Publicly Disclosed
PoC Exploits

This vulnerability affects the rSeries FIPS module in F5 Networks products. Users may experience issues during the initialization process when attempting to utilize passwords that include special shell metacharacters. Such inputs can lead to a failure in properly initializing the FIPS hardware se...

A serious backdoor vulnerability was discovered in vsftpd 2.3.4, affecting downloads made between June 30 and July 3, 2011. This vulnerability allows an attacker to exploit the software and open a remote shell on port 6200/tcp, granting unauthorized access to the system. It poses significant risk...

A SQL injection vulnerability was identified within the SourceCodester Dental Clinic Appointment Reservation System 1.0, specifically affecting the '/success.php' file. An attacker can exploit this flaw by manipulating the 'username/password' parameters, allowing unauthorized access to the databa...

A security vulnerability has been identified in the wwwlike Vlife API affecting versions up to 2.0.1. The issue arises in the `create` function of the SysFileApi component, specifically in the handling of the `fileName` argument. This flaw enables attackers to perform path traversal attacks, pote...

The W3 Total Cache plugin for WordPress versions prior to 2.8.13 contains a command injection vulnerability due to improper handling of user inputs in the _parse_dynamic_mfunc function. This flaw allows unauthenticated users to inject malicious payloads through comments, enabling them to execute ...

A vulnerability exists in CMS Made Simple version 2.2.8, where the News module can be exploited through a specially crafted URL, allowing an unauthenticated attacker to perform blind time-based SQL injection utilizing the m1_idlist parameter. This can potentially expose sensitive information and ...

A security flaw has been identified in the SourceCodester Online Magazine Management System version 1.0, specifically in the file /view_magazine.php. This vulnerability allows an attacker to manipulate the ID parameter, leading to SQL injection attacks. Such attacks can be executed remotely, posi...

A vulnerability has been detected in the SourceCodester Online Magazine Management System version 1.0, specifically related to the file /categories.php. This issue allows attackers to manipulate the 'c' argument, resulting in SQL injection attacks that can be executed remotely. The vulnerability ...

A path traversal vulnerability exists in the lsfusion platform, specifically in the UploadFileRequestHandler function. This flaw affects all versions of the platform up to 6.1. By exploiting this vulnerability through manipulation of the 'sid' argument, an attacker can gain unauthorized access to...

A path traversal vulnerability has been identified in the lsFusion platform, specifically in the method responsible for handling file download requests. An attacker can manipulate the 'Version' argument, potentially leading to the unauthorized reading of files from the server. This vulnerability ...

A vulnerability exists in the Campcodes Supplier Management System version 1.0, specifically impacting the edit_product.php file. This flaw allows for SQL injection through manipulation of the 'cmbProductUnit' argument, enabling potential attackers to execute malicious SQL statements remotely. Th...

A security flaw exists in Campcodes Supplier Management System 1.0, specifically within the /manufacturer/edit_unit.php file, resulting in SQL injection vulnerabilities. This issue allows attackers to manipulate the argument ID, potentially granting unauthorized access and extraction of sensitive...

A vulnerability has been identified in the Tenda AC20 router due to a buffer overflow in the WifiExtraSet function. This weakness can be exploited remotely through the manipulation of the wpapsk_crypto argument within the affected file. As the exploit is publicly available, it poses a significant...

A significant security flaw exists in the itsourcecode Inventory Management System 1.0, specifically within an unidentified function of the /admin/user/index.php?view=edit file. This vulnerability allows an attacker to manipulate the ID parameter, leading to SQL injection. The exploitation can be...

A vulnerability has been discovered in the Advanced Library Management System 1.0 developed by Projectworlds, specifically in the /borrow.php file. This weakness allows an attacker to manipulate the 'roll_number' argument, leading to SQL injection. The exploit can be executed remotely, posing a s...

The vulnerability in the Checkmk Windows Agent Plugin allows local users to escalate their privileges, potentially leading to unauthorized control over the system. This affects versions prior to 2.2.0p23, 2.1.0p40, and the end-of-life version 2.0.0. Users are advised to update their Checkmk insta...

The vulnerability arises from inadequate input validation in the NetScaler Management Interface, potentially allowing attackers to exploit memory overread conditions. This could lead to unauthorized access or exposure of sensitive information within the NetScaler ADC and NetScaler Gateway product...

The Windows Server Update Service (WSUS) is susceptible to an elevation of privilege vulnerability that could allow an attacker to gain elevated permissions on the system. An attacker who successfully exploits this vulnerability can take actions that are not normally permitted. This vulnerability...

A vulnerability has been identified in WeiYe-Jing's DataX-Web up to version 2.1.2, where an unknown function can be exploited through SQL injection. This issue allows malicious actors to execute unauthorized SQL commands remotely, potentially compromising the application's database integrity and ...

A vulnerability has been identified in WeiYe-Jing DataX-Web software, where improper access control mechanisms within the Job Handler component can be exploited. This vulnerability allows an attacker to remotely manipulate various job functions, including starting and stopping jobs, which may lea...

A security vulnerability in Jiusi OA versions up to 20251102 has been identified, which allows remote attackers to exploit the OfficeServer Interface component. By manipulating the 'FileData' argument in the '/OfficeServer?isAjaxDownloadTemplate=false' endpoint, attackers can achieve unrestricted...

A vulnerability has been discovered in the Patients Waiting Area Queue Management System version 1.0 developed by SourceCodester. The flaw resides in the /php/api_patient_schedule.php file, where manipulation of the appointmentID argument can lead to SQL injection attacks. This issue permits remo...

A security flaw has been identified in version 1.0 of the PHPGurukul Tourism Management System. This vulnerability arises from an unknown function in the /admin/user-bookings.php file, which allows for remote SQL injection through manipulation of the 'uid' argument. The exploit has been made publ...

A path traversal vulnerability exists in the JwtAuthenticationFilter function of the ShopSuite ModulithShop, specifically within the file located at src/main/java/com/suisung/shopsuite/common/security/JwtAuthenticationFilter.java. This flaw allows attackers to exploit the function remotely, poten...

A vulnerability has been discovered in the Student Information System 2.0, specifically located in an undefined function within the /editprofile.php file. This issue allows for cross-site scripting (XSS) attacks, enabling attackers to execute malicious scripts in the context of a user's session. ...

A cross site scripting (XSS) vulnerability has been identified in the Code-Projects Student Information System version 2.0. The issue is located in an undocumented function within the /register.php file, which can be exploited by attackers to inject arbitrary script code. This manipulation allows...

A security vulnerability has been identified in the Code-Projects Student Information System 2.0, specifically within the editprofile.php file. This vulnerability allows a remote attacker to exploit an unknown function, potentially leading to unauthorized access to the database through SQL inject...

A significant SQL injection vulnerability has been identified in the Code-Projects Student Information System version 2.0, specifically affecting the processing of the /register.php file. This flaw allows remote attackers to manipulate SQL queries, potentially leading to unauthorized data access ...

A security flaw exists in the code-projects Student Information System 2.0 that permits remote exploitation through SQL injection. Specifically, this vulnerability arises from improper handling of user input in the /index.php file, where an attacker can manipulate the Username parameter. If succe...

A vulnerability in code-projects Student Information System version 2.0 has been identified, specifically within the /searchquery.php file. The vulnerability allows for SQL injection through manipulation of the 's' argument, enabling attackers to execute arbitrary SQL queries. This flaw opens the...

A vulnerability in Bdtask's CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution v5 has been identified, specifically in the handling of the /submit_checkout functionality. The problem arises from inadequate manipulation of the parameters order_total_amount and cart_total_amount, leadin...

A vulnerability in Bdtask Flight Booking Software version 4 allows attackers to exploit an unknown functionality of the Edit Profile Page, specifically through the endpoint '/agent/profile/edit'. This weakness enables the unrestricted uploading of files by unauthorized users, which can lead to fu...

A security flaw has been identified in itsourcecode's Inventory Management System version 1.0, specifically in the /LogSignModal.PHP file. The vulnerability arises from improper handling of the U_USERNAME argument, leading to a SQL injection that can be exploited remotely. This vulnerability has ...

A SQL injection vulnerability has been identified in version 1.0 of the itsourcecode Inventory Management System, specifically affecting the /admin/products/index.php?view=edit endpoint. This vulnerability arises from improper handling of the ID parameter, allowing an attacker to manipulate SQL q...

A SQL injection vulnerability exists in the itsourcecode Inventory Management System version 1.0, specifically within the /admin/login.php file. This vulnerability arises from improper handling of the 'user_email' parameter, allowing remote attackers to manipulate SQL queries. Exploitation of thi...

A SQL injection vulnerability exists in the itsourcecode Inventory Management System 1.0. This vulnerability is located in an unknown function within the file /index.php?q=product. By manipulating the PROID parameter, attackers can exploit this vulnerability remotely, which could lead to unauthor...

Redis, the open source in-memory database, is prone to a stack buffer overflow vulnerability in versions 8.2.0 and later. When a user executes the XACKDEL command with multiple IDs, it can trigger this overflow, potentially leading to remote code execution. Version 8.2.3 addresses this issue. To ...

A vulnerability has been identified in the itsourcecode Inventory Management System version 1.0 that allows for SQL injection via an unvalidated function in the /index.php?q=single-item file. By manipulating the ID parameter, remote attackers can potentially execute arbitrary SQL queries, leading...

Nagios XI versions prior to 2026R1 are susceptible to an authenticated command injection issue. This vulnerability exists within the wizards for MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query. It allows attackers to insert shell characters into command arguments,...

The FreePBX Endpoint Manager, specifically in versions 17.0.2.36 and later up to 17.0.2.39, contains a command injection vulnerability in its filestore module. This occurs after authentication and can be exploited by an authenticated user through the testconnection -> check_ssh_connect() function...

A vulnerability exists in Intelbras UnniTI version 24.07.11, specifically within the /xml/sistema/usuarios.xml file. An unchecked manipulation involving Usuario/Senha can lead to the storage of sensitive credentials in an unprotected manner. This weakness can be exploited remotely, allowing poten...

A critical security vulnerability has been found in the Inventory Management System version 1.0 by itsourcecode, affecting the /admin/products/index.php?view=add endpoint. This flaw allows remote attackers to exploit an input manipulation in the PROMODEL argument, leading to potential unauthorize...

A vulnerability has been identified in the Bestfeng OA Git Free application, specifically impacting versions up to 9.5. The flaw lies in the 'updateWriteBack' function within the WorkflowPredefineController.java file. This weakness allows attackers to manipulate the 'writeProp' argument, resultin...

A security flaw has been identified in the FantasticLBP Hotels Server, specifically within the hotelList.php file. This vulnerability allows remote attackers to manipulate the subjectId/cityName parameters, leading to SQL injection attacks. Successful exploitation could enable unauthorized access...

A vulnerability has been detected in the Simple Cafe Ordering System version 1.0, specifically in the code handling the /addmem.php file. The weakness arises from improper validation of user input, allowing for SQL injection through manipulation of the 'studentnum' parameter. This could permit re...

A security flaw exists in the login functionality of the Simple Cafe Ordering System, specifically in the /login.php file. An attacker can exploit this vulnerability by manipulating the Username parameter, leading to an SQL injection attack. This allows unauthorized access to the application's da...

An information exposure vulnerability exists in the SourceCodester Farm Management System 1.0 due to improper functionality, which allows attackers to access sensitive information via directory listing. This vulnerability can be exploited remotely, potentially exposing confidential data to unauth...

A path traversal vulnerability exists in the Email Logging Interface 2.0 developed by Code-Projects, specifically within the 'signup.cpp' file. This issue arises from improper handling of the 'Username' argument, allowing attackers with local access to manipulate file paths. This could potentiall...

An exploitation vulnerability has been identified in DouPHP versions up to 1.8 Release 20251022, specifically in the file upload functionality located in file.include/file.class.php. This vulnerability allows attackers to manipulate upload parameters, resulting in the ability to perform unrestric...

A vulnerability exists in the D-Link DIR-816L router, specifically within the soapcgi_main function of the /soap.cgi file. This flaw can lead to a stack-based buffer overflow, allowing remote attackers to execute arbitrary code on systems running affected versions. The vulnerability is a concern ...