Publicly Disclosed
PoC Exploits

A vulnerability in the peering authentication of Cisco Catalyst SD-WAN Controller and Manager enables remote attackers to bypass authentication and gain administrative privileges. The flaw arises from an ineffective peering authentication mechanism, allowing crafted requests to compromise the sys...

A security feature bypass vulnerability exists in Microsoft Windows, referred to as 'YellowKey.' This flaw could allow unauthorized access to restricted features, compromising system integrity. A proof of concept has been publicly released, contrary to established security practices. Users are ad...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, which can be exploited by an unauthenticated attacker. When specific rewrite directives utilize overlapping Perl-Compatible Regular Expressions (PCRE) captures, and combine them in a replacement string with...

A security flaw has been identified in the NousResearch Hermes-Agent product, specifically within the _discover_dashboard_plugins function of the CLI web-dashboard interface. The vulnerability stems from an incorrect comparison triggered by manipulating the HERMES_ENABLE_PROJECT_PLUGINS argument....

A vulnerability exists in the NousResearch hermes-agent's environment variable handler located in the execute_code function of tools/code_execution_tool.py. This flaw allows for sandbox escape due to improper handling of environment variables, which can be exploited remotely. An attacker can leve...

A security vulnerability has been identified within the NousResearch hermes-agent that allows for OS command injection through the 'detect_dangerous_command' function located in the 'approval.py' file of the terminal_tool component. This vulnerability permits an attacker to execute arbitrary comm...

A code injection vulnerability was identified in NousResearch hermes-agent version 2026.4.23, where the function _scan_context_content in the file agent/prompt_builder.py is susceptible to manipulation. This could potentially allow an attacker to execute arbitrary commands remotely. The vulnerabi...

A significant vulnerability has been identified in Ettercap, specifically within the GG Dissector component. This issue revolves around a heap-based buffer overflow in the FUNC_DECODER function located in src/dissectors/ec_gg.c. By manipulating the 'gg' argument, an attacker can exploit this vuln...

A vulnerability has been identified in the Projectworlds Online Art Gallery Shop, specifically within the /admin/adminHome.php file. This flaw allows an attacker to manipulate the 'social_linked' argument, leading to unauthorized SQL injection attacks. Due to its nature, the vulnerability can be ...

A command injection vulnerability exists in the Edimax EW-7438RPn device, specifically within the function formEZCHNwlanSetup of the POST Request Handler component. This flaw can be exploited through the manipulation of the argument method, allowing for unauthorized remote command execution. The ...

A command injection vulnerability has been identified in the Edimax EW-7438RPn router, specifically impacting the formConnectionSetting function within the Setting Handler component. By manipulating the parameters 'max_Conn' and 'timeOut' during an exploit, an attacker can execute arbitrary comma...

A command injection vulnerability exists in the Edimax EW-7438RPn router due to an improper handling of user-supplied input in the formAccept function. Specifically, an attacker can manipulate the 'submit-url' parameter within the POST Request Handler, potentially allowing the execution of arbitr...

The Prodigy Commerce plugin for WordPress is susceptible to Local File Inclusion due to inadequate input validation in the 'parameters[template_name]' parameter. This vulnerability allows unauthenticated attackers to read and include arbitrary files on the server. Such access enables the potentia...

A vulnerability exists in Langflow that allows remote attackers to execute arbitrary code without authentication. The flaw is rooted in the improper handling of the exec_globals parameter at the validate endpoint, resulting in the dynamic inclusion of resources from untrusted sources. Attackers c...

A security vulnerability has been identified in the Edimax EW-7438RPn router running firmware version 1.28a. This issue lies within the POST Request Handler, specifically in the formwlencrypt24g function located in the /goform/formwlencrypt24g file. The vulnerability arises from improper handling...

The LiteSpeed User-End cPanel Plugin prior to version 2.4.5 is susceptible to a privilege escalation flaw that may allow attackers to gain unauthorized access, potentially escalating privileges to the root level. This vulnerability has been actively exploited since May 2026. Detection can be perf...

A command injection vulnerability exists in the formHwSet function of the POST Request Handler in Edimax EW-7438RPn Mini Firmware version 1.28a. By manipulating specific parameters such as Anntena, Mcs, and various address entries, an attacker can execute arbitrary commands remotely. This exploit...

A vulnerability exists in PostCSS versions up to 7.1.1 within the function toString located in the component AST Serialization at src/selectors/container.js. This flaw can lead to uncontrolled recursion, potentially allowing an attacker to exploit it remotely. Although the vendor has indicated th...

A vulnerability exists in the SourceCodester Hospitals Patient Records Management System 1.0 that allows for SQL injection through an unvalidated parameter in the manage_history.php file. Attackers can manipulate the 'ID' argument, which may lead to unauthorized access or manipulation of the data...

A vulnerability exists in the SourceCodester Hospitals Patient Records Management System version 1.0, specifically within the function located at /classes/Master.php?f=save_patient_history. This flaw allows attackers to perform SQL injection through manipulation of the ID argument, posing a signi...

A security vulnerability has been identified in NousResearch hermes-agent versions up to 2026.4.16, specifically within an unrecognized function of the Slack and Mattermost Agents. This flaw allows for the manipulation of the 'format_message' argument, leading to improper escaping of output. As a...

A security vulnerability has been identified in the NousResearch hermes-agent affecting the Skills Guard Multi-Word Prompt Handler. The vulnerability stems from improper handling of the THREAT_PATTERNS argument in the agent/skills_guard.py file, which opens the door for potential injection attack...

A vulnerability has been discovered in the NousResearch hermes-agent's Messaging Gateway Handler, specifically within the _make_run_env function located in tools/environments/local.py. This weakness allows for potential information disclosure, which attackers can exploit remotely, exposing sensit...

A security flaw has been identified in NousResearch's hermes-agent, specifically within the read_file Tool's _is_blocked_device function in the file tools/file_tools.py. This vulnerability allows for path traversal, which can be exploited remotely. Details indicate that a proper manipulation of f...

The Piotnet Addons for Elementor Pro plugin for WordPress presents a security risk due to its inadequate file type validation in the 'pafe_ajax_form_builder' function. This issue affects all versions up to and including 7.1.70. Specifically, the plugin employs an incomplete blacklist for file ext...

A security flaw has been discovered in the NousResearch hermes-agent within the Batch Runner component. This vulnerability arises from the check_all_command_guards function located in tools/approval.py, which lacks proper authorization checks. This oversight can allow unauthorized manipulation of...

A serious information disclosure vulnerability exists in CalCom's Generic React API within the function getServerSideProps. Specifically, the issue arises from the manipulation of arguments such as cancelledBy and rescheduledBy in the file apps/web/modules/bookings/views/bookings-single-view.getS...

A security feature bypass vulnerability exists in Microsoft Windows, referred to as 'YellowKey.' This flaw could allow unauthorized access to restricted features, compromising system integrity. A proof of concept has been publicly released, contrary to established security practices. Users are ad...

A stack-based buffer overflow vulnerability exists in the Edimax EW-7438RPn wireless range extender, specifically in the /goform/mp file of its web interface. The flaw arises from improper handling of arguments, which allows an attacker to exploit this vulnerability remotely. This exploitation co...

A vulnerability has been discovered in the Edimax EW-7438RPn router affecting versions up to 1.31. The issue resides in the function formWizSurvey located in the /goform/formWizSurvey file, where improper handling of the arguments ip, mask, and gateway can lead to OS command injection. This flaw ...

A buffer overflow vulnerability exists in the Edimax EW-7438RPn router, specifically within the function formWirelessTbl located in the /goform/formWirelessTbl file. This flaw allows an attacker to manipulate the argument submit-url, potentially leading to arbitrary code execution or a denial of ...

A buffer overflow vulnerability has been identified in the Edimax EW-7438RPn device firmware versions up to 1.31. This flaw resides in the formWizSurvey function of the /goform/formWizSurvey component, where improper handling of user-supplied arguments (such as ssid, manualssid, ip, mask, and gat...

A critical vulnerability exists in the Edimax EW-7438RPn, specifically within the 'formWpsStart' function of the '/goform/formWpsStart' component. This weakness allows for OS command injection through manipulation of the 'pinCode' argument, enabling potential remote attackers to execute arbitrary...

A security flaw exists in the SourceCodester Hospitals Patient Records Management System version 1.0, specifically within the file /admin/patients/view_history.php. The vulnerability arises from improper handling of the argument ID, allowing an attacker to manipulate input and execute unauthorize...

The Avada Builder (fusion-builder) plugin for WordPress is susceptible to a Remote Code Execution vulnerability that allows unauthenticated attackers to exploit the system via PHP Function Injection. This issue arises from a flaw in the handling of attacker-controlled input within the `Fusion_Bui...

Dolibarr ERP CRM 7.0.3 is susceptible to a remote code execution vulnerability that enables unauthenticated attackers to inject and execute arbitrary PHP code via the db_name parameter. By sending a controlled POST request to install/step1.php, attackers can manipulate the application to execute ...

The D-Link DIR601 2.02NA router is exposed to a credential disclosure vulnerability that permits unauthorized attackers to access sensitive configuration details. By manipulating the 'table_name' parameter within POST requests directed at /my_cgi.cgi, ill-intentioned users can extract critical in...

SIPp, a popular open-source tool for testing SIP (Session Initiation Protocol) applications, is susceptible to a local buffer overflow vulnerability in versions 3.6 and earlier. This flaw arises from improper handling of command-line arguments, specifically the -3pcc, -i, or -log_file parameters....

The jomres component for Joomla version 9.11.2 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This security flaw enables attackers to manipulate user account settings by deceiving authenticated users into visiting malicious websites. By skillfully designing HTML forms that t...

Audiograbber 1.83 is susceptible to a local buffer overflow vulnerability that can be exploited by attackers to execute arbitrary code. By submitting specially crafted input in the Interpret or Album fields, an attacker can trigger a buffer overflow, overriding structured exception handling (SEH)...

The Redaxo CMS Mediapool Addon version 5.5.1 and earlier is susceptible to an arbitrary file upload vulnerability. This issue allows authenticated users with editor privileges to bypass file extension restrictions, enabling the upload of potentially malicious executable files utilizing obfuscated...

The Ultimate Form Builder Lite plugin for WordPress versions 1.3.7 and earlier is affected by an SQL injection vulnerability. This flaw enables authenticated attackers to exploit the entry_id POST parameter, facilitating unauthorized manipulation of database queries. By sending crafted POST reque...

The userSpice 4.3.24 version is affected by a username enumeration vulnerability that allows attackers without authentication to identify valid usernames. By interacting with the existingUsernameCheck.php endpoint using POST requests, attackers can gather information by analyzing the responses fo...

The Joomla! EkRishta Component version 2.10 has a significant SQL injection vulnerability that enables attackers to execute arbitrary SQL commands. By injecting malicious code into the username parameter during login attempts, a malicious actor can gain unauthorized access to sensitive database i...

userSpice 4.3.24 is vulnerable to cross-site scripting (XSS), allowing attackers to inject malicious scripts via the X-Forwarded-For HTTP header. By sending specially crafted requests to the backup.php endpoint, these scripts can execute when administrators view the audit log page, potentially le...

The Ek Rishta component for Joomla! version 2.10 is vulnerable to SQL injection, enabling attackers to execute arbitrary SQL code through the 'cid' parameter. This security flaw allows unauthenticated users to manipulate database queries by sending crafted GET requests to the user_detail view, po...

The Contact Form Maker Plugin for WordPress version 1.12.20 suffers from SQL injection vulnerabilities that may allow authenticated attackers to manipulate database queries via the FormMakerSQLMapping and generate_csv_fmc AJAX actions. By crafting specific input through the 'name' and 'search_lab...

The Form Maker Plugin for WordPress versions up to 1.12.24 contains a security flaw that allows authenticated users to perform SQL injection attacks. By exploiting the 'FormMakerSQLMapping' and 'generate_csv' actions, attackers can submit malicious SQL payloads through the 'name' and 'search_labe...

The 10-Strike Network Scanner 3.0 is vulnerable to a local buffer overflow affecting the host name field. Attackers can exploit this weakness by injecting malicious code via the host name or address field, particularly during Trace route or System information operations. This exploit allows for t...

The 10-Strike Network Inventory Explorer version 8.54 contains a stack-based buffer overflow in the registration key input field. This vulnerability allows local attackers to execute arbitrary code by manipulating the structured exception handler (SEH) overwrite. By crafting a malicious registrat...