3.4.3. This issue pertains to an unknown function within the component handling the HTTP REST API Endpoint, which demonstrates missing authentication controls. Consequently, th...

A significant code injection vulnerability has been identified in the gpt-researcher product from Assafelovic, affecting versions up to 3.4.3. This vulnerability exists within the 'extract_command_data' function located in the 'backend/server/server_utils.py' file, specifically in the ws Endpoint...

A significant flaw resides in the Report API of the assafelovic gpt-researcher software, specifically within an undisclosed function found in backend/server/app.py. This vulnerability permits remote attackers to perform cross-site scripting (XSS) attacks. Despite being informed through an issue r...

A stack-based buffer overflow vulnerability exists in the formSetFirewall function of Belkin's F9K1015 router firmware version 1.00.10. An attacker can exploit this vulnerability remotely by manipulating the argument used in the webpage, leading to potential unauthorized access and control over t...

A vulnerability in the Linux kernel's ICMP protocol handling could lead to a kernel panic upon receiving specific ICMP Fragmentation Needed errors. The issue arises from the unconditional dereference of an unregistered protocol's handler, which may result in a NULL pointer dereference. This occur...

A security vulnerability affecting the Belkin F9K1015 router has been identified in the formSetSystemSettings function within the Setting Handler component. This vulnerability arises from improper handling of the 'webpage' argument, which can lead to a stack-based buffer overflow. As a result, an...

A vulnerability has been detected in Assafelovic's GPT-Researcher up to version 3.4.3 that exposes the WebSocket Interface to potential cross-site scripting attacks. The flaw arises from improper handling of arguments in the file gpt_researcher/skills/researcher.py. By manipulating the argument '...

A command injection vulnerability exists in the HTTP Interface of ChrisChinchilla Vale-MCP, specifically in the src/index.ts file. The vulnerability is triggered by manipulating the config_path argument, allowing attackers to execute arbitrary operating system commands. This exploitation requires...

A SQL injection vulnerability exists in the itsourcecode Construction Management System version 1.0, specifically within the borrowed_equip_report.php file. This weakness arises from inadequate validation of user-supplied inputs in the Parameter Handler component. Attackers can exploit this vulne...

A security flaw exists in the Braffolk MCP-Summarization-Functions library, specifically within the summarize_command functionality of the server component (src/server/mcp-server.ts). This vulnerability allows for OS command injection, which could be exploited by an individual with local access t...

A server-side request forgery (SSRF) vulnerability has been identified in kalcaddle's kodbox, affecting versions up to 1.64. This flaw resides in the shareMake/shareCheck component, where manipulation of the siteFrom and siteTo arguments can lead to unauthorized requests being made from the serve...

A vulnerability has been identified in givanz Vvvebjs prior to version 2.0.5, specifically within the file upload functionality of the component File Upload Endpoint. This weakness stems from improper handling of the 'uploadAllowExtensions' parameter, which opens the door to cross-site scripting ...

An Authentication Bypass vulnerability exists in the Trivision Camera NC227WF v5.8.0, allowing attackers to infiltrate the system. By sending crafted requests with random credentials to the vulnerable endpoint '/en/player/activex_pal.asp', an attacker can gain unauthorized access and retrieve adm...

A vulnerability exists in the Belkin F9K1015 router, specifically within the formSetPassword function of the /goform/formSetPassword file. This issue allows for a stack-based buffer overflow due to manipulation of the webpage argument, potentially enabling remote attackers to exploit the device. ...

Sequelize, a popular Object-Relational Mapping (ORM) tool for Node.js, exhibits a vulnerability that allows an attacker to exploit SQL injection through unescaped cast types in JSON/JSONB where clause processing. By manipulating JSON path keys, an attacker can inject malicious SQL queries, potent...

A notable flaw exists in the Trivision Camera NC227WF v5.8.0, where passwords are transmitted in the URL's query string. This design oversight can lead to sensitive data exposure, as third parties monitoring network traffic could intercept these credentials, compromising the security of the camer...

A stack-based buffer overflow has been discovered in the Belkin F9K1015 router, specifically affecting the formReboot function located in the /goform/formReboot file. This vulnerability arises from improper handling of the 'webpage' argument, allowing attackers to exploit this weakness remotely. ...

A remote vulnerability exists in the Belkin F9K1015 router, specifically within the formWlEncrypt function located in the /goform/formWlEncrypt file. By manipulating the webpage parameter, an attacker can trigger a stack-based buffer overflow, potentially compromising the device's operation. This...

A stack-based buffer overflow vulnerability has been identified in the Belkin F9K1015 router, specifically within the formCrossBandSwitch function located in the /goform/formCrossBandSwitch file. This vulnerability arises from improper argument handling within the web interface, allowing an attac...

A stack-based buffer overflow vulnerability has been identified in the Belkin F9K1015 router, specifically in the function formWISP5G located in the /goform/formWISP5G file. This issue arises from improper handling of input parameters, allowing attackers to manipulate the argument webpage. As a r...

A security flaw has been identified in the Tenda i12 router, specifically affecting version 1.0.0.11(3862). The vulnerability arises from an improper handling of the formwrlSSIDset function within the /goform/wifiSSIDset component, which allows for a stack-based buffer overflow. An attacker can e...

A flaw has been identified in the Belkin F9K1122 router version 1.00.33, where improper handling of the 'webpage' argument in the formWlanSetup function can lead to a stack-based buffer overflow. This vulnerability allows attackers to craft a malicious request that may potentially disrupt the dev...

A vulnerability has been identified in the imprvhub mcp-browser-agent affecting versions up to 0.8.0. This issue allows for server-side request forgery through improper handling of parameters in the CallToolRequestSchema function of the URL Parameter Handler. A malicious actor can exploit this vu...

A vulnerability has been discovered in the Tenda CH22 router, specifically in the function 'formWrlExtraSet' found within the '/goform/WrlExtraSet' file. This flaw is triggered by improper handling of the argument 'GO', resulting in a stack-based buffer overflow. This security issue allows an att...

A security flaw has been identified in the Tenda CH22 router, specifically within the formCertLocalPrecreate function located in the /goform/CertLocalPrecreate file. This vulnerability can lead to a stack-based buffer overflow when the 'standard' argument is manipulated. The implications of this ...

A critical vulnerability has been discovered in the elgentos Magento2-Dev-MCP up to version 1.0.2, specifically in the executeMagerun2Command function located in src/index.ts. This vulnerability allows for OS command injection, potentially enabling attackers to execute arbitrary commands on the s...

A security vulnerability was identified in the Nor2-io heim-mcp product, specifically in the registerTools function located in the src/tools.ts file. This flaw allows for OS command injection, necessitating local access to exploit. The vulnerability has been publicly disclosed and poses a risk to...

Acrel Electrical Prepaid Cloud Platform version 1.0 contains a vulnerability in the Backup File Handler component, specifically affecting the processing of a backup file located at /bin.rar. This vulnerability could allow unauthorized access to sensitive information, which can be exploited remote...

A vulnerability has been identified in Griptape version 0.19.4, found in the ComputerTool component of the affected tool.py file. This flaw allows a remote attacker to manipulate the filename argument, potentially leading to unauthorized access to directory traversal. The exploit has been made pu...

eDirectory has several SQL injection vulnerabilities that enable untrusted attackers to bypass administrator authentication and gain access to sensitive files. By exploiting SQL code injection through the key parameter in the login endpoint, attackers can authenticate as an administrator. Followi...

Kados R10 GreenBee is susceptible to an SQL injection vulnerability, allowing attackers to exploit the 'filter_user_mail' parameter. By crafting specially formulated requests imbued with malicious SQL code, an attacker could potentially retrieve sensitive information from the database or alter ex...

Pegasus CMS 1.0 is susceptible to a remote code execution vulnerability via the extra_fields.php plugin. This flaw allows unauthenticated attackers to exploit unsafe eval functionality, enabling them to execute arbitrary commands on the server. By sending crafted POST requests to the submit.php e...