Publicly Disclosed
PoC Exploits

The Ninja Forms - File Uploads plugin for WordPress contains a vulnerability allowing unauthenticated attackers to upload arbitrary files due to inadequate file type validation in the upload handling function. This oversight affects all versions upto and including 3.3.26, potentially enabling att...

Squidex, an open-source headless content management system, suffers from a vulnerability in its Restore API prior to version 7.23.0. The flaw arises from insufficient validation of the URI scheme within the user-supplied 'Url' parameter. This oversight permits an authenticated administrator to ex...

A vulnerability exists in MaxSite CMS affecting the Guestbook Plugin, allowing for cross site scripting (XSS) attacks. This issue is due to improper handling of inputs such as f_text, f_slug, f_limit, and f_email, which can be exploited remotely. The vendor has identified this issue and issued a ...

The Breeze Cache plugin for WordPress has a security flaw that allows unauthenticated attackers to perform arbitrary file uploads. This vulnerability is due to inadequate file type validation in the 'fetch_gravatar_from_remote' function. The risk is present in all versions up to 2.4.4, specifical...

A Cross Site Scripting vulnerability has been identified in the down_count plugin of MaxSite CMS, affecting versions up to 109.3. The issue originates from improper handling of the f_file and f_prefix parameters, allowing attackers to inject malicious scripts that can be executed in the context o...

A security vulnerability within the mail_send plugin of MaxSite CMS versions up to 109.3 allows attackers to exploit improper input handling, leading to cross-site scripting attacks. This issue arises when the arguments f_subject, f_files, and f_from are manipulated, enabling remote execution of ...

Marimo, a reactive Python notebook, exhibits a significant security vulnerability prior to version 0.23.0. The terminal WebSocket endpoint (/terminal/ws) allows unauthenticated access, enabling attackers to gain a complete pseudo-terminal shell and execute arbitrary commands on the host system. U...

A cross site scripting vulnerability has been identified in MaxSite CMS, specifically affecting version 109.3 of the Redirect Plugin. This flaw allows remote attackers to manipulate the argument 'f_all/f_all404', leading to potential XSS attacks. The vendor addressed the vulnerability by implemen...

The local privilege escalation vulnerability in the overlayfs implementation of Ubuntu Kernels allows attackers to bypass permission checks during certain attribute-setting operations. Specifically, when invoking 'ovl_do_setxattr', the requisite permission checks are skipped, potentially leading ...

In Sudo versions prior to 1.8.28, a security flaw allows an attacker with access to a Runas ALL sudoer account to circumvent specified policy blacklists and session PAM modules. This vulnerability can lead to misleading logging and improper user privileges when the attacker invokes Sudo with a cr...

A security flaw exists in go-kratos up to version 2.9.2 that affects the NewServer function in the transport/http/server.go file. This vulnerability impacts the http.DefaultServeMux Fallback Handler, allowing for unintended intermediary exposure. The vulnerability can be exploited remotely, posin...

A significant vulnerability has been identified in several models of D-Link Network Attached Storage devices, specifically in the HTTP GET request handler of the nas_sharing.cgi component. This vulnerability allows for command injection via manipulation of the 'system' argument, enabling remote a...

An OS command injection vulnerability exists in the Linksys MR9600 router, specifically within the JNAP Action Handler. The issue arises from inadequate validation of the 'pin' argument in the function BTRequestGetSmartConnectStatus located in the run_central2.sh script. By exploiting this vulner...

A cross site scripting vulnerability exists in the projeto-siga application version 11.0.3.18, specifically in an unknown function within the file /sigawf/app/responsavel/novo. This flaw allows an attacker to manipulate parameters, particularly the Nome/Descrição arguments, to execute arbitrary s...

A command injection vulnerability has been detected in the Tenda F453 router, specifically impacting the TendaTelnet function within the Telnet Service. This flaw allows an attacker to execute arbitrary commands remotely through the /goform/telnet endpoint, leading to potential unauthorized acces...

A critical security flaw exists in the Boa Service within Tenda HG10 and related router models, specifically in the formRoute function of the /boaform/formRouting file. This vulnerability allows an attacker to manipulate the nextHop argument, leading to a buffer overflow condition. If exploited, ...

A security flaw has been identified in Cesanta Mongoose version up to 7.20, specifically within the GCM Authentication Tag Handler implementation. This vulnerability pertains to the function mg_aes_gcm_decrypt found in the /src/tls_aes128.c file. The weakness allows for improper verification of c...

A vulnerability has been identified in Cesanta Mongoose versions up to 7.20 that allows for remote denial of service attacks. This issue arises within the TCP Option Handler's `handle_opt` function in the `/src/net_builtin.c` file, where improper manipulation of the `optlen` argument can lead to ...

A security vulnerability has been identified in the Dashboard API of AstrBot, specifically within the create_template function located at astrbot/dashboard/routes/t2i.py. The flaw allows for improper neutralization of special elements utilized in a template engine, which can potentially enable re...

A server-side request forgery issue has been identified in Pagekit up to version 1.0.18. This vulnerability arises from the manipulation of the 'url' argument in the /index.php/admin/system/update/download functionality. An attacker can exploit this loophole to send unauthorized requests from the...

A server-side request forgery vulnerability was identified in the AiraHub component of IhateCreatingUserNames2's AiraHub2. This flaw exists within the connect_stream_endpoint/sync_agents function of the AiraHub.py file, allowing attackers to manipulate server requests. Exploitation of this vulner...

A command injection vulnerability exists in the GitPilot-MCP product developed by Divyanshu-hash. This issue is rooted in the manipulation of the argument within the repo_path function located in main.py. Attackers can exploit this vulnerability remotely by crafting malicious input that alters th...

A vulnerability exists in PackageKit, specifically in versions 1.0.2 to 1.3.4, allowing unprivileged users to exploit a time-of-check time-of-use (TOCTOU) race condition. This flaw enables attackers to manipulate transaction flags, facilitating the installation of arbitrary RPM packages as root w...

A vulnerability in the devlikeapro WAHA API (up to version 2026.3.4) allows attackers to initiate server-side request forgery (SSRF) through an unknown function in the src/api/media.controller.ts file. This issue enables remote exploitation, potentially leading to unauthorized access to internal ...

A vulnerability has been identified in JiZhiCMS versions up to 2.5.6, affecting the htmlspecialchars_decode function located in /index.php/admins/Sys/addcache.html. This flaw allows an attacker to manipulate the sqls argument, leading to SQL injection attacks that can be executed remotely. The ex...

A security flaw has been identified in vanna-ai vanna versions up to 2.0.2, specifically within an unknown function of the Legacy Flask API. This vulnerability enables attackers to exploit improper authorization mechanisms, potentially granting unauthorized access to sensitive API endpoints. The ...

A vulnerability in WhatsApp allows unauthorized users to exploit incomplete authorization of linked device synchronization messages. This affects multiple versions of WhatsApp on iOS and Mac, enabling attackers to potentially trigger the processing of content from arbitrary URLs on targeted devic...

A serious backdoor vulnerability was discovered in vsftpd 2.3.4, affecting downloads made between June 30 and July 3, 2011. This vulnerability allows an attacker to exploit the software and open a remote shell on port 6200/tcp, granting unauthorized access to the system. It poses significant risk...

FUXA, a web-based Process Visualization software, is vulnerable to a path traversal flaw that permits an unauthenticated attacker to write files to arbitrary locations on the server's filesystem. This allows malicious actors to potentially compromise server integrity and execute unauthorized acti...

In Wing FTP Server prior to version 7.4.4, both user and admin web interfaces improperly handle null ('\0') bytes, which can lead to the injection of arbitrary Lua code into user session files. This vulnerability enables attackers to execute arbitrary system commands with the privileges of the FT...

CyberPanel versions before 2.4.4 are exposed to an authentication bypass vulnerability that affects the AI Scanner worker API endpoints. This flaw enables unauthenticated remote attackers to gain unauthorized access and potentially write arbitrary data to the database. By manipulating requests se...

A vulnerability exists in PackageKit, specifically in versions 1.0.2 to 1.3.4, allowing unprivileged users to exploit a time-of-check time-of-use (TOCTOU) race condition. This flaw enables attackers to manipulate transaction flags, facilitating the installation of arbitrary RPM packages as root w...

The Breeze Cache plugin for WordPress has a security flaw that allows unauthenticated attackers to perform arbitrary file uploads. This vulnerability is due to inadequate file type validation in the 'fetch_gravatar_from_remote' function. The risk is present in all versions up to 2.4.4, specifical...

The Breeze Cache plugin for WordPress has a security flaw that allows unauthenticated attackers to perform arbitrary file uploads. This vulnerability is due to inadequate file type validation in the 'fetch_gravatar_from_remote' function. The risk is present in all versions up to 2.4.4, specifical...

BridgeHead FileStore versions prior to 24A are vulnerable due to the exposure of the Apache Axis2 administration module on network-accessible endpoints using default credentials. This allows unauthenticated attackers to gain access to the admin console, upload malicious Java archives as web servi...

In the Linux kernel, a notable vulnerability related to memory management has been identified within the skb (socket buffer) heads concerning allocation and deallocation. The flaw arises when KFENCE is activated, leading to misclassification during the free path of allocated memory objects. Speci...

The Meshtastic networking solution presents an authentication bypass vulnerability due to its architecture, where a Node is identified by a NodeID derived from the MAC address instead of its public key. This weakness allows an attacker to exploit the HAM mode, which lacks encryption, and forge No...

The HTTP/2 protocol is susceptible to a denial of service vulnerability that can be exploited via rapid stream resets. This allows attackers to overwhelm servers by rapidly canceling requests, leading to significant resource consumption and potential service disruption. Exploitation of this vulne...

The Breeze Cache plugin for WordPress has a security flaw that allows unauthenticated attackers to perform arbitrary file uploads. This vulnerability is due to inadequate file type validation in the 'fetch_gravatar_from_remote' function. The risk is present in all versions up to 2.4.4, specifical...

The llama.cpp product has a critical vulnerability in its RPC backend where the deserialize_tensor() function fails to perform proper bounds validation if a tensor's buffer field is set to zero. This oversight allows unauthenticated attackers to exploit the system by reading and writing arbitrary...

A vulnerability exists in Whistle version 2.9.98, located in the file /cgi-bin/sessions/get-temp-file, which allows attackers to manipulate the filename argument. This leads to a path traversal issue that may enable unauthorized access to sensitive files on the server. Although the vendor was not...

An authentication flaw exists in Apache Tomcat and Apache Tomcat Native, where the CLIENT_CERT authentication process does not fail as expected under certain configurations when soft fail is disabled. This vulnerability potentially allows unauthorized access in scenarios where proper validation i...

KTransformers version 0.5.3 and earlier contains a serious vulnerability in its balance_serve backend that allows unsafe deserialization through the scheduler RPC server. The ZMQ ROUTER socket is bound to all network interfaces without proper authentication, enabling attackers to exploit this fla...

The radare2-mcp software, specifically version 1.6.0 and earlier, is susceptible to an os command injection vulnerability that allows remote attackers to execute arbitrary commands. This is done by circumventing command filters through the use of shell metacharacters within user-controlled input ...

radare2, prior to version 6.1.4, is susceptible to a path traversal vulnerability affecting its project notes handling feature. By exploiting a crafted .zrp archive containing a symlinked notes.txt file, an attacker can circumvent directory confinement measures. This can lead to unauthorized file...

The radare2 tool, prior to version 6.1.4, contains a path traversal vulnerability related to project deletion. This flaw enables local attackers to exploit absolute paths, allowing for the recursive deletion of directories outside the configured project storage boundary. By manipulating the proje...

LeRobot has a vulnerability that allows attackers to exploit unsafe deserialization within its async inference pipeline. The misuse of pickle.loads() for data deserialization over unauthenticated gRPC channels poses a significant risk. Attackers can send maliciously crafted pickle payloads throug...

Kofax Capture exposes a deprecated .NET Remoting HTTP channel on port 2424, accessible without authentication. This vulnerability allows an unauthenticated remote attacker to utilize .NET Remoting techniques to manipulate various system objects. By leveraging these techniques, attackers may read ...

An input validation issue in Microsoft Office SharePoint facilitates unauthorized spoofing attacks over the network. Attackers can exploit this vulnerability to impersonate legitimate users, potentially leading to unauthorized access and data breaches. Proper validation mechanisms must be in plac...

The reCaptcha plugin developed by WebDesignBy for WordPress prior to version 2.0 is vulnerable to Cross-Site Scripting (XSS). The vulnerability arises from improper sanitization and escaping of the Site Key setting, which is outputted directly in a JavaScript context within the grecaptcha_js() fu...