Publicly Disclosed
PoC Exploits

LiquidJS is a versatile template engine that is primarily compatible with Shopify and GitHub Pages, designed to simplify the rendering of dynamic content. However, prior to version 10.25.0, it contained a vulnerability that allowed malicious users to exploit the layout, render, and include tags. ...

A cross-site scripting vulnerability exists in PHPEMS 11.0 that allows remote attackers to manipulate the 'askcontent' parameter in the /index.php?ask=app-ask file. This manipulation can lead to XSS attacks, where malicious scripts are injected into web pages viewed by other users. The exploit is...

A SQL injection vulnerability exists in the itsourcecode University Management System 1.0, specifically within the argument handling of the /att_add.php file. This flaw allows attackers to manipulate inputs and execute arbitrary SQL queries remotely, potentially compromising the application's dat...

A command injection vulnerability exists in H3C ACG1000-AK230 devices prior to version 20260227, specifically affecting the /webui/?aaa_portal_auth_local_submit interface. This flaw allows attackers to manipulate the 'suffix' argument and execute arbitrary commands remotely, potentially compromis...

ZoneMinder, a popular open-source closed-circuit television software, has a vulnerability that exposes versions v1.37.* up to and including v1.37.64 to a boolean-based SQL injection attack through the web/ajax/event.php endpoint. This flaw can allow an attacker to manipulate SQL queries, potentia...

The jsonwebtoken module before version 4.2.2 is susceptible to a security flaw where an attacker can bypass token verification. This occurs when the chamber facilitates the use of tokens signed with asymmetric keys but allows for substitution with tokens signed using symmetric algorithms. Consequ...

LocalS3, an Amazon S3 mock service designed for testing and local development, has a vulnerability in its bucket creation endpoint that allows XML External Entity (XXE) injection. Before version 1.21, the service's XML parser resolves external entities without adequate validation. This misconfigu...

The Datalogics Ecommerce Delivery plugin for WordPress prior to version 2.6.60 has a significant vulnerability that exposes an unauthenticated REST endpoint. This vulnerability enables remote users to change the `datalogics_token` without any verification process. This token plays a crucial role ...

The Divi-Booster plugin for WordPress, prior to version 5.0.2, contains a flaw that allows unauthorized users to modify the plugin's settings due to a lack of authorization and CSRF checks. The vulnerability stems from using unserialize() on untrusted data, posing a risk of PHP Object Injection w...

The DukaPress plugin for WordPress versions up to 3.2.4 is vulnerable to a reflected cross-site scripting (XSS) attack. This vulnerability arises due to the plugin failing to adequately sanitize and escape user input, potentially allowing attackers to inject malicious scripts. The exploitation of...

A vulnerability exists in the Guest Posting / Frontend Posting / Front Editor plugin for WordPress, specifically in versions prior to 5.0.6. This flaw allows an unauthenticated attacker to use a URL parameter to regenerate a .json file containing sensitive demo data, which could include the admin...

The Gutena Forms plugin for WordPress, versions prior to 1.6.1, contains a flaw that allows users with contributor roles or higher to modify options without proper validation. This vulnerability permits unauthorized updates to critical boolean and array settings, such as 'users_can_register,' pot...

Signal K Server, a crucial application that serves as a central hub for maritime operations, harbors a vulnerability allowing unauthenticated attackers to manipulate the internal state via the `/skServer/validateBackup` endpoint. This weakness enables the attacker to exploit the server's 'Restore...

The findMacroMarker function in parserLib.pas of Rejetto HTTP File Server (HFS) versions 2.3x prior to 2.3c is susceptible to a remote code execution vulnerability. An attacker could exploit this flaw by crafting a search action that utilizes a %00 sequence, which allows execution of arbitrary pr...

Nginx UI, a web interface for the Nginx web server, has a critical security flaw where the /api/backup endpoint is accessible without authentication. This vulnerability allows unauthenticated attackers to retrieve a complete system backup that includes sensitive information such as user credentia...

Nginx UI, a web interface for the Nginx web server, has a critical security flaw where the /api/backup endpoint is accessible without authentication. This vulnerability allows unauthenticated attackers to retrieve a complete system backup that includes sensitive information such as user credentia...

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts...

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts...

A security issue in ingress-nginx was identified where the annotation 'nginx.ingress.kubernetes.io/rewrite-target' can be exploited to inject malicious configuration into the nginx controller. This vulnerability may allow attackers to execute arbitrary code within the ingress-nginx controller’s c...

The eml_parser Python module, used for parsing email files, contains a path traversal vulnerability in the example script 'examples/recursively_extract_attachments.py'. This allows an attacker to exploit the module by providing maliciously crafted filenames that lead to arbitrary file writing out...

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts...

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts...

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts...

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts...

Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts...

An improper privilege management issue in Windows Remote Desktop Services enables a local attacker with valid access to elevate their access privileges. This vulnerability can lead to unauthorized actions being performed with higher user rights, presenting significant security risks. Microsoft pr...

The Court Reservation WordPress plugin versions prior to 1.10.9 are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw enables attackers to trick an authenticated administrator into sending a request that deletes events without their consent. By exploiting this weakness, ...

A vulnerability has been identified in the Android Framework that allows potential code execution through unsafe deserialization in multiple functions of ZygoteProcess.java. This flaw enables local privilege escalation, requiring user execution privileges but eliminating the need for user interac...

An SQL injection vulnerability exists in specific versions of Django prior to 5.1.14, 4.2.26, and 5.2.8. Through the use of specially crafted dictionaries, attackers can exploit the `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()` methods, as well as the `Q()` class, when utilizing...

A security vulnerability has been identified in the open-webui product, specifically affecting the JWT Key Handler component. The issue emerges from a flaw in the backend/start_windows.bat file where manipulation of the WEBUI_SECRET_KEY leads to insufficiently random values. This weakness has the...

A vulnerability in FreeFloat FTP Server 1.0 affects the NOOP Command Handler, allowing for remote buffer overflow attacks. This flaw can be exploited, leading to unauthorized data access and potential control of the affected system. The issue has been publicly disclosed, emphasizing the need for ...

Easy Grade Pro 4.1.0.2 exhibits a flaw in its file parsing logic, particularly when handling proprietary .EGP gradebook files. An attacker can exploit this vulnerability by crafting a specific .EGP file with altered fields at designated offsets. When the compromised file is processed by the appli...

A vulnerability exists in the Tiandy Easy7 CMS version 7.17.0, specifically in the WebService component of the application. The issue arises from inadequate validation of input, allowing an attacker to manipulate the 'strTBName' argument in the GetDBData.jsp file. This flaw permits the execution ...

The bigint-buffer package is susceptible to a buffer overflow vulnerability in its toBigIntLE() function. This exploitation can lead to application crashes, allowing attackers to disrupt service and potentially execute arbitrary code. Users of this package should evaluate their current versions a...

A vulnerability has been identified in the SourceCodester Patients Waiting Area Queue Management System 1.0, specifically concerning the file /patient-search.php. This flaw allows for improper authorization, potentially enabling unauthorized users to access restricted features or data within the ...

A security vulnerability has been identified in OWASP DefectDojo affecting versions up to 2.55.4. Specifically, the issue resides in the 'input_zip.read' function within the SonarQubeParser/MSDefenderParser component's parser.py file. This flaw can allow a remote attacker to initiate a denial of ...

A critical weakness has been discovered in UTT HiPER 810G versions up to 1.7.7-1711, specifically affecting the strcpy function within the /goform/formApMail file. This vulnerability could allow attackers to manipulate the software remotely, leading to potential buffer overflow attacks. The explo...

A security flaw has been identified in the UTT HiPER 810G, specifically concerning the function strcpy located in /goform/getOneApConfTempEntry. This vulnerability enables an attacker to manipulate the system and trigger a buffer overflow. As a result, it allows for the potential execution of arb...

A significant vulnerability has been found in the JFlow application developed by OpenCC, specifically within the Calculate function located in the WF_CCForm.java file. This flaw allows for remote code execution through injection attacks, which can be exploited by malicious actors over the interne...

A cross site scripting vulnerability was identified in the itsourcecode Payroll Management System 1.0. The issue arises from an insecure function within the file /manage_employee_allowances.php, where the manipulation of the argument ID allows attackers to execute scripts in the context of the vi...

A stack-based buffer overflow vulnerability exists in the Tenda FH1202 router, specifically within the P2pListFilter function. This issue is triggered by manipulating the 'page' argument in the /goform/P2pListFilter file, which could allow remote attackers to execute their own code leading to una...

A stack-based buffer overflow vulnerability exists in the Tenda FH1202 router, specifically in the fromDhcpListClient function located in the /goform/DhcpListClient endpoint. By manipulating the 'page' argument, an attacker can potentially exploit this vulnerability to execute unauthorized action...

A stack-based buffer overflow vulnerability exists in the Tenda FH1202's fromNatStaticSetting function. By manipulating the argument page within the /goform/NatSaticSetting file, an attacker can exploit this flaw remotely, potentially compromising the device's integrity. This vulnerability poses ...

A stack-based buffer overflow vulnerability exists in the webtypelibrary function of Tenda FH1202 routers. An attacker can exploit this flaw by manipulating the webSiteId parameter, potentially allowing remote code execution. The affected version is V1.2.0.14(408), and this vulnerability is now p...

A security vulnerability has been identified in the Tenda FH1202 device, specifically involving the formWrlsafeset function located in the /goform/AdvSetWrlsafeset file. The manipulation of arguments such as mit_ssid and mit_ssid_index can lead to a stack-based buffer overflow, potentially allowi...

A security weakness has been identified in the janobe Resort Reservation System, where manipulation of the 'q' argument in the /room_rates.php file can lead to SQL injection. This vulnerability allows attackers to execute arbitrary SQL queries, potentially compromising sensitive data. The exploit...

A security flaw has been identified in the Tenda i3 router version 1.0.0.6(2204), specifically within the function formWifiMacFilterSet located in the /goform/WifiMacFilterSet file. This vulnerability allows for manipulation of the argument index, leading to a stack-based buffer overflow conditio...

A vulnerability exists in the Tenda i3 router version 1.0.0.6 (2204) related to the function formWifiMacFilterGet. An attacker can manipulate an argument index to trigger a stack-based buffer overflow. This exploit can be executed remotely, exposing the router to potential attacks. As details of ...

CVE-2024-56348 is a critical security vulnerability found in JetBrains TeamCity versions prior to 2024.12. The flaw arises from improper access control mechanisms that permit unauthorized users to view sensitive information related to agents that should be restricted. This vulnerability poses a s...

A vulnerability exists in the Tenda i3 router's execution command function located at /goform/exeCommand. By manipulating the input argument 'cmdinput', an attacker can trigger a stack-based buffer overflow. This flaw allows for remote exploitation, potentially giving malicious actors control ove...