Publicly Disclosed
PoC Exploits

A pointer overflow vulnerability exists in the ZeroMQ library (libzmq) that can allow an authenticated attacker to execute arbitrary code. The flaw arises from an integer overflow in the v2_decoder.cpp component, specifically within the zmq::v2_decoder_t::size_ready function. This vulnerability e...

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A path traversal vulnerability has been identified in AV Stumpfl Pixera Two Media Server versions up to 25.1 R2. This vulnerability affects an undisclosed function in the Service Port 1338 component, allowing attackers to manipulate the system and potentially read arbitrary files. The exploit has...

The pac4j-jwt library's JwtAuthenticator prior to versions 4.5.9, 5.7.9, and 6.3.3 is susceptible to an authentication bypass that could allow remote adversaries to create forged authentication tokens. By leveraging the server's RSA public key, attackers are able to craft a JWE-wrapped PlainJWT w...

A vulnerability has been identified in toeverything AFFiNE versions up to 0.26.3, specifically within the 'allowDocPreview' function of the Public Markdown Preview Endpoint. This flaw enables an unauthorized actor to bypass authorization controls, potentially exposing sensitive documents to unaut...

In versions of the MariaDB server up to 11.8.5, a significant issue arises when the server audit plugin is activated with specific filtering settings for DCL, DDL, or DML queries. Authenticated database users can execute SQL statements that bypass the intended audit logs by using comments prefixe...

A security weakness has been identified in langflow-ai's Langflow product versions up to 1.8.4, specifically within the eval function in the LambdaFilterComponent. This vulnerability allows an attacker to execute malicious code by manipulating inputs, which can be done remotely. The potential for...

A notable security flaw has been detected in Dromara MaxKey versions up to 3.5.13, specifically within the StrUtils.checkSqlInjection function of StrUtils.java. This vulnerability allows attackers to execute SQL injection via manipulated arguments in the filtersfields parameter. The attack can be...

A critical vulnerability has been detected within the Tiandy Easy7 Integrated Management Platform version 7.17.0. This vulnerability arises from an inappropriate handling of the argument 'week' in the file /Easy7/rest/systemInfo/updateDbBackupInfo, which could potentially allow an attacker to exe...

The AMTT Hotel Broadband Operation System version 1.0 contains a vulnerability located within the /manager/card/cardhand_submit.php file. This issue arises from improper handling of the ID argument, which can lead to SQL injection attacks. An attacker may exploit this vulnerability remotely to ex...

Acrel Electrical's EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0 has a vulnerability that allows an unrestricted file upload through a specific function of the file /SubstationWEBV2/main/uploadH5Files. This weakness may facilitate remote attacks, enabling unauthoriz...

A critical SQL injection vulnerability has been identified in the Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. This vulnerability arises from improper handling of the 'fCircuitids' argument in the file '/SubstationWEBV2/main/elecMaxMinAvgValue', a...

A vulnerability exists in the Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System version 1.3.0, specifically within an unspecified function of the file '/SubstationWEBV2/main/elecMaxMinAvgValue'. This flaw allows attackers to manipulate the argument 'fCircuitids', pot...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A command injection vulnerability exists in the Wavlink WL-WN570HA1 router, specifically within the ping_ddns function located in the /cgi-bin/adm.cgi file. An attacker can exploit this vulnerability by manipulating the DDNS argument, allowing remote code execution. The issue affects firmware ver...

A security vulnerability has been identified in the Wavlink WL-WN570HA1 router, particularly in the function set_sys_cmd located in the /cgi-bin/adm.cgi file. This flaw allows attackers to manipulate command arguments for command injection, enabling remote exploits. The issue has been publicly di...

A command injection vulnerability exists in the Wavlink WL-WN570HA1 router's set_sys_adm function within the /cgi-bin/adm.cgi file. This flaw arises from improper handling of the Username argument, making the device susceptible to remote attacks. The exploit has been publicly disclosed, and users...

A significant security flaw has been identified in Dolibarr ERP CRM, specifically within the Online Signature Module. The issue resides in the function dol_verifyHash located in the library htdocs/core/lib/security.lib.php. This flaw leads to inadequate verification of cryptographic signatures, w...

A command injection vulnerability exists in the Langflow product by Langflow-ai, specifically within the CodeParser.parse_callable_details function in the code_parser.py file. This vulnerability affects versions up to 1.8.4, allowing remote attackers to execute arbitrary commands through crafted ...

A vulnerability exists in the Eyeo Adblock Plus Chrome extension, specifically within the postMessage function of the premium.preload.js file related to the Legacy Premium Activation component. This flaw allows for improper access control, potentially enabling remote exploitation. Although the ex...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability exists in the Edimax BR-6208AC router affecting versions up to 1.02, specifically within the /goform/setWAN function. Manipulation of the pptpDfGateway argument can trigger a buffer overflow, which may be exploited remotely. This exploit is publicly known and poses a significant t...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A security weakness is present in the Edimax BR-6428nC, affecting the web interface component. This vulnerability arises due to improper handling of user input in the /goform/setWAN function, specifically with the parameters pppUserName and pptpUserName. An attacker can exploit this flaw remotely...

A security flaw exists in the Edimax BR-6208AC version 1.02, specifically within the setWAN function used in L2TP Mode. The vulnerability arises from improper handling of the L2TPUserName argument, allowing attackers to inject commands remotely. As this flaw can be exploited from outside the netw...

Authenticated attackers with Subscriber-level access or higher can exploit an Insecure Direct Object Reference in the Frontend File Manager Plugin for WordPress. This vulnerability arises from inadequate user authorization validation for file download requests. By manipulating the 'file_id' param...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A security flaw has been discovered in YunaiV's yudao-cloud that affects the getAccessToken function within the OAuth2TokenServiceImpl.java located at yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl. This vulnerability allows for improper authentication, which can...

A SQL injection vulnerability exists in the YunaiV yudao-cloud product, particularly within the getDataBySQL function located in 'yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java'. This vulnerability allows an attacker to manipulate SQL queries,...

A cross-site scripting (XSS) vulnerability exists in the FastBee application from kerwincui affecting versions up to 1.2.1. The issue is found in the System Notice Handler, specifically in the 'Add' function of SysNoticeController.java. An attacker can manipulate the 'noticeContent' argument, ena...

A path traversal vulnerability was identified in the Tool Download Endpoint of kerwincui's FastBee, affecting versions up to 1.2.1. This flaw arises from the improper handling of the 'fileName' argument in the ToolController.download function. Attackers can exploit this vulnerability remotely to ...

A buffer overflow vulnerability has been identified in the Shenzhen Libituo Technology LBT-T300-HW1 router, specifically within the start_lan function of the /apply.cgi file. This issue arises when user-controlled input is mishandled, allowing remote attackers to manipulate the Channel/ApCliSsid ...

A security flaw in the file upload mechanism of Apache Struts could allow an attacker to exploit file upload parameters. This vulnerability enables path traversal, leading to the possibility of uploading a malicious file that can facilitate remote code execution. To mitigate risks, users should u...

A vulnerability in the crmeb_java product version up to 1.3.4 has been identified that allows for unrestricted file uploads through the Admin Upload component. Specifically, the issue resides in the UploadServiceImpl.java file, where manipulation of the model argument can lead to unauthorized fil...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The CodeWise Tornet Scooter Mobile App version 4.75 for both iOS and Android is exposed to a vulnerability that allows for improper restriction of excessive authentication attempts through an undisclosed function in the file /TwoFactor. This flaw enables attackers to potentially exploit the syste...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The CodeWise Tornet Scooter Mobile App version 4.75 for both iOS and Android is exposed to a vulnerability that allows for improper restriction of excessive authentication attempts through an undisclosed function in the file /TwoFactor. This flaw enables attackers to potentially exploit the syste...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability exists in Jinher OA version 1.0, specifically within the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This flaw allows attackers to manipulate the DeptIDList argument, enabling SQL injection attacks that can be executed remotely. The exploit has been documented and potentially ...

The mod_sql module in ProFTPD prior to version 1.3.10rc1 contains a critical vulnerability that allows remote attackers to execute arbitrary code by sending specially crafted username requests. This occurs in scenarios where USER request logging is enabled with an expansion format like %U, combin...

An out-of-bounds read vulnerability has been identified in MikroTik RouterOS version 6.49.8, specifically within the ASN1_STRING_data function found in the library nova/lib/www/scep.p, which is part of the SCEP Endpoint component. This flaw arises from improper handling of the transactionID and m...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A vulnerability exists in Apache MINA's AbstractIoBuffer.resolveClass() method, where the check for allowed class names has not been properly enforced in specific version branches. This oversight permits arbitrary code execution when certain applications call IoBuffer.getObject(), making it criti...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...