Publicly Disclosed
PoC Exploits

CVE-2023-45866 is a Bluetooth vulnerability affecting the BlueZ software, which can lead to the injection of HID messages by unauthenticated devices. This vulnerability could potentially impact Linux-based systems and Ubuntu 22.04LTS. Apple has released patches to fix 12 vulnerabilities on variou...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

A security flaw has been found in OFCMS, specifically in the ComnController component up to version 1.1.3. This vulnerability involves a manipulation of the 'system.user.query' argument in the Query function located in 'ofcms-admin/src/main/java/com/ofsoft/cms/admin/controller/ComnController.java...

Tenda W12 version 3.0.0.7(4763) contains a vulnerability in the set_local_time_0 function located in the /bin/httpd file. The flaw allows for a remote attacker to manipulate the Time argument, leading to a stack-based buffer overflow. This vulnerability can be exploited remotely and has publicly ...

A stack-based buffer overflow vulnerability exists in the Tenda W12 router due to improper handling of the wifiMacFilterSet.macList.mac argument in the cgiWifiMacFilterSet function of /bin/httpd. This vulnerability can be exploited remotely, enabling attackers to execute arbitrary code or cause d...

A denial of service vulnerability exists in the Tenda W12's Web Management Interface, specifically within the cgiSysWebTimeoutSet function of the httpd server component. This vulnerability arises from improper handling of the 'web_over_time' parameter, allowing an attacker to manipulate backend s...

A vulnerability exists in the Tenda W12 firmware 3.0.0.7(4763), specifically in the cgiSysTimeInfoSet function within the /bin/httpd file. By manipulating the 'sec' argument, an attacker can trigger a stack-based buffer overflow, allowing for potential remote exploitation. This vulnerability pose...

A vulnerability has been identified in Tenda W12 version 3.0.0.7(4763) that affects the function cgistaKickOff located in the /bin/httpd file. By manipulating the 'staMac' argument, an attacker can trigger a stack-based buffer overflow, potentially allowing remote code execution. This exploit has...

A stack-based buffer overflow vulnerability has been identified in the Totolink N300RH's Web Management Interface, specifically within the setWiFiBasicConfig function of the wireless.so component. This issue arises from improper handling of the KeyStr argument, which allows remote attackers to ex...

A significant security flaw exists in the code-projects Online Hospital Management System version 1.0, specifically within the /patient.php file. This vulnerability allows attackers to manipulate the 'editid' argument, resulting in SQL injection attacks. The nature of this vulnerability is such t...

A security vulnerability has been detected in the SourceCodester Hospitals Patient Records Management System version 1.0 that allows for SQL injection through manipulation of the argument ID in the file /classes/Users.php?f=save. This flaw can potentially be exploited remotely, permitting attacke...

A vulnerability has been discovered in SourceCodester's Hospitals Patient Records Management System Version 1.0, located in the file /classes/Users.php?f=delete. This flaw allows attackers to manipulate the argument ID, facilitating SQL injection attacks. The vulnerability can be exploited remote...

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically within the formWlanSetup function of the /goform/formWlanSetup file. This flaw arises from improper handling of the 'enrollee' argument, allowing attackers to potentially exploit the vu...

A command injection vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically in the formWlanSetup function within the file /goform/formWlanSetup. This issue arises when an attacker manipulates the 'enrollee' argument, allowing them to execute arbitrary commands remotely. ...

A vulnerability in the TRENDnet TEW-432BRP router allows for remote exploitation due to a stack-based buffer overflow in the formSysCmd function. By manipulating the submit-url argument, attackers can exploit this vulnerability to execute malicious actions. It's important to note that this router...

OpenCATS versions up to 0.9.7.4 are vulnerable to an SQL injection attack via the sortDirection parameter in the DataGrid component. Authenticated users can exploit this flaw by injecting malicious SQL code through the ajax/getDataGridPager.php endpoint. This exploitation allows for time-based bl...

OpenCATS versions up to 0.9.7.4 are vulnerable to an SQL injection attack via the sortDirection parameter in the DataGrid component. Authenticated users can exploit this flaw by injecting malicious SQL code through the ajax/getDataGridPager.php endpoint. This exploitation allows for time-based bl...

A command injection vulnerability exists in the TRENDnet TEW-432BRP router, specifically in the formSysCmd function located in the /goform/formSysCmd file. This vulnerability allows attackers to manipulate the sysCmd argument, potentially permitting remote command execution. As this product has b...

The TRENDnet TEW-432BRP router exhibits a severe flaw in its handling of the formSetWlanEncrypt function, leading to a stack-based buffer overflow. This vulnerability allows remote attackers to exploit the system by manipulating the webpage argument, potentially leading to unauthorized access or ...

A vulnerability has been identified in code-projects Online Music Site 1.0, specifically in the AdminEditAlbum.php file. This issue arises from improper handling of user-supplied input, enabling an attacker to execute SQL injection attacks by manipulating the 'ID' argument. The potential for expl...

A critical security flaw has been discovered in Aider-AI Aider version 0.86.3, specifically in the AWS EC2 Metadata Endpoint implementation. The vulnerability resides in the requests.get function found in the api_docs.py file, allowing for potential server-side request forgery attacks. This issue...

Aider-AI Aider version 0.86.3 contains a vulnerability within its Code Generation Workflow component, allowing for SQL injection. This security flaw can be exploited remotely, potentially leading to unauthorized access to sensitive data. Publicly available exploits increase the risk of attacks, a...

A significant security vulnerability exists in the Aider-AI Architect Mode, specifically within the auth.py component's editor_coder.run function. This flaw allows for code injection through manipulation, which could be exploited remotely. The exploit has already been made public, increasing the ...

A significant security issue has been found in the Aider-AI software, specifically in the Pre-commit Hook Handler function within the 'aider/args.py' file. This vulnerability allows manipulation of the 'git-commit-verify' argument, leading to a failure in the built-in protection mechanisms. This ...

The OrderConvo WordPress plugin for WooCommerce, prior to version 14, contains a vulnerability that fails to properly validate the paths for downloadable files. This oversight enables an unauthenticated attacker to exploit a path traversal flaw, potentially allowing them to read or download arbit...

A cross site scripting vulnerability exists in Orthanc Explorer versions up to 1.12.0, specifically within an unknown function in the file WebApplication/src/components/StudyList.vue. This flaw is due to inadequate validation of the 'remote-source' argument, enabling attackers to exploit the vuln...

A security flaw exists in the Bdtask Multi-Store Inventory Management System version 1.0, specifically within the Upload function located in the application/modules/dashboard/controllers/Module.php file of the Component Module. This vulnerability allows for unrestricted file uploads by manipulati...

A SQL injection vulnerability exists in code-projects' Online Music Site 1.0, specifically in the /Administrator/PHP/AdminUpdateAlbum.php file. This issue arises due to improper handling of the ID parameter, enabling attackers to manipulate SQL queries and potentially gain unauthorized access to ...

A SQL injection vulnerability has been identified in the Visitor Management System 1.0 by Code-Projects. This flaw resides in the /vms/php/phone_0.php file, where manipulation of the 'phone' argument allows for unauthorized access and execution of SQL commands by attackers. The exploit can be per...

A vulnerability exists in the Forgot Password Endpoint of the OUSL-GROUP-BrinaryBrains School Student Management System, specifically affecting the ajax_forgot_password function in the Login.php file. This vulnerability can lead to weak password recovery mechanisms, which may allow attackers to e...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

A vulnerability in PaperCut NG allows remote attackers to bypass authentication due to improper access control within the SetupCompleted class. This can lead to the execution of arbitrary code with SYSTEM privileges, posing significant security risks. Attackers do not need to authenticate to expl...

A security vulnerability has been identified in the OUSL-GROUP-BrinaryBrains School Student Management System where the 'marks' function in 'application/controllers/Parents.php' is susceptible to an improper control of resource identifiers issue. This flaw allows remote attackers to manipulate th...

A vulnerability exists in the GlobalProtect feature of Palo Alto Networks PAN-OS software, allowing for arbitrary file creation. This issue can be exploited by an unauthenticated attacker to execute code with root privileges on the affected firewall systems. Specific configurations and versions a...

A vulnerability has been detected in the OUSL-GROUP BrinaryBrains School Student Management System, affecting the sign_auth_cookie function within the Login.php file of the MY_Controller component. By manipulating the role argument, an attacker can gain unauthorized access, compromising the syste...

A command injection vulnerability has been identified in the Edimax BR-6478AC router. Specifically, the issue lies within the formWlbasic function located in the /goform/formWlbasic file, where improper handling of the rootAPmac argument can allow an attacker to execute arbitrary commands. This v...

A buffer overflow vulnerability exists in the Edimax BR-6478AC router, specifically within the function formWanTcpipSetup located in the file /goform/formWanTcpipSetup. This issue arises from inadequate handling of the pppUserName argument, potentially allowing a remote attacker to execute arbitr...

A vulnerability has been identified in the Edimax BR-6478AC router version 1.23. This buffer overflow occurs in the formUSBFolder function found within the POST Request Handler. An attacker can manipulate the ShareName/SelectName argument, allowing for unauthorized access and remote exploitation....

A buffer overflow vulnerability exists in the Edimax BR-6478AC router, specifically within the formUSBAccount feature of the POST Request Handler. This vulnerability allows an attacker to manipulate the UserName and Password arguments, potentially leading to remote exploitation. The issue has bee...

A vulnerability has been identified in the TRENDnet TEW-432BRP that allows for a stack-based buffer overflow through the formSetPassword function in the /goform/formSetPassword endpoint. By manipulating the 'webpage' argument, an attacker could potentially exploit this flaw remotely. It is import...

A stack-based buffer overflow vulnerability has been identified in the TRENDnet TEW-432BRP 3.10B20 router. The flaw lies within the 'formResetStatistic' function in the /goform/formResetStatistic file, where improper handling of the 'status_statistic' argument allows for remote exploitation. Unfo...

A security vulnerability has been identified in the TRENDnet TEW-432BRP router, specifically within the formSetEnableWizard function. This issue allows an attacker to exploit a stack-based buffer overflow by manipulating the start_wizard argument. Importantly, this vulnerability can be remotely t...

The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress suffers from a significant vulnerability due to its improper handling of JSON Web Tokens (JWT). Versions up to and including 6.26.12 do not adequately verify or validate the signatures of incoming tokens in the `get_resource_owner...

A vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the handle_amf_info function located in the /lib/sbi/nnrf-handler.c file of the nf-instances Endpoint. This vulnerability allows for a manipulation of the nf_info_pool argument, which can lead to excessive re...

A vulnerability exists in Bdtask Multi-Store Inventory Management System 1.0, specifically impacting the accounts_report_search function within the Accounts Report Handler. By manipulating the dtpToDate argument, attackers can execute SQL injection attacks, allowing for unauthorized access to the...

A significant flaw exists in the function Search within the CicadasCMS platform created by Westboy. The vulnerability is located in the AbstractCacheManager.java file, where an argument manipulation can lead to cross site scripting attacks. This enables potential attackers to execute malicious sc...

The WP Maps Pro plugin contains a vulnerability that allows unauthenticated attackers to escalate their privileges by creating a new administrator account. This occurs due to insufficient protection around a public AJAX action, which can be exploited using a nonce that is easily accessible. By in...

A vulnerability has been identified in the TaleLin lin-cms-spring-boot product, specifically affecting the book endpoint within the BookController.java file. This issue allows for improper access controls, potentially enabling remote attackers to manipulate backend processes and gain unauthorized...

The authentication bypass vulnerability in Palo Alto Networks' PAN-OS software presents a significant security risk by allowing unauthorized access to the GlobalProtect portal and gateway. This flaw enables attackers to circumvent authentication mechanisms, potentially gaining unauthorized VPN co...

Marimo, a reactive Python notebook, exhibits a significant security vulnerability prior to version 0.23.0. The terminal WebSocket endpoint (/terminal/ws) allows unauthenticated access, enabling attackers to gain a complete pseudo-terminal shell and execute arbitrary commands on the host system. U...