Publicly Disclosed
PoC Exploits

A vulnerability exists in GRASSMARLIN v3.2.1 that arises from inadequate protection against the handling of XML input. Specifically, crafted session data can exploit this flaw, leading to the unintended exposure of sensitive information. The underlying issue is due to insufficient hardening in th...

The midi-Synth plugin for WordPress allows unauthenticated attackers to exploit a vulnerability that permits arbitrary file uploads. This occurs due to inadequate validation of file types and extensions within the 'export' AJAX action in versions up to and including 1.1.0. The lack of security ch...

A vulnerability in the elinsky execution-system-mcp version 0.1.0 has been identified, where improper handling of the argument in the _get_context_file_path function of src/execution_system_mcp/server.py leads to a potential path traversal issue. This flaw allows unauthorized remote access to sen...

A path traversal vulnerability has been identified in the search_papers function of the research_server.py file within elie mcp-project 0.1.0. This issue arises from improper handling of user-supplied input via the topic argument, allowing local attackers to manipulate file paths and potentially ...

A deserialization vulnerability was identified in Grav CMS versions up to 1.7.49.5 and 2.0.0-beta.1, specifically within the FileCache::doGet function located in the file system/src/Grav/Framework/Cache/Adapter/FileCache.php. This issue allows an attacker to manipulate cache value handling and po...

Aider-MCP, developed by Eiliyaabedini, contains a command injection vulnerability within its 'aider_mcp.py' file, specifically when manipulating the 'working_dir/editable_files' argument. This flaw allows attackers to remotely execute arbitrary commands on the server. The ongoing rolling release ...

A vulnerability has been identified in the eiceblue spire-pdf-mcp-server version 0.1.1, specifically within the PDF File Handler component's get_pdf_path function. This flaw allows attackers to manipulate the filepath argument, potentially leading to unauthorized access to sensitive files on the ...

A vulnerability has been identified in Eiceblue's Spire-Doc-MCP-Server version 1.0.0, specifically in the 'get_doc_path' function located in 'src/spire_doc_mcp/api/base.py'. This flaw allows an attacker to manipulate the 'document_name' argument, leading to potential path traversal. Such an attac...

A remote code execution vulnerability has been discovered in the Xuxueli XXL-JOB product, specifically within the OpenAPI Endpoint's OpenApiController.java file. This vulnerability arises from the manipulation of the argument 'default_token,' which leads to the usage of hard-coded cryptographic k...

A vulnerability has been detected in the XXL-Job project by Xuxueli affecting version 3.3.2. The issue lies within the triggerJob function in the XxlJobServiceImpl.java file. This weakness allows the manipulation of the addressList argument, which can lead to server-side request forgery (SSRF) at...

A security flaw has been identified in the Execution Log Handler of Xuxueli XXL-Job versions prior to 3.4.0. The vulnerability arises from improper handling of the 'logId' argument in the 'logDetailCat' function located in the JobLogController.java file. This misconfiguration allows remote attack...

A vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0, specifically in the save_user function found in /admin/ajax.php?action=save_user. An attacker can exploit this vulnerability by manipulating the 'Name' argument, leading to a cross-site scripting (XSS)...

The SourceCodester Pizzafy Ecommerce System 1.0 contains a vulnerability in the save_order function located in the /admin/ajax.php file. This flaw allows attackers to manipulate input parameters, specifically 'first_name', leading to the execution of arbitrary scripts in the context of the user's...

A security flaw has been identified in the SourceCodester Pizzafy Ecommerce System 1.0, specifically within the 'save_menu' function of the '/admin/ajax.php?action=save_menu' file. This vulnerability allows for cross-site scripting (XSS) due to improper handling of the 'Name' argument, enabling a...

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log messag...

A vulnerability in the SourceCodester Pizzafy Ecommerce System 1.0 allows attackers to exploit the 'save_settings' function located in /admin/index.php?page=save_settings. This issue arises from improper handling of the 'Name' argument, leading to the possibility of cross site scripting attacks. ...

A vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System 1.0, specifically within the delete_category function located in /admin/ajax.php. This security flaw allows attackers to manipulate the ID argument, potentially leading to unauthorized SQL queries being executed on...

A security flaw has been identified in the o2oa software affecting its syncFile function within the NodeAgent component. This vulnerability stems from improper authorization, which can be exploited remotely. While the complexity of executing this attack is considered high and the exploitability c...

A vulnerability has been identified in the o2oa web application affecting the FileAction function within the FileAction.java component. This flaw allows an attacker to manipulate the fileUrl argument, which can lead to server-side request forgery (SSRF). This type of vulnerability enables an atta...

A SQL injection vulnerability exists in JeecgBoot, specifically within the loadDict endpoint in the SqlInjectionUtil function of version 3.9.1. The flaw arises due to improper handling of the keyword argument, allowing attackers to manipulate SQL queries. This vulnerability can be exploited remot...

OpenIdentityPlatform's OpenAM, an access management solution, is susceptible to a pre-authentication Remote Code Execution vulnerability due to unsafe Java deserialization. This issue arises from the handling of the jato.clientSession HTTP parameter, allowing unauthenticated attackers to execute ...

A vulnerability exists in the D-Link DIR-825M router software version 1.1.12 that affects the handling of the submit-url argument in the function sub_414BA8 located in the /boafrm/formWanConfigSetup file. This flaw can lead to a buffer overflow, allowing attackers to execute arbitrary code remote...

A significant vulnerability has been identified in the D-Link DIR-825M Router version 1.1.12, stemming from a flaw in the function sub_4151FC within the /boafrm/formVpnConfigSetup file. This security issue is characterized by a buffer overflow that occurs when handling the submit-url argument. Co...

A security vulnerability has been identified in the SourceCodester Pharmacy Sales and Inventory System version 1.0, specifically within the save_expired function of the /ajax.php?action=save_expired file. The issue lies in improper handling of the ID parameter, which allows an attacker to execute...

OpenCATS, prior to commit 3002a29, is vulnerable to a PHP code injection issue that affects the installer AJAX endpoint. This vulnerability allows unauthenticated attackers to inject malicious PHP code through the databaseConnectivity action parameter. By exploiting the vulnerability, attackers c...

A critical security flaw has been identified in the SourceCodester Pharmacy Sales and Inventory System version 1.0, specifically impacting the `delete_expired` function located in the `/ajax.php?action=delete_expired` file. This vulnerability allows an attacker to manipulate the `ID` argument, po...

A cross-site scripting vulnerability exists in the SourceCodester Pharmacy Sales and Inventory System version 1.0. The flaw resides in the 'supplier' function within the /index.php?page=supplier script. Attackers could exploit this vulnerability by manipulating the 'Name' argument, allowing them ...

A vulnerability exists in the WilliamCloudQi matlab-mcp-server, specifically within the generate_matlab_code and execute_matlab_code functions. This flaw allows an attacker to manipulate the scriptPath argument, potentially enabling unauthorized access to file paths outside of the intended direct...

A stack-based buffer overflow vulnerability exists in the VPN Clients on Asustor's ADM platform. This flaw results from the unbounded use of the sscanf() function and the direct incorporation of user-controlled data into printf() calls. The absence of protection mechanisms such as Position Indepe...

A path traversal vulnerability has been identified in the DV0x creative-ad-agent server, particularly affecting the sdk-server.ts file. This flaw allows attackers to manipulate request parameters, potentially enabling unauthorized access to sensitive files and directories on the server. The issue...

A cross-site scripting vulnerability exists in the SourceCodester Pharmacy Sales and Inventory System 1.0 due to improper validation of user-supplied input. The vulnerability affects the /index.php?page=product endpoint, where an attacker can manipulate the argument ID. This manipulation allows f...

A vulnerability has been detected in the SourceCodester Pizzafy Ecommerce System version 1.0, specifically affecting the save_category function within the /admin/ajax.php file. This issue allows an attacker to manipulate the input parameter 'Name', leading to SQL injection. Such vulnerabilities c...

A security flaw in the SourceCodester Pizzafy Ecommerce System 1.0 allows attackers to execute unauthorized SQL commands through manipulated input in the file /view_prod.php. This vulnerability can be exploited remotely, potentially compromising the integrity of the database. It is crucial for us...

A vulnerability exists in the Pizzafy Ecommerce System where the function save_order, located in /admin/ajax.php, can be exploited through SQL injection. This occurs when the argument ID is manipulated, allowing an attacker to execute arbitrary SQL queries remotely. Since this exploit is publicly...

A security vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0. The vulnerability arises from improper validation of user-provided input in the argument ID within the function Category located in pizza/index.php?page=category. This flaw enables attackers t...

A vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0, specifically within the get_cart_items function located in the /admin/ajax.php file. By manipulating the ID argument, an attacker can execute SQL injection attacks remotely. The public availability of ...

A buffer overflow vulnerability exists in the CGI endpoint of D-Link DI-8100 version 16.07.26A1. Specifically, the flaw is in the function tgfile_htm located in the tgfile.htm file. Attackers may exploit this vulnerability remotely by manipulating the 'fn' argument, leading to potential applicati...

A buffer overflow vulnerability exists in the file_exten_asp function of D-Link DI-8100's file_exten.asp file. An attacker can manipulate the 'Name' argument, potentially leading to system instability or unauthorized access through remote exploitation. This vulnerability has been publicly disclos...

A security flaw has been identified in the Totolink A8000RU router, specifically in the CGI Handler's setWiFiEasyGuestCfg function within the /cgi-bin/cstecgi.cgi file. This vulnerability allows an attacker to manipulate the merge argument, leading to os command injection. Such an exploit can be ...

A command injection vulnerability exists in the Totolink A8000RU router due to improper handling of the maxRtrAdvInterval argument in the setRadvdCfg function within the CGI Handler. An attacker can exploit this flaw remotely to execute arbitrary OS commands, potentially compromising the device's...

A serious OS command injection vulnerability exists in the Totolink A8000RU router, specifically in the function setOpenVpnClientCfg within the CGI Handler at /cgi-bin/cstecgi.cgi. This flaw allows an attacker to exploit a manipulation of the 'enabled' argument, leading to potential remote code e...

A newly discovered vulnerability in the Totolink A8000RU affects the CGI handler's setWiFiBasicCfg function, allowing attackers to perform remote OS command injections. By manipulating the 'wifiOff' argument in the /cgi-bin/cstecgi.cgi file, unauthorized execution of commands could be executed, p...

A vulnerability exists within the Totolink A8000RU due to improper handling of user input in the setVpnAccountCfg function located in /cgi-bin/cstecgi.cgi. This weakness allows an attacker to execute arbitrary operating system commands via crafted requests. This command injection can be exploited...

A security flaw has been identified in Code-projects Online Music Site version 1.0, specifically in the /Administrator/PHP/AdminUpdateAlbum.php file. This vulnerability allows for the manipulation of the argument 'txtimage', resulting in unrestricted file uploads. The potential for remote exploit...

A vulnerability exists in the AgiFlow scaffold-mcp tool that impacts the file write functionality. By manipulating the file_path argument in the source file packages/scaffold-mcp/src/server/index.ts, an attacker can exploit this vulnerability to perform path traversal attacks. This allows unautho...

A security vulnerability exists in the ErlichLiu claude-agent-sdk-master, related to the improper handling of the outputFile argument in the app/api/agent-output/route.ts file. This flaw allows for path traversal attacks, potentially enabling an attacker to access sensitive files on the server. T...

A path traversal vulnerability has been discovered in BrowserOperator's browser-operator-core up to version 0.6.0. The issue arises in the 'startsWith' function within the scripts/component_server/server.js file. Attackers can manipulate the 'request.url' parameter, potentially leading to unautho...

A vulnerability exists in Artifex MuPDF versions up to 1.28.0 due to improper management of the fz_subset_cff_for_gids function in the subset-cff.c file. This flaw leads to potential out-of-bounds read conditions, enabling an attacker to exploit it locally. Although the problem has been acknowled...

The Check & Log Email WordPress plugin, prior to version 2.0.13, is susceptible to stored Cross-Site Scripting (XSS) attacks due to improper handling of email replacement. With the email encoder setting enabled, this vulnerability allows unauthenticated attackers to inject malicious scripts that ...

A vulnerability identified in Code-Projects' Coaching Management System 1.0 allows attackers to exploit an unknown function within the /cims/modules/admin/reply.php file. This weakness arises during the manipulation of the 'complaintreply' argument, resulting in SQL injection. The nature of this ...