Publicly Disclosed
PoC Exploits

A vulnerability in the Linux kernel's ICMP protocol handling could lead to a kernel panic upon receiving specific ICMP Fragmentation Needed errors. The issue arises from the unconditional dereference of an unregistered protocol's handler, which may result in a NULL pointer dereference. This occur...

Pterodactyl, a widely used free and open-source game server management panel, has a significant vulnerability that allows unauthorized remote code execution. This occurs through the /locales/locale.json endpoint when specific query parameters are manipulated. Attackers exploiting this flaw can ex...

A vulnerability in the Vite frontend tooling framework allows unauthorized access to arbitrary files on the server. If an attacker connects to the Vite development server's WebSocket without an Origin header, they can exploit the custom WebSocket event 'vite:invoke' to retrieve file contents as J...

Apache ActiveMQ Broker is prone to a code injection vulnerability due to improper input validation in the Jolokia JMX-HTTP bridge. By default, this bridge exposes a web console that allows the execution of operations on all ActiveMQ MBeans. An authenticated attacker can exploit this vulnerability...

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

The ActivityPub WordPress plugin prior to version 8.0.2 contains a flaw that allows unauthenticated users to access sensitive content, including drafts, scheduled, and pending posts. This lack of proper filtering enables unauthorized visibility of unpublished materials, potentially leading to inf...

The vulnerability exists within Spring Security when applications define HTTP response headers. In certain configurations, these headers may not be written properly, which might lead to unexpected behavior and potential exposure of sensitive information. This impacts multiple versions across the ...

The Gravity Forms plugin for WordPress has a vulnerability that allows reflected cross-site scripting through the `form_ids` parameter in the `gform_get_config` AJAX action. This issue affects all versions up to and including 2.9.30. It stems from the `GFCommon::send_json()` method outputting JSO...

A path traversal vulnerability present in the Windows version of WinRAR could enable attackers to execute arbitrary code by crafting specially designed malicious archive files. This type of exploitation was observed in the wild, bringing attention to the efforts of security researchers, including...

The Laravel Reverb component, used for real-time WebSocket communication in Laravel applications, is vulnerable due to its handling of data from the Redis channel. In versions 1.6.3 and below, Reverb improperly utilizes PHP’s unserialize() function without adequately restricting the classes that ...

A vulnerability exists in Samsung's Exynos mobile and wearable processors due to improper validation on incoming USB packets. This lack of length checks can potentially lead to out-of-bounds writes, allowing attackers to modify memory contents and execute arbitrary code. The affected processors i...

A vulnerability has been discovered in the Suvarchal Docker MCP Server, specifically in the HTTP Interface's functions such as stop_container, remove_container, and pull_image in the src/index.ts file. This flaw allows for OS command injection, which can potentially be exploited remotely. The iss...

A security issue in Docker Desktop has been discovered, enabling local running Linux containers to communicate with the Docker Engine API through the default Docker subnet. This issue can arise irrespective of whether Enhanced Container Isolation (ECI) is active or if the 'Expose daemon on tcp://...

Versions 1.276.0 through 1.603.2 of Windmill CE and EE have a security flaw in the folder ownership management feature that enables authenticated attackers to exploit SQL through the owner parameter. This vulnerability can lead to the unauthorized reading of sensitive data, including JWT signing ...

Versions 1.276.0 through 1.603.2 of Windmill CE and EE have a security flaw in the folder ownership management feature that enables authenticated attackers to exploit SQL through the owner parameter. This vulnerability can lead to the unauthorized reading of sensitive data, including JWT signing ...

The Gardyn IoT Gardening System has a significant security issue where development and test API endpoints are accessible, mirroring the functionality of production systems. This exposure can be exploited, leading to potential security breaches. It is crucial for users to be aware of this vulnerab...

An unauthorized access vulnerability exists in Gardyn's Smart Garden System, allowing attackers to access a specific administrative endpoint without proper authentication. This exposure could enable malicious actors to manipulate device management functions, posing a security risk to users' syste...

An administrative endpoint in Gardyn's Smart Garden is exposed to unauthorized access due to insufficient authentication controls. This vulnerability allows attackers to interact with administrative features without proper credentials, potentially leading to unauthorized modifications or sensitiv...

A security flaw in Gardyn products allows unauthenticated access to sensitive endpoint information, exposing all user account data for registered users. This vulnerability presents a significant risk, as it enables potential attackers to retrieve personal information without the need for authenti...

A security flaw exists within the Gardyn API that permits authenticated users to access and modify data related to other user profiles. By manipulating the identifier in API calls, an attacker can gain unintended access to sensitive information, potentially leading to unauthorized data exposure a...

The Smart Plant System by Gardyn contains a significant vulnerability involving hardcoded storage credentials within its mobile application and device firmware. These credentials not only lack sufficient restrictions on end-user permissions but also do not have an expiration mechanism in place. T...

The Gardyn IoT Hub exhibits a vulnerability where administrative credentials can be extracted via its application API responses, reverse engineering of the mobile application, and the device's firmware. This flaw may grant an attacker full administrative access to the IoT Hub, consequently puttin...

Weaver E-cology 10.0 prior to version 20260312 is exposed to an unauthenticated remote code execution vulnerability. This occurs in the /papi/esearch/data/devops/dubboApi/debug/method endpoint, which allows malicious actors to execute arbitrary commands. By crafting specific POST requests with at...

The Tianxin Internet Behavior Management System has a command injection vulnerability within its Reporter component. This issue allows unauthenticated attackers to execute arbitrary commands by manipulating the objClass parameter with crafted shell metacharacters and output redirection. If exploi...

Dolibarr ERP/CRM versions prior to 23.0.2 suffer from an authenticated remote code execution vulnerability in the dol_eval_standard() function. This flaw arises from inadequate string checks in whitelist mode and a failure to recognize PHP dynamic callable syntax. An attacker with administrator p...

An issue has been identified in Rack::Session's cookie implementation, where decryption failures in session management are not adequately handled. When configured with secrets, if cookie decryption fails, an incorrect fallback to a default decoder occurs instead of rejecting the cookie. This flaw...

The Link Whisper Free plugin for WordPress prior to version 0.9.1 has a serious issue where its REST API endpoint is publicly accessible. This flaw allows attackers to make unauthorized changes to plugin settings without the need for authentication, potentially leading to data exposure and modifi...

The SQL Chart Builder plugin for WordPress, prior to version 2.3.8, is susceptible to SQL injection due to insufficient input sanitization. Malicious actors could exploit this vulnerability by injecting arbitrary SQL queries through user inputs that are directly concatenated into SQL statements, ...

The Popup Box WordPress plugin versions prior to 5.5.0 have a critical vulnerability where nonces are not properly validated in the add_or_edit_popupbox() function. This flaw permits unauthenticated attackers to execute Cross-Site Request Forgery attacks. If an admin inadvertently visits a compro...

A heap-based buffer overflow vulnerability exists in the __vsyslog_internal function of the glibc library, which is crucial for logging system events through the syslog and vsyslog functionalities. The issue arises if the openlog function is not invoked or if it is invoked with a NULL ident argum...

The gRPC-Go server has a vulnerability that allows an attacker to bypass authorization checks due to improper input validation on the HTTP/2 ':path' pseudo-header. Specifically, versions before 1.79.3 accepted requests with omitted leading slashes in the ':path', allowing unauthorized access to s...

The PJSIP multimedia communication library has a vulnerability related to a heap-based buffer overflow in the DNS parser's name length handler. This issue impacts applications using PJSIP's integrated DNS resolver, which is configured through pjsua_config.nameserver or UaConfig.nameserver setting...

A vulnerability exists within the ngx_http_dav_module of NGINX Open Source and NGINX Plus that can be exploited to trigger a buffer overflow in the NGINX worker process. This scenario is possible when configuration files utilize the DAV module's MOVE or COPY methods combined with specific prefix ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in the itsourcecode Construction Management System 1.0, specifically within the argument handling in the borrowedtool.php file. By manipulating the input parameters, an attacker can execute SQL injection attacks remotely, jeopardizing the security of the system and potentia...

Pydio Cells allows users to create external users for file sharing. However, by altering the HTTP request during this process, it is possible to assign arbitrary roles to new external users. This vulnerability enables an attacker to grant themselves or any other unauthorized user access to all ce...

The parquet-avro module of Apache Parquet versions 1.15.0 and earlier contains a schema parsing vulnerability that enables attackers to execute arbitrary code. It is crucial for users to upgrade to version 1.15.1 or later to mitigate this risk and secure their systems against potential exploitation.

A cross-site scripting vulnerability exists in the Online Hotel Booking 1.0 software, specifically affecting the /booknow.php component. This flaw allows attackers to manipulate the roomname parameter, enabling them to execute arbitrary scripts in the context of another user's browser. The exploi...

A security flaw has been identified in the Totolink A7100RU router, specifically in the function setGameSpeedCfg located in /cgi-bin/cstecgi.cgi. This vulnerability allows for OS command injection through manipulation of the 'enable' argument, potentially enabling an attacker to execute arbitrary...

A security flaw has been identified in the Totolink A7100RU router, specifically within the setFirewallType function of the cstecgi.cgi file. This vulnerability allows attackers to manipulate the firewallType parameter, potentially leading to OS command injection. This threat can be exploited rem...

A vulnerability exists in the Totolink A7100RU router due to improper validation in the setRemoteCfg function of the cstecgi.cgi file. By manipulating the enable argument, an attacker can execute OS commands remotely, potentially compromising the device's security. This exploit has been publicly ...

A vulnerability has been identified in the Totolink A7100RU firmware version 7.4cu.2313_b20191024, specifically within the setNtpCfg function of the cgi-bin/cstecgi.cgi file. This issue arises from improper handling of the 'tz' argument, allowing attackers to perform OS command injection. Such ma...

A security flaw exists in the Totolink A7100RU router, specifically within the setDdnsCfg function of the /cgi-bin/cstecgi.cgi file. This vulnerability allows an attacker to manipulate the 'provider' argument, potentially leading to OS command injection. Such attacks can be executed remotely, mak...

A vulnerability exists in the Tenda CX12L router, specifically within the fromNatStaticSetting function located in the /goform/NatStaticSetting file. This weakness allows an attacker to execute a stack-based buffer overflow by manipulating input arguments. The vulnerability can be exploited remot...

A security vulnerability has been identified in the Tenda CX12L router's handling of the RouteStatic function, specifically affecting the /goform/RouteStatic file. An attacker can exploit this flaw by manipulating the 'page' argument, leading to a stack-based buffer overflow. The nature of this v...

A stack-based buffer overflow vulnerability has been discovered in the Tenda CX12L router version 16.03.53.12, specifically within the fromAddressNat function located in the /goform/addressNat file. This flaw allows an attacker to remotely manipulate the argument page, potentially leading to expl...

A stack-based buffer overflow vulnerability exists in the Tenda CX12L router's webExcptypemanFilter function. By manipulating the 'page' argument within the '/goform/webExcptypemanFilter' endpoint, an attacker with local network access may exploit this issue, potentially leading to remote code ex...

A stack-based buffer overflow vulnerability exists in the Tenda CX12L device, specifically in the fromP2pListFilter function located in the /goform/P2pListFilter file. This vulnerability is triggered by manipulating the 'page' argument and can allow an attacker to execute arbitrary code. The expl...

A use after free vulnerability in the Dawn component of Google Chrome prior to version 146.0.7680.178 allows remote attackers, through a specially crafted HTML page, to execute arbitrary code in the context of the browser's renderer process. This issue represents a significant security risk, as i...

The Meesho Online Shopping App for Android, specifically the component com.meesho.supply, has a vulnerability involving an unknown function within the /api/endpoint. This issue allows for the manipulation of cryptographic algorithms, potentially leading to insecure data handling. Although the com...