Publicly Disclosed
PoC Exploits

An improper authentication vulnerability in Windows NTLM enables an unauthorized attacker to exploit the authentication process, potentially leading to privilege escalation over a network. This flaw may allow the attacker to gain higher-level access, compromising system integrity and confidential...

Multiple directory traversal vulnerabilities exist in FCKeditor prior to version 2.6.4.1, allowing remote attackers to exploit these weaknesses to create executable files in arbitrary directories. This is accomplished through specially crafted input targeting unspecified connector modules. The vu...

An SQL injection vulnerability exists in the affected product, allowing an unauthenticated remote attacker to execute arbitrary SQL statements. If exploited, this security weakness could enable unauthorized interactions with the database, potentially compromising sensitive data. Organizations usi...

A security vulnerability exists in Apache HTTP Server versions 2.4.65 and earlier, allowing an attacker to exploit the Server Side Includes (SSI) functionality with the mod_cgid module. This issue arises when the server mishandles the shell-escaped query strings passed to commands executed by the...

The Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server signifies a flaw that can lead to potential memory management issues. Affected versions ranging from 2.4.17 to 2.4.63 may not properly release memory after its intended use, possibly allowing for resource exha...

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default config...

An elevation of privilege vulnerability exists in the Windows Kernel due to the use of uninitialized resources. An attacker who successfully exploits this vulnerability can gain elevated privileges, allowing them to execute arbitrary code with elevated rights on a local system. This could lead to...

The Quiz Maker plugin for WordPress prior to version 6.7.0.89 contains a vulnerability that fails to adequately sanitize and escape certain settings. This flaw could allow high-privilege users, such as administrators, to execute stored cross-site scripting (XSS) attacks. Even in configurations wh...

A significant vulnerability exists in CrushFTP versions prior to 10.8.4 and 11.3.1, enabling attackers to exploit an authentication bypass flaw. This vulnerability allows unauthorized users to gain access to the crushadmin account through a race condition in the AWS4-HMAC authorization method, pa...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in OpenColorIO versions up to 2.5.0, specifically in the ConvertToRegularExpression function located in src/OpenColorIO/FileRules.cpp. This weakness can lead to an out-of-bounds read, which poses a risk when the product is manipulated locally. The exploit has been disclosed...

A cross site scripting vulnerability exists in the web administration interface of the Luxul XWR-600 routers. This vulnerability arises from improper handling of the Guest Network/Wireless Profile SSID parameter, allowing an attacker to inject malicious scripts. The exploit can be executed remote...

Zoho ManageEngine Desktop Central prior to version 10.1.2137.8 contains a vulnerability that allows attackers to expose the internal hostname of the installed server. This information can be obtained through HTTP redirect responses, potentially leading to further exploits. Organizations using aff...

A code injection vulnerability exists in the Rockoa software version 2.3.2. This issue is located in the webmainConfig.php file within the Configuration File Handler component. Due to insufficient input validation, an attacker can manipulate the configuration file remotely, leading to potential e...

A vulnerability exists in the LIEF ELF Binary Parser prior to version 0.17.2, specifically within the Parser::parse_binary function. This flaw allows for a null pointer dereference, which can potentially be exploited by attackers with local access to launch attacks. It is crucial to update to ver...

A security flaw has been identified in Sangfor's Operation and Maintenance Management System prior to version 3.0.8. This vulnerability involves an undefined function within the file /fort/trust/version/common/common.jsp, which permits unrestricted file uploads when the argument 'File' is manipul...

A significant OS command injection vulnerability has been identified in Sangfor's Operation and Maintenance Management System prior to version 3.0.8. Specifically, the flaw resides in the SessionController function located within the /isomp-protocol/protocol/session file. Attackers can exploit th...

The XWiki Platform is vulnerable due to improper handling of inputs, allowing unauthenticated users to execute arbitrary code via the `SolrSearch` endpoint. This can result in significant breaches of confidentiality, integrity, and availability of the XWiki installation. Users are encouraged to u...

PyroCMS version 3.9 has a vulnerability that allows for remote code execution through a server-side template injection flaw. Exploiting this vulnerability enables attackers to send crafted commands directly to the server, which can lead to executing arbitrary code in the affected system. It prese...

The Web Console component in Ruby on Rails before version 2.1.3 fails to properly handle X-Forwarded-For headers, which leads to a situation where remote attackers can exploit this flaw to bypass the IP whitelisting security measures. By crafting specific requests, they can manipulate the client'...

A heap buffer overflow vulnerability exists in the Vulkan component of Google Chrome prior to version 107.0.5304.62. This flaw allows an attacker to potentially exploit heap corruption by using a specially crafted HTML page. Successful exploitation may allow an attacker to execute arbitrary code ...

A serious security flaw exists in the Sangfor Operation and Maintenance Management System, specifically in the WriterHandle.getCmd function located at /isomp-protocol/protocol/getCmd. Malicious manipulation of the sessionPath argument can lead to OS command injection, which enables attackers to e...

The n8n workflow automation platform, versions 0.123.1 through 1.119.1, contains a vulnerability that allows an attacker to execute arbitrary code on the host system by exploiting inadequate protections in the pre-commit hooks. When using the 'Add Config' operation, workflows can set malicious Gi...

A security issue has been identified in the Sangfor Operation and Maintenance Management System, specifically affecting versions up to 3.0.8. The vulnerability arises from improper handling of input parameters in the /isomp-protocol/protocol/getHis endpoint within the HTTP POST Request Handler. T...

A security vulnerability exists in the Sangfor Operation and Maintenance Management System, specifically in the function 'uploadCN' of the file VersionController.java. This flaw allows for remote attackers to manipulate the 'filename' argument, potentially leading to OS command injection. The vul...

The Sourcecodester Covid-19 Contact Tracing System version 1.0 is susceptible to a critical remote code execution vulnerability. This flaw allows attackers to gain unauthorized access by sending a reverse shell (PHP) into the user's image upload feature, potentially compromising sensitive user da...

ComfyUI-Manager versions prior to 3.38 have a vulnerability that allows remote attackers to manipulate application configurations and sensitive data. This issue arises from the application storing files in a web-accessible location, which can be exploited to gain unauthorized access and modify cr...

A security flaw exists in guchengwuyue's yshopmall application that allows for SQL injection via a manipulation of the 'sort' argument in the 'getPage' function located in /api/jobs. This vulnerability can be exploited remotely and was reported to the project maintainers, but no response or fix h...

A vulnerability exists within BiggiDroid Simple PHP CMS 1.0 that allows remote attackers to manipulate the image argument in the /admin/editsite.php file, resulting in unrestricted file uploads. This flaw can enable unauthorized users to upload arbitrary files, potentially leading to remote code ...

The AccessAlly WordPress plugin, prior to version 3.3.2, contains a vulnerability where the Login Widget processes the 'login_error' parameter as PHP code without authentication. This flaw allows an attacker to inject and execute arbitrary PHP commands on the WordPress server, potentially leading...

A SQL injection vulnerability has been identified in RainyGao's DocSys software up to version 2.02.37. This flaw resides in the UserMapper.xml file, where an attacker could exploit the Username argument to execute arbitrary SQL queries. The vulnerability allows for remote exploitation, potentiall...

A SQL injection vulnerability exists in RainyGao DocSys versions up to 2.02.36, specifically in the 'searchWord' argument of the ReposAuthMapper.xml file. This flaw allows attackers to execute unauthorized SQL queries remotely, potentially compromising the database. The vendor was informed of thi...

A vulnerability exists in RainyGao DocSys, where an unknown function in GroupMemberMapper.xml is susceptible to SQL injection via the searchWord argument. This flaw allows adversaries to execute unauthorized SQL queries remotely against the affected application. The exploit has been disclosed in ...

The vulnerability arises from mismatched length fields in Zlib compressed protocol headers within MongoDB Server, potentially allowing an unauthenticated client to access uninitialized heap memory. This could lead to unauthorized information exposure, affecting versions of MongoDB Server across m...

The GNU C Library contains a vulnerability related to the untrusted LD_LIBRARY_PATH environment variable, which can be exploited by attackers. This issue affects setuid binaries that utilize dynamic link library loading features through the dlopen function, particularly in scenarios involving int...

The jsPDF library, used for generating PDFs in JavaScript, is susceptible to local file inclusion and path traversal before version 4.0.0. This vulnerability allows users to provide unsanitized file paths to the loadFile method, exposing content from arbitrary files in the local file system where...

The NEX-Forms WordPress plugin prior to version 9.1.8 has a security flaw that allows attackers to exploit unsanitized and unescaped settings. This vulnerability can be leveraged by low-privileged users, like subscribers, to inject malicious scripts into web pages. Such attacks can result in the ...

Grafana, an open-source monitoring and observability platform, is susceptible to a directory traversal vulnerability in versions ranging from 8.0.0-beta1 to 8.3.0. This vulnerability enables unauthorized access to local files via specially crafted URL paths which include the identifier for any in...

The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The Hustle - Email Marketing, Lead Generation, Optins, Popups plugin for WordPress contains a vulnerability that results in Sensitive Information Exposure across all versions up to and including 7.8.3. This weakness arises from hardcoded API keys, which can be exploited by unauthenticated attacke...

The Elliptic package experiences a significant cryptographic vulnerability where the ECDSA implementation generates incorrect signatures. This flaw arises due to an improper computation of the interim value 'k', leading to potential truncation when it has leading zeros. As a result, an attacker c...

Webmin 1.900 possesses a vulnerability that allows remote attackers to execute arbitrary code. This exploitation can be carried out by utilizing the 'Java file manager' and 'Upload and Download' privileges. Attackers can upload a specially crafted .cgi file through the /updown/upload.cgi URI, lea...

A physical access vulnerability exists in the D-Link DIR-605L Router that can be exploited by an attacker with direct access to the UART pins. This flaw permits the execution of arbitrary commands due to unregulated root terminal access on a serial interface. Without proper access controls, this ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability exists in the Linux kernel related to improper initialization of the 'flags' member of the new pipe buffer structure. This absence of proper initialization in the copy_page_to_iter_pipe and push_pipe functions can result in the presence of stale values. As a consequence, an unpriv...

The V-SOL GPON/EPON OLT Platform v2.03 is susceptible to multiple reflected cross-site scripting vulnerabilities. These arise from inadequate input sanitization in various script parameters. Malicious actors can exploit these security flaws by injecting harmful HTML and script code, enabling the ...

Yahei-PHP Prober version 0.4.7 has a vulnerability that permits remote HTML injection via the 'speed' GET parameter in prober.php. This flaw enables attackers to execute arbitrary HTML code, potentially leading to cross-site scripting (XSS) attacks affecting user sessions in their browsers. By ma...

The FaceSentry Access Control System version 6.4.8 contains a cross-site scripting vulnerability that affects the 'msg' parameter of the pluginInstall.php file. This vulnerability allows attackers to inject malicious scripts through unvalidated input. Once exploited, the injected JavaScript can e...

The SOCA Access Control System 180612 is vulnerable to a cross-site scripting (XSS) attack via the 'senddata' parameter in logged_page.php. This vulnerability enables attackers to execute arbitrary HTML and JavaScript code within the browser session of a victim when crafted POST requests are sent...