Publicly Disclosed
PoC Exploits

A vulnerability has been identified in the Rejetto HTTP File Server, up to and including version 2.3m, which allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m ...

The Essential Addons for Elementor plugin presents a vulnerability that allows authenticated users with contributor-level access or higher to exploit insufficient input sanitization. Specifically, the Info Box widget is susceptible to stored XSS, which means that attackers can inject malicious sc...

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization...

A vulnerability in Fosrl Pangolin versions up to 1.15.4-s.3 allows for improper access controls through the Role Handler component, specifically in the verifyRoleAccess and verifyApiKeyRoleAccess functions. This flaw facilitates potential remote exploitation, raising significant security concerns...

A SQL injection vulnerability has been discovered in the z-9527 admin application, impacting versions 1.0 and 2.0. This flaw resides in the 'checkName', 'register', 'login', 'getUser', and 'getUsers' functions within the file '/server/controller/user.js'. By exploiting this vulnerability, an atta...

The FUXA application prior to version 1.2.8 suffers from an Authentication Bypass vulnerability that permits remote code execution. This flaw resides in the server/api/jwt-helper.js middleware, where the system incorrectly trusts the HTTP 'Referer' header to validate internal requests. An attacke...

CVE-2023-43208 is an unauthenticated remote code execution vulnerability that affects NextGen Healthcare Mirth Connect before version 4.4.1. The vulnerability stems from an incomplete patch of a previous vulnerability, making it a patch bypass issue. It allows for the insecure use of the Java XSt...

A flaw in the Chia Blockchain 2.1.0 RPC Server's Master Passphrase Handler allows for an authentication bypass through the functions send_transaction/get_private_key. This vulnerability poses a local security risk by enabling unauthorized access to sensitive operations. Despite the vendor being a...

A security flaw has been identified in the Feiyuchuixue sz-boot-parent API component, specifically affecting versions up to 1.3.2-beta. The vulnerability exists in the file /api/admin/common/download/templates, where improper validation of the 'templateName' argument can lead to path traversal at...

A vulnerability exists in the Feiyuchuixue sz-boot-parent component, specifically affecting the API endpoint /api/admin/sys-file/upload. This vulnerability permits unrestricted file uploads, potentially allowing attackers to exploit the system remotely. Affected versions up to 1.3.2-beta are susc...

A security vulnerability was discovered in the Sz-Boot-Parent component by Feiyuchuixue, specifically affecting versions up to 1.3.2-beta. This vulnerability allows attackers to exploit an inadequate validation mechanism associated with the password reset functionality, where the argument userId ...

An authorization bypass vulnerability was identified in the feiyuchuixue sz-boot-parent component, specifically affecting the API Endpoint functionality. This vulnerability arises due to improper handling of the messageId parameter in the /api/admin/sys-message/ file, enabling unauthorized remote...

CVE-2023-43208 is an unauthenticated remote code execution vulnerability that affects NextGen Healthcare Mirth Connect before version 4.4.1. The vulnerability stems from an incomplete patch of a previous vulnerability, making it a patch bypass issue. It allows for the insecure use of the Java XSt...

A command injection vulnerability exists within MagnusSolution's MagnusBilling versions 6.x and 7.x, allowing unauthorized remote attackers to execute arbitrary commands through unauthenticated HTTP requests. This can potentially lead to serious security breaches, compromising the integrity of th...

A cross-site scripting vulnerability exists in the Patients Waiting Area Queue Management System 1.0 by SourceCodester. This flaw affects the functionality of the file /queue.php, where an attacker can manipulate input parameters such as firstname and lastname. This manipulation allows for the in...

A cross-site scripting vulnerability exists in the Patients Waiting Area Queue Management System 1.0 by SourceCodester. The issue stems from an insufficiently sanitized input in the /patient-search.php file, specifically the manipulation of the First Name/Last Name arguments. This flaw allows for...

A security vulnerability has been identified in the Tenda F453 router, specifically within the SafeEmailFilter functionality. The issue arises from improper handling of input in the fromSafeEmailFilter function within the httpd component. This flaw allows for a buffer overflow when the argument '...

A vulnerability has been identified in the Tenda F453 router, specifically in version 1.0.0.3, within the fromNatStaticSetting function of the httpd component. By manipulating the 'page' argument in the /goform/NatStaticSetting file, an attacker can exploit this weakness, leading to a buffer over...

A buffer overflow vulnerability has been identified in the Tenda F453 at version 1.0.0.3, specifically within the formWebTypeLibrary function of the httpd component. This issue arises from improper handling of the webSiteId argument, allowing remote attackers to exploit this flaw. Successful expl...

A buffer overflow vulnerability exists in the Tenda F453 router, specifically in the fromRouteStatic function of the /goform/RouteStatic component. Manipulating the argument 'page' can trigger this overflow, allowing remote attackers to exploit the router. Publicly available exploits make this vu...

Frigate, a network video recorder, has a significant Remote Command Execution vulnerability present in versions before 0.16.4. This flaw arises from inadequate sanitization of user input in the video stream configuration file, config.yaml. As a result, attackers can inject system commands via the...

A buffer overflow vulnerability exists in the Tenda F453 router's firmware version 1.0.0.3, specifically within the fromSetWifiGusetBasic function located in the /goform/AdvSetWrlsafeset component of httpd. This vulnerability can be exploited remotely by manipulating the mit_ssid argument, allowi...

A vulnerability exists in itsourcecode News Portal Project version 1.0, specifically in the file /admin/contactus.php. This vulnerability arises from improper processing of the pagetitle argument, which can lead to SQL injection attacks. Attackers can exploit this issue remotely, potentially gain...

A SQL injection vulnerability exists in the itsourcecode Document Management System 1.0, specifically within the file /register.php. By manipulating the 'Username' argument, an attacker can execute unauthorized SQL queries against the database. This vulnerability can be exploited remotely, posing...

A vulnerability exists in Langflow that allows remote attackers to execute arbitrary code without authentication. The flaw is rooted in the improper handling of the exec_globals parameter at the validate endpoint, resulting in the dynamic inclusion of resources from untrusted sources. Attackers c...

The Gardyn IoT Hub exhibits a vulnerability where administrative credentials can be extracted via its application API responses, reverse engineering of the mobile application, and the device's firmware. This flaw may grant an attacker full administrative access to the IoT Hub, consequently puttin...

A vulnerability exists in itsourcecode College Management System version 1.0 due to improper handling of input in the /admin/teacher-salary.php file. By manipulating the teacher_id parameter, an attacker can execute SQL injection attacks, which may lead to unauthorized access to sensitive data. T...

A vulnerability within the itsourcecode College Management System version 1.0 has been identified, specifically affecting the 'login.php' file. The issue arises when the application fails to properly sanitize the 'email' argument, allowing attackers to execute SQL injection attacks from a remote ...

A vulnerability has been identified in itsourcecode College Management System 1.0, specifically in the '/admin/display-teacher.php' file. This security flaw allows attackers to manipulate the 'teacher_id' argument, leading to SQL injection attacks. Such exploits can be executed remotely, exposing...

OpenFUN Richie LMS contains a vulnerability in its signature verification process due to the use of a non-constant time equality operator in the sync_course_run_from_request function. This flaw can enable remote attackers to exploit timing discrepancies to forge valid HMAC signatures, potentially...

A vulnerability has been discovered in the itsourcecode College Management System version 1.0, specifically within the file /admin/asign-single-student-subjects.php. This weakness allows an attacker to manipulate the 'course_code' argument, leading to SQL injection attacks that can be executed re...

A security flaw has been identified in the SourceCodester Simple and Nice Shopping Cart Script version 1.0, affecting the /signup.php file. This vulnerability allows attackers to exploit the Username input, leading to a SQL injection attack. The attack can be executed remotely, posing significant...

A vulnerability in libvips, specifically in the function vips_foreign_load_csv_build located within the file libvips/foreign/csvload.c, allows for heap-based buffer overflow. This issue can be exploited locally, and the potential for exploitation is significant, as public exploit proof-of-concept...

The interface_traduction_objets plugin for SPIP, versions prior to 4.3.3, contains an SQL injection vulnerability that could allow authenticated attackers to exploit the id_parent parameter. This vulnerability occurs as the plugin directly concatenates user-supplied input into SQL queries without...

A security flaw in itsourcecode News Portal Project 1.0 has been identified, specifically affecting an unknown function in the file /newsportal/admin/edit-category.php. This vulnerability allows potential attackers to manipulate the argument 'Category', leading to SQL injection. This exploit can ...

A significant SQL injection vulnerability has been identified in the itsourcecode Document Management System version 1.0. The flaw arises from inadequate input validation in the login component, specifically within the loging.php file. An attacker can manipulate the Username argument, potentially...

In the Tattile Smart+, Vega, and Basic device families, the firmware versions 1.181.5 and earlier include a significant security flaw: the authentication token (X-User-Token) lacks a proper expiration mechanism. This deficiency allows attackers to exploit valid tokens, which may be obtained throu...

The Tattile Smart+, Vega, and Basic device families are affected by a significant security issue where devices are shipped with default credentials that are not required to be changed upon installation or commissioning. This oversight allows an attacker who can access the management interface to ...

The firmware of Tattile Smart+, Vega, and Basic device families prior to version 1.181.5 have a vulnerability that permits remote attackers to access Real-Time Streaming Protocol (RTSP) streams without authentication. This security flaw enables unauthorized individuals to connect to the RTSP serv...

RustFS, a distributed object storage system, contains a vulnerability in its presigned POST uploads across specific alpha versions. This oversight allows attackers to circumvent restrictions on content-length and content-type, potentially enabling unauthorized file uploads that exceed established...

The jsPDF library, widely used for generating PDFs in JavaScript, is subject to a security flaw that allows attackers to control the parameters of the `addJS` method. This oversight enables the injection of arbitrary PDF objects, which can lead to execution of malicious actions or manipulation of...

A critical security vulnerability has been identified in the Intelbras TIP 635G version 1.12.3.5, specifically affecting the Ping Handler component. This weakness allows for remote attackers to execute arbitrary operating system commands on the affected device, posing a serious risk of unauthoriz...

The latest vulnerability in SPIP allows attackers to execute arbitrary code remotely due to improper handling of data serialization in form inputs within the public area. This flaw could enable unauthorized access and manipulation of the system, highlighting the need for immediate updates to the ...

The Responsive Lightbox & Gallery WordPress plugin is susceptible to an Unauthenticated Stored-XSS attack due to inadequate regex replacement rules. Attackers can exploit this vulnerability by submitting a comment containing a malicious link when lightbox comments are enabled. If the comment is s...

A path traversal vulnerability exists in MuYuCMS version 2.7, specifically within the delete_dir_file function of the Template Management Page's controller. This issue arises due to improper handling of user-supplied input, allowing an attacker to manipulate the 'temn/tp' argument and potentially...

The Valkey distributed key-value database has a vulnerability that allows a malicious user to inject arbitrary data into the response stream using scripting commands. This can lead to the corruption of data or tampered responses affecting other users connected to the same session. The issue arise...

The SourceCodester Modern Image Gallery App version 1.0 is susceptible to a cross site scripting vulnerability through its upload.php file. An attacker can exploit this by manipulating the 'filename' parameter, potentially launching the attack remotely. This exploit is now publicly available, hig...

A security vulnerability has been identified in itsourcecode Document Management System 1.0, specifically within an unknown function of the file /edtlbls.php. This vulnerability allows for SQL injection through the manipulation of the argument 'field1'. Attackers can exploit this flaw remotely, p...

A vulnerability has been discovered in itsourcecode's Document Management System version 1.0 that affects the deluser.php file. An improper handling of the 'user2del' argument can lead to SQL injection attacks, which can be executed remotely. The exploit has been publicly disclosed, making it cru...

A vulnerability has been identified in HummerRisk's Archive Extraction functionality, specifically within the 'extractTarGZ/extractZip' methods in the CommandUtils.java file. This issue enables an attacker to manipulate the file path used during archive extraction, leading to a path traversal con...