Publicly Disclosed
PoC Exploits

A security flaw in the itsourcecode University Management System version 1.0 permits remote attackers to exploit cross site scripting vulnerabilities via manipulation of the 'st_name' parameter in the /admin_single_student_update.php file. This issue can lead to unauthorized script execution in u...

A security flaw has been identified in the itsourcecode Online Doctor Appointment System 1.0, specifically related to the processing of the 'appointment_id' parameter in the /admin/appointment_action.php file. This vulnerability enables an attacker to execute SQL injection attacks remotely, poten...

A security vulnerability in the itsourcecode Online Frozen Foods Ordering System version 1.0 allows for SQL injection through the /admin/admin_edit_supplier.php file. By manipulating the Supplier_Name argument, an attacker could execute arbitrary SQL commands. This vulnerability can be exploited ...

A vulnerability has been discovered in the itsourcecode Online Frozen Foods Ordering System 1.0, specifically in the /admin/admin_edit_employee.php file. This weakness can be exploited through manipulation of the First_Name argument, leading to SQL injection attacks. As it allows remote attackers...

A security vulnerability has been identified in the itsourcecode Online Frozen Foods Ordering System version 1.0, specifically in the /admin/admin_edit_menu.php file. The vulnerability allows attackers to exploit a flaw by manipulating the 'product_name' argument, facilitating SQL injection attac...

A vulnerability has been discovered in the itsourcecode Online Frozen Foods Ordering System version 1.0, specifically within the file /admin/admin_edit_menu_action.php. This issue arises from improper handling of the product_name argument, which can be exploited to perform SQL injection attacks. ...

A command injection vulnerability exists in the Comfast CF-AC100 (version 2.6.0.8) in the file /cgi-bin/mbox-config?method=SET&section=update_interface_png. This flaw allows an attacker to execute arbitrary commands via crafted requests, potentially enabling unauthorized access to the device. The...

A vulnerability has been identified in the Comfast CF-AC100 router, specifically in version 2.6.0.8, which allows for command injection through an insecure function within the /cgi-bin/mbox-config?method=SET&section=wireless_device_dissoc endpoint. This could enable remote attackers to execute ar...

A command injection vulnerability has been identified in the Comfast CF-AC100 router, specifically in the configuration file handler located at /cgi-bin/mbox-config?method=SET&section=ntp_timezone. This vulnerability allows attackers to execute arbitrary commands remotely, potentially compromisin...

A vulnerability exists in the D-Link DIR-513 1.10, specifically within an undisclosed function related to the /goform/formSysCmd file. By manipulating the sysCmd parameter, an attacker can exploit this flaw to execute arbitrary OS commands remotely. This vulnerability primarily affects devices th...

The Kan project management tool has a serious security flaw in its /api/download/attachment endpoint present in versions 0.5.4 and earlier. This vulnerability allows unauthenticated users to pass a URL query parameter directly to the server, which could lead to unintended HTTP requests being made...

The BMC FootPrints ITSM application is susceptible to a vulnerability in its ASP.NET VIEWSTATE handling mechanism that allows authenticated users to exploit the system. By supplying specially crafted serialized objects through the VIEWSTATE parameter, attackers can gain the ability to execute arb...

ApostropheCMS is an open-source content management framework that has a vulnerability in the `@apostrophecms/import-export` package prior to version 3.5.3. The vulnerability lies within the `extract()` function in `gzip.js`, where file-write paths are constructed using `fs.createWriteStream(path....

The KiviCare – Clinic & Patient Management System for WordPress has a critical vulnerability that allows attackers to bypass authentication checks. The flaw exists in the `patientSocialLogin()` function, which does not properly verify the access token provided by social providers. As a result, an...

The Java OpenWire protocol marshaller in Apache ActiveMQ is susceptible to a remote code execution vulnerability, allowing attackers with network access to execute arbitrary shell commands. By manipulating serialized class types in the OpenWire protocol, an attacker can cause the client or broker...

An elevation of privilege vulnerability exists in the Windows Accessibility Infrastructure due to incorrect permission assignment for critical resources within ATBroker.exe. This flaw enables authorized attackers to gain elevated access to system resources, potentially allowing them to execute un...

On Debian-based operating systems, certain versions of OpenSSL utilize a flawed random number generator that produces predictable outputs. This vulnerability can facilitate brute force attacks, enabling adversaries to guess cryptographic keys with higher success rates. Organizations using affecte...

A local privilege escalation vulnerability in Snapd on Linux systems allows attackers to exploit the automatic cleanup of Snap's private /tmp directory. By re-creating this directory under certain configurations of systemd-tmpfiles, an attacker can potentially gain root privileges. This issue imp...

The Relevanssi – A Better Search plugin for WordPress presents a vulnerability that allows time-based SQL injection through the cats and tags query parameters. This issue affects all versions up to and including 4.24.4 for free and 2.27.4 for premium users. The vulnerability arises from inadequat...

The telnetd component of GNU Inetutils, specifically versions up to 2.7, is susceptible to an out-of-bounds write vulnerability. This flaw occurs in the LINEMODE SLC (Set Local Characters) suboption handler due to insufficient checks in the add_slc function, allowing for data to be written past t...

The OmniGen2-RL reward server component is vulnerable to an unauthenticated remote code execution flaw. By exploiting insecure pickle deserialization, an attacker can send specially crafted HTTP POST requests to execute arbitrary commands on the server. This vulnerability allows for potential una...

A Server-Side Request Forgery (SSRF) vulnerability exists in pdfmake versions 0.3.0-beta.2 through 0.3.5. This flaw enables a remote attacker to exploit the src/URLResolver.js component, potentially allowing access to sensitive information from the server. To mitigate this risk, version 0.3.6 int...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

The Get Use APIs plugin for WordPress versions before 2.0.10 is susceptible to a Cross-Site Scripting (XSS) vulnerability. This security flaw enables users with low-level roles, such as contributors, to execute arbitrary JavaScript code through imported JSON data under specific server configurati...

A cross-origin vulnerability exists within the Navigation API that could allow maliciously crafted web content to bypass the Same Origin Policy. This issue has been rectified with enhanced input validation in version updates for iOS, iPadOS, and macOS, specifically in versions 26.3.1 and 26.3.2. ...

The SpaceX Starlink Wi-Fi router GEN 2 and Starlink Dish are susceptible to a Cross-Site Request Forgery (CSRF) attack, allowing malicious actors to exploit a DNS rebinding technique. This vulnerability permits unauthorized actions, such as rebooting the device without user consent, posing signif...

A stored cross-site scripting (XSS) vulnerability in the NotChatbot WebChat widget allows attackers to inject arbitrary JavaScript code. User input is inadequately sanitized before being stored and displayed in chat conversations. When the chat history is loaded, the injected scripts are executed...

A vulnerability in itsourcecode's University Management System 1.0 affects an undisclosed function within the /add_result.php file. This flaw allows for manipulation of the 'vr' argument, ultimately facilitating cross-site scripting attacks. Such vulnerabilities pose serious risks as they can be ...

A security flaw has been identified in Portabilis i-Educar 2.11, specifically affecting the endpoint located at /intranet/educar_servidor_curso_lst.php. This vulnerability allows remote attackers to conduct cross-site scripting (XSS) attacks by manipulating the 'Name' parameter. The exploitation ...

A Cross Site Scripting (XSS) vulnerability has been discovered in the TRENDnet TEW-824DRU's web interface, specifically within the apply_sec.cgi file's sub_420A78 function. Manipulating the Language argument allows for the execution of malicious scripts, which can be triggered remotely. The ease ...

A vulnerability in FreeFloat FTP Server 1.0 affects the NOOP Command Handler, allowing for remote buffer overflow attacks. This flaw can be exploited, leading to unauthorized data access and potential control of the affected system. The issue has been publicly disclosed, emphasizing the need for ...

A path traversal vulnerability was discovered in Ray Dashboard, hosted on the default port 8265, impacting versions prior to 2.8.1. This flaw arises from the inadequate validation and sanitization of user-supplied paths within the static file handling mechanism. An attacker can exploit this vulne...

A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.

A vulnerability in the Simple Food Order System 1.0 allows attackers to exploit the file /routers/add-item.php by manipulating the price argument, leading to SQL injection. This flaw can be targeted remotely, and the exploit code is publicly available, posing a significant risk to users of the sy...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A buffer overflow vulnerability exists in the UTT HiPER 810G model, specifically within the strcpy function of the /goform/formApLbConfig file. This flaw allows an attacker to manipulate the loadBalanceNameOld argument, potentially leading to unauthorized access or execution of arbitrary code. Th...

The Micro HTTP Server is susceptible to a buffer overflow due to improper handling of long URIs in the _ReadStaticFiles function within the lib/middleware.c file. This flaw allows attackers to send specially crafted requests that can exploit the vulnerability, potentially leading to remote code e...

A vulnerability has been discovered in frdel/agent0ai agent-zero version 0.9.7, specifically affecting the handle_pdf_document function located in python/helpers/document_query.py. This flaw enables remote attackers to execute server-side request forgery (SSRF) attacks, allowing them to send unau...

A security flaw has been identified in frdel's Agent-Zero product, specifically in version 0.9.7-10. This vulnerability is associated with the 'get_abs_path' function located in the 'python/helpers/files.py' file. It allows an attacker to manipulate file paths, resulting in unauthorized access to...

A SQL injection vulnerability exists in the Tiandy Easy7 Integrated Management Platform in versions up to 7.17.0, specifically within the /rest/preSetTemplate/getRecByTemplateId function. The vulnerability arises from improper validation of the ID argument, allowing attackers to manipulate SQL qu...

A vulnerability has been discovered in the Tiandy Easy7 Integrated Management Platform version 7.17.0, specifically within an undisclosed function of the /rest/devStatus/getDevDetailedInfo endpoint. This issue allows attackers to manipulate the argument ID, potentially leading to SQL injection at...

A vulnerability has been identified in the Tiandy Easy7 Integrated Management Platform 7.17.0 that allows for SQL injection through an undisclosed function in the /rest/devStatus/queryResources endpoint. This security flaw enables attackers to manipulate the areaId argument, potentially allowing ...

A path traversal vulnerability exists within the Taoofagi Easegen-Admin software, specifically in the 'recognizeMarkdown' function of the 'Pdf2MdUtil.java' file. This vulnerability allows attackers to manipulate the 'fileUrl' argument, potentially gaining unauthorized access to the underlying fil...

A vulnerability exists in the Taoofagi Easegen-Admin product due to improper handling of the 'url' parameter in the downloadFile function of the PPT File Handler. This flaw allows an attacker to exploit server-side request forgery (SSRF) vulnerabilities, potentially leading to unauthorized access...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

A stack-based buffer overflow vulnerability affects Easy File Sharing (EFS) Web Server 7.2. This issue arises when attackers send a specially crafted POST request to the system while creating new topics in the forums. Successfully exploiting this vulnerability allows remote attackers to execute a...

The fontTools library, used for font manipulation in Python, contains an arbitrary file write vulnerability affecting versions from 4.33.0 to before 4.60.2. This flaw allows an attacker to execute remote code when a specially crafted .designspace file is processed through the fonttools varLib scr...

A vulnerability has been discovered in the Tenda AC8 router, specifically affecting the HTTP Endpoint component. This issue arises from improper handling of the argument local_2c in the doSystemCmd function located in the /goform/SysToolChangePwd file. Exploitation of this vulnerability can lead ...

A security vulnerability has been identified in the Tenda AC8 router, specifically affecting version 16.03.50.11. This flaw is found in the route_set_user_policy_rule function within the /cgi-bin/UploadCfg component of the web interface. By manipulating the wans.policy.list1 argument, an attacker...

A vulnerability exists in the REST Plugin of Apache Struts that allows for Remote Code Execution due to the use of an XStreamHandler without type filtering during XML payload deserialization. This flaw, present in specific versions of the software, can be exploited by attackers to execute arbitra...