Publicly Disclosed
PoC Exploits

The EventPrime plugin for WordPress is susceptible to a vulnerability that allows unauthorized image file uploads. This security flaw exists in versions up to and including 4.2.8.4, due to improper registration of the upload_file_media AJAX action. It is publicly accessible without necessary auth...

A vulnerability exists in the LLM Prompt Handler of PromtEngineer localGPT, specifically within the _route_using_overviews function in backend/server.py. This flaw allows for the execution of injection attacks exploiting unsanitized user inputs. Attackers can execute these exploits remotely, posi...

A vulnerability has been identified in PromtEngineer LocalGPT that allows unauthorized remote file uploads via the 'do_POST' function in the 'backend/server.py' file. This flaw enables attackers to manipulate the system and potentially execute arbitrary code, compromising the integrity of the app...

A security flaw has been identified in the z-9527 Admin product affecting its uploadFile function located in /server/utils/upload.js. This vulnerability allows attackers to manipulate the fileType argument, resulting in unauthorized access to restricted directories on the server. Given that this ...

A code injection vulnerability exists in Sinaptik AI's PandasAI, specifically within the CodeExecutor.execute function, found in pandasai/core/code_execution/code_executor.py. This security flaw stems from improper handling of chat messages, allowing an attacker to manipulate inputs and execute a...

A security flaw in Sinaptik AI's PandasAI, specifically within the is_sql_query_safe function of sql_sanitizer.py, allows for path traversal attacks. This vulnerability enables attackers to exploit manipulation capabilities remotely, posing a serious risk to data integrity. Despite early notifica...

Flat Assembler 1.71.21 is susceptible to a stack-based buffer overflow that can be exploited by local attackers. By providing oversized input, exceeding 5895 bytes, attackers can overwrite the instruction pointer, leading to unauthorized code execution via return-oriented programming (ROP) chains...

SIPP 3.3 is susceptible to a stack-based buffer overflow vulnerability that enables local unauthenticated attackers to execute arbitrary code. By providing specially crafted input in the configuration file, attackers can manipulate oversized values, resulting in an overflow of the stack buffer. T...

PMS version 0.42 has a stack-based buffer overflow vulnerability that can be exploited by local unauthenticated attackers. By providing malicious values in the configuration file, an attacker can overflow the stack buffer, leading to arbitrary code execution. This is achieved by crafting oversize...

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that enables remote attackers to execute arbitrary code by supplying specially crafted input to the application. This exploitation allows attackers to create payloads utilizing Return-Oriented Programming (ROP) chains, potentially...

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that enables remote attackers to execute arbitrary code by supplying specially crafted input to the application. This exploitation allows attackers to create payloads utilizing Return-Oriented Programming (ROP) chains, potentially...

The SC v7.16 software is vulnerable to a stack-based buffer overflow that can be exploited by local attackers. By sending specially crafted input exceeding 1052 bytes, attackers can overwrite the instruction pointer, allowing them to execute arbitrary code within the application’s context. This v...

Bochs versions 2.6 through 5 exhibit a stack-based buffer overflow vulnerability, enabling attackers to exploit the application by supplying an excessively large input string. By carefully crafting a payload that includes 1200 bytes of padding followed by a return-oriented programming chain, an a...

EChat Server 3.1 presents a vulnerability in the chat.ghp endpoint due to potential buffer overflow. This flaw allows remote attackers to exploit the application by sending a specially crafted GET request with an oversized username parameter. The malicious input can trigger code execution within ...

The MAWK tool, up to version 1.3.3-17, is susceptible to a stack-based buffer overflow which enables attackers to execute arbitrary code. This vulnerability arises from insufficient boundary checks on user-supplied input, allowing malicious actors to craft specific inputs that overflow the stack ...

JAD Java Decompiler versions up to 1.5.8e-1kali1 are susceptible to a stack-based buffer overflow vulnerability. This allows attackers to execute arbitrary code by providing maliciously crafted input that exceeds the buffer length. By exploiting this weakness, attackers can manipulate the program...

The Mapscrn 2.0.3 version is vulnerable to a stack-based buffer overflow, enabling local attackers to manipulate the stack and execute arbitrary code. By providing an oversized input buffer, attackers can introduce malicious data including junk values, an incorrect return address, NOP sleds, and ...

TiEmu versions 2.08 and earlier are vulnerable to a stack-based buffer overflow, which can be exploited by attackers to execute arbitrary code. This vulnerability arises from insufficient boundary checks on user-supplied input. Attackers can exploit this flaw by manipulating command-line argument...

JAD versions 1.5.8e-1kali1 and earlier are exposed to a stack-based buffer overflow vulnerability, allowing attackers to exploit oversized input strings. By sending input that exceeds 8150 bytes, attackers can manipulate the stack, overwrite return addresses, and execute arbitrary shellcode withi...

A critical security vulnerability exists in iSelect 1.4.0-2+b1 that allows local attackers to exploit a local buffer overflow. By providing an oversized value to the -k/--key parameter, attackers can manipulate the function to overflow a 1024-byte stack buffer. This exploitation could lead to the...

EKG Gadu 1.9~pre+r2855-3+b1 exhibits a local buffer overflow vulnerability during the handling of usernames, allowing local attackers to execute arbitrary code. By supplying an oversized username string, attackers can exploit the vulnerability in the strlcpy function, potentially overwriting the ...

The zFTP Client version 20061220+dfsg3-4.1 is susceptible to a buffer overflow vulnerability in the processing of the NAME parameter during FTP connections. This flaw allows local attackers to provide a maliciously oversized NAME value that exceeds the allocated 80-byte buffer, potentially overwr...

HNB Organizer version 1.9.18-10 exhibits a local buffer overflow vulnerability that enables local attackers to execute arbitrary code. By supplying an oversized argument to the -rc command-line parameter, attackers can craft a malicious input string, exceeding 108 bytes, containing shellcode and ...

PInfo version 0.6.9-5.1 is susceptible to a local buffer overflow vulnerability that can be exploited by local attackers. By providing an oversized argument to the -m parameter, attackers can manipulate the program's execution flow. This is achieved by crafting a malicious input string that conta...

NRSS RSS Reader version 0.3.9-1 is susceptible to a stack buffer overflow vulnerability. This flaw allows local attackers to execute arbitrary code by providing an oversized argument to the -F parameter. By crafting malicious input that consists of 256 bytes of padding followed by a controlled EI...

The TRN version 3.6-23 is susceptible to a stack buffer overflow vulnerability. A local attacker can exploit this flaw by providing an oversized command-line argument to the application. Specifically, by crafting a malicious argument that includes 156 bytes of padding followed by a strategically ...

The Yasr application version 0.6.9-5 is prone to a buffer overflow vulnerability. This flaw enables local attackers to potentially crash the application or execute arbitrary code by delivering an oversized argument to the '-p' command-line parameter. By launching Yasr with a meticulously crafted ...

TiEmu 3.03-nogdb+dfsg-3 is affected by a buffer overflow vulnerability in the handling of ROM parameters through the command-line interface. Attackers can exploit this flaw by inputting an oversized ROM parameter, which results in a stack buffer overflow. This exploitation has the potential to cr...

The Multi Emulator Super System (MAME) versions 0.154-3.1 has a vulnerability due to improper handling of the gamma parameter, leading to a buffer overflow. This flaw enables local attackers to crash the application or potentially execute arbitrary code. By supplying an excessively large gamma pa...

The yTree application version 1.94-1.1 suffers from a stack-based buffer overflow vulnerability. This flaw allows local attackers to execute arbitrary code by providing an excessively long command-line argument. Such an argument can be crafted to include shellcode and manipulate the stack's retur...

The xwpe product version 1.5.30a-2.1 and earlier is susceptible to a stack-based buffer overflow vulnerability. This flaw enables local attackers to exploit the system by inputting excessively long command-line arguments, which can lead to arbitrary code execution. By manipulating input strings w...

A vulnerability exists in Sinaptik AI's PandasAI product up to version 0.1.4, specifically within the pandasai-lancedb extension. The issue arises in several functions including delete_question_and_answers and get_relevant_docs_by_id, which are susceptible to SQL injection attacks. This type of v...

A cross-site scripting vulnerability exists in wandb OpenUI versions up to 1.0. This flaw is linked to the handling of window message events within the frontend/public/annotator/index.html file. Exploiting this vulnerability allows attackers to inject malicious scripts remotely, potentially compr...

A vulnerability exists in the wandb OpenUI prior to version 1.0/3.5-turb, specifically within the generic_exception_handler function in backend/openui/server.py. This vulnerability permits an attacker to manipulate function arguments, leading to exposure of sensitive information within error mess...

A significant security flaw has been identified in Weights and Biases OpenUI affecting versions up to 1.0, specifically within the file backend/openui/config.py. This vulnerability arises from the manipulation of the argument LITELLM_MASTER_KEY, which leads to the exposure of hard-coded credentia...

The Restaurant Cafeteria WordPress theme, up to version 0.4.6, contains a vulnerability that exposes insecure admin-ajax actions. This flaw allows any logged-in user, including those with subscriber roles, to execute privileged operations without proper nonce or capability checks. An attacker cou...

An SQL injection vulnerability exists in Fortinet FortiClientEMS 7.4.4, enabling unauthenticated attackers to execute arbitrary code or commands. This flaw arises from improper neutralization of special elements in SQL commands, which can be exploited via specially crafted HTTP requests. Organiza...

A memory corruption vulnerability has been identified in several Apple operating systems. This issue arises from improper memory handling during the processing of maliciously crafted web content, potentially leading to system instability or unauthorized access. Apple has implemented necessary fix...

InvenTree, an open-source inventory management solution, contains a path traversal vulnerability in its report template engine prior to version 1.2.6. This allows users with staff-level access to leverage crafted template tags to read arbitrary files from the server’s filesystem, specifically aff...

A security flaw has been identified in wandb OpenUI, specifically within the HTMLAnnotator Component's function create_share/get_share located in the file backend/openui/server.py. By manipulating the argument ID, an attacker can conduct an HTML injection attack, allowing for the execution of mal...

Langflow, a tool for constructing and deploying AI-driven agents and workflows, is susceptible to a vulnerability in the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint in versions before 1.9.0. This vulnerability enables an attacker to build public flows without authentication, leveraging ...

The Business Directory Plugin for WordPress is prone to a time-based SQL Injection vulnerability through the 'payment' parameter. This flaw arises from inadequate escaping of user-supplied input and insufficient preparation of the SQL query. It permits attackers without authentication to inject a...

An OS command injection vulnerability is present in various E-Series Linksys routers, specifically through the /tmUnblock.cgi and /hndUnblock.cgi endpoints accessed over HTTP on port 8080. This security flaw arises from the failure to properly sanitize user-supplied input sent to the ttcp_ip para...

ThingsBoard versions prior to 4.2.1 are susceptible to a server-side request forgery (SSRF) vulnerability within the Image Upload Gallery feature. This security issue arises when an attacker uploads a malicious SVG file that contains references to remote URLs. If the server processes these SVG fi...

A vulnerability exists in the management web interface of Palo Alto Networks PAN-OS software that allows an authenticated administrator to bypass crucial system restrictions and execute arbitrary commands. While this issue can lead to unauthorized actions, the security implications are notably re...

A security vulnerability has been identified in the Streamax Crocus product by Shenzhen Ruiming Technology, specifically within the /RemoteFormat.do file of the Endpoint component. This vulnerability arises from improper manipulation of an argument within the function, enabling an attacker to exe...

A security weakness has been identified in the Exam Form Submission software, specifically within the file /admin/update_s7.php. The vulnerability arises due to improper handling of user inputs, allowing an attacker to manipulate the 'sname' argument. This exploitation can lead to cross site scri...

A security flaw has been identified in the Simple Laundry System version 1.0, specifically affecting the modstaffinfo.php file in the Parameter Handler component. This vulnerability allows for SQL injection through improper handling of the userid argument, enabling attackers to manipulate databas...

A server-side request forgery (SSRF) vulnerability has been discovered in Page Replica, specifically within the sitemap.fetch function of the Endpoint component. This flaw can be exploited by manipulating the argument 'url', allowing attackers to send requests from the server to unintended locati...

A stack-based buffer overflow vulnerability exists within the Tenda AC5 router, specifically in the 'decodePwd' function of the '/goform/WizardHandle' component. This security flaw allows attackers to manipulate the 'WANT/WANS' argument via a crafted POST request, potentially enabling remote code...