Publicly Disclosed
PoC Exploits

A local privilege escalation vulnerability exists within the pkexec utility of polkit, a setuid tool that allows unprivileged users to execute commands as privileged users based on predetermined policies. Due to insufficient handling of the calling parameters, pkexec can misinterpret environment ...

A vulnerability has been detected in the FascinatedBox Lily software, specifically in the eval_tree function located in the src/lily_emitter.c file. This vulnerability leads to a null pointer dereference, which can result in unintended behavior when the code is executed locally. With the exploit ...

A significant security flaw was identified in the FascinatedBox Lily software, specifically in the clear_storages function within the file src/lily_emitter.c. This vulnerability enables an out-of-bounds read, which could allow malicious actors, with local access, to manipulate affected systems. T...

A vulnerability has been identified in FascinatedBox Lily, particularly in the Error Reporting component located in the src/lily_build_error.c file. This issue arises from the function patch_line_end, which is susceptible to an out-of-bounds read condition. Although the exploitation of this vulne...

A local null pointer dereference vulnerability has been identified in Squirrel versions up to 3.2. This issue specifically affects the function sqstd_rex_newnode within the sqstdlib/sqstdrex.cpp library. An attacker can exploit this vulnerability through manipulation, resulting in a null pointer ...

A vulnerability exists in Squirrel, specifically affecting versions up to 3.2, due to issues within the SQCompiler::Factor and SQCompiler::UnaryOP functions in the sqcompiler.cpp file. This flaw allows for uncontrolled recursion, which could lead to application instability or resource exhaustion....

A vulnerability exists in Wren, specifically in the 'getByteCountForArguments' function located in 'src/vm/wren_compiler.c'. This flaw can lead to a null pointer dereference, allowing an attacker with local access to exploit the vulnerability. This issue has been disclosed publicly, and though th...

A vulnerability has been identified in the Wren Language, specifically in the emitOp function of src/vm/wren_compiler.c. This flaw allows for out-of-bounds read operations, which could potentially be exploited on a local host. The issue was reported to the project maintainers, but as of now, no p...

A vulnerability exists in the Wren Language up to version 0.4.0, specifically within the 'resolveLocal' function found in the file 'src/vm/wren_compiler.c'. This flaw allows for uncontrolled recursion during local function resolution, which can lead to program instability and potential exploitati...

A security vulnerability has been detected in ChaiScript versions up to 6.1.0, specifically affecting the evaluation function chaiscript::eval::AST_Node_Impl::eval and chaiscript::eval::Function_Push_Pop. This vulnerability allows for uncontrolled recursion, which can lead to denial of service. A...

A vulnerability has been identified in ChaiScript versions up to 6.1.0, specifically within the function chaiscript::Boxed_Number::go located in the file include/chaiscript/dispatchkit/boxed_number.hpp. This weakness allows an attacker with local access to manipulate parameters, potentially leadi...

A security vulnerability has been identified in ChaiScript, specifically within the function chaiscript::Boxed_Number::get_as located in include/chaiscript/dispatchkit/boxed_number.hpp. This flaw enables attackers to perform local memory manipulations, leading to potential memory corruption. Alth...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A buffer overflow vulnerability exists in the Tenda F453 router's frmL7ImForm function, located in the /goform/L7Im file. This vulnerability is triggered by manipulating the function's parameter, which can allow an attacker to execute arbitrary code or commands with the potential for unauthorized...

A vulnerability in Grav CMS v1.7.48 enables authenticated administrators to upload malicious plugins via the /admin/tools/direct-install interface. After upload, the plugin is automatically extracted and executed, which can lead to arbitrary PHP code execution and potential reverse shell access, ...

The runc CLI tool, utilized for spawning and managing containers on Linux environments according to OCI specifications, is susceptible to a serious vulnerability due to an internal file descriptor leak. This flaw affects versions 1.1.11 and earlier, allowing attackers to exploit the leak during t...

A buffer overflow vulnerability has been identified in the Tenda F453 router, specifically in the fromSafeUrlFilter function located within the /goform/SafeUrlFilter file. This vulnerability allows attackers to manipulate the 'page' argument, leading to potential remote exploits. The exploit is p...

A vulnerability has been identified in the Tenda F453 router, specifically in the 'fromSafeMacFilter' function found in the '/goform/SafeMacFilter' file. This issue is due to improper handling of input arguments, leading to a buffer overflow condition. As a result, attackers could potentially exe...

A vulnerability exists in CMS Made Simple version 2.2.8, where the News module can be exploited through a specially crafted URL, allowing an unauthenticated attacker to perform blind time-based SQL injection utilizing the m1_idlist parameter. This can potentially expose sensitive information and ...

A vulnerability exists in the REST Plugin of Apache Struts that allows for Remote Code Execution due to the use of an XStreamHandler without type filtering during XML payload deserialization. This flaw, present in specific versions of the software, can be exploited by attackers to execute arbitra...

A vulnerability in Pluck CMS prior to version 4.7.13 enables admin users with privileges to bypass file upload restrictions. This security flaw is exploited through the 'manage files' feature, potentially allowing attackers to execute arbitrary code on the hosting server, leading to unauthorized ...

The Gardyn IoT Hub exhibits a vulnerability where administrative credentials can be extracted via its application API responses, reverse engineering of the mobile application, and the device's firmware. This flaw may grant an attacker full administrative access to the IoT Hub, consequently puttin...

The Super Stage WP WordPress plugin version 1.0.1 is vulnerable to a PHP Object Injection due to unsafe unserialization of user input through the REQUEST method. This vulnerability could potentially allow unauthenticated attackers to manipulate and execute malicious PHP objects, posing a signific...

A vulnerability in Claude Code allowed malicious repositories to exfiltrate sensitive user data, including Anthropic API keys, before users could confirm trust. Attackers could leverage a compromised repository to adjust the configuration to point to their own server. Once the repository was open...

The Google Cloud Vertex AI SDK features a stored cross-site scripting vulnerability in the _genai/_evals_visualization component. This issue affects versions from 1.98.0 up to, but not including, 1.131.0. An unauthenticated attacker can exploit this vulnerability to inject arbitrary JavaScript in...

The openDCIM application version 23.04 contains a security flaw in the report_network_map.php file, where the 'dot' configuration parameter is directly passed to the exec() function without adequate validation or sanitization. This can lead to arbitrary command execution in the context of the web...

The openDCIM application version 23.04 contains a security flaw in the report_network_map.php file, where the 'dot' configuration parameter is directly passed to the exec() function without adequate validation or sanitization. This can lead to arbitrary command execution in the context of the web...

This vulnerability exists in the Oracle Application Development Framework (ADF) within the Oracle Fusion Middleware. It allows unauthenticated attackers with network access via HTTP to exploit ADF, potentially leading to a complete takeover of the affected framework. The vulnerability, which affe...

osCommerce 2.3.4.1 is susceptible to a SQL injection vulnerability that enables unauthenticated attackers to manipulate database queries. By injecting malicious SQL code through the currency parameter, attackers can send crafted GET requests to shopping_cart.php. This enables the extraction of se...

osCommerce 2.3.4.1 is susceptible to a SQL injection vulnerability where attackers can exploit the products_id parameter. By manipulating this parameter in requests to product_info.php, unauthenticated users can inject malicious SQL code. This allows them to extract sensitive information from the...

osCommerce 2.3.4.1 is susceptible to a SQL injection vulnerability that permits unauthenticated attackers to interfere with database queries by injecting malicious SQL code through the 'reviews_id' parameter. This can be exploited by sending specially crafted GET requests to 'product_reviews_writ...

Homey BNB V4 contains a vulnerability that allows unauthenticated attackers to exploit SQL injection in the administration panel login. By manipulating both username and password fields with SQL operators like '=' or 'or', attackers can bypass authentication measures, compromising the security of...

A vulnerability in Oracle WebLogic Server allows an unauthenticated attacker with network access through IIOP or T3 protocols to compromise the server. The attacker can exploit this weakness to execute arbitrary code remotely, potentially taking control of the system. This affects multiple versio...

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS potentially allows remote attackers to execute arbitrary code. This vulnerability particularly impacts configurations using Mobile User VPN with IKEv2 and the Branch Office VPN connected via a dynamic gateway peer. Affected versions i...

A vulnerability has been detected in the SourceCodester Doctor Appointment System 1.0, particularly affecting the registration functionality found in the /register.php file of the Sign Up Page. This vulnerability allows an attacker to manipulate the Email argument, potentially leading to cross si...

A vulnerability has been identified in the web management interface of the Totolink N300RH model version 6.1c.1353_B20190305. This flaw arises from improper handling of the 'webWlanIdx' parameter in the 'setWebWlanIdx' function found in '/cgi-bin/cstecgi.cgi'. Remote attackers can exploit this ov...

A vulnerability has been found in the Snowflake JDBC driver, specifically within the SdkProxyRoutePlanner function. This weakness allows for local exploitation through manipulation of the nonProxyHosts argument, resulting in inefficient regular expression complexity. An attacker could leverage th...

A security flaw identified in jizhiCMS versions up to 2.5.6 involves a SQL injection vulnerability in the Batch Interface component, specifically within the findAll function of frphp/lib/Model.php. By manipulating the argument data, attackers may exploit this vulnerability remotely, enabling unau...

A path traversal vulnerability exists in the Sanluan PublicCMS version 6.202506.d. The flaw resides in the saveMetadata function within the TemplateCacheComponent.java file, which manages template cache generation. An attacker can perform remote manipulation to exploit this weakness, potentially ...

A vulnerability in the firmware update mechanism of Unitree Robotics products raises significant security concerns. The encryption algorithm protecting firmware updates relies on key material that can potentially be accessed by malicious actors. This flaw allows unauthorized users to alter firmwa...

A security flaw exists in the App-side Product Pagination Endpoint of YoulaiTech Youlai-Mall 2.0.0, specifically within the function listPagedSpuForApp in the SpuController.java file. This vulnerability arises from improper handling of user-supplied input, leading to SQL injection through the man...

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

A vulnerability has been found in itwanger Paicoding versions 1.0.0 to 1.0.3, stemming from the Image Save Endpoint function in the ImageRestController. This flaw allows for server-side request forgery through manipulation of the 'img' argument, enabling remote attackers to exploit the applicatio...

A vulnerability exists in the berry-lang Berry software prior to version 1.1.0, specifically in the scan_string function located in src/be_lexer.c. This flaw allows for out-of-bounds reads, which can potentially lead to exposure of sensitive data. The vulnerability requires local access to exploi...

A manipulation in the argument of the vips_extract_area function within the libvips library's conversion module has exposed an integer overflow vulnerability. This issue allows an attacker with local access to exploit the vulnerability, potentially leading to undefined behavior or application cra...

An OGNL injection vulnerability exists in Confluence Server and Data Center, allowing unauthenticated attackers to execute arbitrary code on affected instances. Versions earlier than 7.4.17, and specific ranges of 7.13.x, 7.14.x, 7.15.x, 7.16.x, 7.17.x, and 7.18.x, are vulnerable. This security i...

A vulnerability has been identified in libvips version 8.19.0, specifically within the vips_extract_band_build function located in the extract.c file. This flaw allows for an out-of-bounds read due to improper handling of the extract_band argument. Exploitation of this vulnerability can only occu...

A significant vulnerability has been identified in libvips version 8.19.0, specifically within the vips_unpremultiply_build function located in unpremultiply.c. This flaw allows for an out-of-bounds read when the alpha_band argument is manipulated incorrectly. Notably, this vulnerability must be ...

This vulnerability originates from improper handling of special elements in the CLFS.sys driver, resulting in an unrecoverable inconsistency that can trigger a system crash. Unprivileged users could exploit this weakness to force a system crash by calling the KeBugCheckEx function. Microsoft has ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...