Publicly Disclosed
PoC Exploits

Prior to version 13.0.1, Newtonsoft.Json is susceptible to a vulnerability related to improper handling of exceptional conditions. An unauthenticated remote attacker can exploit the JsonConvert.DeserializeObject method by passing carefully crafted data, potentially leading to a StackOverflow exce...

Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in a...

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could enable a remote, unauthenticated attacker to read arbitrary files on the affected system. This issue arises from inadequate handling of XML External Entities (XXE) during XML file parsing. An attacker can exploit this flaw by se...

The HTTP/2 protocol is susceptible to a denial of service vulnerability that can be exploited via rapid stream resets. This allows attackers to overwhelm servers by rapidly canceling requests, leading to significant resource consumption and potential service disruption. Exploitation of this vulne...

Podcast Generator version 3.1 contains a vulnerability that allows authenticated users to inject malicious JavaScript code via the long_description parameter. By exploiting this flaw, attackers can formulate episode creation or editing requests that execute arbitrary scripts when other users acce...

PHP Timeclock version 1.04 has multiple vulnerabilities that enable unauthenticated individuals to exploit cross-site scripting (XSS) weaknesses. Attackers can manipulate URL paths and POST parameters to inject arbitrary JavaScript into various endpoints, such as login.php, timeclock.php, audit.p...

PHP Timeclock 1.04 is vulnerable to time-based and boolean-based blind SQL injection due to insufficient input validation in the login_userid parameter of login.php. This allows unauthenticated attackers to execute crafted SQL queries, enabling them to retrieve sensitive information from the data...

The WP Super Edit plugin versions 2.5.4 and earlier for WordPress is susceptible to an unrestricted file upload vulnerability in the FCKeditor component. This security flaw allows unauthorized users to upload potentially malicious files to the server via the filemanager upload endpoint. The lack ...

Schlix CMS version 2.2.6-6 is susceptible to a remote code execution flaw that can be exploited by authenticated attackers. By uploading specially crafted ZIP files containing malicious PHP code via the block manager, attackers can execute arbitrary code. This is triggered when the malicious code...

Anote 1.0 suffers from a persistent cross-site scripting vulnerability that enables attackers to inject malicious JavaScript payloads into markdown files stored within the application. When these files are accessed, the malicious code can execute arbitrary commands on the victim’s system, leading...

Savsoft Quiz 5.0 is vulnerable to a persistent cross-site scripting flaw in the user account settings page. This security issue allows authenticated attackers to inject harmful HTML and JavaScript code into user profile fields via the edit_user endpoint. As a result, malicious script payloads can...

The WPGraphQL Plugin, specifically version 1.3.5, is susceptible to a denial of service vulnerability. This flaw enables unauthenticated attackers to deplete server resources using maliciously crafted batched GraphQL queries with duplicate fields. By sending POST requests that exploit field dupli...

CouchCMS 2.2.1 contains a vulnerability that enables authenticated attackers to exploit server-side request forgery through the malicious upload of SVG files. By leveraging the browse.php endpoint, attackers can upload SVG files that include external entity references, allowing unauthorized HTTP ...

The Burst Statistics plugin for WordPress contains a security flaw that allows unauthenticated attackers to exploit incorrect handling of return values in the authentication process. This leads to a vulnerability in the `is_mainwp_authenticated()` function, enabling attackers who know an administ...

The User Language Switch plugin for WordPress allows authenticated users with Administrator-level access or higher to exploit a vulnerability in the 'download_language()' function. Due to insufficient URL validation, attackers can perform Server-Side Request Forgery, enabling them to initiate web...

The Next.js framework, utilized for building web applications, is exposed to a server-side request forgery vulnerability when using versions from 13.4.13 up to but not including 15.5.16 and 16.2.5. This flaw arises when self-hosted applications that employ the built-in Node.js server allow attack...

Prometheus, a widely used open-source monitoring system and time series database, had a vulnerability in its remote read endpoint (/api/v1/read) prior to versions 3.5.3 and 3.11.3. This issue stemmed from a lack of validation for the declared decoded length in snappy-compressed request bodies. As...

PraisonAI, a multi-agent teams system, includes a legacy Flask API server with authentication disabled by default in versions 2.5.6 through 4.6.34. This vulnerability allows unauthorized users who can access the server to view and trigger workflows via the /agents endpoint and the /chat interface...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17134, CVE-2020-17136.

Rapid7 Nexpose versions 6.4.50 and later are affected by an insufficient entropy vulnerability in the CredentialsKeyStorePassword.generateRandomPassword() method. When legacy keystore passwords are updated, the application generates a new password that is inadequately protected, with a length of ...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The User Registration & Membership plugin for WordPress is susceptible to a Missing Authorization vulnerability. This flaw arises from the is_admin_creation_process() method, which solely depends on the action=createuser parameter present in the $_REQUEST superglobal. It lacks any authentication ...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

The Burst Statistics plugin for WordPress contains a security flaw that allows unauthenticated attackers to exploit incorrect handling of return values in the authentication process. This leads to a vulnerability in the `is_mainwp_authenticated()` function, enabling attackers who know an administ...

A significant vulnerability exists in ExifTool versions 7.44 and later, where the improper handling of user data within the DjVu file format enables arbitrary code execution. This can occur when malicious images crafted to exploit this flaw are parsed, potentially allowing attackers to execute ha...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

Wing FTP Server version 8.1.2 is impacted by a remote code execution vulnerability resulting from unsafe session serialization. Authenticated administrators can exploit this flaw by injecting arbitrary Lua code through the domain admin mydirectory field. The vulnerability arises because the sessi...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

Podinfo versions up to 6.11.2 are vulnerable to a reflected cross-site scripting (XSS) flaw in the /echo and /api/echo endpoints. The vulnerability arises from the echoHandler writing request body content directly to the response without the appropriate Content-Type or X-Content-Type-Options head...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability in the Windows Kernel allows an authorized attacker to exploit an untrusted pointer dereference, potentially enabling them to gain higher privileges on the affected system. This could lead to unauthorized access to sensitive data and administrative functionalities. It's critical f...

A vulnerability exists in the Linux kernel that concerns the handling of shared skb fragments during the decryption process in ESP-in-UDP packets. When pages are attached from a pipe directly to an skb using MSG_SPLICE_PAGES, the kernel marked these SKBs with SKBFL_SHARED_FRAG, which plays a cruc...

The pgcrypto module in PostgreSQL contains a heap buffer overflow vulnerability that can be exploited by a ciphertext provider. This vulnerability allows an attacker to execute arbitrary code within the context of the operating system user that is running the database. Importantly, this affects v...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A significant logic error in the adbd_tls_verify_cert function of auth.cpp in various Android versions permits a bypass of the wireless ADB mutual authentication process. This flaw can lead to unauthorized remote code execution by exploiting the vulnerability as the shell user without requiring a...

A vulnerability has been identified in JeecgBoot 3.9.1 involving an unknown function in the LoginController, specifically related to the mLogin Endpoint. This flaw enables an attacker to bypass authorization mechanisms, allowing for unauthorized access. The vulnerability can be exploited remotely...

The Next.js framework, utilized for building web applications, is exposed to a server-side request forgery vulnerability when using versions from 13.4.13 up to but not including 15.5.16 and 16.2.5. This flaw arises when self-hosted applications that employ the built-in Node.js server allow attack...

Joomla J2 JOBS version 1.3.0 is susceptible to an authenticated SQL injection vulnerability that enables authenticated users to alter database queries. This can be achieved through the manipulation of the 'sortby' parameter in POST requests directed at the administrator index. By injecting malici...

Powie's WHOIS Domain Check version 0.9.31 suffers from a persistent cross-site scripting vulnerability, allowing authenticated attackers to inject arbitrary JavaScript into the plugin's settings. By exploiting unsanitized input fields on the pwhois_settings.php configuration page, attackers can s...

The Joomla J2 JOBS 1.3.0 has a vulnerability that permits authenticated attackers to perform SQL injection through the 'sortby' parameter. By sending crafted POST requests with manipulated 'sortby' values to the administrator index, these attackers can execute unauthorized SQL commands, potential...

The IObit Uninstaller 9.5.0.15 contains a vulnerability due to its unquoted service path in the IObitUnSvr service. This flaw allows local attackers to exploit the system by placing a malicious executable named 'IObit.exe' in the default installation directory. By restarting the service, attacker...

Kuicms Php EE 2.0 features a vulnerability that allows attackers to exploit a persistent cross-site scripting flaw. This vulnerability enables unauthenticated users to inject malicious scripts into the system by crafting specific content submitted through the bbs reply endpoint. When a POST reque...

The Huawei HG630 V2 router is susceptible to an authentication bypass flaw that permits unauthenticated attackers to gain administrative control without proper credentials. This is achieved by accessing the device's /api/system/deviceinfo endpoint, which reveals the device's serial number. Malici...

Atomic Alarm Clock 6.3 has a stack overflow vulnerability that could be exploited by local attackers. By supplying a specially crafted string in the Time Zones Clock configuration's display name textbox, attackers can manipulate the buffer and trigger a structured exception handling overwrite. Th...

The directory traversal vulnerability in Joomla com_fabrik 3.9.11 enables unauthenticated attackers to perform file enumeration. By exploiting the 'onAjax_files' method and manipulating the folder parameter in GET requests, attackers can gain access to system files located outside the designated ...

Easy2Pilot 7 is susceptible to a cross-site request forgery vulnerability that enables attackers to trick authenticated administrators into inadvertently creating new user accounts. By crafting malicious pages with tailored HTML forms that submit POST requests to the admin.php?action=add_user end...

The com_hdwplayer 4.2 component for Joomla is susceptible to an SQL injection flaw located in the search.php file. This vulnerability permits unauthenticated attackers to carry out arbitrary SQL queries through the hdwplayersearch parameter by crafting malicious POST requests. Exploitation of thi...