Publicly Disclosed
PoC Exploits

The pac4j-jwt library's JwtAuthenticator prior to versions 4.5.9, 5.7.9, and 6.3.3 is susceptible to an authentication bypass that could allow remote adversaries to create forged authentication tokens. By leveraging the server's RSA public key, attackers are able to craft a JWE-wrapped PlainJWT w...

A significant logic error in the adbd_tls_verify_cert function of auth.cpp in various Android versions permits a bypass of the wireless ADB mutual authentication process. This flaw can lead to unauthorized remote code execution by exploiting the vulnerability as the shell user without requiring a...

A vulnerability has been identified in Windows Hyper-V, specifically related to the NT Kernel Integration Virtual Service Provider (VSP). This flaw allows an attacker to gain elevated privileges through carefully crafted input, potentially leading to unauthorized access and control over the host ...

A vulnerability in Windows SMB Server allows authorized attackers to exploit improper authentication mechanisms, enabling them to elevate their privileges locally. This weakness can be leveraged to gain unauthorized access and control over sensitive resources within the affected system, presentin...

The Ollama application is susceptible to a heap out-of-bounds read vulnerability within its GGUF model loader. This issue arises when the /api/create endpoint processes an attacker-defined GGUF file where the tensor offset and size exceed the file’s actual length. During quantization, the server ...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

In certain versions of Spring Cloud Function, an attacker can exploit the routing functionality through a specially crafted Spring Expression Language (SpEL) as a routing-expression. This misconfiguration may allow unauthorized access to local resources and the execution of arbitrary code, posing...

An authorization bypass vulnerability exists in Dify prior to version 1.14.0, enabling authenticated users to read files uploaded by other users within the same tenant. By supplying arbitrary file UUIDs in a chat-messages request, attackers can exploit inadequate permission checks in the chat-mes...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The D-Link DI-8100 router contains a vulnerability in the sprintf function located within the /user_group.asp file of the CGI Handler component. This vulnerability allows an attacker to execute a buffer overflow, potentially leading to unauthorized actions on the device. The attack can be initiat...

A flaw in D-Link DI-8100 version 16.07.26A1 has been identified within the web management interface at /url_member.asp. A vulnerability exists that allows remote attackers to manipulate the 'Name' argument, resulting in a buffer overflow. This may enable unauthorized access and exploitation, maki...

A buffer overflow vulnerability exists in the D-Link DI-8100, particularly within the tggl_asp function of the /tggl.asp file in the HTTP Request Handler. Attackers can manipulate the argument 'Name' to trigger this overflow, potentially leading to remote exploitation. The exploit has been made p...

A buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically within the url_rule_asp function located in the /url_rule.asp file of the POST Parameter Handler. This vulnerability allows attackers to manipulate input parameters that could potentially lead to unauth...

A vulnerability exists in the D-Link DI-8100 router's HTTP handler, specifically in the 'sprintf' function within the '/auto_reboot.asp' file. The flaw arises from improper handling of input parameters, which can lead to a buffer overflow condition. An attacker can exploit this vulnerability remo...

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically in the sprintf function within the yyxz.asp file. This vulnerability arises from improper handling of the ID argument, allowing an attacker to execute arbitrary code remotely. Exploits for t...

A vulnerability exists in the Uploaded File Handler of Langchain-Chatchat, impacting versions up to 0.3.1.3. Specifically, the issue lies within the _get_file_id function in the openai_routes.py file, where manipulation can lead to the use of insufficiently random values. This flaw necessitates a...

A race condition vulnerability exists in Langchain-Chatchat's OpenAI-Compatible File Upload API, specifically within the function handling file uploads in openai_routes.py. This flaw allows for manipulation of the file.filename parameter, leading to a time-of-check to time-of-use (TOCTOU) issue. ...

A vulnerability has been identified in Langchain-Chatchat affecting versions up to 0.3.1.3. This issue arises from a flaw in the Vision Chat Paste Image Handler, specifically within the function PIL.Image.tobytes. The vulnerability can be exploited through manipulation of the paste_image.image_da...

A vulnerability has been identified in the Langchain-Chatchat product from chatchat-space, where the Compatible File Service fails to enforce proper authentication controls for specific functions. This oversight, affecting functions such as retrieving and deleting files, allows unauthorized users...

A vulnerability in the EFM ipTIME NAS1dual 1.5.24 relates to the function get_csrf_whites within the file /cgi/advanced/misc_main.cgi. This flaw can be exploited via remote attacks, leading to stack-based buffer overflow, which can compromise system integrity. The issue was disclosed publicly, an...

A command injection vulnerability has been discovered in the EFM ipTIME C200 router, specifically affecting the ApplyRestore Endpoint functionality located in the /cgi/iux_set.cgi file. This weakness originates from improper handling of the RestoreFile argument within the sub_408F90 function, all...

A security flaw has been identified in IObit Advanced SystemCare 19, specifically within the ASC.exe component of the Service. This flaw allows for symlink following, enabling potential local attack vectors. The complexity of exploiting this vulnerability is significant, and successful exploitati...

AmazCart CMS version 3.4 is susceptible to a reflected cross-site scripting vulnerability that enables unauthenticated attackers to inject harmful scripts through the search functionality. Malicious users can leverage this flaw by inputting script tags in the search box, which can then execute ar...

The ERPGo SaaS 3.9 contains a vulnerability that enables authenticated attackers to perform CSV injection by inserting crafted formula payloads into vendor name fields. This loophole allows attackers to execute arbitrary code when the generated CSV file is opened in spreadsheet applications, pote...

The Backup Migration Plugin version 1.2.8 for WordPress is vulnerable to information disclosure that enables unauthenticated attackers to access sensitive database backups. By exploiting predictable file paths, attackers can enumerate backup directories using configuration files and logs. This vu...

OpenEMR version 7.0.1 is susceptible to a brute force authentication vulnerability, where attackers can exploit the login mechanism to bypass rate limiting controls. By sending multiple login attempts via POST requests with specific parameters, they can test various username and password combinat...

The Frappe Framework ERPNext version 13.4.0 is susceptible to a sandbox escape vulnerability within RestrictedPython. This issue permits authenticated users with the System Manager role to execute arbitrary code by leveraging frame introspection. Specifically, an attacker can craft a server scrip...

Eclipse Equinox OSGi versions 3.8 through 3.18 are susceptible to a remote code execution vulnerability via the console interface. This flaw enables unauthenticated attackers to exploit the fork command functionality, allowing them to establish a telnet connection to the OSGi console. By performi...

Eclipse Equinox OSGi versions 3.7.2 and earlier contain a vulnerability that permits attackers to execute arbitrary commands remotely. By connecting to the OSGi console port, unauthenticated users can send crafted payloads encoded in base64, wrapped within fork directives, enabling them to execut...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A security flaw has been identified in the Totolink A8000RU router, specifically within the setAppFilterCfg function in cgi-bin/cstecgi.cgi. This vulnerability allows for remote command injection via manipulation of the 'enable' argument. An attacker can exploit this flaw to execute arbitrary com...

A vulnerability has been discovered in the itsourcecode Courier Management System 1.0, specifically in the /print_pdets.php file. This vulnerability allows for SQL injection due to improper handling of the 'ids' argument. The flaw can be exploited from a remote location, enabling attackers to man...

A command injection vulnerability exists in the MCP Tool developed by 54yyyu, specifically within the git_operation function found in src/code_mcp/server.py. This flaw allows an attacker to manipulate the operation argument remotely, leading to unauthorized command execution. Despite the project ...

A path traversal vulnerability has been identified in the MCP File Handler of 54yyyu's code-mcp. This flaw resides in the is_safe_path function located in the server.py file. It allows remote attackers to manipulate file paths, potentially leading to unauthorized access to sensitive files on the ...

A path traversal vulnerability has been identified in UsamaK98's python-notebook-mcp, affecting the create_notebook, read_notebook, edit_cell, and add_cell functions within server.py. This flaw allows attackers to navigate the file system and access unauthorized files remotely, which may lead to ...

A vulnerability in Microsoft Office Word arises from a reliance on untrusted inputs during security decisions, potentially allowing unauthorized attackers to bypass critical local security features. This flaw highlights the importance of ensuring all inputs are properly validated to maintain robu...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The Dasel command-line tool, widely used for querying and transforming data structures, has a vulnerability that can lead to Denial of Service. Versions 3.0.0 through 3.3.0 allow an attacker to exploit the YAML reader's `UnmarshalYAML` implementation. By providing specially crafted YAML files, an...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A security flaw has been identified in Axle-Bucamp’s MCP-Docusaurus that allows for path traversal via the update_document, continue_document, delete_document, and get_content functions within the app/routes/document.py file. This vulnerability can be exploited remotely by manipulating the DOCS_D...

A security vulnerability has been identified in A-G-U-P-T-A's Wireshark-MCP, specifically within the quick_capture function of the pyshark_mcp.py file. This flaw allows for os command injection, potentially enabling remote attackers to execute arbitrary commands. Despite the early identification ...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

A path traversal vulnerability has been identified in RTGS2017 NagaAgent, specifically affecting versions up to 5.1.0. This issue arises from inadequate handling of the 'Name' argument within the Skills Endpoint located in apiserver/routes/extensions.py. The improper processing allows attackers t...

A critical SQL injection vulnerability has been identified in the CodeCanyon Perfex CRM, specifically in the Admin Kanban Endpoint's AbstractKanban::applySortQuery function located in application/services/AbstractKanban.php. This security flaw may allow a remote attacker to manipulate the functio...

A significant authorization bypass vulnerability exists in CodeCanyon Perfex CRM versions up to 3.4.1, affecting the Clients::project function within the application/controllers/Clients.php file. This flaw allows unauthorized manipulation of the argument ID, potentially granting attackers remote ...

A security vulnerability has been identified in Open5GS versions up to 2.7.7, specifically within the amf-3gpp-access component's udm_nudm_uecm_handle_amf_registration_update function. This flaw allows attackers to disrupt service, potentially resulting in denial of service. The vulnerability can...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...