Publicly Disclosed
PoC Exploits

The vulnerability arises from a logic error in the key-based pairing process of certain Android devices. This flaw may allow an attacker in proximity to exploit the issue and gain unauthorized access to sensitive user information, including conversations and location data. Notably, the attack doe...

A security issue has been discovered in Beetel 777VR1 where the UART Interface's handling of authentication attempts is improperly managed. This flaw allows for excessive authentication attempts, potentially opening the door for unauthorized access. Attackers can exploit this vulnerability by dir...

A vulnerability has been identified in the Beetel 777VR1 router's UART interface affecting specific firmware versions. This weakness allows for weak password requirements, making the device susceptible to unauthorized access. Although the attack requires significant technical expertise, publicly ...

A security flaw within the Beetel 777VR1 router has been identified, affecting versions up to 01.00.09 and 01.00.09_55. This vulnerability lies in the UART interface component, allowing attackers to exploit the system through physical manipulation. If successfully executed, it leads to unwanted i...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The Kalrav AI Agent plugin for WordPress suffers from a serious security flaw that allows unauthenticated users to upload arbitrary files to the server. This vulnerability arises from inadequate file type validation in the 'kalrav_upload_file' AJAX action, affecting all versions through 2.3.3. Su...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The phpMyFAQ open source FAQ application is vulnerable to information disclosure through its public API endpoints. In versions 4.0.16 and earlier, insufficient access controls allow sensitive user information, including email addresses and non-public content, to be improperly exposed. The OpenQue...

The MEMU Play 3.7.0 application by Microvirt is impacted by an unquoted service path vulnerability within its MEmusvc Windows service. Local attackers can exploit this flaw to execute arbitrary code on the affected system. By leveraging the absence of quotes in the service path, attackers can int...

Magic Mouse 2 Utilities 2.20 contains an unquoted service path vulnerability in its Windows service configuration. This flaw enables attackers to exploit the incorrectly configured path to inject malicious executables. By placing a rogue file in the service path, an attacker could gain elevated s...

KMSpico 17.1.0.0 features an unquoted service path vulnerability in the Service KMSELDI configuration. This flaw allows local attackers to execute arbitrary code by exploiting the unquoted binary path present in 'C:\Program Files\KMSpico\Service_KMS.exe'. By injecting malicious executables, attac...

The Deep Instinct Windows Agent 1.2.24.0 is vulnerable to an unquoted service path issue in its DeepNetworkService component. This vulnerability allows local users to execute code with elevated privileges by exploiting the unquoted path in the executable located at C:\Program Files\HP Sure Sense\...

HTC IPTInstaller version 4.0.9 is vulnerable due to an unquoted service path in the PassThru Service configuration. This flaw allows attackers to exploit the vulnerable binary path to execute arbitrary code with elevated LocalSystem privileges, posing serious security risks. Proper path quotes ar...

SeaCMS version 11.1 has a vulnerability that allows attackers to exploit the 'checkuser' parameter on the admin settings page. By injecting malicious JavaScript payloads, an attacker can compromise user sessions or execute arbitrary scripts within a user's browser. This can lead to a range of att...

Click2Magic 1.1.5 is vulnerable to stored cross-site scripting, enabling attackers to inject harmful scripts into the chat name input field. By crafting a malicious payload, an attacker can manipulate data that may lead to the capture of administrator cookies when the admin interacts with user re...

A vulnerability exists in the BootDo web application, specifically in the redirectToLogin function of AccessControlFilter.java. This issue arises due to improper handling of the Hostname argument, allowing malicious actors to manipulate redirection paths. As a result, attackers may initiate remot...

The Intel Ethernet diagnostics driver for Windows contains a vulnerability that allows local users to potentially exploit IOCTL calls to cause a denial of service or execute arbitrary code with kernel-level privileges. Specifically, vulnerable versions of the drivers IQVW32.sys and IQVW64.sys (pr...

Prior versions of the Go programming language, including versions prior to 1.8.7, 1.9.x before 1.9.4, and pre-releases of 1.10, are susceptible to a vulnerability that enables remote command execution during the source code build process. This vulnerability arises from an oversight in how the -fp...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

An authentication bypass vulnerability exists in SmarterMail's password reset API, enabling unauthenticated attackers to reset administrator passwords without proper verification. This flaw allows attackers to submit a new password along with a target administrator username, facilitating unauthor...

ComfyUI-Manager versions prior to 3.38 have a vulnerability that allows remote attackers to manipulate application configurations and sensitive data. This issue arises from the application storing files in a web-accessible location, which can be exploited to gain unauthorized access and modify cr...

ImageMagick versions before 7.1.0-49 are susceptible to an information disclosure issue when handling PNG images. Specifically, during the processing of these images, unintended content from arbitrary files may be exposed if the magick binary has appropriate read permissions. This creates a risk ...

The n8n workflow automation platform has a vulnerability in versions ranging from 1.65.0 to just below 1.121.0, which allows potential attackers to exploit specific form-based workflows. This flaw can enable unauthorized remote access to sensitive files on the underlying server, posing a signific...

The Friendly Functions for Welcart plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation on its settings page. This flaw allows unauthenticated attackers to manipulate plugin settings by forging requests, particularly if they can deceive an ad...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The Appsmith platform, designed for building admin panels and dashboards, has a vulnerability related to the handling of the Origin value in request headers. When utilized prior to version 1.93, this issue allows an attacker to exploit the Origin header, potentially generating password reset and ...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

A vulnerability allows unauthenticated attackers to exploit the mail server product, facilitating the upload of arbitrary files to any location on the server. This could lead to unauthorized actions, including the potential for remote code execution, thereby compromising the integrity and securit...

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The MyBB Delete Account Plugin version 1.4 is susceptible to a cross-site scripting (XSS) vulnerability. This flaw arises from improper validation of the input field used for account deletion reasons, enabling attackers to inject malicious scripts. These scripts can be executed within the admin i...

BloofoxCMS version 0.5.2.1 is plagued by a stored cross-site scripting vulnerability in the articles text parameter. This flaw allows authenticated attackers to inject malicious JavaScript payloads into the text field, which can then be executed in the browsers of unsuspecting users. Such an atta...

PhreeBooks version 5.2.3 is susceptible to an authenticated file upload vulnerability in its Image Manager component. This flaw enables malicious actors to upload unauthorized files, such as a PHP web shell, which can lead to remote code execution on the affected server. By exploiting unrestricte...

PhreeBooks version 5.2.3 is susceptible to an authenticated file upload vulnerability in its Image Manager component. This flaw enables malicious actors to upload unauthorized files, such as a PHP web shell, which can lead to remote code execution on the affected server. By exploiting unrestricte...

YetiShare File Hosting Script version 5.1.0 is susceptible to a server-side request forgery (SSRF) vulnerability. This flaw enables attackers to exploit the url parameter within the url_upload_handler endpoint, allowing unauthorized access to sensitive local system files by utilizing the file:///...

LiteSpeed Web Server Enterprise 5.4.11 is susceptible to an authenticated command injection flaw. This vulnerability allows authenticated administrators to execute arbitrary shell commands through the 'Command' parameter in the server's external app configuration interface. By exploiting this vul...

Epson USB Display 1.6.0.0 has a critical vulnerability due to an unquoted service path in the EMP_UDSA service, which operates under LocalSystem privileges. This flaw enables attackers to exploit the service by placing malicious executables in intermediate directories, thereby gaining elevated sy...

PEEL Shopping version 9.3.0 is vulnerable to a stored cross-site scripting flaw in the address parameter of the change_params.php script. This security issue allows attackers to inject malicious JavaScript into the address text box, which can be executed when users interact with the affected form...

PDF Complete Corporate Edition version 4.1.45 is susceptible to a locally exploitable vulnerability due to an unquoted service path in the 'pdfcDispatcher' service. This weakness could enable attackers with local access to potentially inject malicious executables into the service binary location....

Nsauditor 3.2.2.0 is vulnerable to a denial of service attack, which can be exploited by malicious actors to crash the application. Attackers can achieve this by inputting a large buffer of 10,000 characters into the Event Description field, leading to an application crash. This vulnerability emp...

The Managed Switch Port Mapping Tool version 2.85.2 is susceptible to a denial of service vulnerability. Attackers can exploit this flaw by entering an oversized buffer, specifically a 10,000-character payload, into the IP Address and SNMP Community Name fields. This action can lead to a crash of...

PEEL Shopping version 9.3.0 has a stored cross-site scripting vulnerability affecting the 'Comments / Special Instructions' parameter on the purchase page. This vulnerability allows attackers to inject malicious JavaScript payloads that execute when the page is reloaded, potentially leading to th...

AgataSoft PingMaster Pro version 2.1 is vulnerable to a denial of service attack caused by improper handling of input in the Trace Route feature. Attackers can exploit this flaw by entering an excessively long hostname—up to 10,000 characters—into the input field. This action can lead to a crash ...

LogonExpert 8.1 is vulnerable to an unquoted service path issue in its LogonExpertSvc service, which operates with LocalSystem privileges. This vulnerability allows attackers to exploit improperly quoted paths, creating opportunities to place malicious executables in intermediate directories. If ...

Unified Remote version 3.9.0.2463 is susceptible to a remote code execution vulnerability that allows attackers to send specially crafted network packets. When exploited, this vulnerability enables the execution of arbitrary commands on the affected system. By connecting to port 9512, attackers c...

The unquoted service path vulnerability in Softros LAN Messenger version 9.6.4 affects the SoftrosSpellChecker service, allowing local attackers to exploit an improperly specified service path. By targeting the unquoted path located at 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spe...

Certain versions of Textpattern prior to 4.8.3 are susceptible to an authenticated remote code execution vulnerability. This flaw allows authenticated users to upload malicious PHP files, potentially enabling attackers to execute arbitrary commands on the server. By exploiting this weakness, an a...

The dataSIMS Avionics ARINC 664-1 version 4.5.3 includes a vulnerability that could be exploited through a local buffer overflow. By manipulating the milstd1553result.txt file, attackers may craft a malicious file with specific payload and alignment sections, enabling them to overwrite memory and...