Publicly Disclosed
PoC Exploits

The RustFS object storage system, prior to version 1.0.0-alpha.77, suffers from a significant authentication vulnerability due to the use of a hardcoded static token, 'rustfs rpc'. This token is exposed in the source code and is non-configurable, meaning it cannot be altered or rotated. As a resu...

The Jakarta Multipart parser in Apache Struts 2 is flawed in handling exceptions and generating error messages during file uploads. This vulnerability exposes the application to potential remote command execution by allowing attackers to send specially crafted HTTP headers—namely Content-Type, Co...

The Java OpenWire protocol marshaller in Apache ActiveMQ is susceptible to a remote code execution vulnerability, allowing attackers with network access to execute arbitrary shell commands. By manipulating serialized class types in the OpenWire protocol, an attacker can cause the client or broker...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The Safari web browser developed by Apple is the subject of two actively exploited zero-day vulnerabilities, known as CVE-2023-28205 and CVE-2023-28206. These vulnerabilities have been exploited in tandem to achieve full device compromise, potentially allowing the installation of spyware on affec...

The vulnerability in Bricks Builder, developed by Codeer Limited, allows for improper control of code generation, leading to code injection risks. This condition is particularly critical in versions ranging from n/a to 1.9.6. Attackers may exploit this weakness to execute arbitrary code on the se...

A security issue in Docker Desktop has been discovered, enabling local running Linux containers to communicate with the Docker Engine API through the default Docker subnet. This issue can arise irrespective of whether Enhanced Container Isolation (ECI) is active or if the 'Expose daemon on tcp://...

A security flaw has been discovered in CRMEB versions up to 5.6.1, specifically within the product export functionality located at /adminapi/product/product_export. This vulnerability enables an attacker to manipulate the cate_id parameter, leading to SQL injection attacks that can compromise the...

A significant SQL injection vulnerability was identified in CRMEB, affecting versions up to 5.6.1. This issue arises from improper handling of the 'cate_id' argument within the /adminapi/export/product_list file, allowing attackers to execute unauthorized SQL commands. The vulnerability can be ex...

A race condition has been identified in the Linux kernel's handling of POSIX CPU timers. When a non-autoreaping task reaches the exit_notify() state and subsequently calls handle_posix_cpu_timers() from an interrupt request (IRQ), it may be reaped by its parent or debugger immediately after unloc...

n8n, an open-source workflow automation platform, has a Remote Code Execution vulnerability affecting specific versions. Authenticated users can inadvertently supply expressions that, under certain circumstances, are evaluated in a context insufficiently isolated from the runtime. This flaw enabl...

This vulnerability allows unauthorized exposure of sensitive information when using Advanced IP Scanner and Advanced Port Scanner. During network scans, these applications may unintentionally transmit the NTLM hash of the user conducting the scan. This flaw can be exploited by attackers who inter...

The WooCommerce Designer Pro plugin for WordPress has a significant vulnerability that allows unauthenticated attackers to perform arbitrary file uploads. This issue arises from inadequate file type validation in the 'wcdp_save_canvas_design_ajax' function. If exploited, this can lead to unauthor...

n8n, an open-source workflow automation platform, has a Remote Code Execution vulnerability affecting specific versions. Authenticated users can inadvertently supply expressions that, under certain circumstances, are evaluated in a context insufficiently isolated from the runtime. This flaw enabl...

The vulnerability arises from mismatched length fields in Zlib compressed protocol headers within MongoDB Server, potentially allowing an unauthenticated client to access uninitialized heap memory. This could lead to unauthorized information exposure, affecting versions of MongoDB Server across m...

This vulnerability in PHP occurs when the software is configured to run as a CGI script. Specifically, when the query string lacks an equals sign, PHP fails to handle it appropriately, which can lead to remote attackers executing arbitrary code. This occurs due to insufficient validation of comma...

A vulnerability exists in Google Chrome on Mac systems prior to version 143.0.7499.110 due to improper handling of memory access. This flaw allows a remote attacker to exploit crafted HTML content, leading to potential unauthorized access to system memory. This vulnerability highlights the import...

A vulnerability has been detected in Daptin version 0.10.3 related to the Aggregate API component. This issue arises from improper handling of input parameters within the function goqu.L located in server/resource/resource_aggregate.go. Attackers can exploit this vulnerability by manipulating the...

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in the Media Management Module of PluXml versions up to 5.8.22, specifically within the function FileCookieJar::__destruct located in core/admin/medias.php. This flaw allows attackers to manipulate the File argument, potentially leading to deserialization attacks that can b...

A vulnerability has been identified in LigeroSmart up to version 6.1.24 that affects the Environment Variable Handler component. This flaw allows for cross-site scripting (XSS) when the REQUEST_URI argument is manipulated, enabling attackers to execute scripts from a remote location. The vulnerab...

A vulnerability exists in libmodbus prior to version 3.0.7 and 3.1.x before 3.1.5, where an out-of-bounds read occurs specifically in the MODBUS_FC_WRITE_MULTIPLE_COILS operation. This can potentially lead to unintended behavior, including exposing sensitive information or causing application ins...

A security flaw has been identified in Yonyou KSOA 9.0 that allows for SQL injection through manipulation of the 'Report' argument in the /worksheet/work_edit.jsp file. This vulnerability can be exploited remotely, potentially exposing sensitive data or enabling unauthorized actions within the ap...

A security flaw has been identified in Yonyou KSOA 9.0, specifically within the /worksheet/work_update.jsp file. This vulnerability allows for SQL injection through the manipulation of the 'Report' argument, offering an attacker the ability to execute unauthorized SQL queries. The exploit can be ...

A vulnerability exists in Yonyou KSOA 9.0 that allows for SQL injection through the /kp/PrintZPYG.jsp file by manipulating the 'zpjhid' parameter. This security flaw can be exploited remotely, providing attackers a means to execute arbitrary SQL queries, potentially compromising the integrity and...

A path traversal vulnerability exists in the yeqifu carRental system, specifically within the downloadShowFile function of the FileController component. This flaw allows attackers to manipulate file paths, potentially gaining unauthorized access to files on the server. The vulnerability can be ex...

A security flaw has been discovered in the UTT 进取 512W product, specifically within the strcpy function located in /goform/formFtpServerDirConfig. This vulnerability allows attackers to exploit the argument manipulation of the filename, potentially leading to a buffer overflow condition. The expl...

The Ninja Forms plugin for WordPress prior to version 3.13.3 contains a vulnerability that allows unauthenticated attackers to exploit the REST API to generate valid access tokens. These tokens can be utilized to gain unauthorized access to sensitive data, including reading form submissions. This...

The Logo Slider plugin for WordPress, prior to version 4.9.0, is susceptible to a security flaw where it fails to validate and escape certain slider options before rendering them in the dashboard. This oversight could allow users with contributor roles or higher to exploit the vulnerability, perf...

The ShopBuilder WordPress plugin prior to version 3.2.2 contains a vulnerability due to improper handling of a user-supplied parameter. This oversight allows attackers to execute reflected Cross-Site Scripting attacks, particularly targeting users with high privileges, like administrators. Withou...

The WPBookit plugin for WordPress, specifically version 1.0.7, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This issue arises due to the absence of a CSRF check when deleting customer accounts. As a result, an unauthenticated attacker could exploit this vulnerability to de...

A vulnerability has been identified in the UTT 进取 512W firmware version 1.7.7-171114, which affects the strcpy function found in the /goform/formFtpServerShareDirSelcet file. A remote attacker could exploit this vulnerability by manipulating the oldfilename argument, leading to a buffer overflow ...

A critical buffer overflow vulnerability has been identified in UTT 进取 512W version 1.7.7-171114, specifically within the strcpy function located in the file /goform/formConfigCliForEngineerOnly. This flaw can be exploited remotely through manipulated command arguments, potentially allowing unaut...

A buffer overflow vulnerability has been discovered in the UTT 进取 512W router, specifically within the strcpy function located in the /goform/formRemoteControl file. This vulnerability allows an attacker to manipulate the 'Profile' argument, enabling remote exploitation. This flaw exposes the dev...

A significant security flaw has been identified in the Seeyon Zhiyuan OA Web Application System, specifically impacting the file /carManager/carUseDetailList.j%73p in versions up to 20251222. The vulnerability arises from improper handling of the CAR_BRAND_NO argument, leading to a potential SQL ...

The vulnerability arises from mismatched length fields in Zlib compressed protocol headers within MongoDB Server, potentially allowing an unauthenticated client to access uninitialized heap memory. This could lead to unauthorized information exposure, affecting versions of MongoDB Server across m...

A vulnerability has been discovered in the H-ui.admin version up to 3.1 that allows for unrestricted file uploads through a specific function in the /lib/webuploader/0.1.5/server/preview.php file. This issue can be exploited remotely, enabling attackers to upload files without proper validation. ...

A SQL injection vulnerability exists in Yonyou KSOA 9.0 due to improper handling of input parameters in the del_user.jsp file. An attacker can exploit this vulnerability remotely by manipulating the ID parameter in HTTP GET requests. The potential for unauthorized database access through this fla...

A SQL injection vulnerability has been detected in the HTTP GET Parameter Handler of Yonyou KSOA 9.0. The flaw resides in an unprotected function within the file /worksheet/agent_worksdel.jsp, allowing attackers to manipulate the ID parameter. This manipulation can lead to unauthorized access to ...

A vulnerability in the PHPGurukul Online Course Registration system up to version 3.1 has been identified, which allows an attacker to bypass authorization mechanisms. This flaw can potentially lead to unauthorized access, enabling remote exploitation by malicious actors. As the exploit has been ...

A security vulnerability has been identified in PHPGurukul Small CRM version 4.0, specifically within the /admin/edit-user.php file. This issue involves a lack of proper authorization checks, allowing unauthorized users to manipulate the system remotely. The flaw has been made publicly known, and...

A significant vulnerability has been identified in EmpireSoft's EmpireCMS, affecting versions up to 8.0. The security flaw resides in the CheckSaveTranFiletype function within the e/class/connect.php file, allowing an attacker to manipulate upload parameters and execute unrestricted file uploads....

A security flaw in EmpireSoft's EmpireCMS, affecting versions up to 8.0, has been identified in the IP Address Handler component. Specifically, the issue resides in the 'egetip' function located within the 'e/class/connect.php' file. This vulnerability allows for potential remote exploitation, le...

A significant SQL injection vulnerability has been identified in the Yonyou KSOA 9.0 platform, specifically within the HTTP GET Parameter Handler implemented in the /worksheet/agent_worksadd.jsp file. This vulnerability allows attackers to manipulate the 'ID' argument, potentially leading to unau...

A vulnerability exists in Open5GS versions up to 2.7.6, specifically affecting the function responsible for handling session responses within the GTPv2-C Flow Handler. An attacker exploiting this weakness locally may lead to a denial of service condition. The exploit has been made publicly availa...

Paragon Partition Manager version 7.9.1 has a vulnerability that allows attackers to exploit the memmove function, which fails to adequately verify or sanitize user-controlled input. This oversight enables attackers to manipulate kernel memory, potentially leading to privilege escalation. Users o...

A Cross-Site Scripting vulnerability exists in the xnx3 Wangmarket platform, specifically affecting the Add Global Variable Handler within the /siteVar/save.do file. This vulnerability allows remote attackers to inject malicious scripts by manipulating the 'Remark' or 'Variable Value' parameters....

A vulnerability exists in the xnx3 Wangmarket product, specifically in the uploadImage function of the XML File Handler component. This flaw permits attackers to exploit the argument 'image' to achieve unrestricted file uploads, which could lead to remote exploitation. Despite early notification ...

A vulnerability exists in the go-sonic application, specifically in the Theme Fetching API's FetchTheme function located in the git_fetcher.go file. This flaw allows an attacker to manipulate the 'uri' argument, potentially enabling server-side request forgery. This type of attack can be executed...