Publicly Disclosed
PoC Exploits

Ghost CMS, a widely used Node.js content management system, contains a vulnerability that enables unauthenticated attackers to execute arbitrary reads from its database. This security flaw affects versions 3.24.0 through 6.19.0, posing a significant risk to the confidentiality of sensitive data s...

The Printcart Web to Print Product Designer for WooCommerce plugin, up to version 2.4.8, is prone to a path traversal vulnerability. This flaw allows an attacker to exploit the plugin, potentially gaining access to the directory listings of arbitrary locations on the server. Successful exploitati...

The YMC Filter WordPress plugin prior to version 3.11.3 suffers from a critical access control vulnerability. It fails to properly authorize requests to a REST API endpoint, allowing unauthorized users to exploit this flaw. Attackers can leverage this vulnerability to access and retrieve the titl...

The Frontend File Manager Plugin for WordPress prior to version 23.6 contains a critical flaw in its post deletion functionality. It fails to correctly verify ownership of posts, enabling authenticated users with author-level access or higher to delete any posts or pages. This issue is exacerbate...

The SALESmanago & Leadoo WordPress plugin prior to version 3.11.3 is susceptible to SQL injection due to inadequate input sanitization and escaping within its AJAX functionality. This oversight permits authenticated users, including those with minimal permissions, to exploit the vulnerability by ...

The vulnerability in the PutContents API of Gogs arises from improper handling of symbolic links, potentially allowing local execution of arbitrary code. This misconfiguration may expose sensitive data and facilitate unauthorized access to critical systems. Users and administrators are urged to u...

The GameDriverX64.sys kernel-mode anti-cheat driver from Hotta Studio has a vulnerability that enables local attackers to execute denial of service attacks. By sending specially crafted IOCTL requests, an attacker can induce crashes in arbitrary processes, leading to potential disruptions in game...

A buffer overflow vulnerability exists in the Sahara protocol utilized within Qualcomm's Snapdragon mobile platforms. This flaw can lead to the unintended overwriting of secure configuration data, potentially compromising system integrity and security across a range of Snapdragon products, includ...

A security vulnerability has been identified in the Tenda AC8 router, specifically affecting version 16.03.50.11. This flaw is found in the route_set_user_policy_rule function within the /cgi-bin/UploadCfg component of the web interface. By manipulating the wans.policy.list1 argument, an attacker...

A vulnerability exists in the Linux kernel's netfilter module that affects the nft_map_catchall_activate() function. This function encounters an inverted element activity check, leading to a failure in appropriately handling catchall map elements during a failed transaction. The bug arises when t...

Bitwarden Server versions prior to 2026.5.0 are susceptible to a JSON injection vulnerability in the IntegrationTemplateProcessor.ReplaceTokens() method. This flaw allows authenticated users to introduce JSON metacharacters into event integration templates, specifically tokens that are derived fr...

Bitwarden Server versions prior to 2026.5.0 exhibit a broken access control vulnerability that permits authenticated users to retrieve unauthorized organization billing data. By exploiting the PreviewInvoiceController endpoints, attackers can submit arbitrary organization IDs without proper membe...

A privilege escalation vulnerability in Bitwarden Server versions prior to 2026.5.0 allows authenticated Custom users with ManageUsers permission to exploit a lack of role hierarchy verification. This vulnerability permits an attacker to remove Admin accounts from an organization through a malici...

The CANBoat application prior to version 6.22 is susceptible to an off-by-one global buffer overflow vulnerability within the searchForPgn() function, located in analyzer/pgn.c. This flaw may be exploited by remote attackers who deliver specially crafted NMEA-2000 messages containing out-of-range...

RTKLIB versions up to 2.4.3 are susceptible to a heap buffer overflow vulnerability within the readrnxobsb function found in src/rinex.c. This security flaw arises when the software does not properly clamp satellite count values specified in RINEX epoch headers. By crafting malicious RINEX files ...

RTKLIB versions up to 2.4.3 have a vulnerability in the getcodepri function that can be exploited when handling unrecognized RINEX observation codes. Attackers can craft RINEX files with unknown observation types to manipulate the processing, prompting negative array indexing into the codepris ta...

RTKLIB versions up to 2.4.3 are susceptible to an off-by-one out-of-bounds read vulnerability, specifically within the decode_ssr3 function. This issue permits remote attackers to instigate a global buffer overflow by transmitting specially crafted RTCM3 SSR messages that include manipulated sign...

RTKLIB versions up to 2.4.3 are affected by an out-of-bounds write vulnerability in the decode_type1033 function. This flaw arises from the failure to properly clamp length counters to the destination buffer size, allowing attackers to exploit it via crafted RTCM3 messages. By manipulating the NT...

The MaxKB application, prior to version 2.10.0, contains a vulnerability allowing authenticated users to exploit server-side request forgery. By manipulating unvalidated parameters such as 'downloadCallbackUrl' and 'download_url' within tool creation and update endpoints, attackers with default U...

In Kanboard versions up to 1.2.52, a flaw in the UserViewController::removeSession method allows authenticated users to delete other users' Remember Me sessions without proper session ID validation. This vulnerability can be exploited by attackers who are able to enumerate sequential session IDs,...

The vulnerability in libais arises from VdmStream::AddLine utilizing an unchecked sentinel value as a vector index. This flaw occurs when processing AIS sentences that contain empty or out-of-range sequential message IDs. Malicious actors can exploit this by sending specially crafted AIVDM senten...

The Huly Platform prior to commit 68cbf8a is exposed to an authenticated server-side request forgery vulnerability in its /import endpoint. This flaw allows workspace users to manipulate server requests by submitting malicious URLs, thereby compromising the system's integrity. Attackers could exp...

HTMLy CMS versions up to 3.1.1 are impacted by a path traversal vulnerability that enables low-privileged authenticated attackers to relocate files arbitrarily. This occurs through the incorporation of unvalidated directory traversal sequences in the 'oldfile' parameter via the admin autosave end...

A command injection vulnerability has been identified in the Lantronix EDS5000 product version 2.1.0.0R3. This flaw arises from the HTTP RPC module, which improperly handles user authentication log failures. Specifically, the module executes shell commands using a username that is directly concat...

Winstone Servlet Engine versions up to 0.9.10 are susceptible to a path traversal vulnerability that enables unauthenticated attackers to access arbitrary files. This occurs when attackers send specially crafted HTTP GET requests that include dot-dot-slash sequences, which are not properly saniti...

A race condition exists in the Linux kernel that allows local users to gain elevated privileges. By exploiting improper handling of copy-on-write (COW) memory mappings, an attacker could modify files that are meant to be read-only. This vulnerability, known as 'Dirty COW', was notably used in att...

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...

An issue has been identified in GitLab Community and Enterprise Editions where improper validation of image files allows an attacker to execute arbitrary commands remotely. This vulnerability affects all versions from 11.9 onwards and poses significant security risks, particularly when image file...

The InPost PL WordPress plugin for WooCommerce lacks proper request verification, enabling attackers to exploit this vulnerability by altering the shipping destination of pending or processing orders without authorization. This flaw allows unauthorized users to silently redirect orders, posing a ...

The Email Address Encoder WordPress plugin versions prior to 1.0.25 and the email-encoder-premium WordPress plugin before version 0.3.12 exhibit security flaws in their email replacement functionality. This imperfection allows unauthenticated attackers to execute Stored Cross-Site Scripting (XSS)...

The Masteriyo LMS WordPress plugin prior to version 2.2.1 has a significant security flaw where it fails to enforce proper authorization checks within its course-progress REST API controller. This oversight permits unauthenticated users to access and even delete sensitive course progress records ...

Craft CMS, a customizable content management system, has a remote code execution vulnerability present in specific versions. Attackers could exploit this flaw to execute arbitrary code on the server, posing a significant security risk. The affected versions span from 3.0.0-RC1 to just before 3.9....

A vulnerability in the SP Page Builder for Joomla permits unauthenticated users to upload arbitrary files. This weakness can lead to the execution of PHP code, presenting significant security risks for Joomla websites using this extension.

An out-of-bounds write vulnerability has been identified in the libavcodec library of FFmpeg, particularly within the MagicYUV decoder. This flaw may lead to denial-of-service conditions and has the potential to be exploited for remote code execution. The issue arises from improper handling of ce...

An unsafe deserialization vulnerability in Feast prior to version 0.63.0 enables unauthorized parties to execute arbitrary code remotely. This flaw arises from the mishandling of the user_defined_function.body field within the OnDemandFeatureView specification. The field is decoded from base64 an...

An improperly validated quantity input vulnerability in Slider Pro for WooCommerce by ShapedPlugin, LLC can allow attackers to implant malicious software. This flaw affects versions prior to 3.5.4, enabling potential exploitation through unauthorized code execution.

A server-side request forgery vulnerability exists in Microsoft Exchange Server, allowing an authorized attacker to craft requests that could lead to unauthorized access and privilege escalation within the network. This makes it crucial for organizations using Microsoft Exchange to apply the nece...

libssh2 contains an out-of-bounds write vulnerability in the ssh2_transport_read() function that fails to impose proper limits on the packet_length field. This flaw allows remote attackers to exploit the vulnerability by sending specially crafted SSH packets with excessively large packet_length v...

The Cornerstone Page Builder plugin for WordPress prior to version 7.8.8 has a significant vulnerability due to a lack of enforced capability checks on a specific CSS-preview request handler. This flaw permits any logged-in user to access the nonce required for making requests, making it possible...

The Cornerstone WordPress plugin prior to version 7.8.9 has a flaw in its REST API routes, failing to enforce capability checks. This oversight allows any authenticated user to access metadata belonging to other users, potentially exposing sensitive information such as user roles, session token p...

The Post Duplicator WordPress plugin, prior to version 3.0.15, exhibits a security flaw that inadequately manages custom meta-data during post duplication processes. This oversight allows an attacker with Contributor-level access or higher to inject serialized PHP objects. By bypassing the WordPr...

The Shapedsmart-post-show-pro, Real Testimonials Pro, and Product Slider for WooCommerce Pro WordPress plugins have been compromised through a vendor's update server, allowing attackers to inject malicious code. This vulnerability enables unauthenticated users to execute a second-stage payload ca...

The Site Kit by Google WordPress plugin prior to version 1.176.0 contains a vulnerability that fails to adequately restrict a REST API write endpoint. This flaw allows users with lower privileges, such as Editors, who have been granted access to dashboard sharing, to modify site-wide settings tha...

The AI Share & Summarize plugin for WordPress prior to version 2.0.4 has a significant security flaw, where it fails to properly sanitize and escape certain shortcode attributes prior to displaying them on web pages. This oversight allows users with contributor roles and above to execute Stored C...

Nextcloud, a popular open-source content collaboration platform, has been identified with a vulnerability related to missing signature verification in its User OIDC implementation. This flaw allows a malicious ID4me authority to impersonate any user, potentially leading to unauthorized access and...

A heap-based buffer overflow vulnerability in Microsoft Windows DNS can allow unauthorized attackers to execute arbitrary code remotely over the network. This can lead to potential data breaches and unauthorized access to sensitive information. Organizations are strongly encouraged to apply secur...

A vulnerability exists in Pivotal CRM version 6.6.04.08 that permits remote attackers to execute arbitrary code by manipulating components such as Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll. This flaw can compromise the integrity and confidentiality of the applicati...

MuPDF, a document rendering software, is vulnerable due to an uncontrolled recursion issue in its EPUB CSS rendering engine. This vulnerability allows remote attackers to exploit deeply nested HTML elements and inline CSS styles in specially crafted EPUB files. By triggering this vulnerability, a...

DHCPCD versions prior to 10.3.2 contain a vulnerability that allows unauthenticated attackers on the same network link to exploit the dhcp6_makemessage() function. By crafting a malicious DHCPv6 ADVERTISE message with an oversized OPTION_PD_EXCLUDE option, attackers can trigger a stack out-of-bou...

A vulnerability in the Windows Kernel allows an authorized attacker to exploit an untrusted pointer dereference, potentially enabling them to gain higher privileges on the affected system. This could lead to unauthorized access to sensitive data and administrative functionalities. It's critical f...