Publicly Disclosed
PoC Exploits

The Avada Builder (fusion-builder) plugin for WordPress is susceptible to a Remote Code Execution vulnerability that allows unauthenticated attackers to exploit the system via PHP Function Injection. This issue arises from a flaw in the handling of attacker-controlled input within the `Fusion_Bui...

The LiteSpeed User-End cPanel Plugin prior to version 2.4.5 is susceptible to a privilege escalation flaw that may allow attackers to gain unauthorized access, potentially escalating privileges to the root level. This vulnerability has been actively exploited since May 2026. Detection can be perf...

In version 0.3.32 of Open-WebUI, a critical security flaw exists due to the lack of authentication mechanisms. This vulnerability allows any unauthenticated attacker to send requests to the `api/v1/utils/code/format` endpoint. By submitting a POST request containing an excessively high volume of ...

A security vulnerability exists in the QuantumNous new-api, particularly in the Midjourney Image Relay Endpoint, found in the function RelayMidjourneyImage/GetByOnlyMJId. This vulnerability allows attackers to bypass authorization mechanisms, leading to unauthorized access to sensitive functional...

A SQL injection vulnerability exists in the QuantumNous new-api affecting version 0.12.1. The issue lies within the SearchUserTopUps/SearchAllTopUps function located in the model/topup.go file of the self Endpoint. This vulnerability allows attackers to manipulate SQL queries, potentially leading...

A security flaw has been identified in Calcom's cal.diy product, specifically in the Logo API's function validateUrlForSSRF within the file apps/web/app/api/logo/route.ts. This vulnerability enables remote attackers to conduct server-side request forgery, potentially leading to unauthorized acces...

A vulnerability exists in calcom cal.diy versions up to 4.9.4, where an unknown function can be exploited via cross-site request forgery. This allows attackers to initiate unauthorized actions on behalf of users without their consent, exposing sensitive data and potentially compromising user acco...

A code injection vulnerability exists within the vps-inventory-monitoring product, specifically in the eval function of the VpsTest.php file located in app/index/command. By manipulating the argument 'vf', an attacker may execute arbitrary code remotely. This issue has been publicly disclosed and...

A critical vulnerability exists in the OMEC Project AMF affecting versions up to 2.1.1. It arises from the NGReset Message Handler component, where improper handling can lead to memory corruption. This vulnerability can be exploited remotely, posing significant security risks. Users are advised t...

A vulnerability in the Java Spring Boot codebase by OsamaTaher prior to a specific commit allows for absolute path traversal. This flaw enables unauthorized users to access sensitive internal files, posing a significant security threat. A patch was introduced in commit c835c6f7799eacada4c0fc77e08...

A vulnerability exists within the omec-project AMF, specifically in the NGSetupRequest handler, which can be exploited to cause memory corruption. This flaw allows remote attackers to manipulate the component, potentially leading to unauthorized actions or system instability. The exploit has been...

A memory corruption vulnerability has been identified in the omec-project AMF, specifically within the PDUSessionResourceModifyIndication function located in the /go/src/amf/ngap/handler.go file. This flaw enables potential remote exploitation, allowing an attacker to manipulate the system's memo...

A vulnerability has been identified in the OMEC Project AMF software, specifically within the PathSwitchRequest Handler component. This issue can lead to memory corruption, potentially allowing attackers to manipulate the application remotely. The exploit is publicly available, making it crucial ...

Thymeleaf is a widely used Java template engine that is vulnerable to a security bypass issue in its expression execution mechanisms prior to version 3.1.5.RELEASE. This vulnerability occurs when unsanitized variables containing potentially harmful expressions are passed into the template engine....

A security vulnerability has been identified in the Edimax BR-6428NS router running version 1.10. This flaw resides in the function formWlbasic within the POST Request Handler component. By manipulating the 'repeaterSSID' argument, attackers can execute arbitrary commands remotely. The publicly d...

A command injection vulnerability has been detected in the Edimax BR-6428NS router, specifically within the file handling of the POST request to /goform/formWlanM. This weakness allows attackers to manipulate various arguments, such as ateFunc, ateGain, and ateTxCount, potentially leading to unau...

node-tar, a comprehensive Tar utility for Node.js, is susceptible to a symlink vulnerability that allows an attacker to craft a drive-relative symlink target. This exploitation can lead to the creation of symlinks that point to paths outside the targeted extraction directory. As a result, during ...

An issue has been identified in Microsoft Defender that could allow an authorized attacker to gain elevated privileges through improper link resolution before file access, also known as link following. This vulnerability could enable attackers to manipulate file paths, potentially leading to unau...

The LiteLLM proxy server from BerriAI has a vulnerability in its implementation that exposes sensitive database information to unauthorized parties. Versions 1.81.16 to prior to 1.83.7 mishandle API key checks by incorporating user-supplied key values directly into database queries instead of tre...

A security flaw has been detected in the Edimax BR-6428NS router, specifically within the POST Request Handler's function known as formWirelessTbl. An issue arises due to manipulation of the vapurl argument, leading to a buffer overflow that could be exploited remotely. This vulnerability poses a...

A vulnerability exists within the Edimax BR-6428NS router, specifically in the function handling POST requests for TCP/IP setup. The manipulation of the pppUserName parameter can trigger a buffer overflow, which enables a remote attacker to exploit this flaw. The potential consequences include un...

Langflow, specifically versions up to and including 1.6.9, is affected by a critical security issue stemming from a chained vulnerability. This flaw enables attackers to hijack user accounts and execute arbitrary code remotely. It arises from an overly permissive Cross-Origin Resource Sharing (CO...

BeyondTrust Remote Support and certain older versions of Privileged Remote Access contain a pre-authentication vulnerability that can be exploited by unauthenticated attackers. By sending specially crafted requests, an attacker may execute arbitrary operating system commands in the context of the...

An improper neutralization of special elements vulnerability has been identified in GitHub Enterprise Server, which allows an attacker with push access to a repository to execute arbitrary code. During a 'git push' operation, user-supplied push option values were not adequately sanitized before b...

A significant logic error in the adbd_tls_verify_cert function of auth.cpp in various Android versions permits a bypass of the wireless ADB mutual authentication process. This flaw can lead to unauthorized remote code execution by exploiting the vulnerability as the shell user without requiring a...

An SQL Injection vulnerability exists in Drupal Core that arises from improper neutralization of special elements utilized in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Affected versions include those from 8.9....

A vulnerability in the Windows Kernel allows an authorized attacker to exploit an untrusted pointer dereference, potentially enabling them to gain higher privileges on the affected system. This could lead to unauthorized access to sensitive data and administrative functionalities. It's critical f...

The Burst Statistics plugin for WordPress contains a security flaw that allows unauthenticated attackers to exploit incorrect handling of return values in the authentication process. This leads to a vulnerability in the `is_mainwp_authenticated()` function, enabling attackers who know an administ...

The vllm-metal inference backend in Docker Model Runner on macOS is vulnerable due to its unconditional setting of trust_remote_code=True when loading model tokenizers. This design flaw allows for the execution of arbitrary Python files from any model obtained via OCI registry. As a consequence, ...

Apex One, a security solution from Trend Micro, exhibits a directory traversal vulnerability that could potentially allow a pre-authenticated local attacker to manipulate a critical server-side database table. By leveraging access to the Apex One Server and possessing administrative credentials, ...

The Divi Form Builder plugin for WordPress is susceptible to privilege escalation due to its improper handling of user role parameters during the registration process. Specifically, it permits unauthenticated attackers to submit user registration requests manipulating the 'role' parameter without...

A vulnerability exists in Cisco Secure Workload's internal REST APIs that could permit an unauthenticated attacker to access sensitive site resources with Site Admin rights. This flaw arises from inadequate validation and authentication for REST API requests. By sending a specially crafted API re...

A command injection vulnerability exists in the ExifTool PNG File Parser, specifically in the SetMacOSTags function located in the lib/Image/ExifTool/MacOS.pm file. This vulnerability allows an attacker to manipulate the DateTimeOriginal argument, facilitating remote exploitation. Users are stron...

The Divi Form Builder plugin for WordPress is susceptible to privilege escalation due to its improper handling of user role parameters during the registration process. Specifically, it permits unauthenticated attackers to submit user registration requests manipulating the 'role' parameter without...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A buffer overflow vulnerability exists within the User-ID™ Authentication Portal of Palo Alto Networks PAN-OS software. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls by manipulating specially crafted packets. To miti...

A security feature bypass vulnerability exists in Microsoft Windows, referred to as 'YellowKey.' This flaw could allow unauthorized access to restricted features, compromising system integrity. A proof of concept has been publicly released, contrary to established security practices. Users are ad...

An issue has been identified in Microsoft Defender that could allow an authorized attacker to gain elevated privileges through improper link resolution before file access, also known as link following. This vulnerability could enable attackers to manipulate file paths, potentially leading to unau...

LiteLLM versions before 1.83.10 have a vulnerability that allows users to change their own user_role through the /user/update endpoint. Although this endpoint restricts access to updating only the user's account, it fails to limit which fields can be modified. This oversight enables a user with a...

LiteLLM versions before 1.83.10 have a vulnerability that allows users to change their own user_role through the /user/update endpoint. Although this endpoint restricts access to updating only the user's account, it fails to limit which fields can be modified. This oversight enables a user with a...

An SQL Injection vulnerability exists in Drupal Core that arises from improper neutralization of special elements utilized in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Affected versions include those from 8.9....

IINA Media Player versions prior to 1.4.3 expose a vulnerability that could allow remote attackers to exploit command execution. By crafting malicious URLs that utilize the iina://open custom URL scheme, attackers can inject unvalidated command parameters into the mpv runtime. This can result in ...

The Divi Form Builder plugin for WordPress is susceptible to privilege escalation due to its improper handling of user role parameters during the registration process. Specifically, it permits unauthenticated attackers to submit user registration requests manipulating the 'role' parameter without...

Langflow, a tool designed for creating AI-driven agents and workflows, is affected by a path traversal vulnerability in its Knowledge Bases API (DELETE /api/v1/knowledge_bases). This flaw arises from the failure to properly sanitize and validate user-supplied knowledge base names, which are direc...

A security issue in GitLab CE and EE has been identified that allows an attacker to trigger a pipeline as an arbitrary user under specific conditions. This vulnerability affects multiple versions, including all releases from version 8.14 up to 17.1.7, as well as from version 17.2 up to 17.2.5 and...

A vulnerability exists in FreeBSD's setcred(2) system call, where an unprivileged local user can exploit a stack buffer overflow due to improper length validation of a user-supplied supplementary groups list. This oversight allows for an arbitrary code execution in the kernel context, potentially...

An SQL Injection vulnerability exists in Drupal Core that arises from improper neutralization of special elements utilized in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Affected versions include those from 8.9....

An SQL Injection vulnerability exists in Drupal Core that arises from improper neutralization of special elements utilized in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data. Affected versions include those from 8.9....

A serious Remote Code Execution vulnerability exists in the server-side template rendering mechanism of the Glassfish gadget handler. This flaw arises from the improper handling of user-supplied values in .xml files, which allows attackers to inject expressions that are evaluated without adequate...

A significant security vulnerability exists within the MLflow platform developed by Databricks. This issue arises from the deserialization of untrusted data in versions 0.9.0 and later. Attackers exploit this vulnerability by uploading a malicious PyFunc model that, once interacted with, can exec...