Publicly Disclosed
PoC Exploits

A stack-based buffer overflow vulnerability exists in the VPN Clients on Asustor's ADM platform. This flaw results from the unbounded use of the sscanf() function and the direct incorporation of user-controlled data into printf() calls. The absence of protection mechanisms such as Position Indepe...

A vulnerability exists within the Totolink A8000RU due to improper handling of user input in the setVpnAccountCfg function located in /cgi-bin/cstecgi.cgi. This weakness allows an attacker to execute arbitrary operating system commands via crafted requests. This command injection can be exploited...

A security flaw has been identified in Code-projects Online Music Site version 1.0, specifically in the /Administrator/PHP/AdminUpdateAlbum.php file. This vulnerability allows for the manipulation of the argument 'txtimage', resulting in unrestricted file uploads. The potential for remote exploit...

A vulnerability exists in the AgiFlow scaffold-mcp tool that impacts the file write functionality. By manipulating the file_path argument in the source file packages/scaffold-mcp/src/server/index.ts, an attacker can exploit this vulnerability to perform path traversal attacks. This allows unautho...

A security vulnerability exists in the ErlichLiu claude-agent-sdk-master, related to the improper handling of the outputFile argument in the app/api/agent-output/route.ts file. This flaw allows for path traversal attacks, potentially enabling an attacker to access sensitive files on the server. T...

A path traversal vulnerability has been discovered in BrowserOperator's browser-operator-core up to version 0.6.0. The issue arises in the 'startsWith' function within the scripts/component_server/server.js file. Attackers can manipulate the 'request.url' parameter, potentially leading to unautho...

A vulnerability exists in Artifex MuPDF versions up to 1.28.0 due to improper management of the fz_subset_cff_for_gids function in the subset-cff.c file. This flaw leads to potential out-of-bounds read conditions, enabling an attacker to exploit it locally. Although the problem has been acknowled...

The Check & Log Email WordPress plugin, prior to version 2.0.13, is susceptible to stored Cross-Site Scripting (XSS) attacks due to improper handling of email replacement. With the email encoder setting enabled, this vulnerability allows unauthenticated attackers to inject malicious scripts that ...

A vulnerability identified in Code-Projects' Coaching Management System 1.0 allows attackers to exploit an unknown function within the /cims/modules/admin/reply.php file. This weakness arises during the manipulation of the 'complaintreply' argument, resulting in SQL injection. The nature of this ...

A vulnerability exists in Oracle VM VirtualBox that allows an unauthenticated attacker with access to the infrastructure where the software is deployed to exploit the system. This can lead to unauthorized control over Oracle VM VirtualBox, resulting in potential service disruptions such as freque...

A vulnerability exists in the Pizzafy Ecommerce System 1.0, specifically within the get_cart_count function located in the /admin/ajax.php file. This flaw allows attackers to manipulate the ID argument, enabling them to execute SQL injection attacks remotely. Exploiting this vulnerability could l...

A vulnerability has been identified in the Pizzafy Ecommerce System, specifically impacting its login functionality. The flaw resides in the handling of email arguments within the /admin/ajax.php?action=login file. This vulnerability allows for SQL injection attacks, which can be remotely execute...

A security flaw has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0 that permits SQL injection through the login function at /admin/ajax.php?action=login2. By manipulating the e-mail argument, an attacker can exploit this vulnerability to execute arbitrary SQL commands,...

A vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System 1.0, specifically in the delete_menu function located in /admin/ajax.php. This flaw arises from improper handling of the argument ID, which can be manipulated by an attacker to execute SQL injection attacks. These ...

A security flaw has been identified in the SourceCodester Pizzafy Ecommerce System 1.0, specifically affecting the delete_cart function located in /admin/ajax.php. This vulnerability allows for SQL injection through manipulation of the argument ID, potentially enabling attackers to execute arbitr...

A server-side request forgery vulnerability exists in the AI Proxy Middleware component of BigSweetPotatoStudio HyperChat, specifically within the 'fetch' function located in the file packages/core/src/http/aiProxyMiddleware.mts. This flaw allows an attacker to manipulate the 'baseurl' argument, ...

A cross site scripting vulnerability has been identified in the Coaching Management System 1.0, specifically within the Complaint Form Page functionality located in the file /cims/modules/student/complaint.php. This flaw allows for remote exploitation by manipulating the 'Complaint' argument. Att...

A vulnerability exists in TencentCloudBase CloudBase-MCP up to version 2.17.0 that exposes the open-url API endpoint to server-side request forgery attacks. This flaw allows remote attackers to manipulate the 'req.body.url' argument in the 'openUrl' function, potentially leading to unauthorized a...

A vulnerability exists within Apache Camel's camel-coap component that allows an unauthenticated attacker to exploit message header injection. By sending a single CoAP UDP packet to a Camel route that accepts coap:// input, attackers can inject arbitrary Camel internal headers into the Exchange. ...

A vulnerability has been identified in the FastlyMCP tool by jackwrichards, specifically in the fastly-mcp.mjs file. This issue allows for remote OS command injection through manipulated command arguments. Exploiting this flaw may lead to unauthorized command execution, posing significant securit...

A buffer overflow vulnerability exists in the Totolink N300RT router, specifically within the /boafrm/formIpQoS function. An attacker can exploit this flaw by manipulating the argument 'entry_name', potentially leading to unauthorized access or remote code execution. This vulnerability affects us...

A significant vulnerability has been identified in Totolink N300RT Router version 3.4.0-B20250430, specifically within the implementation of the 'is_cmd_string_valid' function in the 'libapmib.so' component. This weakness arises from improper handling of the 'localPin' argument, leading to a buff...

A security flaw has been identified in Deepractice PromptX, affecting versions up to 2.4.0. The issue lies within the Document File Handler's functions responsible for reading various file formats, including DOCX, XLSX, PPTX, and PDF. This vulnerability allows for absolute path traversal due to i...

A vulnerability in the Donchelo processing-claude-mcp-bridge has been identified, specifically in the create_sketch Tool's processing_server.py file. This flaw allows for path traversal due to improper handling of the `sketch_name` parameter. Exploiting this vulnerability could enable remote atta...

A security flaw in the egtai gmx-vmd-mcp product allows for command injection via the VMD Launch Handler. Specifically, the vulnerability is located in the launch_vmd_gui_tool function of the mcp_server.py file. Attackers can manipulate the structure_file and trajectory_file arguments, which coul...

A path traversal vulnerability exists in the eghuzefa engineer-your-data software, specifically affecting versions up to 0.1.3. The flaw resides in the file management functions—read_file, write_file, list_files, and file_inf—located in src/server.py. An attacker can exploit this vulnerability by...

A path traversal vulnerability exists in the ef10007 MLOps_MCP 1.0.0, specifically within the save_file tool's fastmcp_server.py script. By manipulating the 'filename/destination' argument, an attacker can execute a path traversal attack, potentially allowing unauthorized file system access. This...

OpenIdentityPlatform's OpenAM, an access management solution, is susceptible to a pre-authentication Remote Code Execution vulnerability due to unsafe Java deserialization. This issue arises from the handling of the jato.clientSession HTTP parameter, allowing unauthenticated attackers to execute ...

A security vulnerability has been identified in the notes-mcp application developed by edvardlindelof, specifically affecting version 0.1.4. The flaw resides in an unknown function within the notes_mcp.py file, where improper validation of the root_dir/path argument enables unauthorized access to...

A flaw has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0, specifically affecting an unknown functionality of the file /index.php?page=types. By manipulating the argument ID, an attacker could potentially execute cross-site scripting (XSS) attacks, which can be performe...

A SQL injection vulnerability exists in SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the AJAX functionality at /ajax.php?action=delete_product. Maliciously crafted requests targeting the argument ID can lead to unauthorized access and potential manipulation of the d...

A security vulnerability has been identified in CodeAstro Online Classroom version 1.0, specifically within the /guestdetails file. The vulnerability arises from improper handling of an argument, 'deleteid', which allows remote attackers to execute SQL injection attacks. This manipulation can lea...

A security weakness has been discovered in the SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the file /ajax.php when processing the action save_product. This vulnerability allows attackers to manipulate the argument ID, leading to SQL injection. The flaw can be explo...

A security vulnerability has been identified in the OSPG binwalk tool, specifically in versions up to 2.4.3, affecting the read_null_terminated_string function within the WinCE Extraction Plugin. This flaw allows local attackers to manipulate the function's arguments and potentially exploit path ...

A security flaw exists in the ChatGPTNextWeb NextChat application up to version 2.16.1, primarily affecting the 'storeUrl' function within the 'app/api/artifacts/route.ts' file. This vulnerability allows for server-side request forgery (SSRF) through manipulation of the argument ID, enabling remo...

A security flaw in NextChat versions up to 2.16.1 allows attackers to exploit the proxyHandler function within app/api/[provider]/[...path]/route.ts, posing a server-side request forgery vulnerability. This issue can be exploited remotely, potentially allowing unauthorized access to internal reso...

A vulnerability has been identified in the Tenda HG3 router involving command injection through the formTracert function located in the /boaform/formTracert file. This flaw allows an attacker to manipulate the datasize argument, potentially enabling remote code execution. Given the public disclos...

A path traversal vulnerability has been identified in the douinc mkdocs-mcp-plugin version 0.4.1. This issue allows attackers to manipulate inputs intended for the read_document and list_documents functions within the server.py file. An attacker could potentially trick the affected function into ...

A vulnerability exists in the dmitryglhf MCP-URL-Downloader that allows for server-side request forgery due to improper validation of URLs in the _validate_url_safe function. This issue can be exploited remotely, allowing attackers to manipulate the URL argument and potentially access sensitive d...

A command injection vulnerability exists in the disler aider-mcp-server, specifically within the functionality of src/aider_mcp_server/server.py. This flaw allows attackers to manipulate the argument 'relative_editable_files', making remote exploitation possible. The vulnerability is present in v...

A vulnerability has been identified in the Totolink A8000RU, specifically in the CGI Handler component's CsteSystem function. This flaw allows for manipulation of the HTTP argument, leading to potential OS command injection. Attackers can exploit this vulnerability remotely, posing a significant ...

A vulnerability has been found in the Totolink A8000RU version 7.1cu.643_b20200521, specifically within the CGI component. This flaw resides in the setLoginPasswordCfg function within the cgi-bin/cstecgi.cgi file. By manipulating the admpass argument, an attacker can execute arbitrary OS commands...

A security vulnerability has been identified in the Totolink A8000RU version 7.1cu.643_b20200521, particularly in the functionality of the CGI Handler. This weakness arises from the setAdvancedInfoShow method, where an improperly handled input parameter, tty_server, allows an attacker to conduct ...

A security flaw has been identified in the Totolink A8000RU router, specifically within the CGI Handler component. The vulnerability arises from improper handling of the 'sys_info' argument in the 'setMiniuiHomeInfoShow' function of the /cgi-bin/cstecgi.cgi file. This oversight allows an attacker...

An OS command injection vulnerability exists in the Totolink A8000RU router firmware version 7.1cu.643_b20200521. Specifically, the flaw lies in the 'setTelnetCfg' function within the '/cgi-bin/cstecgi.cgi' CGI Handler component. This vulnerability enables remote attackers to exploit the telnet_e...

The Anthropic Claude Code CLI and Claude Agent SDK are susceptible to an OS command injection vulnerability in the authentication helper execution. This flaw arises from the lack of input validation in the execution of helper configuration values, allowing an attacker with the ability to manipula...

A stack-based buffer overflow exists in the Tenda HG3 model 2.0 due to insufficient validation in the formUploadConfig function located in the /boaform/formIPv6Routing file. This insecurity can be exploited remotely by manipulating the destNet parameter, potentially allowing an attacker to execut...

A vulnerability exists in the dh1011 Auto-Favicon MCP Tool within the generate_favicon_from_url function. The flaw allows an attacker to manipulate the image_url argument, leading to potential server-side request forgery. This manipulation can be executed remotely, putting systems at risk of unau...

A path traversal vulnerability exists in the dexhunter kaggle-mcp project, specifically within the prepare_kaggle_dataset function located in the src/kaggle_mcp/server.py file. An attacker can exploit this vulnerability by manipulating the competition_id argument, allowing unauthorized access to ...

A security vulnerability has been identified in CodeAstro Online Classroom 1.0. The flaw exists in the /addnewfaculty file, where improper handling of the 'fname' argument allows for SQL injection. This can enable an attacker to manipulate database queries from a remote location, exposing sensiti...