Publicly Disclosed
PoC Exploits

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, ...

Ghost CMS, a widely used Node.js content management system, contains a vulnerability that enables unauthenticated attackers to execute arbitrary reads from its database. This security flaw affects versions 3.24.0 through 6.19.0, posing a significant risk to the confidentiality of sensitive data s...

A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript code.

A vulnerability exists in the Starlette ASGI framework where the HTTP 'Host' request header is not properly validated prior to its use in reconstructing the 'request.url'. This flaw may allow an attacker to manipulate the reconstructed URL, thereby bypassing security measures implemented on middl...

A vulnerability in Microsoft Office SharePoint permits an authorized attacker to exploit deserialization weaknesses in the software. This allows unauthorized code execution over a network, potentially compromising the integrity and availability of the affected system. Timely patching is essential...

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...

The EventPress WordPress theme prior to version 22.2 is susceptible to a reflected cross-site scripting vulnerability. This security lapse arises from the failure to sanitize or escape the 'id' parameter in the eventpress_customizer_notify_dismiss_action AJAX handler before it is included in the ...

A vulnerability exists in the UTT HiPER 1250GW Web Management Interface, specifically within the function strcpy in the file /goform/formGroupConfig. This flaw can result in a stack-based buffer overflow triggered by unvalidated input in the Profile argument. Attackers can exploit this vulnerabil...

A buffer overflow vulnerability exists in the Web Management Interface of UTT HiPER 1250GW versions up to 3.2.7-210907-180535. This issue arises from improper handling of the strcpy function in the formConfigFastDirectionW module, specifically when manipulating the Profile argument. A remote atta...

A stack-based buffer overflow vulnerability has been detected in the web management interface of the UTT HiPER 1200GW, specifically in the handling of forms within the PPTP client configuration file. This vulnerability can be exploited by manipulating the server address, username, password, or tu...

A vulnerability has been identified in the UTT HiPER 1200GW's Web Management Interface, specifically within the strcpy function in the /goform/setSysAdm component. This flaw allows an attacker to manipulate the sysAdmUser and sysAdmPass parameters, leading to potential buffer overflow attacks. Th...

A vulnerability in QianFox FoxCMS versions up to 1.2.6 affects the Admin.php file's Edit function, leading to weak password recovery mechanisms. This security flaw allows an attacker to manipulate the password recovery process remotely, potentially compromising user accounts. The exploit details ...

A cross-site scripting vulnerability exists in QianFox FoxCMS version 1.2.6, specifically within an unknown function of the /Tag/edit file in the Administrator Backend. This vulnerability allows for remote exploitation through manipulation of specific inputs, potentially leading to unauthorized s...

A vulnerability exists in the itsourcecode Courier Management System 1.0 that allows for SQL injection through an unknown function in the /manage_user.php file. By manipulating the 'ID' argument, an attacker can execute unauthorized SQL queries from a remote location, potentially leading to unaut...

A security flaw exists in the GNU libredwg library, specifically within the Dwgbmp Utility's bit_read_RC function, found in bits.c. This vulnerability can lead to a heap-based buffer overflow, which may allow an attacker to execute a remote exploit. The problem arises in how data is handled, perm...

A vulnerability has been identified in the Olivetin 2025.4.22 Custom Themes, where an OS Command Injection can be exploited through the ParseRequestURI function. This issue potentially allows attackers to execute arbitrary commands on the host system, posing a significant risk to the security and...

A vulnerability in JeecgBoot versions up to 3.9.1 impacts the AiragModelController component, where improper access control allows remote attackers to manipulate the argument list/queryById. This issue has been publicly disclosed, making systems running the affected version susceptible to exploit...

A security flaw has been identified in the SourceCodester eDoc Doctor Appointment System 1.0, specifically located in the /admin/delete-session.php file. This vulnerability arises from improper handling of the ID parameter, which can lead to unauthorized access and manipulation of session data. T...

A security flaw has been identified in the SourceCodester eDoc Doctor Appointment System 1.0, specifically located in the /admin/delete-session.php file. This vulnerability arises from improper handling of the ID parameter, which can lead to unauthorized access and manipulation of session data. T...

A security vulnerability has been identified in the Project Management System version 1.0 from Code-projects. An unknown function within the chk.php file associated with the Login component is susceptible to SQL injection. This flaw allows remote attackers to manipulate database queries, leading ...

A vulnerability has been discovered in the SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0. This issue affects the SQL Handler component located in the /index.php file, which may allow attackers to exploit an unknown function. By executing a specific manipulat...

A vulnerability has been discovered in the SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0. This issue affects the SQL Handler component located in the /index.php file, which may allow attackers to exploit an unknown function. By executing a specific manipulat...

A security vulnerability has been identified in the SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0. This issue may allow an attacker to exploit an unknown function, leading to cross-site request forgery (CSRF). As the exploit can be executed remotely, it pose...

A security vulnerability has been identified in the SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0. This issue may allow an attacker to exploit an unknown function, leading to cross-site request forgery (CSRF). As the exploit can be executed remotely, it pose...

A vulnerability exists within JeecgBoot up to version 3.9.1, specifically in the file /sys/comment/add. This weakness results in improper access controls, allowing remote attackers to exploit it. The exploit is publicly accessible, emphasizing the necessity for timely upgrades to at least version...

A vulnerability has been identified in JeecgBoot versions up to 3.9.1, specifically within the LoginController.selectDepart function. This flaw allows for improper access controls, potentially enabling remote exploitation. The issue has been publicly disclosed, underscoring the urgency for affect...

A security vulnerability has been identified in JeecgBoot versions up to 3.9.1, specifically within the user management function located in the SysUser component. The flaw resides in the user.getUsername method, where the argument userIdentity can be manipulated, leading to improper access contro...

A significant SQL injection vulnerability exists in the itsourcecode Student Transcript Processing System version 1.0, specifically affecting the processing of requests at /admin/modules/class/index.php?view=view. This flaw allows an attacker to manipulate the 'ID' argument, potentially enabling ...

A vulnerability exists within the itsourcecode Student Transcript Processing System version 1.0, specifically in the `/admin/modules/student/trans.php` file. This issue arises from improper validation of input parameters, particularly the `studentId/cid` arguments, which allows attackers to execu...

A significant SQL injection vulnerability has been discovered in the itsourcecode Student Transcript Processing System version 1.0. Located specifically in the /admin/modules/student/index.php?view=view file, the vulnerability allows remote attackers to manipulate the studentId argument, leading ...

A memory leak has been identified in GPAC MP4Box versions up to 2.4.0, specifically in the Media_GetSample function located in the file src/isomedia/media.c. This vulnerability can be exploited locally by manipulating the argument cat, leading to potential Denial of Service conditions. The exploi...

A security flaw within the GPAC MP4Box component, specifically in the MergeFragment function of isom_intern.c, allows for a null pointer dereference. This vulnerability primarily affects versions up to 2.4.0 and requires local access to successfully exploit. An exploit for this flaw has been publ...

A security flaw was discovered in Teable by Teableio, specifically in the Sign-up component found in the LoginPage.tsx file. This vulnerability allows an attacker to manipulate the redirect parameter, resulting in a Cross Site Scripting (XSS) exploit that can be executed remotely. The attack leve...

A security flaw has been identified in haojing8312 WorkClaw, specifically affecting versions up to 0.6.4. The vulnerability resides in the Blacklist Handler within the function is_dangerous, located in the file apps/runtime/src-tauri/src/agent/tools/bash.rs. This weakness allows attackers to exec...

A vulnerability exists in the Linux kernel that concerns the handling of shared skb fragments during the decryption process in ESP-in-UDP packets. When pages are attached from a pipe directly to an skb using MSG_SPLICE_PAGES, the kernel marked these SKBs with SKBFL_SHARED_FRAG, which plays a cruc...

A vulnerability in the Hospitals Patient Records Management System 1.0 developed by SourceCodester allows for cross site scripting through improper handling of user input in the 'Remarks' parameter of the /admin/?page=patients/view_patient function. An attacker could exploit this vulnerability re...

The Open WebUI platform, designed for offline AI operations, has a vulnerability in its validate_url() function which allows an authenticated user to exploit HTTP 3xx redirects. The vulnerability permits a user to submit a URL that redirects to an internal IP address, potentially gaining access t...

A hard-coded machineKey value in Digital Knowledge's KnowledgeDeliver software, prior to February 24, 2026, enables attackers to bypass ViewState validation. This vulnerability can be exploited through malicious ViewState deserialization attacks, allowing unauthorized remote code execution. Prope...

A vulnerability exists in the dashboard component of the sambitraj STUDENT-MANAGEMENT-SYSTEM, where improper access controls can be exploited remotely. This flaw allows unauthorized users to manipulate system functions, posing a significant security risk. The product is maintained on a rolling re...

The luci-app-https-dns-proxy, an optional add-on for OpenWrt, is susceptible to a command injection flaw within its setInitAction function. This vulnerability allows an authenticated user with specific permissions to inject shell metacharacters via the 'name' parameter during an ubus RPC call, po...

OpenKM 6.3.12 features a local file inclusion flaw within its administrative scripting interface located at /admin/Scripting. Authenticated administrators can be targeted by malicious actors who manipulate the fsPath parameter with action=Load, enabling them to access unauthorized files. This vul...

A security vulnerability exists within the Das Parking Management System 6.2.0, specifically affecting the Search API Endpoint. This flaw allows for SQL injection through manipulations of the parameter Value, enabling remote attackers to potentially execute harmful SQL commands. Public exploit te...

A security vulnerability has been discovered in version 6.2.0 of Das Parking Management System, specifically within the API Endpoint and its xp_cmdshell function located in the ExportParkingRecords file. This vulnerability allows for SQL injection through manipulation of the 'Value' argument, ena...

A security vulnerability has been identified within the Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Specifically, this flaw lies in an undisclosed functionality related to a file path manipulation in the application. By exploiting this path traversal iss...

A vulnerability has been discovered in the Sixun Shanghui Group Business Management System 10 by Shenzhen Sixun Software. This vulnerability lies within an undocumented function of the /api/Dinner/PayConfig endpoint, where improper input validation allows attackers to manipulate the 'tableno' par...

A vulnerability exists in the Totolink N300RH Web Management Interface related to the function setPasswordCfg within the cgi-bin/cstecgi.cgi file. This vulnerability allows for remote execution of OS commands due to improper handling of the admpass argument. Attackers can exploit this flaw to exe...

A vulnerability has been detected in the CodeAstro Leave Management System 1.0, specifically within the /admin/add_staff.php file. An attacker can exploit this issue by manipulating the email_id parameter, leading to the possibility of SQL injection. This weakness allows for remote execution of m...

A vulnerability has been identified in the Squirrel application up to version 3.2, specifically within the ReadObject function located in squirrel/sqobject.cpp of the Cnut File Handler. This flaw permits a local attacker to exploit a heap-based buffer overflow through manipulated input, leading t...

Grafana, an open-source monitoring and observability platform, is susceptible to a directory traversal vulnerability in versions ranging from 8.0.0-beta1 to 8.3.0. This vulnerability enables unauthorized access to local files via specially crafted URL paths which include the identifier for any in...

A vulnerability exists in vllm 0.19.0 related to the OpenAI-compatible Serving Path, allowing attackers to exploit this issue remotely, leading to denial of service. The potential for manipulation makes it critical for users to address this vulnerability urgently. A pull request is available for ...