Publicly Disclosed
PoC Exploits

The Dasel command-line tool, widely used for querying and transforming data structures, has a vulnerability that can lead to Denial of Service. Versions 3.0.0 through 3.3.0 allow an attacker to exploit the YAML reader's `UnmarshalYAML` implementation. By providing specially crafted YAML files, an...

Strapi, an open-source headless content management system, has a vulnerability in versions ranging from 4.0.0 to 5.36.0 that stems from inadequate sanitization of query parameters during content filtering. This flaw allows unauthenticated attackers to exploit the `where` query parameter on public...

A security flaw exists within the Hotel and Tourism Reservation System 1.0, specifically in an unrecognized function located in the file /ht/tour.php. This vulnerability allows an attacker to exploit certain parameters such as name, email, people, or number, leading to cross-site scripting (XSS) ...

A security vulnerability identified in the Hotel and Tourism Reservation System version 1.0 impacts the functionality of the password verification process in the admin login module. It allows an attacker to manipulate the password argument within the /admin/login.php file, leading to improper aut...

The SourceCodester SEO Meta Tag Extractor version 1.0 is susceptible to a server-side request forgery (SSRF) vulnerability due to improper handling of the 'url' argument in the get_headers function within the /index.php file. This flaw allows an attacker to craft malicious requests that could lea...

A vulnerability in the CodeAstro Payroll System 1.0 allows for SQL injection through the manipulation of the emp_id parameter within the /home_employee.php file. This flaw can be exploited by remote attackers, potentially leading to unauthorized access to sensitive employee data. The issue has be...

Banana Slides version 0.4.0 suffers from a path traversal vulnerability located in the generate_image() function of the AI service backend. The flaw enables unauthenticated attackers to access arbitrary image files beyond the designated uploads directory. This exploitation occurs due to an incomp...

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization...

F5-TTS versions up to 1.1.20 are susceptible to a path traversal vulnerability within the finetune Gradio handlers. This flaw permits unauthenticated attackers to write arbitrary files by manipulating unsanitized user input for project names, which are directly passed to the os.path.join() functi...

A security flaw has been identified in the Enderfga Claw-Orchestrator, specifically affecting versions up to 3.5.5. The vulnerability resides within the EmbeddedServer function of the src/embedded-server.ts file in the API Endpoint. This defect allows for potential remote exploitation due to inad...

Microtar, up to version 0.1.0, is affected by a stack-based buffer overflow vulnerability in the raw_to_header() function located in src/microtar.c. This flaw arises when a specially crafted TAR archive is processed, where name or linkname fields are not properly null-terminated. The use of strcp...

A security flaw has been identified in the horizon921 mcpilot version 0.1.0. This vulnerability resides within an unknown function of the MCP API Call Endpoint's 'route.ts' file, where improper handling of the 'serverBaseUrl' argument can lead to server-side request forgery (SSRF). The vulnerabil...

The WP Maps Pro plugin contains a vulnerability that allows unauthenticated attackers to escalate their privileges by creating a new administrator account. This occurs due to insufficient protection around a public AJAX action, which can be exploited using a nonce that is easily accessible. By in...

The Wezterm-mcp product version 0.1.0 has a security vulnerability in the src/wezterm_executor.ts file, specifically in the switch_pane/write_to_specific_pane function. This vulnerability allows for manipulation of the request parameters, leading to OS command injection attacks. The flaw can be e...

A path traversal vulnerability exists in the ishayoyo Excel-MCP component, specifically in the read_file/write_file feature located in src/index.ts, exposing it to potential unauthorized access to filesystem locations. By manipulating the filePath or outputPath arguments, an attacker can exploit ...

A vulnerability in the MCP Gmail Tool of j3k0 was identified, affecting its saveToDisk function in the src/tools/gmail.ts file. This flaw allows unauthorized actions due to improper access controls, which could be exploited remotely. A patch has been provided to remediate the issue, emphasizing t...

A server-side request forgery vulnerability has been identified in version 0.1.0 of the Jenkins-server-mcp product from hekmon8. This issue affects the jobPath function located in src/index.ts and could allow remote attackers to manipulate requests. Notably, this vulnerability was disclosed publi...

A buffer overflow vulnerability exists in the Key Generation Module of OpenSC's pkcs11-tool, specifically within the function test_kpgen_certwrite. This flaw allows for a potential remote exploitation, granting attackers the means to manipulate memory allocation and execute harmful code. The comp...

A vulnerability exists in indrasishbanerjee's aem-mcp-server that affects the getAssetMetadata function located in src/mcp-server.ts. This vulnerability allows a remote attacker to manipulate the assetPath argument, potentially leading to server-side request forgery. This exploit was publicly dis...

A vulnerability has been identified in php-censor versions up to 2.1.6 within the Webhook Endpoint's GitBuild.php file. This issue arises when the commitId argument is manipulated, allowing remote attackers to execute OS commands on the server. An exploit for this vulnerability has been made publ...

An improper authorization vulnerability has been identified in the a4m4 Student-Management-System, specifically in the admin/deleteform.php file. This flaw allows remote attackers to manipulate the 'sid' argument for unauthorized access. Despite early notification to the vendor through an issue r...

A security flaw exists in the a4m4 Student-Management-System that affects the Admin Endpoint component. This vulnerability arises from an exploitable issue in a function within the admin directory, specifically related to the manipulation of user identifiers (uid). By leveraging this weakness, an...

A stack-based buffer overflow vulnerability exists in the API of the D-Link DI-7001 MINI, specifically within the sprintf function located in /httpd_debug.asp. Through the manipulation of the Time argument, an attacker can exploit this vulnerability remotely, leading to a potential execution of a...

A vulnerability exists in OpenVPN Connect for macOS versions 3.5.1 to 3.8.1, where attackers can exploit a background service to achieve privilege escalation. By leveraging the local IPC channel, attackers may execute arbitrary commands with elevated privileges, potentially compromising the secur...

A vulnerability has been discovered in the Janet programming language, affecting versions up to 1.41.0. The issue resides in the `unmarshal_one_fiber` function within the `src/core/marsh.c` file, where an integer overflow may occur due to inadequate input validation. An attacker can exploit this ...

The authentication bypass vulnerability in Palo Alto Networks' PAN-OS software presents a significant security risk by allowing unauthorized access to the GlobalProtect portal and gateway. This flaw enables attackers to circumvent authentication mechanisms, potentially gaining unauthorized VPN co...

A security flaw has been identified in Janet-lang's Janet up to version 1.41.0, specifically within the doframe function of src/core/debug.c. This vulnerability allows an attacker to perform an out-of-bounds read, requiring local access to exploit the issue. Publicly available exploits for this v...

The Next.js framework, utilized for building web applications, is exposed to a server-side request forgery vulnerability when using versions from 13.4.13 up to but not including 15.5.16 and 16.2.5. This flaw arises when self-hosted applications that employ the built-in Node.js server allow attack...

A vulnerability has been detected within the itsourcecode Content Management System version 1.0, specifically in the /admin/edit_topic.php file. This flaw occurs due to improper handling of the 'topic_id' parameter, allowing attackers to manipulate SQL queries, resulting in a potential SQL inject...

A vulnerability has been identified in the Send API Endpoint of lharries' WhatsApp-mcp version 0.0.1. This issue arises from improper validation within the SendMessageRequest function in the main.go file, where manipulation of the mediaPath argument leads to path traversal. As a result, unauthori...

A vulnerability was detected in the SourceCodester Computer Repair Shop Management System, specifically in the manage_product.php file. The SQL injection issue arises from improper handling of the 'ID' argument, allowing attackers to execute malicious SQL queries remotely. This could lead to unau...

A SQL Injection vulnerability has been identified in the login functionality of Code-Projects' Real State Services software version 1.0. This issue arises from improper handling of the username parameter in the /loginuser.php file, allowing attackers to manipulate database queries via crafted inp...

A vulnerability has been identified in the CodeAstro Online Job Portal 1.0, specifically in the functionality related to the /users/application_status.php file. By manipulating the argument ID, an attacker can execute a SQL injection attack, potentially compromising the database remotely. This ty...

A stack-based buffer overflow vulnerability in Windows Netlogon permits an unauthorized attacker to execute arbitrary code over a network. This flaw may allow attackers to compromise systems by sending specially crafted requests to the affected service, leading to potential system control and dat...

The Lightweight Music Server (LMS) version 3.76.0 contains a stored cross-site scripting vulnerability that enables attackers to execute arbitrary JavaScript code. This vulnerability occurs when malicious HTML is embedded in media file metadata tags, such as GENRE, ARTIST, or ALBUM. Attackers can...

A serious SQL injection vulnerability has been identified in CodeAstro Online Job Portal version 1.0, specifically within the delete-jobs.php file located in the admin directory. This vulnerability arises from improper handling of user input in an unknown function, allowing attackers to exploit t...

A vulnerability has been identified in the H3C Magic B0 device, specifically affecting versions up to 100R002. The issue arises within the SetMobileAPInfoById function of the /goform/aspForm file, where improper handling of the argument param enables attackers to exploit a stack-based buffer over...

A vulnerability has been detected in itsourcecode Content Management System version 1.0, specifically in the /admin/add_sub_topic.php function. This flaw allows an attacker to manipulate the topic_id parameter, which leads to SQL injection attacks. The exploit can be executed remotely, making it ...

A security flaw has been noticed in the itsourcecode Content Management System version 1.0, specifically in the processing of the file /admin/update_ss_img.php. This vulnerability allows an attacker to manipulate the topic_id argument, leading to possible SQL injection attacks. Such exploits can ...

A vulnerability exists in the itsourcecode Content Management System version 1.0, particularly in the /save_comment.php file. This issue arises from improper handling of user-supplied input in the Name argument, allowing an attacker to execute SQL injection attacks. Such exploitation can lead to ...

A vulnerability exists in the SourceCodester Pharmacy Sales and Inventory System version 1.0, specifically within the 'sell_statement' function in 'application/controllers/ShowForm.php'. This flaw allows an attacker to manipulate access controls improperly, potentially leading to unauthorized dat...

A significant flaw has been detected in SourceCodester Pet Grooming Management Software version 1.0, particularly affecting an unspecified function in the /admin/ directory. This vulnerability allows an attacker to manipulate the software and gain unauthorized access to sensitive file and directo...

A SQL injection vulnerability has been identified in the itsourcecode Online House Rental System 1.0, specifically in the /manage_payment.php file. This vulnerability allows attackers to manipulate the ID parameter, enabling them to execute remote attacks. The exploit is now publicly available, m...

A security vulnerability exists in the itsourcecode Online House Rental System, specifically within the /manage_tenant.php file. The flaw stems from improper handling of the ID parameter, allowing an attacker to perform SQL injection attacks. This can lead to unauthorized access to the database a...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

A vulnerability exists in the itsourcecode Online House Rental System 1.0, specifically in the AJAX login functionality found in /ajax.php?action=login. An attacker can exploit this weakness by manipulating the Username parameter, leading to a potential SQL injection attack. This can allow unauth...

A security flaw has been identified in the itsourcecode Online Blood Bank Management System 1.0, specifically within an unknown function in the file /admin/campsdetails.php. This vulnerability allows for SQL injection through manipulated arguments, enabling potential remote attacks. Given that ex...

A vulnerability was discovered in the itsourcecode Online Blood Bank Management System 1.0, specifically within the /admin/viewrequest.php file. This flaw allows for unauthorized manipulation of the 'ID' parameter, enabling attackers to perform SQL injection attacks. The vulnerability can be expl...

The dnsmasq service contains a flaw in its extract_name() function, which can be exploited to cause a heap buffer overflow. This vulnerability allows attackers to inject incorrect DNS cache entries, leading to potential redirection of DNS queries to malicious IP addresses. Furthermore, this could...

A vulnerability exists in SourceCodester Pharmacy Sales and Inventory System, specifically in the Supplier Creation Interface within the 'create_supplier' function of the '/Export_csv/export' component. This flaw allows for CSV injection attacks through manipulations of the 'Address' or 'Company ...