Publicly Disclosed
PoC Exploits

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

GNU Bash versions up to 4.3 are vulnerable to a code injection flaw due to the mishandling of trailing strings after function definitions in environment variables. This vulnerability enables remote attackers to execute arbitrary code by crafting specific environment variables under various condit...

A critical vulnerability found in Oracle WebLogic Server allows unauthenticated attackers with network access through T3 and IIOP to exploit the system. Successful exploitation gives attackers unauthorized access to sensitive data, potentially leading to complete control over all data accessible ...

An SQL injection vulnerability has been identified in the Code-Projects Student Admission System 1.0, specifically within the unknown function in the /index.php file. This flaw allows attackers to manipulate the argument 'eid/did', potentially compromising the database. The exploitation can be ex...

The Swiper framework, widely used for mobile touch slider functionality, contains a prototype pollution issue affecting versions 6.5.1 to 12.1.1. The vulnerability exists due to improper handling of user input in shared/utils.mjs, specifically at line 94 where the indexOf() function fails to adeq...

A vulnerability has been identified in the Sayan365 Student Management System that facilitates improper authentication across multiple endpoints. The flaw allows remote attackers to bypass authentication mechanisms, potentially leading to unauthorized access. Although the project has been notifie...

The Kirki Freeform Page Builder plugin for WordPress is susceptible to privilege escalation due to a flaw in its password reset functionality. Versions 6.0.0 to 6.0.6 permit attackers to utilize an arbitrary email address when submitting password reset requests, potentially allowing unauthorized ...

A vulnerability has been identified in the GoClaw product by nextlevelbuilder, specifically in the resolveAuth function of the Webhook Verification Handler component. This flaw can result in unauthenticated access, allowing a remote attacker to exploit the issue. The vulnerability was publicly di...

A vulnerability in GoClaw by nextlevelbuilder, specifically within the Team Task Completion Handler, allows attackers to exploit the TeamTasksTool.executeComplete function. This weakness facilitates remote attacks due to a lack of required authorization checks during the execution of team task co...

MCPJam Inspector, designed for local-first development on MCP servers, has a vulnerability allowing remote code execution (RCE) due to improper binding settings. In versions 1.4.2 and earlier, the platform listens on 0.0.0.0 by default, enabling attackers to exploit this configuration through cra...

In the Linux kernel, a flaw in the BPF interpreter's handling of signed 32-bit division and modulo operations can lead to undefined behavior. Specifically, the kernel's abs() macro fails when applied to the minimum value of a signed 32-bit integer, resulting in incorrect calculations and potentia...

Podinfo versions up to 6.9.0 are susceptible to an arbitrary file upload vulnerability due to improper validation in the /store endpoint. This allows attackers to upload malicious files through crafted POST requests. The lack of a restrictive Content-Security-Policy (CSP) and inadequate Content-T...

The Really Simple Security plugin for WordPress, prior to version 9.5.10.1, inadequately implements the second-factor authentication challenge in its REST endpoints. This flaw allows attackers who have compromised a user's password to bypass the email OTP requirement, enabling them to gain unauth...

A security flaw has been identified in the GoClaw product by nextlevelbuilder, specifically within the TTS Configuration Endpoint (file internal/http/tts_config.go). This vulnerability enables attackers to conduct server-side request forgery (SSRF) attacks, potentially allowing them to send unaut...

A vulnerability has been identified in itsourcecode Fees Management System version 1.0, specifically within the /manage_payment.php file. The vulnerability stems from an insufficient validation of user inputs, which allows for SQL injection attacks through the manipulation of the 'ID' parameter. ...

A security vulnerability has been identified in CordysCRM up to version 1.4.1, specifically in the Save function of the ModuleFormService.java file. This vulnerability allows attackers to manipulate the Description argument, leading to potential cross-site scripting (XSS) attacks that can be exec...

A deserialization vulnerability has been identified in FoundationAgents MetaGPT versions up to 0.8.2. This flaw resides within the Message.check_instruct_content function located in the metagpt/schema.py file. By manipulating the argument mapping, an attacker can exploit the vulnerability, enabli...

A security vulnerability has been identified in Open5GS, specifically within the NGAP Handover component, affecting versions up to 2.7.6. The flaw resides in the gmm_state_security_mode function of the source file src/amf/gmm-sm.c. Successful exploitation of this issue can trigger a race conditio...

A security flaw has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0. This vulnerability exists in the /index.php file, where an unknown function can be manipulated through the 'page' argument. This manipulation allows for remote file inclusion, potentially leading to un...

A vulnerability exists in the SourceCodester Pizzafy Ecommerce System 1.0 that allows unauthorized file inclusion through a compromised call to the /admin/index.php file. This vulnerability can be exploited remotely, enabling attackers to manipulate the 'page' argument, potentially leading to exp...

A command injection vulnerability exists in the elunez eladmin application due to improper handling of the uploadPath argument in the Application Deployment Module. This weakness can allow remote attackers to execute arbitrary commands on the server through crafted requests. Public exploits for t...

A security vulnerability has been discovered in NousResearch's hermes-agent, specifically affecting the Credential Pool Synchronization component. This flaw arises from the function _sync_anthropic_entry_from_credentials_file within the agent/credential_pool.py file, which allows for improper aut...

A vulnerability has been discovered in the Task Scheduling Management Module of westboy's CicadasCMS, specifically within the ScheduleJobController.java file. This weakness allows malicious actors to execute remote cross site scripting (XSS) attacks, potentially leading to unauthorized access or ...

A security flaw has been identified in the Orthanc DICOM Server, specifically within the DcmItem::read function in the DCMTK Parser component. This vulnerability allows for a stack-based buffer overflow when manipulated, posing a risk during local attacks. The public release of an exploit intensi...

A security vulnerability exists in 1Panel-dev CordysCRM affecting versions up to 1.6.2, specifically within the RequestParamTrimConfig.java file. This flaw allows attackers to manipulate an unspecified function, resulting in cross-site scripting (XSS) vulnerabilities. Successfully exploiting this...

A vulnerability exists in the itsourcecode Fees Management System 1.0 that allows for SQL injection through the manipulate of the ID argument in the /manage_fee.php file. This security flaw can be exploited remotely, permitting unauthorized access to the database and potentially leading to data e...

A vulnerability has been identified in the itsourcecode Fees Management System 1.0, specifically within the index.php file. This vulnerability arises due to improper handling of the 'page' argument, allowing attackers to execute cross-site scripting (XSS) attacks. The manipulation can be performe...

A security vulnerability has been identified in SGLang version 0.5.10.post1, specifically within the Inference HTTP Endpoint's lora_manager.py file. This flaw is linked to the manipulation of the lora_path argument, potentially leading to a reachable assertion that could be exploited remotely. Wi...

A vulnerability has been discovered in the Online Hospital Management System, specifically in the handling of the viewdoctortimings.php file. This weakness allows attackers to manipulate the 'delid' argument, leading to improper control over resource identifiers. The issue can be exploited remote...

A security flaw has been identified in ggml-org's whisper.cpp, specifically in the function whisper_model_load found in the file ggml/src/ggml.c. This vulnerability leads to a null pointer dereference, which can be exploited by malicious actors if they have local access to the system. Although th...

The Dasel command-line tool, widely used for querying and transforming data structures, has a vulnerability that can lead to Denial of Service. Versions 3.0.0 through 3.3.0 allow an attacker to exploit the YAML reader's `UnmarshalYAML` implementation. By providing specially crafted YAML files, an...

A vulnerability exists in the itsourcecode Fees Management System 1.0 that permits SQL injection through manipulation of the ID argument in /manage_course.php. This security flaw enables attackers to remotely execute malicious queries, exposing sensitive data and allowing unauthorized access to t...

Strapi, an open-source headless content management system, has a vulnerability in versions ranging from 4.0.0 to 5.36.0 that stems from inadequate sanitization of query parameters during content filtering. This flaw allows unauthenticated attackers to exploit the `where` query parameter on public...

A vulnerability exists in the itsourcecode Fees Management System version 1.0 within the ajax.php file. An attacker can exploit this vulnerability by manipulating the Username parameter, which may lead to unauthorized SQL execution. This type of attack can be conducted remotely, and it has been p...

A vulnerability in the SourceCodester Customer Review App version 1.0 was identified that allows attackers to trigger denial of service through the functions add_review, save_review, and get_all_reviews in the review_app.py file. This issue arises when an attacker manipulates the arguments name a...

A vulnerability has been discovered in the PackageKit API, specifically within the g_file_test function of the pk-transaction.c component. This issue arises when the frontend-socket argument is manipulated, which can lead to improper authorization. As a result, attackers may exploit this vulnerab...

A vulnerability exists in UTT HiPER 1200GW that allows for a stack-based buffer overflow due to improper handling of user input in the 'strcpy' function within the '/goform/formFireWall' file. This issue can potentially enable remote exploitation by manipulating the 'Profile' argument, leading to...

Pixa Bank version 2.0 contains a critical SQL injection vulnerability that enables attackers to execute unauthorized SQL code via the 'rib' parameter. By sending specially crafted POST requests to the agence-ajax.php endpoint, invaders can manipulate the database to retrieve sensitive user inform...

ZeusCart 4.0 is susceptible to a cross-site request forgery vulnerability that enables attackers to execute unauthorized actions by tricking victims into loading malicious links. This exploit allows attackers to deactivate customer accounts through a crafted request sent to the regstatus endpoint...

WP AutoSuggest version 0.24 is susceptible to SQL injection, permitting unauthenticated attackers to execute arbitrary SQL code. By manipulating the 'wpas_keys' parameter in GET requests directed at 'autosuggest.php', attackers can extract sensitive information from WordPress databases, including...

The JE Photo Gallery component version 1.1 for Joomla is susceptible to an SQL injection vulnerability. This allows attackers to exploit the categoryid parameter in GET requests to index.php, enabling them to execute arbitrary SQL queries. Consequently, sensitive information, including usernames ...

The Arm Whois version 3.11 is susceptible to a buffer overflow vulnerability that enables local attackers to execute arbitrary code. This security flaw occurs when an attacker crafts a malicious input file with a specific 672-byte offset capable of overwriting critical pointers in the structured ...

No-Cms 1.0 has a significant SQL injection vulnerability in the order_by parameter of the manage_privilege export endpoint. This flaw allows authenticated attackers to manipulate database queries by sending crafted POST requests to the specific endpoint. By injecting malicious SQL code into the o...

Paroiciel 11.20 contains a vulnerability that allows authenticated attackers to execute arbitrary SQL queries through the eGeqIdEquipe parameter. By sending specially crafted GET requests to the egeq.php endpoint with malicious SQL payloads, attackers may extract sensitive database information su...

Arm Whois version 3.11 contains a stack-based buffer overflow that can be exploited by remote attackers to execute arbitrary code. By providing oversized input exceeding 658 bytes in the IP address or domain field, attackers can leverage this flaw to overwrite the structured exception handler, ul...

A vulnerability has been identified in UTT HiPER 1200GW, specifically in the strcpy function of the /goform/formTaskEdit file. This vulnerability allows for a stack-based buffer overflow, which can be exploited remotely. An attacker can manipulate data to overflow the stack, potentially leading t...

A vulnerability exists in the Hotel and Tourism Reservation System 1.0, primarily affecting an unknown function within the tour.php file, associated with the GET Parameter Handler. This flaw enables an SQL injection attack, which can be remotely exploited through manipulating the 'tour' argument....

A security flaw exists within the Hotel and Tourism Reservation System 1.0, specifically in an unrecognized function located in the file /ht/tour.php. This vulnerability allows an attacker to exploit certain parameters such as name, email, people, or number, leading to cross-site scripting (XSS) ...

A security vulnerability identified in the Hotel and Tourism Reservation System version 1.0 impacts the functionality of the password verification process in the admin login module. It allows an attacker to manipulate the password argument within the /admin/login.php file, leading to improper aut...

The SourceCodester SEO Meta Tag Extractor version 1.0 is susceptible to a server-side request forgery (SSRF) vulnerability due to improper handling of the 'url' argument in the get_headers function within the /index.php file. This flaw allows an attacker to craft malicious requests that could lea...