Publicly Disclosed
PoC Exploits

An out-of-bounds read vulnerability exists in the Windows Common Log File System Driver, enabling authorized attackers to execute a local privilege escalation. This security flaw can be exploited to gain unauthorized access to system resources and execute arbitrary code with elevated privileges, ...

A security vulnerability has been identified in the Totolink A3300R router, specifically in the setStaticRoute function located within the /cgi-bin/cstecgi.cgi file. An attacker can manipulate the IP argument, allowing for command injection from a remote location. This vulnerability poses a signi...

A significant vulnerability exists in LoLLMs WEBUI, allowing unauthenticated attackers to exploit the `@router.post("/api/proxy")` endpoint. This SSRF vulnerability enables unauthorized access to internal services, network scanning, and potentially exfiltration of sensitive cloud metadata, includ...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

A command injection vulnerability has been discovered in the Totolink A3300R Router's function setUPnPCfg, located in the file /cgi-bin/cstecgi.cgi. This flaw allows attackers to manipulate arguments and execute arbitrary commands remotely. The exploit has been publicly disclosed, raising concern...

A command injection vulnerability exists within the Totolink A3300R router, specifically influencing the setLanCfg function in the /cgi-bin/cstecgi.cgi component. By manipulating the 'lanIp' parameter, an attacker may execute arbitrary commands remotely. The exploit is publicly accessible, increa...

Hoverfly, an open source API simulation tool, is susceptible to a command injection vulnerability stemming from insufficient validation and sanitization of user inputs at the '/api/v2/hoverfly/middleware' endpoint. This vulnerability, found in versions 1.11.3 and earlier, allows an adversary to e...

A vulnerability in the HDF5 weight loading component of Google Keras versions 3.0.0 through 3.13.0 allows a remote attacker to trigger a denial of service (DoS). This occurs when a crafted .keras archive containing a valid model.weights.h5 file is processed, leading to memory exhaustion that can ...

The StanfordSegmenter module in NLTK is susceptible to arbitrary code execution due to inadequate input validation. It improperly handles external Java .jar files, allowing attackers to manipulate these files without verification. This flaw permits the execution of arbitrary Java bytecode when a ...

A critical flaw in the NLTK library enables path traversal attacks through multiple CorpusReader classes, such as WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These components do not adequately sanitize file paths, allowing unauthorized users to navigate through directo...

A security flaw in the Tenda FH1201 router's Parameter Handler allows for a stack-based buffer overflow exploit through the formWrlExtraSet function in the /goform/WrlExtraSet file. This vulnerability can potentially be executed remotely, enabling an attacker to manipulate specific arguments, lea...

A stack-based buffer overflow vulnerability exists in the Tenda FH1201 router’s WrlclientSet function, specifically located in the /goform/WrlclientSet file. This vulnerability arises from improper handling of the GO argument, allowing attackers to exploit the flaw remotely. Given that the exploi...

A security vulnerability has been identified in the Belkin F9K1122 router version 1.00.33, specifically within the formSetSystemSettings function located in the Setting Handler component. This vulnerability arises from improper handling of the argument 'webpage', leading to a stack-based buffer o...

A vulnerability has been detected in the Belkin F9K1122 Router, specifically in the function 'formSetPassword' within the '/goform/formSetPassword' file of the Parameter Handler component. This flaw allows for stack-based buffer overflow due to improper handling of the 'webpage' argument. Attacke...

A security flaw has been identified in the Belkin F9K1122 router, specifically in the function formCrossBandSwitch located within the Parameter Handler component. The vulnerability allows for a stack-based buffer overflow, triggered by manipulation of the argument in the webpage parameter. This v...

A serious command injection vulnerability exists in the Chamber of Commerce Membership Management System version 1.0, specifically in the fwrite function of admin/pageMail.php. This flaw allows attackers to manipulate the mailSubject and mailMessage parameters, leading to the execution of arbitra...

A vulnerability exists in mxml versions up to 4.0.4, specifically in the function index_sort located in the mxml-index.c file of the mxmlIndexNew component. By manipulating the argument 'tempr', an attacker can trigger a stack-based buffer overflow, allowing for potential local exploitation. Whil...

A buffer overflow vulnerability has been identified in the Tenda 4G06 router's Endpoint component, specifically within the fromDhcpListClient function of the /goform/DhcpListClient file. This flaw allows an attacker to manipulate the 'page' argument, which can lead to potential stack-based overfl...

A vulnerability in the Code-Projects Accounting System 1.0 has been identified, which allows for remote SQL injection attacks through improper handling of the 'en_id' parameter in the file /view_work.php. This weakness can be exploited by an attacker to manipulate database queries, potentially le...

Hoverfly, an open source API simulation tool, is susceptible to a command injection vulnerability stemming from insufficient validation and sanitization of user inputs at the '/api/v2/hoverfly/middleware' endpoint. This vulnerability, found in versions 1.11.3 and earlier, allows an adversary to e...

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

A vulnerability exists within the Code-Projects Accounting System 1.0 that permits an SQL injection attack via the /edit_costumer.php file. The flaw arises from improper validation of parameters, specifically the 'cos_id' argument, which can be manipulated by remote attackers. This exploitation a...

A vulnerability exists in the Code-Projects Accounting System version 1.0, specifically within the Parameter Handler component located in the /view_costumer.php file. The vulnerability arises from improper validation of the cos_id argument, which can be exploited to execute SQL injection attacks....

A vulnerability has been identified in the BichitroGan ISP Billing Software version 2025.3.20 that impacts the Endpoint component. This issue arises from improper control of resource identifiers due to an insecure function located at /?_route=settings/users-view/. Attackers can manipulate the arg...

A critical vulnerability has been reported in the Totolink NR1800X router that allows remote attackers to exploit the Telnet Service. The issue is linked to the argument manipulation of the NTPSyncWithHost function located in the /cgi-bin/cstecgi.cgi file, leading to command injection. Successful...

A vulnerability exists in D-Link DIR-513 1.10 that affects the function formSetEmail located in the file /goform/formSetEmail. An attacker can remotely exploit this vulnerability by manipulating the curTime argument, leading to a stack-based buffer overflow. This issue poses serious security risk...

A security flaw exists within the RepoMix Command Handler in DeDeveloper23's codebase-mcp that allows attackers to inject operating system commands. This vulnerability is located in the getCodebase/getRemoteCodebase/saveCodebase function of the codebase.ts file. It requires local access to exploi...

A stack-based buffer overflow vulnerability exists in the Tenda F453 version 1.0.0.3, specifically in the fromPPTPUserSetting function of the /goform/PPTPUserSetting component. This flaw can be exploited by manipulating the delno parameter, allowing remote attackers to execute arbitrary code. The...

A security vulnerability has been identified in the Simple Food Order System 1.0, specifically in the all-orders.php file within the Parameter Handler component. This flaw allows an attacker to manipulate the 'Status' argument, leading to potential SQL injection exploits. The vulnerability can be...

A vulnerability has been discovered in the Simple Food Order System 1.0, specifically within the register-router.php file of the Parameter Handler component. This weakness allows remote attackers to exploit the system by manipulating the 'Name' argument, leading to potential SQL injection attacks...

A security flaw has been identified in the Simple Food Order System 1.0, specifically impacting the Parameter Handler component within the all-tickets.php file. This vulnerability allows attackers to manipulate the 'Status' argument, leading to SQL injection, which can be exploited remotely. The ...

OpenClaw versions prior to 2026.2.14 contain a vulnerability in its gateway that fails to properly sanitize internal approval fields within node.invoke parameters. This oversight allows authenticated clients to bypass approval gating mechanisms for system.run commands. Attackers leveraging valid ...

An identified vulnerability in the elecV2P product affects versions up to 3.8.3, specifically within the eAxios function of the URL Handler component. The vulnerability arises from improper handling of the req argument in the /mock file, leading to potential remote server-side request forgery att...

A cross site scripting vulnerability has been identified in the elecV2P application, specifically affecting versions up to 3.8.3. The flaw exists within an undocumented function related to the log component, where improper handling of the 'filename' parameter can allow remote attackers to execute...

A security flaw exists in the elecV2P version up to 3.8.3, specifically within the Wildcard Handler component's path.join function located in the /log/ directory. This vulnerability enables a malicious actor to perform path traversal attacks, allowing them to access files and directories outside ...

A vulnerability exists in the function path.join of the elecV2P product that allows an attacker to manipulate the URL argument, leading to unauthorized access to restricted file paths. This vulnerability has been discovered in versions up to 3.8.3 and is exploitable remotely. Although the issue w...

A security flaw has been discovered in elecV2P, impacting versions up to 3.8.3. The vulnerability affects the pm2run function within the /rpc file, allowing attackers to perform OS command injection remotely. This exploit has been publicly disclosed and can be leveraged by individuals with malici...

A code injection vulnerability has been identified in the elecV2P application, specifically in the runJSFile function within the JSON Parser component. Manipulation of the rawcode argument can lead to code execution on remote systems. The vulnerability affects all versions of elecV2P up to 3.8.3....

A security flaw has been detected in the function cloneRepository of the kazuph mcp-docs-rag component, specifically in the file src/index.ts. This vulnerability allows an attacker to execute arbitrary OS commands through improper handling of input during the process of adding a Git repository or...

A stack-based buffer overflow vulnerability exists in the Wavlink WL-WN579X3-C router, specifically in the function sub_4019FC located in the /cgi-bin/firewall.cgi component responsible for UPNP handling. Manipulation of the 'UpnpEnabled' argument can lead to a potentially exploitative overflow c...

The EventPrime plugin for WordPress is susceptible to a vulnerability that allows unauthorized image file uploads. This security flaw exists in versions up to and including 4.2.8.4, due to improper registration of the upload_file_media AJAX action. It is publicly accessible without necessary auth...

A vulnerability has been identified in the PromtEngineer LocalGPT product, specifically within the Web Interface component found in the handle_index function of the rag_system/api_server.py file. This issue allows for potential information disclosure, which can be exploited remotely. The nature o...

A vulnerability exists in the LLM Prompt Handler of PromtEngineer localGPT, specifically within the _route_using_overviews function in backend/server.py. This flaw allows for the execution of injection attacks exploiting unsanitized user inputs. Attackers can execute these exploits remotely, posi...

A vulnerability has been identified in PromtEngineer LocalGPT that allows unauthorized remote file uploads via the 'do_POST' function in the 'backend/server.py' file. This flaw enables attackers to manipulate the system and potentially execute arbitrary code, compromising the integrity of the app...

A security flaw has been identified in the z-9527 Admin product affecting its uploadFile function located in /server/utils/upload.js. This vulnerability allows attackers to manipulate the fileType argument, resulting in unauthorized access to restricted directories on the server. Given that this ...

A code injection vulnerability exists in Sinaptik AI's PandasAI, specifically within the CodeExecutor.execute function, found in pandasai/core/code_execution/code_executor.py. This security flaw stems from improper handling of chat messages, allowing an attacker to manipulate inputs and execute a...

A security flaw in Sinaptik AI's PandasAI, specifically within the is_sql_query_safe function of sql_sanitizer.py, allows for path traversal attacks. This vulnerability enables attackers to exploit manipulation capabilities remotely, posing a serious risk to data integrity. Despite early notifica...

Flat Assembler 1.71.21 is susceptible to a stack-based buffer overflow that can be exploited by local attackers. By providing oversized input, exceeding 5895 bytes, attackers can overwrite the instruction pointer, leading to unauthorized code execution via return-oriented programming (ROP) chains...

SIPP 3.3 is susceptible to a stack-based buffer overflow vulnerability that enables local unauthenticated attackers to execute arbitrary code. By providing specially crafted input in the configuration file, attackers can manipulate oversized values, resulting in an overflow of the stack buffer. T...

PMS version 0.42 has a stack-based buffer overflow vulnerability that can be exploited by local unauthenticated attackers. By providing malicious values in the configuration file, an attacker can overflow the stack buffer, leading to arbitrary code execution. This is achieved by crafting oversize...