Publicly Disclosed
PoC Exploits

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

The Airoha Bluetooth audio SDK contains a vulnerability that enables a permission bypass, granting unauthorized access to sensitive data associated with the RACE protocol via Bluetooth LE GATT service. This flaw allows potential escalations in privilege without requiring additional execution priv...

A security vulnerability has been identified in Npitre cramfs-tools versions up to 2.1, specifically within the do_directory function in cramfsck.c. This issue allows local attackers to manipulate the path and access restricted directories through path traversal exploits. The problem has been pub...

A security flaw has been identified in the D-Link DNS-320, specifically in the /cgi-bin/webfile_mgr.cgi file management functionalities. This vulnerability allows attackers to perform OS command injection, enabling unauthorized remote manipulation of file operations such as delete, rename, copy, ...

A significant vulnerability has been found in the D-Link DNS-320 ShareCenter NAS, particularly in the network_mgr.cgi script. This vulnerability allows remote attackers to inject operating system commands via specific parameters in multiple CGI functions. Given that the exploit is already publicl...

A vulnerability exists in Open5GS up to version 2.7.7 within the SMF component's ogs_nas_parse_qos_rules function. An attacker can remotely exploit this flaw through crafted inputs, resulting in denial of service. The issue has been publicly disclosed, highlighting significant risks for users and...

A vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the SMF component in the function smf_nsmf_handle_create_sm_context. This vulnerability allows for manipulation that can lead to a denial of service, enabling remote exploitation. Despite being reported early...

A vulnerability in Open5GS’s SMF component, specifically within the OpenAPI_list_create function, allows a remote attacker to execute a denial of service attack. This issue has been disclosed publicly, making affected installations potentially vulnerable to disruptions. The Open5GS project was no...

A vulnerability has been identified in Open5GS versions up to 2.7.7, specifically in the SMF component's function smf_nsmf_handle_created_data_in_vsmf. This flaw allows attackers to initiate remote denial of service attacks, disrupting the service's functionality. Despite being reported, there ha...

A vulnerability exists in Open5GS versions up to 2.7.7, specifically in the gsm_build_pdu_session_establishment_accept function located in /src/smf/gsm-build.c. This flaw allows an attacker to remotely exploit the vulnerability, resulting in a denial of service. Despite initial reporting to the p...

A vulnerability exists within the Android kernel's binder subsystem, where improper locking in the binder_release_work function can result in a use-after-free condition. This flaw enables a local attacker to escalate their privileges on the device without requiring any additional execution permis...

A security vulnerability has been identified in the Tenda AC6 router firmware version 15.03.06.23, specifically in the get_log_file function of the httpd component. This issue arises from improper handling of the 'wans.flag' argument, which can lead to OS command injection attacks. Malicious acto...

A vulnerability has been discovered in the Tenda AC6 router affecting firmware version 15.03.06.23. Specifically, the flaw resides within the formWifiApScan function located in the httpd component of the router's software. By manipulating the wl2g.public.country or wl5g.public.country arguments, ...

A security flaw exists in the Tenda AC6 router's firmware version 15.03.06.49_multi_TDE01, specifically in the functionality associated with the fromSetWirelessRepeat function. This vulnerability allows for OS command injection through manipulation of the mac/ssid parameters within the /goform/Wi...

A vulnerability in Devs Palace ERP Online versions up to 4.0.0 allows attackers to execute arbitrary JavaScript code via an inadequate validation mechanism in the /accounts/chart-save endpoint. This flaw can be exploited remotely and poses a risk for users as it enables the injection of malicious...

A vulnerability affecting Squirrel versions up to 3.2 is identified, stemming from issues in the SQFunctionProto::Load function located in the squirrel/sqobject.cpp file. This vulnerability enables a heap-based buffer overflow, which can be triggered through local execution. Publicly disclosed ex...

A buffer overflow vulnerability affects the D-Link DCS-935L camera models running firmware versions up to 1.10.01. The flaw exists in the SetDeviceSettings function of the HNAP Service, located at /web/cgi-bin/hnap/hnap_service. This vulnerability enables an attacker to manipulate the AdminPasswo...

A vulnerability has been discovered in the Tenda AC6 router affecting the HTTP daemon component, specifically within the '/goform/telnet' function. This issue arises from improper handling of the 'lan.ip' argument, which can lead to OS command injection. Attackers can exploit this vulnerability r...

A vulnerability has been identified in the Squirrel library, particularly affecting versions up to 3.2. This flaw exists within the 'validate_format' function located in 'sqstdlib/sqstdstring.cpp'. An attacker with local access can manipulate this function, leading to a stack-based buffer overflo...

A vulnerability in WebAssembly Binaryen's BrOn Parser has been identified, which can lead to a Denial of Service condition. Specifically, the issue lies within the function IRBuilder::makeBrOn in the wasm-ir-builder.cpp file. Manipulation of this function could trigger a reachable assertion failu...

A significant vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the SMF component's function smf_nsmf_handle_create_data_in_hsmf. This issue allows attackers to exploit a null pointer dereference, which can lead to denial of service. Importantly, this vulnerab...

A denial of service vulnerability has been identified in the Open5GS SMF, specifically in the function update_authorized_pcc_rule_and_qos located in the file /src/smf/npcf-handler.c. This vulnerability allows an attacker to disrupt the service functionality remotely by performing manipulation on ...

A denial of service vulnerability has been identified in Open5GS versions up to 2.7.7, specifically affecting the SMF component. The issue arises from a flaw in the function smf_n4_build_qos_flow_to_modify_list located in the /src/smf/n4-build.c file. This vulnerability allows remote attackers to...

A vulnerability in Open5GS SMF impacting version 2.7.7 allows unauthorized manipulation of the function update_authorized_pcc_rule_and_qos within the source file /src/smf/npcf-handler.c. This results in a Denial of Service (DoS) condition, permitting remote exploitation. Despite being reported to...

A vulnerability in Open5GS, specifically within the SMF component, has been identified that could lead to a denial of service. The issue lies within the function update_authorized_pcc_rule_and_qos in the npcf-handler.c file. This flaw, present in versions up to 2.7.7, can be exploited remotely, p...

The File Manager plugin for WordPress prior to version 6.9 contains a vulnerability that permits remote attackers to upload and execute arbitrary PHP code. The issue arises from the renaming of an insecure example elFinder connector file to have a .php extension. This flaw facilitates attackers t...

An identified vulnerability in OpenClaw products before version 2026.1.29 allows the software to retrieve a gateway URL from a query string. This triggers an automatic WebSocket connection, which then sends a sensitive token value without user interaction. This flaw may expose users to unauthoriz...

The LangChain framework, designed for building agents and LLM-powered applications, contains a serialization injection vulnerability in its dumps() and dumpd() functions. This flaw arises from the handling of user-controlled data, specifically when dictionaries containing 'lc' keys are serialized...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The Relevanssi – A Better Search plugin for WordPress presents a vulnerability that allows time-based SQL injection through the cats and tags query parameters. This issue affects all versions up to and including 4.24.4 for free and 2.27.4 for premium users. The vulnerability arises from inadequat...

The CUPS printing system, which is widely used for managing print jobs, has a vulnerability in its cups-browsed component that allows for network printing functionality such as auto-discovery of print services. This component binds to INADDR_ANY:631, which leads to a scenario where it will accept...

OpenCart version 3.0.3.7 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that enables attackers to modify user passwords. By sending carefully crafted requests to the account/password endpoint, an attacker can manipulate authenticated users into executing actions without their...

The Picture Gallery plugin for WordPress, version 1.4.2, is susceptible to a stored cross-site scripting (XSS) vulnerability. This security flaw allows authenticated users to utilize the Edit Content URL field in the Access Control settings to inject malicious JavaScript code. The injected script...

Advanced Guestbook version 2.4.4 contains a persistent cross-site scripting vulnerability that affects the smilies administration interface. Authenticated attackers can exploit this flaw by injecting malicious scripts through the s_emotion parameter. When administrators access the smilies tab, an...

CyberPanel 2.1 is affected by a command execution vulnerability that enables authenticated attackers to exploit symlink attacks via the filemanager controller endpoint. By manipulating the completeStartingPath parameter in POST requests directed to /filemanager/controller, adversaries can create ...

The GetPaid Plugin for WordPress, version 2.4.6, is vulnerable to an HTML injection flaw that allows authenticated users to inject arbitrary HTML code into the Help Text field within payment forms. This exploitation can lead to the insertion of malicious content, including scripts and images, whi...

Projectsend r1295 has a vulnerability that allows authenticated attackers to exploit a stored cross-site scripting flaw. By submitting specially crafted input through the 'name' parameter in files-edit.php, attackers can embed malicious JavaScript. This script executes in the browsers of users wh...

OpenCart 3.0.36 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that can be exploited by attackers to manipulate user account details. This issue resides in the /account/edit endpoint, permitting unauthorized alterations to victim account information. By luring users into visi...

The Argus Surveillance DVR 4.0 is susceptible to a local privilege escalation vulnerability due to an unquoted service path in the DVRWatchdog service. Attackers can exploit this flaw by placing a malicious executable in the Program Files directory. Upon starting the service, the malicious execut...

memono Notepad version 4.2 is susceptible to a denial of service vulnerability that can be exploited by attackers to crash the application. By pasting excessively long character buffers—around 350,000 repeated characters—into the note fields, attackers can cause the application to become unstable...

TextPattern CMS 4.8.7 has a significant flaw that allows authenticated users to upload malicious PHP files through a file upload feature. This vulnerability enables attackers to execute arbitrary commands on the server by leveraging the content management system's file handling capabilities. By u...

TextPattern CMS 4.8.7 has a significant flaw that allows authenticated users to upload malicious PHP files through a file upload feature. This vulnerability enables attackers to execute arbitrary commands on the server by leveraging the content management system's file handling capabilities. By u...

The Download From Files plugin for WordPress, up to version 1.48, is vulnerable to an arbitrary file upload issue that can be exploited by unauthenticated attackers. By sending POST requests to the admin-ajax.php endpoint with specifically crafted payloads, attackers can manipulate the allowExt p...

The Survey & Poll plugin for WordPress, specifically version 1.5.7.3, is susceptible to an SQL injection vulnerability. This issue permits unauthenticated attackers to execute arbitrary SQL queries through the wp_sap cookie parameter. By crafting malicious SQL payloads, an attacker can potentiall...

Evolution CMS version 3.1.6 has a security flaw that enables authenticated users with module creation permissions to inject malicious PHP code, leading to potential remote code execution. By crafting crafted POST requests to /manager/index.php with harmful code in the 'post' parameter, an attacke...

ImpressCMS 1.4.2 has a vulnerability in the autotasks administrative interface that enables authenticated users to execute arbitrary PHP code. This is accomplished by injecting malicious code into the sat_code parameter. When attackers authenticate and send a POST request to /modules/system/admin...

The e107 CMS version 2.3.0 is susceptible to a remote code execution vulnerability, granting authenticated users with theme installation permissions the ability to exploit the system. By uploading specially crafted theme files through the theme.php endpoint, attackers can deploy web shells in the...

Sentry 8.2.0 is vulnerable to a remote code execution attack that can be exploited by authenticated superusers. By injecting malicious pickle-serialized objects into the audit log entry data parameter, attackers can send specially crafted POST requests to the admin audit log endpoint. This exploi...

OpenCATS version 0.9.4 is susceptible to a remote code execution vulnerability that enables unauthenticated attackers to execute arbitrary commands on the server. This exploit occurs when malicious PHP files, disguised as resume attachments, are uploaded through the careers job application endpoi...

The MStore API version 2.0.6 for WordPress is susceptible to an arbitrary file upload vulnerability. Unauthenticated attackers can exploit this weakness by crafting POST requests directed at the REST API endpoint, specifically the config_file endpoint. This flaw allows attackers to upload malicio...