Publicly Disclosed
PoC Exploits

The Searchor application, developed by ArjunSharda, contains a flaw in its command-line interface input processing. Prior to version 2.4.2, the application utilizes the 'eval' function on user-provided input without sufficient validation. This oversight can lead to arbitrary code execution, enabl...

An issue exists in the Linux Kernel where improper handling of copy-on-write (COW) operations can lead to page cache corruption. This is due to the tcf_pedit_act() function, which computes the COW range without considering runtime header offsets added by typed keys. As a result, portions of the w...

Gorse versions before 0.5.10 are susceptible to an authentication bypass vulnerability affecting the /api/dump and /api/restore endpoints. This security flaw enables remote attackers to gain unauthorized access to sensitive database functionalities when the admin_api_key is left empty, which is t...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

Crawl4AI, an open-source LLM-friendly web crawler, prior to version 0.8.7, contains a critical vulnerability in its computed fields feature. The _safe_eval_expression() function employs an AST validator that inadequately restricts attribute access, allowing attributes without an underscore prefix...

The first article discusses two different critical vulnerabilities in the GNU C Library (glibc) that allow unprivileged attackers to gain root access on multiple major Linux distributions. The vulnerabilities are tracked as CVE-2023-4911 and CVE-2023-6246 and both can lead to local privilege esca...

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...

Graylog, a widely used open-source log management platform, is susceptible to a vulnerability that enables the loading and instantiation of arbitrary classes. This issue arises from the handling of HTTP PUT requests to the `/api/system/cluster_config/` endpoint, where the system permits the submi...

libssh2 contains an out-of-bounds write vulnerability in the ssh2_transport_read() function that fails to impose proper limits on the packet_length field. This flaw allows remote attackers to exploit the vulnerability by sending specially crafted SSH packets with excessively large packet_length v...

A command injection vulnerability exists in the VPN server configuration module of the TP-Link Archer BE230 v1.2, which can be exploited after administrative authentication. This flaw allows an attacker to execute arbitrary commands, potentially granting full administrative control over the route...

A security flaw exists in the bufwriter append function of the EtherNet IP Message Handler within liftoff-sr CIPster, allowing for potential out-of-bounds write operations. This vulnerability could be exploited remotely, posing significant risks to application integrity and security. Users are st...

A vulnerability has been discovered in DeepMyst Mysti 0.4.0, specifically within the Contact Tracking component's _isTrackedConversation function found in src/managers/ChannelBridge.ts. This flaw occurs due to improper handling of the _channelType argument, allowing unauthorized access. The vulne...

A security flaw has been identified in PcapPlusPlus version 25.05, specifically in the Modbus Protocol Handler's function pcpp::ModbusLayer::getLength. This vulnerability results from improper handling of the length argument, which can lead to a heap-based buffer overflow. Attackers may exploit t...

A vulnerability in the seladb PcapPlusPlus library affects the Telnet subnegotiation packet handler. Specifically, the issue lies within the function pcpp::TelnetLayer::getSubCommand in the source file Packet++/src/TelnetLayer.cpp. A remote attacker can exploit this vulnerability through manipula...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

A vulnerability has been identified in seladb PcapPlusPlus version 25.05, specifically within the TLS Hello Handler. The issue lies in the function pcpp::SSLClientHelloMessage::getHandshakeVersion located in the file Packet++/src/SSLHandshake.cpp. Manipulating the handshakeVersion argument can re...

A vulnerability has been detected in PcapPlusPlus version 25.05 specifically within the LightPcapNg Parser. The issue arises in the 'parse_by_block_type' function located in the file 'light_pcapng.c'. An attacker can exploit this vulnerability by manipulating the 'captured_packet_length' argument...

A remote vulnerability exists in the Edimax EW-7478APC 1.04 related to the processing of the formUSBFolder function within the POST Request Handler. The vulnerability arises from improper handling of the ShareName/SelectName parameters, leading to potential buffer overflow conditions. This issue ...

A buffer overflow vulnerability exists in Edimax EW-7478APC version 1.04 due to improper handling of arguments in the formUSBAccount function of the POST Request Handler component. By manipulating the UserName and Password fields, an attacker can potentially exploit this flaw remotely, leading to...

A vulnerability exists in the Edimax EW-7478APC 1.04 that allows for OS command injection through the formStaDrvSetup function in the POST Request Handler. An attacker can manipulate the rootAPmac argument to execute arbitrary commands on the system remotely. This exploit is publicly accessible, ...

A security vulnerability has been identified in the Edimax EW-7478APC version 1.04 that allows for a buffer overflow during the execution of the formQoS function within the POST Request Handler. This vulnerability arises from insecure handling of the selSSID argument, which can result in remote e...

A vulnerability has been detected in the itsourcecode Hospital Management System version 1.0, specifically in the functionality associated with the file /patientchangepassword.php. This issue arises from improper handling of the input parameter newpassword, making it susceptible to SQL injection ...

A security flaw has been identified in the itsourcecode Hospital Management System version 1.0, specifically in the /patientdetail.php file. This vulnerability arises from an exploitable argument manipulation of 'editid', which allows for SQL injection attacks. Attackers can execute this attack r...

A vulnerability exists in the LLVM llvm-project affecting the Bitcode File Handler, specifically within the GCRelocateInst::getBasePtr function. This issue allows for heap-based buffer overflow, potentially enabling local attackers to exploit the flaw. Despite early reports of the issue to the pr...

A vulnerability has been identified in the LLVM project's ValueSymbolTable module, specifically within the llvm::StringMap::insert function in /lib/IR/ValueSymbolTable.cpp. This vulnerability allows for a stack-based buffer overflow, which may lead to exploit scenarios if an attacker can execute ...

A vulnerability exists in version 1.0 of the itsourcecode Hospital Management System related to an unknown function within the /insertbillingrecord.php file. This flaw allows an attacker to manipulate the patientid parameter, leading to SQL injection attacks. The vulnerability is remotely exploit...

A vulnerability has been identified in the Linux kernel's handling of shared fragment markers within the networking stack. Specifically, two functions responsible for fragment transfers fail to correctly propagate fragment flags when moving data between source and destination sockets. This oversi...

A vulnerability exists within the SourceCodester Simple Food Ordering System 1.0, specifically in the /cart.php file. A flaw in an undocumented function allows attackers to manipulate the argument item_price, potentially leading to significant business logic errors. This vulnerability can be expl...

A security flaw has been identified in the weng-xianhu EyouCMS, specifically in versions up to 1.7.1. The vulnerability resides in the /index.php file associated with the API component, where improper handling of the 'click_like' argument can lead to SQL injection attacks. This vulnerability allo...

FrontAccounting versions before 2.4.20 are susceptible to a path traversal vulnerability present in the attachment upload handler. This vulnerability enables authenticated attackers to manipulate the unique_name parameter, allowing the inclusion of malicious path traversal sequences like '../../....

A security vulnerability has been identified in code-projects Online Music Site version 1.0, specifically within the POST Request Handler located in the /Frontend/Feedback.php file. This flaw allows for cross-site scripting (XSS) through manipulated arguments such as fname, femail, faddress, and ...

An SQL injection vulnerability exists in FrontAccounting, specifically in versions prior to 2.4.20, affecting the Bank Statement report handler. This vulnerability allows authenticated attackers to exploit the PARAM_0 POST parameter by injecting malicious SQL commands. By leveraging this flaw, at...

A notable SQL injection issue exists in FrontAccounting prior to version 2.4.20, specifically within the Audit Trail report handler. This vulnerability can be exploited by authenticated users holding the SA_GLANALYTIC permission. By injecting malicious SQL queries through the PARAM_2 and PARAM_3 ...

FrontAccounting prior to version 2.4.20 contains an SQL injection vulnerability in the get_gl_transactions() function. This issue arises because the filter_type parameter is concatenated directly into a SQL IN() clause without proper parameterization. Malicious actors with SA_GLANALYTIC permissio...

A vulnerability in the SourceCodester Class and Exam Timetabling System version 1.0 permits SQL injection through the /preview3.php file. The issue arises when the argument 'course_year_section' is manipulated by attackers, allowing the potential for unauthorized database access. This exploit can...

A vulnerability exists in the SourceCodester Class and Exam Timetabling System, specifically within the /edit_class1.php file. This vulnerability arises from improper handling of user-supplied input related to the argument ID. Attackers can exploit this weakness to execute arbitrary SQL commands,...

A stack-based buffer overflow vulnerability exists in the Edimax EW-7478APC version 1.04, specifically within the formPPPoESetup function of the POST Request Handler. This vulnerability can be triggered remotely by manipulating the pppUserName parameter. If exploited, it can lead to unauthorized ...

A vulnerability affecting the Edimax EW-7478APC version 1.04 has been identified in the POST Request Handler, specifically within the formL2TPSetup function. This flaw allows for a stack-based buffer overflow when the L2TPUserName parameter is improperly manipulated. Attackers can exploit this vu...

A vulnerability in the Edimax EW-7478APC wireless range extender has been identified, specifically in the function handling POST requests for site surveys. The incident involves improper processing of the 'selSSID' parameter, leading to a buffer overflow situation. This weakness can be exploited ...

An OS command injection vulnerability exists in Edimax EW-7478APC version 1.04. This flaw is found in the POST Request Handler within the function formiNICbasic, specifically when manipulating the rootAPmac argument. Successful exploitation allows remote attackers to execute arbitrary OS commands...

A security vulnerability has been identified in the Edimax EW-7478APC version 1.04, specifically within the formAccept function of the POST Request Handler. This flaw allows remote attackers to manipulate the submit-url parameter, leading to potential OS command injection. This vulnerability has ...

A vulnerability has been detected in the Code-Projects Real State Services, specifically in the function within the file /single-list_sale.php when the action parameter is set to 'add'. By manipulating the argument ID, an attacker can execute an SQL injection, potentially exposing sensitive data....

A security vulnerability has been identified in the CodeAstro Complaint Management System version 1.0, specifically within the Report Handler component. The flaw is triggered by improper handling of the 'Report Title' argument in the /report/addreport file. This oversight allows attackers to inje...

A cross-site scripting (XSS) vulnerability was discovered in the itsourcecode Online Hotel Management System version 1.0, specifically in the POST Request Handler component located in the file /admin/mod_room/controller.php. This vulnerability allows an attacker to manipulate the argument 'Name',...

A cross site scripting vulnerability exists within itsourcecode Online Hotel Management System version 1.0, specifically affecting the POST Request Handler component. The vulnerability arises from improper handling of user input in the file /admin/mod_users/controller.php when the 'edit' action i...

A security flaw has been identified in the itsourcecode Online Hotel Management System 1.0, where the file /admin/mod_users/controller.php allows remote attackers to execute SQL injection attacks. By manipulating the 'Name' argument, unauthorized users could potentially access or alter sensitive ...

A vulnerability exists in the Online Hotel Management System (version 1.0) due to improper handling of POST requests in the controller file. Specifically, the 'add' action in /admin/mod_amenities/controller.php is susceptible to cross site scripting (XSS) attacks. By manipulating the 'Name' argum...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A security flaw has been identified in the itsourcecode Online Hotel Management System version 1.0, specifically in the /admin/mod_amenities/controller.php file. This vulnerability is associated with an unprotected function that processes image uploads, allowing an attacker to manipulate argument...

A vulnerability in the SP Page Builder for Joomla permits unauthenticated users to upload arbitrary files. This weakness can lead to the execution of PHP code, presenting significant security risks for Joomla websites using this extension.