Publicly Disclosed
PoC Exploits

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token (X-User-Token) with insufficient expiration. An attacker who obtains a valid token (for example via interception, log exposure, or token reuse on a shared system) can continue to ...

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain admi...

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of survei...

The jsPDF library, widely used for generating PDFs in JavaScript, is subject to a security flaw that allows attackers to control the parameters of the `addJS` method. This oversight enables the injection of arbitrary PDF objects, which can lead to execution of malicious actions or manipulation of...

A critical security vulnerability has been identified in the Intelbras TIP 635G version 1.12.3.5, specifically affecting the Ping Handler component. This weakness allows for remote attackers to execute arbitrary operating system commands on the affected device, posing a serious risk of unauthoriz...

The latest vulnerability in SPIP allows attackers to execute arbitrary code remotely due to improper handling of data serialization in form inputs within the public area. This flaw could enable unauthorized access and manipulation of the system, highlighting the need for immediate updates to the ...

The Responsive Lightbox & Gallery WordPress plugin is susceptible to an Unauthenticated Stored-XSS attack due to inadequate regex replacement rules. Attackers can exploit this vulnerability by submitting a comment containing a malicious link when lightbox comments are enabled. If the comment is s...

A path traversal vulnerability exists in MuYuCMS version 2.7, specifically within the delete_dir_file function of the Template Management Page's controller. This issue arises due to improper handling of user-supplied input, allowing an attacker to manipulate the 'temn/tp' argument and potentially...

The Valkey distributed key-value database has a vulnerability that allows a malicious user to inject arbitrary data into the response stream using scripting commands. This can lead to the corruption of data or tampered responses affecting other users connected to the same session. The issue arise...

The SourceCodester Modern Image Gallery App version 1.0 is susceptible to a cross site scripting vulnerability through its upload.php file. An attacker can exploit this by manipulating the 'filename' parameter, potentially launching the attack remotely. This exploit is now publicly available, hig...

A security vulnerability has been identified in itsourcecode Document Management System 1.0, specifically within an unknown function of the file /edtlbls.php. This vulnerability allows for SQL injection through the manipulation of the argument 'field1'. Attackers can exploit this flaw remotely, p...

A vulnerability has been discovered in itsourcecode's Document Management System version 1.0 that affects the deluser.php file. An improper handling of the 'user2del' argument can lead to SQL injection attacks, which can be executed remotely. The exploit has been publicly disclosed, making it cru...

A vulnerability has been identified in HummerRisk's Archive Extraction functionality, specifically within the 'extractTarGZ/extractZip' methods in the CommandUtils.java file. This issue enables an attacker to manipulate the file path used during archive extraction, leading to a path traversal con...

A command injection vulnerability exists in the HummerRisk Cloud Compliance Scanning component, specifically within the fixedCommand function located in the PlatformUtils.java file. This flaw allows remote attackers to execute arbitrary commands on the affected system, potentially leading to unau...

A command injection vulnerability has been identified in the HummerRisk software affecting the Cloud Task Dry-run component. Specifically, the issue resides in the function CommandUtils.commonExecCmdWithResult located in CloudTaskService.java. An attacker can manipulate the argument 'fileName' to...

A security vulnerability has been identified in HummerRisk Cloud Task Scheduler affecting versions up to 1.5.0, specifically in the file ResourceCreateService.java. This vulnerability arises from improper handling of the argument 'regionId', allowing attackers to execute arbitrary commands. The e...

A stack-based buffer overflow vulnerability in the Apache httpd server's mod_cgi module on SonicWall's SMA100 appliances could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the 'nobody' user. This issue affects multiple SMA appliance models, specificall...

A security flaw exists in the backend interface of pearProjectApi, specifically within the 'dateTotalForProject' function in the Task.php file. This vulnerability allows attackers to manipulate the 'projectCode' argument, potentially leading to unauthorized SQL commands being executed against the...

A security vulnerability exists in the OpenAPI Endpoint of DataLinkDC Dinky prior to version 1.2.6, particularly in the addInterceptors function within AppConfig.java. This flaw allows unauthorized access due to missing authentication checks. An attacker can remotely exploit this vulnerability, p...

A vulnerability exists in the DataLinkDC dinky where the function proxyUba of the Flink Proxy Controller can be manipulated, leading to server-side request forgery (SSRF). This flaw allows attackers to initiate remote attacks, potentially exposing sensitive server resources. The vulnerability has...

A path traversal vulnerability exists in the DataLinkDC dinky product, specifically in the function getProjectDir within the GitRepository.java file. This vulnerability allows attackers to manipulate the projectName argument, potentially accessing files outside the intended directory. The exploit...

A security flaw has been identified in the Horilla CRM platform, specifically within the Leads Module. This vulnerability allows attackers to manipulate input in the 'Notes' function found in static/assets/js/global.js, leading to potential cross site scripting (XSS) exploits. The attack can be e...

This vulnerability arises from the improper handling of special elements in command execution within Windows PowerShell. An attacker could exploit this flaw to execute arbitrary code locally on affected systems, potentially leading to unauthorized access and system compromise. Users of Windows Po...

A security flaw has been identified in the Horilla CRM software impacting versions up to 1.0.2. Specifically, the `get` function in the Query Parameter Handler component, located in the `horilla_generics/global_search.py` file, is susceptible to manipulation through the `prev_url` argument. This ...

A vulnerability has been identified in the itsourcecode E-Logbook with Health Monitoring System for COVID-19 version 1.0, specifically affecting the file /check_profile_old.php. This vulnerability allows an attacker to manipulate the profile_id argument, leading to SQL injection attacks. Such vul...

A critical security vulnerability has been identified in the Tenda AC8 router version 16.03.34.06, specifically within the Httpd Service. The function webCgiGetUploadFile located in the /cgi-bin/UploadCfg file is susceptible to manipulation of the argument boundary, leading to a stack-based buffe...

A vulnerability has been discovered in the itsourcecode Event Management System version 1.0, specifically in the file /admin/navbar.php. This flaw allows attackers to manipulate the 'page' argument, leading to the potential execution of cross-site scripting (XSS) attacks. Such attacks are executa...

A security flaw was identified in the itsourcecode Event Management System version 1.0, specifically within an unknown function located in /admin/index.php. This vulnerability allows an attacker to manipulate the argument ID, leading to SQL injection. As a result, malicious users may exploit this...

A cross-site scripting vulnerability exists in the Article Sidebar Module of xingfuggz BaykeShop, specifically in the file located at src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html. This issue arises from improper handling of the sidebar.content argument, allowing attackers...

A vulnerability exists in the DrayTek Vigor 300B's web management interface, specifically within the cgiGetFile function of the /cgi-bin/mainfunction.cgi/uploadlangs component. This security flaw allows for OS command injection through the manipulation of the File parameter, enabling remote attac...

A cross-site scripting vulnerability exists in the erzhongxmu JEEWMS web application, specifically in the 'doAdd' function of the JeecgListDemoController.java file. This flaw allows an attacker to manipulate the 'Name' argument, enabling the execution of malicious scripts in the context of users'...

A cross site scripting vulnerability has been identified in the erzhongxmu JEEWMS platform, specifically within the UEditor component. This vulnerability resides in the 'getContent.jsp' file, where improper handling of the 'myEditor' argument can lead to the execution of arbitrary JavaScript in t...

A vulnerability exists in the erzhongxmu JEEWMS version 3.7, specifically in the UEditor component via the file /plug-in/ueditor/jsp/getRemoteImage.jsp. This security flaw allows attackers to manipulate the 'upfile' argument, which can lead to unauthorized server-side request forgery (SSRF). Expl...

A buffer overflow vulnerability exists in the UTT HiPER 810G device, specifically in the strcpy function of the /goform/formP2PLimitConfig file. This flaw arises when an attacker manipulates the input parameters, leading to potential remote exploitation. The vulnerability is known to be actively ...

A buffer overflow vulnerability exists in the UTT HiPER 810G product, specifically affecting the 'strcpy' function located in the /goform/formPolicyRouteConf file. This vulnerability is exploitable through remote attacks by manipulating the GroupName argument. Given that details about this exploi...

In the Tiandy Video Surveillance System version 7.17.0, a vulnerability has been identified within the downloadImage function of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. This flaw allows an attacker to manipulate the urlPath argument, leading to server-side request forgery (SSRF). T...

A denial of service vulnerability has been discovered in the SourceCodester Student Result Management System 1.0. The issue arises due to improper handling of the ID argument in the file /admin/core/drop_user.php. An attacker can exploit this vulnerability remotely, leading to service unavailabil...

A vulnerability exists in the SourceCodester Student Result Management System version 1.0, specifically within the Bulk Import functionality found in /admin/core/import_users.php. This flaw arises due to inadequate access controls, allowing unauthorized users to manipulate the file import process...

A buffer overflow vulnerability exists in the UTT HiPER 810G, specifically within the strcpy function located in the '/goform/formTaskEdit_ap' file. By manipulating the 'txtMin2' argument, an attacker can exploit this vulnerability remotely, potentially compromising the integrity and security of ...

A deserialization vulnerability exists in the LevelDB component of Apache Camel, allowing attackers to inject crafted serialized Java objects. This occurs when the DefaultLevelDBSerializer class deserializes data from the LevelDB repository using java.io.ObjectInputStream without proper filtering...

The KeycloakSecurityPolicy in the Apache Camel Keycloak component is vulnerable to a bypass that allows JWT tokens from one Keycloak realm to be accepted by policies configured for different realms, thus compromising tenant isolation. This results in the potential for unauthorized access and acti...

A buffer overflow vulnerability exists in the UTT HiPER 810G device, specifically within the strcpy function in the /goform/setSysAdm file. Malicious users can exploit this vulnerability by manipulating the passwd1 argument, potentially leading to unauthorized access or control over the affected ...

CVE-2023-43208 is an unauthenticated remote code execution vulnerability that affects NextGen Healthcare Mirth Connect before version 4.4.1. The vulnerability stems from an incomplete patch of a previous vulnerability, making it a patch bypass issue. It allows for the insecure use of the Java XSt...

A vulnerability has been identified in FastApiAdmin versions up to 2.2.0, where the function user_avatar_upload_controller, located in /backend/app/api/v1/module_system/user/controller.py, is susceptible to unrestricted file uploads. This flaw allows an attacker to manipulate the upload functiona...

A vulnerability has been identified in FastApiAdmin versions up to 2.2.0 which affects the upload_file_controller function found in the Scheduled Task API. This flaw allows attackers to perform unrestricted file uploads, enabling potential remote exploitation. The vulnerability is now public and ...

A vulnerability has been identified in FastApiAdmin versions up to 2.2.0 within the Scheduled Task API, specifically in the upload_controller function located in the controller.py file. This issue allows for unrestricted file uploads, permitting attackers to exploit this vulnerability remotely. A...

A vulnerability has been identified in FastApiAdmin versions up to 2.2.0 that allows attackers to disclose sensitive information. This issue exists due to improper handling of the argument file_path in the download_controller function located in /backend/app/api/v1/module_common/file/controller.p...

A security flaw in FastApiAdmin versions up to 2.2.0 affects the reset_api_docs function located in the /backend/app/plugin/init_app.py file. This vulnerability allows unauthorized access to sensitive system information via the Custom Documentation Endpoint. Attackers can exploit this vulnerabili...

A vulnerability has been identified in the AliasVault App versions up to 0.25.3 for Android and iOS, originating from inadequate handling of sensitive information in the backup process. Specifically, this flaw involves the manipulation of the accessToken, refreshToken, metadata, and key derivatio...

A cross-site scripting vulnerability has been identified in the a466350665 Smart-SSO product, specifically affecting the Save function within the UserController of the Role Edit Page. This flaw allows attackers to manipulate input fields, which can be exploited remotely to execute arbitrary scrip...