Publicly Disclosed
PoC Exploits

The WebSocket Application Programming Interface in E-Power systems is vulnerable due to a lack of restrictions on the number of authentication requests. This vulnerability can be exploited by attackers to perform denial-of-service attacks, which may disrupt legitimate charger telemetry. Additiona...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

In earlier versions of the ZeroMQ library (libzmq), a significant vulnerability exists that allows a remote and unauthenticated client to connect and potentially cause a stack overflow. This vulnerability arises from improper handling of buffers, leading to arbitrary data being written to the sta...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in justdan96 tsMuxer software, specifically in the function VvcVpsUnit::setFPS located in tsMuxer/vvc.cpp. This flaw allows an attacker to manipulate the track_id argument, potentially leading to a denial of service. The vulnerability requires local access to e...

A local vulnerability has been discovered in the tsMuxer software developed by justdan96, specifically affecting the HevcVpsUnit::setFPS function located in hevc.cpp file. This issue arises from improper handling of the 'track_id' argument, potentially leading to a denial of service condition. Ex...

A security flaw affecting Puchunjie's doc-tools-mcp version 1.0.18 has been identified, specifically within the functions create_document and open_document of the MCP Interface. This vulnerability can be exploited through path traversal techniques by manipulating the filePath argument. Attackers ...

The Magic Export & Import WordPress plugin prior to version 1.2.0 exposes exported CSV files in a publicly accessible location. This vulnerability allows unauthorized visitors to access and download sensitive user information contained within these files, posing significant privacy and security r...

A vulnerability has been identified in Funadmin versions up to 7.1.0-rc6 within the Frontend Chunked Upload Endpoint. It stems from a flaw in the UploadService::chunkUpload function located in app/common/service/UploadService.php. This weakness allows an attacker to manipulate the File argument, ...

An unrestricted file upload vulnerability exists in the BloodBank Managing System 1.0, specifically in the request_blood.php file. This issue allows an attacker to remotely upload files without proper validation, potentially leading to the execution of arbitrary code. As the exploit is now public...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A security vulnerability has been identified in the BloodBank Managing System version 1.0, specifically within the 'get_state.php' file. This vulnerability arises from inadequate validation of the G_STATE_ID parameter, allowing for SQL injection attacks. Attackers can exploit this vulnerability r...

A vulnerability has been detected in the privsim mcp-test-runner version 0.2.0 affecting the child_process.spawn function located in src/index.ts. By manipulating the command argument, an attacker could execute arbitrary OS commands, potentially leading to severe security breaches. This vulnerabi...

A security flaw has been identified in the pixelsock directus-mcp version 1.0.0. This vulnerability resides in the validateUrl function located in index.ts of the MCP Interface component. An attacker can manipulate the fileUrl argument, potentially leading to servers being tricked into making una...

A security vulnerability has been identified in the MCP Interface of the mcp-rtfm product. This issue allows an attacker to manipulate the function get_doc_content/read_doc/update_doc through the argument docFile, leading to unauthorized access to files outside the intended directory structure. T...

A vulnerability exists in PrefectHQ's product related to the GitRepository Pull Handler, specifically within the file src/prefect/runner/storage.py. The issue arises from improper handling of arguments, specifically the 'commit_sha' and 'directories' parameters, leading to potential argument inje...

A vulnerability exists in the PrefectHQ Prefect software within the Webhook/Notification component. The specific flaw lies in the validate_restricted_url function, which is susceptible to a time-of-check time-of-use condition. This vulnerability allows remote attackers to exploit the system under...

A security flaw has been identified in the WebSocket Endpoint of the PrefectHQ Prefect application, affecting versions up to 3.6.13. This vulnerability permits remote exploitation, as it allows an attacker to manipulate the system due to a lack of proper authentication mechanisms. To mitigate thi...

A vulnerability was identified in the Health Check API of PrefectHQ's Prefect, affecting versions up to 3.6.21. This flaw allows for improper authentication through the 'endswith' function in the /api/health endpoint. Attackers could exploit this vulnerability remotely, increasing the risk of una...

A security vulnerability has been identified in the Totolink WA300 router, specifically within the NTPSyncWithHost function located in the /cgi-bin/cstecgi.cgi file. This flaw allows an attacker to manipulate the 'hostTime' argument, leading to the possibility of command injection. The vulnerabil...

A vulnerability has been discovered in the Totolink WA300 router's POST Request Handler, specifically within the setLanguageCfg function in the /cgi-bin/cstecgi.cgi script. This weakness allows an attacker to manipulate the langType argument, potentially leading to command injection. The exploit ...

A security flaw has been identified in the Totolink WA300 access point, specifically in the 'loginauth' function located in the cstecgi.cgi file of the POST Request Handler. The vulnerability arises from improper handling of the 'http_host' argument, leading to a buffer overflow that can be explo...

A vulnerability has been identified in the Totolink WA300 router, specifically within the function setWebWlanIdx located in /cgi-bin/cstecgi.cgi of the POST Request Handler. An attacker can manipulate the webWlanIdx argument, resulting in command injection, which may be initiated remotely. The ex...

A buffer overflow vulnerability exists in the UploadCustomModule function of the Totolink WA300 router's POST Request Handler. This issue stems from improper handling of input on the /cgi-bin/cstecgi.cgi script, allowing attackers to manipulate the 'File' argument. If successfully exploited, this...

A SQL injection vulnerability has been identified in the Code-Projects Gym Management System, specifically affecting the file /index.php. This flaw occurs due to improper handling of input parameters in the 'day' argument, allowing attackers to execute arbitrary SQL commands remotely. The public ...

A path traversal vulnerability exists in the MCP Interface's arango_backup function within the ravenwits mcp-server-arangodb software, affecting versions up to 0.4.7. An attacker can manipulate the outputDir argument, leading to unauthorized access to filesystem paths. This vulnerability can be e...

An authentication flaw has been identified in the Admin Endpoint of Crocodilestick's Calibre-Web-Automated within the file cps/cwa_functions.py. This vulnerability allows remote attackers to manipulate the application due to inadequate authentication mechanisms. As a result, unauthorized users ma...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A security vulnerability exists within MindsDB versions up to 26.01, specifically in the 'pickle.loads' function of the Pickle Handler component. This vulnerability allows for malicious manipulation that leads to deserialization issues, enabling attackers to exploit the flaw remotely. The exploit...

A vulnerability has been discovered in the MindsDB Engine Handler, specifically within the exec function of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py. This issue allows for remote attackers to exploit the system by carrying out unauthorized file uploads. With the exploit...

A security flaw exists in the YunaiV yudao-cloud up to version 3.8.0, specifically within the doFilterInternal function of JwtAuthenticationTokenFilter.java related to the Ruoyi-Vue-Pro component. This vulnerability allows attackers to manipulate the argument mock-token, resulting in improper aut...

A significant vulnerability exists within the Janeczku Calibre-Web application, specifically in the Endpoint function located in the kobo_auth.py file. This flaw allows for unauthorized manipulation of the user_id argument in the generate_auth_token function, leading to improper authorization. Re...

A vulnerability exists in Open5GS up to version 2.7.7, specifically in the function ogs_dbi_subscription_data within the UDR component's library. This vulnerability allows for a remote denial of service attack by manipulating the 'supi_id' argument. Exploitation of this flaw can lead to service i...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A denial of service vulnerability exists in the UDR component of Open5GS versions up to 2.7.7. This vulnerability is found within the `udr_nudr_dr_handle_subscription_context` function in the file `/src/udr/nudr-handler.c`. An attacker can exploit this weakness by manipulating the argument 'pei',...

A vulnerability exists within the Open5GS AMF component, specifically in the gmm_handle_service_request function located in the gmm-handler.c file. This issue can result in a denial of service, potentially allowing malicious actors to disrupt service availability remotely. Public disclosure of th...

A command injection vulnerability exists in JD Cloud JDCOS version 4.5.1.r4518, specifically within the set_iptv_info function located in the /jdcap component of the Service Interface. By manipulating the 'vid' argument, an attacker can execute arbitrary commands remotely. This issue poses a sign...

A pointer overflow vulnerability exists in the ZeroMQ library (libzmq) that can allow an authenticated attacker to execute arbitrary code. The flaw arises from an integer overflow in the v2_decoder.cpp component, specifically within the zmq::v2_decoder_t::size_ready function. This vulnerability e...

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A path traversal vulnerability has been identified in AV Stumpfl Pixera Two Media Server versions up to 25.1 R2. This vulnerability affects an undisclosed function in the Service Port 1338 component, allowing attackers to manipulate the system and potentially read arbitrary files. The exploit has...

The pac4j-jwt library's JwtAuthenticator prior to versions 4.5.9, 5.7.9, and 6.3.3 is susceptible to an authentication bypass that could allow remote adversaries to create forged authentication tokens. By leveraging the server's RSA public key, attackers are able to craft a JWE-wrapped PlainJWT w...

A vulnerability has been identified in toeverything AFFiNE versions up to 0.26.3, specifically within the 'allowDocPreview' function of the Public Markdown Preview Endpoint. This flaw enables an unauthorized actor to bypass authorization controls, potentially exposing sensitive documents to unaut...

In versions of the MariaDB server up to 11.8.5, a significant issue arises when the server audit plugin is activated with specific filtering settings for DCL, DDL, or DML queries. Authenticated database users can execute SQL statements that bypass the intended audit logs by using comments prefixe...

A security weakness has been identified in langflow-ai's Langflow product versions up to 1.8.4, specifically within the eval function in the LambdaFilterComponent. This vulnerability allows an attacker to execute malicious code by manipulating inputs, which can be done remotely. The potential for...

A notable security flaw has been detected in Dromara MaxKey versions up to 3.5.13, specifically within the StrUtils.checkSqlInjection function of StrUtils.java. This vulnerability allows attackers to execute SQL injection via manipulated arguments in the filtersfields parameter. The attack can be...

A critical vulnerability has been detected within the Tiandy Easy7 Integrated Management Platform version 7.17.0. This vulnerability arises from an inappropriate handling of the argument 'week' in the file /Easy7/rest/systemInfo/updateDbBackupInfo, which could potentially allow an attacker to exe...

The AMTT Hotel Broadband Operation System version 1.0 contains a vulnerability located within the /manager/card/cardhand_submit.php file. This issue arises from improper handling of the ID argument, which can lead to SQL injection attacks. An attacker may exploit this vulnerability remotely to ex...

Acrel Electrical's EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0 has a vulnerability that allows an unrestricted file upload through a specific function of the file /SubstationWEBV2/main/uploadH5Files. This weakness may facilitate remote attacks, enabling unauthoriz...