Publicly Disclosed
PoC Exploits

The Ollama software versions prior to 0.1.34 are susceptible to an input validation vulnerability that fails to correctly validate the format of the digest when retrieving the model path. This oversight allows for test cases that deviate from the expected sha256 format, including those with fewer...

A vulnerability exists in the Linux kernel that concerns the handling of shared skb fragments during the decryption process in ESP-in-UDP packets. When pages are attached from a pipe directly to an skb using MSG_SPLICE_PAGES, the kernel marked these SKBs with SKBFL_SHARED_FRAG, which plays a cruc...

The Fortis for WooCommerce plugin, prior to version 1.3.1, has a vulnerability that allows unauthenticated attackers to access sensitive API keys. This flaw enables them to query the Fortis API, potentially exposing sensitive customer data, including past orders and personally identifiable inform...

Netdata, an open-source observability tool, contains a vulnerability in the `ndsudo` utility bundled with certain versions of the Netdata Agent. This vulnerability arises from the `ndsudo` executable being set with the SUID bit, granting attackers the potential to execute arbitrary commands with ...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The getimagesize() function in PHP versions earlier than specified versions is affected by a vulnerability that results in the potential leak of uninitialized heap memory through the APPn segments when processing images in a multi-chunk mode. This can expose sensitive information from the server'...

The vulnerability in NetBSD's cryptodev_op function arises from a signed integer overflow due to the improper handling of data types. The local variable `iov_len`, defined as a signed integer, erroneously receives a value from the unsigned variable `cop->dst_len`, leading to undefined behavior wh...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A Cross-site Scripting (XSS) vulnerability exists in Livemesh Addons for Elementor, enabling attackers to inject malicious scripts into web pages generated by the plugin. This could allow unauthorized access to user data and control over the affected site. The vulnerability impacts all versions u...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The Dify platform, specifically versions up to 1.14.1, is susceptible to an authorization bypass vulnerability within its file preview endpoint. This flaw allows any authenticated user to access sensitive information by exploiting the file's UUID. Attackers can utilize the /console/api/files/{fil...

Dify, a plugin developed by LangGenius, exhibits a path traversal vulnerability that allows authenticated users to exploit insufficient URL path sanitization. By manipulating requests sent to the internal REST API of the Plugin Daemon, attackers can traverse outside their designated tenant paths ...

The Dify application, specifically versions up to 1.14.1, is susceptible to an authorization bypass flaw. This issue enables authenticated users with editor privileges to manipulate trace configurations for any application, ignoring tenant ownership restrictions. Attackers can exploit this weakne...

A significant security vulnerability exists within the MLflow platform developed by Databricks. This issue arises from the deserialization of untrusted data in versions 0.9.0 and later. Attackers exploit this vulnerability by uploading a malicious PyFunc model that, once interacted with, can exec...

The Ajax Load More plugin for WordPress prior to version 7.8.4 contains a security flaw that allows attackers to exploit a failure in sanitizing and escaping parameters. This oversight facilitates a Reflected Cross-Site Scripting attack, which can particularly endanger high-privilege users, such ...

The WP Maps WordPress plugin, prior to version 4.9.3, contains a vulnerability that allows authenticated users to execute Local File Inclusion (LFI) attacks due to insufficient sanitization of a parameter used in file paths. This flaw can potentially lead to unauthorized access and disclosure of ...

The WP Photo Album Plus plugin for WordPress, prior to version 9.1.11.001, is susceptible to SQL injection due to insufficient sanitization and escaping of user-supplied data in SQL queries. This flaw allows unauthenticated attackers to execute arbitrary SQL commands, potentially leading to unaut...

The Autoptimize and other related WordPress plugins are susceptible to unauthenticated stored cross-site scripting (XSS) due to a flaw in the HTML minification process. This vulnerability originates from a predictable replacement hash, which attackers can exploit by injecting malicious HTML attri...

The Feeds for YouTube plugin, which integrates YouTube video, channel, and gallery functionalities, is susceptible to unauthorized modifications due to a lack of capability checks on the 'actions' function. This vulnerability allows users with subscriber privileges or higher to delete the plugin'...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

An arbitrary file upload vulnerability exists in Mara CMS version 7.5 that allows an authenticated attacker to upload malicious PHP scripts. This can be exploited by sending a request to codebase/dir.php?type=filenew while in a valid admin or manager session. Once the malicious file is uploaded, ...

A vulnerability exists in the Tencent WeKnora Config API Endpoint, specifically in the getKnowledgeBaseForInitialization function within initialization.go. This issue allows unauthorized access due to improper validation of the kbId argument. The vulnerability can be exploited remotely, risking e...

A vulnerability exists in the Project Worlds Hospital Management System in PHP, specifically within the getAllPatientDetail function of the update_info.php file. This flaw arises from improper handling of the appointment_no parameter, which can be manipulated to execute SQL injection attacks. Suc...

An exploit in GitLab CE/EE allows an unauthenticated user to leverage a path traversal vulnerability. This issue is particularly impactful in version 16.0.0, enabling attackers to read an arbitrary file on the server if the target file is associated with an attachment within a public project that...

A vulnerability exists in npitre cramfs-tools versions up to 2.2, specifically within the change_file_status function in cramfsck.c. This vulnerability enables symlink following, allowing an attacker with local access to exploit the system. A patch has been released (commit b4a3a695c9873f824907bd...

A null pointer dereference vulnerability has been identified in the UERadioCapabilityCheckResponse function of omec-project AMF, affecting versions up to 2.1.3-dev. This flaw allows remote attackers to cause denial of service conditions through malicious manipulation. The vulnerability is exploit...

A vulnerability has been identified in the OMEC Project's AMF, specifically within the NGAP Message Handler component. This flaw allows for a null pointer dereference, which can lead to significant security risks, including potential remote exploitation. Attackers may utilize publicly available e...

A security flaw was identified in the omec-project's AMF up to version 2.1.3-dev, specifically within the RANConfiguration function in ngap/handler.go. This vulnerability allows for a null pointer dereference, which can facilitate remote exploitation by an attacker. The exploit's public release e...

A vulnerability has been identified in the omec-project AMF, specifically within the NGAP Message Handler component. This issue, located in the dispatcher.go file, can lead to memory corruption through manipulation. The attack can be executed remotely, posing a risk to security. Exploits for this...

A vulnerability has been identified in the OMEC Project AMF which affects the NGSetupRequest function found in the file ngap/handler.go. This issue can be exploited remotely through a manipulation of the InformationElement argument, resulting in memory corruption. This exploit has been publicly d...

A command injection vulnerability has been identified in the Edimax BR-6428NS router, specifically in the formStaDrvSetup function of the POST request handler. Attackers can exploit this vulnerability by manipulating the 'stadrv_ssid' argument, potentially allowing them to execute arbitrary comma...

A buffer overflow vulnerability exists in the Edimax BR-6428NS router, specifically within the formPPTPSetup function of the POST Request Handler. This vulnerability is triggered by improper validation of the pptpUserName argument, potentially allowing remote attackers to manipulate the device. T...

A buffer overflow vulnerability has been discovered in the Edimax BR-6428NS router with firmware version 1.10. The flaw resides in the POST Request Handler, specifically within the function formL2TPSetup. An attacker can exploit this vulnerability by manipulating the L2TPUserName argument, allowi...

A command injection vulnerability exists in the Edimax BR-6228NC router, specifically affecting the 'mp' function within the POST Request Handler at /goform/mp. Manipulating the 'command' argument allows attackers to execute arbitrary commands remotely. This exploitation could lead to unauthorize...

A vulnerability has been identified in the linlinjava litemall application, specifically within the backup/load functions of the Database Setting Handler. This vulnerability permits remote attackers to manipulate input parameters, specifically the db/password argument, leading to potential argume...

A vulnerability has been discovered in the linlinjava litemall product, particularly affecting its Admin Endpoint. This weakness allows for potential SQL injection attacks, which can be initiated remotely. The exploitation of this vulnerability could compromise the integrity of the database by ma...

A security flaw has been identified in the Linlinjava Litemall affecting the Front-end WeChat API. The vulnerability is located in the 'WxGoodsController' function of the component, allowing an attacker to exploit SQL injection techniques. This flaw can be remotely exploited, making it critical f...

A path traversal vulnerability has been identified in the Continuedev Continue product, specifically in version 1.2.22. The issue exists within the lsTool function located in core/tools/implementations/lsTool.ts of the JSON-RPC Server. By manipulating the 'dirPath' argument, an attacker could pot...

A vulnerability exists in Vercel AI affecting versions up to 3.0.97, specifically within the createJsonResponseHandler and createJsonErrorResponseHandler functions in the response-handler.ts file. This flaw can lead to uncontrolled resource consumption, allowing attackers to initiate an exploit r...

A vulnerability has been identified in Vercel AI, affecting versions up to 3.0.97. This issue resides in the validateDownloadUrl function within the packages/provider-utils/src/download-blob.ts file. The vulnerability allows for server-side request forgery (SSRF), where an attacker can manipulate...

Flowise, a user-friendly platform for creating customized large language model flows, has a significant vulnerability in version 3.0.5 that allows for remote code execution. The flaw lies within the CustomMCP node, where user input is inadequately sanitized. Specifically, the mcpServerConfig stri...

A vulnerability has been discovered in Vercel AI versions up to 3.0.97, specifically affecting the function run found in the .github/workflows/prettier-on-automerge.yml file. This flaw allows an attacker to manipulate the system through os command injection. The vulnerability can potentially be e...

A critical flaw has been detected in the Kilo-Org kilocode application, specifically in the Environment Variable Handler's Load function. This issue allows an attacker to manipulate the KILO_CONFIG_CONTENT argument, potentially leading to unauthorized information disclosure. The vulnerability can...

A vulnerability exists in Kilo-Org's kilocode up to version 7.0.47, specifically within the Bun.file function in the File Diff API Endpoint. This vulnerability allows attackers to perform a path traversal by manipulating the File argument, potentially leading to unauthorized access to sensitive f...

A security vulnerability has been identified in the H3C Magic B3 router, specifically in the UpdateWanParams function within the /goform/aspForm file. This flaw enables attackers to manipulate parameters, resulting in a potential buffer overflow. The attack can be executed remotely, posing a sign...

This vulnerability involves a memory corruption issue that arises when processing specially crafted media files, which can lead to unintended app termination or memory corruption in affected Apple devices. Apple has addressed this flaw with enhanced input validation in the latest versions of thei...

A vulnerability in the Linux kernel's ptrace functionality raises concerns regarding task memory image management. This issue relates to 'dumpability' checks for processes without an associated memory management structure (mm). The ptrace_may_access() function includes 'dumpable' checks for proce...

A vulnerability in the Linux kernel's ptrace functionality raises concerns regarding task memory image management. This issue relates to 'dumpability' checks for processes without an associated memory management structure (mm). The ptrace_may_access() function includes 'dumpable' checks for proce...

A vulnerability in the Linux kernel's ptrace functionality raises concerns regarding task memory image management. This issue relates to 'dumpability' checks for processes without an associated memory management structure (mm). The ptrace_may_access() function includes 'dumpable' checks for proce...

A security vulnerability has been identified in the xiandafu Beetl framework, specifically within the SpELFunction component. The issue arises from the improper handling of special characters in expression language statements, allowing attackers to exploit the function remotely. Despite receiving...