Publicly Disclosed
PoC Exploits

A vulnerability exists in Samba's front-end WINS hook handling where unsanitized NetBIOS names from registration packets are executed via shell commands. This flaw allows an unauthenticated network attacker to execute arbitrary commands with the privileges of the Samba process. Proper validation ...

A directory traversal vulnerability present in Nostromo nhttpd allows an attacker to craft a malicious HTTP request, which could potentially lead to remote code execution. This flaw exists in the http_verify function, enabling unauthorized access to file system paths, circumventing security mecha...

A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is the function 0x222400/0x222404/0x222410 in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An ...

The Tellion HN-2204AP routers exhibit a critical flaw in their configuration management system, where an unauthenticated user can access sensitive configuration data via the /cgi-bin/system_config_file endpoint. This security lapse permits remote attackers to download a compressed archive of conf...

The ESCAM QD-900 WIFI HD cameras feature a vulnerability that permits unauthenticated users to exploit the /web/cgi-bin/hi3510/backup.cgi endpoint. This flaw allows adversaries to remotely download compressed configuration backups without needing any form of authentication or authorization. The d...

The ESCAM QD-900 WIFI HD cameras feature a vulnerability that permits unauthenticated users to exploit the /web/cgi-bin/hi3510/backup.cgi endpoint. This flaw allows adversaries to remotely download compressed configuration backups without needing any form of authentication or authorization. The d...

Dongyoung Media's DM-AP240T/W wireless access points are vulnerable to an unauthenticated configuration disclosure. This vulnerability resides in the /cgi-bin/sys_system_config management endpoint, which can be accessed without authentication. Attackers can retrieve a compressed configuration arc...

Dongyoung Media's DM-AP240T/W wireless access points are vulnerable to an unauthenticated configuration disclosure. This vulnerability resides in the /cgi-bin/sys_system_config management endpoint, which can be accessed without authentication. Attackers can retrieve a compressed configuration arc...

The BACnet Test Server, specifically versions up to and including 1.01, is susceptible to a remote denial of service attack due to inadequate validation of the BVLC Length field in incoming UDP packets. An attacker can exploit this vulnerability by sending a specially crafted BVLC Length value, w...

The BACnet Test Server, specifically versions up to and including 1.01, is susceptible to a remote denial of service attack due to inadequate validation of the BVLC Length field in incoming UDP packets. An attacker can exploit this vulnerability by sending a specially crafted BVLC Length value, w...

The BACnet Test Server, specifically versions up to and including 1.01, is susceptible to a remote denial of service attack due to inadequate validation of the BVLC Length field in incoming UDP packets. An attacker can exploit this vulnerability by sending a specially crafted BVLC Length value, w...

The BACnet Test Server, specifically versions up to and including 1.01, is susceptible to a remote denial of service attack due to inadequate validation of the BVLC Length field in incoming UDP packets. An attacker can exploit this vulnerability by sending a specially crafted BVLC Length value, w...

Astak CM-818T3 2.4GHz wireless security surveillance cameras have a vulnerability that allows remote attackers to access sensitive configuration files via the /web/cgi-bin/hi3510/backup.cgi endpoint without requiring authentication. This exploit enables unauthorized users to download a configurat...

The ACE SECURITY WIP-90113 HD cameras are susceptible to an unauthenticated configuration disclosure vulnerability at the /web/cgi-bin/hi3510/backup.cgi endpoint. This flaw allows attackers to remotely download sensitive configuration backups without any authentication. The exposed backups may co...

The ACE SECURITY WIP-90113 HD cameras are susceptible to an unauthenticated configuration disclosure vulnerability at the /web/cgi-bin/hi3510/backup.cgi endpoint. This flaw allows attackers to remotely download sensitive configuration backups without any authentication. The exposed backups may co...

A path traversal vulnerability present in the Windows version of WinRAR could enable attackers to execute arbitrary code by crafting specially designed malicious archive files. This type of exploitation was observed in the wild, bringing attention to the efforts of security researchers, including...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

Nagios Log Server prior to version 2026R1.0.1 is vulnerable to an authenticated command injection flaw stemming from its experimental 'Natural Language Queries' functionality. This vulnerability allows authenticated users with access to global configuration to execute arbitrary system commands. T...

The TAX SERVICE Electronic HDM WordPress plugin, prior to version 1.2.1, is vulnerable due to the lack of authorization and CSRF checks during specific AJAX actions. This oversight allows unauthenticated users to import and execute arbitrary SQL statements, posing a significant security risk. Pro...

The AI Feeds plugin for WordPress contains a security flaw that allows unauthorized attackers to perform arbitrary file uploads due to a lack of proper capability checks in the 'actualizador_git.php' file. This vulnerability affects all versions of the plugin up to and including 1.0.11, enabling ...

The CIBELES AI plugin for WordPress contains a vulnerability that allows attackers to upload arbitrary files. This issue stems from a missing capability check in the 'actualizador_git.php' file, affecting all versions up to and including 1.10.8. As a result, unauthenticated users can exploit this...

The Mozart FM Transmitter from DB Electronica Telecomunicazioni S.p.A. is susceptible to an unauthenticated arbitrary file read vulnerability due to a critical flaw in the `download_setting.php` script. This vulnerability allows an attacker to exploit null byte injection to bypass file extension ...

The Sneeit Framework plugin for WordPress is susceptible to Remote Code Execution due to inadequate validation in the sneeit_articles_pagination_callback() function. This vulnerability enables attackers to send specially crafted user input, which is processed via call_user_func(), granting them t...

The vulnerability CVE-2024-29943 affects Firefox, allowing attackers to perform an out-of-bounds read or write on a JavaScript object, enabling remote code execution and sandbox escape. The flaw was exploited during the Pwn2Own Vancouver 2024 hacking competition and affected Firefox versions befo...

The JBoss RichFaces framework versions 3.1.0 to 3.3.4 are susceptible to an expression language injection vulnerability. This flaw allows unauthenticated remote attackers to inject EL expressions and potentially execute arbitrary Java code. This can occur when the application processes paths that...

n8n, an open-source workflow automation platform, has a remote code execution vulnerability in the Git Node component prior to version 1.113.0. When a malicious actor successfully clones a remote repository that includes a pre-commit hook, executing the Commit operation in the Git Node can lead t...

An Insecure Direct Object Reference (IDOR) vulnerability in classroomio version 0.1.13 allows unauthorized access to sensitive endpoints that should only be available to administrators or teachers. By manipulating course IDs within URLs, students can inadvertently access confidential information,...

A stored Cross-Site Scripting (XSS) vulnerability exists in Classroomio LMS version 0.1.13, which allows authenticated attackers to execute arbitrary JavaScript code. This exploit occurs through malicious SVG cover images, potentially compromising user data and allowing unauthorized actions withi...

A stored Cross Site Scripting (XSS) vulnerability exists in Classroomio LMS version 0.1.13, which allows authenticated attackers to inject and execute arbitrary code through specially crafted SVG profile pictures. This can potentially compromise user accounts and sensitive data, posing significan...

An insecure direct object reference (IDOR) vulnerability found in Classroomio version 0.1.13 allows unauthorized users to manipulate and gain access to sensitive course settings. This flaw could enable users to share and invite access privileges improperly, potentially leading to unauthorized mod...

A heap-based buffer overflow vulnerability has been identified in the rsync daemon, attributable to improper management of attacker-controlled checksum lengths (s2length). This weakness arises when the maximum digest length exceeds the designated fixed length of 16 bytes, allowing an attacker to ...

A vulnerability in Juniper Networks Junos OS affects the EX Series and SRX Series products by allowing an unauthenticated, network-based attacker to remotely execute code. By sending a crafted request that alters the PHPRC variable, an attacker can modify the PHP execution environment, leading to...

Ruijie NBR series routers are susceptible to an unauthenticated arbitrary file upload vulnerability through the endpoint /ddi/server/fileupload.php. The issue arises as the endpoint inadequately validates and sanitizes user-supplied values in the 'name' and 'uploadDir' parameters, allowing attack...

Ruijie NBR series routers are susceptible to an unauthenticated arbitrary file upload vulnerability through the endpoint /ddi/server/fileupload.php. The issue arises as the endpoint inadequately validates and sanitizes user-supplied values in the 'name' and 'uploadDir' parameters, allowing attack...

Ruijie NBR series routers are susceptible to an unauthenticated arbitrary file upload vulnerability through the endpoint /ddi/server/fileupload.php. The issue arises as the endpoint inadequately validates and sanitizes user-supplied values in the 'name' and 'uploadDir' parameters, allowing attack...

Ruijie NBR series routers are susceptible to an unauthenticated arbitrary file upload vulnerability through the endpoint /ddi/server/fileupload.php. The issue arises as the endpoint inadequately validates and sanitizes user-supplied values in the 'name' and 'uploadDir' parameters, allowing attack...

The NVMS-9000 firmware from Shenzhen TVT Digital Technology, utilized in various DVR/NVR/IPC systems, is susceptible to an authentication bypass flaw. By delivering a specially crafted TCP payload to an exposed control port, an attacker without legitimate credentials can execute privileged admini...

The NVMS-9000 firmware from Shenzhen TVT Digital Technology, utilized in various DVR/NVR/IPC systems, is susceptible to an authentication bypass flaw. By delivering a specially crafted TCP payload to an exposed control port, an attacker without legitimate credentials can execute privileged admini...

The NVMS-9000 firmware by Shenzhen TVT Digital Technology is susceptible to a serious security flaw involving hardcoded API credentials and an OS command injection vulnerability. This vulnerability allows unauthenticated attackers to exploit fixed vendor credentials to access specific endpoints, ...

The NVMS-9000 firmware by Shenzhen TVT Digital Technology is susceptible to a serious security flaw involving hardcoded API credentials and an OS command injection vulnerability. This vulnerability allows unauthenticated attackers to exploit fixed vendor credentials to access specific endpoints, ...

The NVMS-9000 firmware by Shenzhen TVT Digital Technology is susceptible to a serious security flaw involving hardcoded API credentials and an OS command injection vulnerability. This vulnerability allows unauthenticated attackers to exploit fixed vendor credentials to access specific endpoints, ...

In the Linux kernel, a flaw was identified in the netfilter subsystem that allows for chain and flowtable updates to include duplicated devices within the same transaction batch. When this occurs, the system fails to remove all instances of the duplicated device correctly, leaving one unregistere...

The WP 2FA WordPress plugin is compromised by a vulnerability that stems from insufficient randomness in the generation of backup codes. This weakness allows potential attackers to exploit the two-factor authentication mechanism by brute forcing the predictable backup codes. Consequently, this si...

A vulnerability in lKinderBueno Streamity Xtream IPTV Player versions up to 2.8 allows for server-side request forgery due to flaws in the public/proxy.php file. Attackers can remotely exploit this weakness, resulting in unauthorized server requests. To mitigate this risk, users should upgrade to...

A vulnerability exists in the SourceCodester Online Student Clearance System 1.0 that can be exploited through the hidden functionality in the /Admin/changepassword.php file. By manipulating the input argument 'txtconfirm_password', attackers can execute SQL injection attacks remotely, compromisi...

The Broken Link Manager plugin for WordPress versions up to 0.6.5 is vulnerable to Reflected Cross-Site Scripting (XSS) due to improper sanitization and escaping of parameters before they are output back to the web page. This weakness could be exploited by attackers to inject malicious scripts, p...

The Backup Migration WordPress plugin suffers from a critical issue where it improperly generates the backup path under certain server configurations. This flaw permits unauthenticated users to access and download sensitive log files that disclose the backup filename. As a result, backup archives...

The Frontend Posting plugin for WordPress, prior to version 5.0.0, contains an Open Redirect vulnerability due to inadequate validation of user parameters. This flaw allows attackers to manipulate redirect URLs, potentially leading users to malicious domains without their knowledge. Such vulnerab...

The WordPress eCommerce Plugin prior to version 2.9.0 is prone to a reflected cross-site scripting vulnerability due to improper sanitization and escaping of a user-supplied parameter. This flaw enables attackers to inject malicious scripts into web pages viewed by users, particularly affecting h...

A security flaw has been identified in the COVID Tracking System 1.0 developed by Code-Projects, affecting the file /login.php. The vulnerability allows remote attackers to manipulate the 'code' parameter, resulting in SQL injection. This exploitation may lead to unauthorized access and potential...