Publicly Disclosed
PoC Exploits

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

Chamilo LMS, an open-source learning management system, faces a significant security issue in version 2.0-RC.2 due to unauthenticated access to the public/main/inc/ajax/install.ajax.php file. Unlike other AJAX endpoints, this file does not incorporate necessary authentication checks. The vulnerab...

The MCP Atlassian server, utilized in Confluence and Jira, harbors a vulnerability that allows arbitrary code execution due to inadequate directory boundary enforcement in the `confluence_download_attachment` tool. Attackers can exploit this flaw by manipulating the `download_path` parameter, all...

The Chamilo LMS is affected by a security issue in its PENS plugin, allowing unauthenticated access to an endpoint that fetches user-controlled URLs. Malicious actors can leverage this vulnerability to probe internal network services, access sensitive cloud metadata endpoints, and manipulate inte...

Plunk, an open-source email platform built on AWS SES, contains a CRLF header injection vulnerability that affects versions prior to 0.8.0. This issue allows an authenticated API user to manipulate email headers by injecting carriage return or line feed characters into fields such as from.name, s...

The KubeAI operator for Kubernetes exposes a critical security vulnerability due to improper sanitization of model URL components within the ollamaStartupProbeScript() function. Prior to version 0.23.2, this function constructs a shell command using unsanitized inputs, allowing an attacker with p...

Graphiti, a framework designed for building and querying temporal context graphs for AI agents, has a significant Cypher injection vulnerability present in versions prior to 0.28.2. The flaw arises in the shared construction of search filters, where attacker-controlled label values supplied throu...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

A vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the algif_aead component. This issue arises from an unnecessary complexity in operating in-place, which has been reverted for improved security and performance. The change eliminates the need for in-pl...

The affected versions of cPanel and WHM contain a serious authentication bypass flaw in the login flow. This vulnerability enables unauthenticated remote attackers to bypass authentication mechanisms, allowing them to gain unauthorized access to the control panel. Users of the specified versions ...

An improper neutralization of special elements vulnerability has been identified in GitHub Enterprise Server, which allows an attacker with push access to a repository to execute arbitrary code. During a 'git push' operation, user-supplied push option values were not adequately sanitized before b...

Flowise, a drag-and-drop interface for building customized large language model flows, was found to have a significant security flaw prior to version 3.0.13. This vulnerability specifically allows unauthenticated users to access privileged operations through the NVIDIA NIM router API (/api/v1/nvi...

A security vulnerability has been identified in the 1024-lab Smart-Admin product, specifically within the Demo Site component. The vulnerability arises from improper access controls related to a function found in the /smart-admin-api/druid/index.html file. This flaw allows unauthorized remote att...

A flaw in SourceCodester's Pet Grooming Management Software version 1.0 allows for SQL injection through manipulation of the /admin/update_customer.php file. This vulnerability arises due to improper validation of argument types and parameter length, enabling remote attackers to execute arbitrary...

A critical security issue has been discovered in the BurtTheCoder MCP-DNSTwist application, specifically within the fuzz_domain function located in src/index.ts. This vulnerability allows attackers to manipulate request arguments, resulting in potential OS command injection. The issue is concerni...

A security vulnerability has been identified in UTT HiPER 1250GW, specifically in the strcpy function located in the route/goform/ConfigAdvideo file. This flaw allows an attacker to manipulate the Profile argument, leading to a buffer overflow condition. The vulnerability can be exploited remotel...

A buffer overflow vulnerability has been identified in the UTT HiPER 1250GW device, specifically within the strcpy function in the route/goform/formTaskEdit_ap file. This issue arises from improper handling of the Profile argument, allowing for remote exploitation. An attacker could leverage this...

A vulnerability exists in the UTT HiPER 1250GW network device, specifically in the strcpy function used within the NTP management interface. By manipulating the Profile argument, an attacker can trigger a buffer overflow, which may potentially allow for remote code execution. This vulnerability h...

A vulnerability exists in the Algovate xhs-mcp 0.8.11 version that impacts the xhs_publish_content function within the MCP Interface. Specifically, an attacker can exploit the vulnerability through manipulated media_paths arguments, leading to server-side request forgery that can be initiated rem...

A security flaw exists in PolarVista xcode-mcp-server 1.0.0, specifically within the build_project/run_tests function located in the src/index.ts file of the MCP Interface. This vulnerability allows for remote exploitation through argument manipulation in the Request, potentially enabling attacke...

An SQL injection vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System version 1.0. The flaw resides in the processing of the 'pid' argument within the /admin/ajax.php?action=add_to_cart file. An attacker can exploit this vulnerability remotely to manipulate and execute...

A vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System 1.0, specifically within the function save_user located in /admin/ajax.php?action=save_user. This flaw allows attackers to execute SQL injection attacks by manipulating input parameters, enabling unauthorized acces...

A significant SQL injection vulnerability has been identified in the SourceCodester Pizzafy Ecommerce System 1.0, specifically within the 'save_menu' function in the 'admin/ajax.php?action=save_menu' file. This vulnerability enables attackers to execute arbitrary SQL queries, potentially leading ...

A security vulnerability has been identified in the Save Settings function of the Setting Handler component in SourceCodester's Pizzafy Ecommerce System 1.0. This flaw allows attackers to exploit the remote execution of SQL injection through the ajax.php file, specifically via the 'action=save_se...

A path traversal vulnerability exists in the Getsimpletool mcpo-simple-server, particularly within the delete_shared_prompt function in the base_manager.py file. This weakness allows an attacker to manipulate the 'detail' argument, potentially leading to unauthorized file access on the server. Th...

A security flaw has been identified in Geldata Gel-MCP version 0.1.0 affecting its fetch_rule function in the server.py file. This vulnerability allows an attacker to exploit the manipulation of the 'rule_name' parameter, potentially leading to unauthorized file access through path traversal. Thi...

Cockpit CMS contains an authenticated remote code execution vulnerability that affects the /cockpit/collections/save_collection endpoint. This flaw enables attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. By exploiting this vulnerabili...

The VideoFlow Digital Video Protection DVP 2.10 is susceptible to an authenticated directory traversal vulnerability. This flaw enables authenticated attackers to disclose sensitive files from the system by exploiting the ID parameter with directory traversal sequences. By exploiting endpoints su...

VideoFlow Digital Video Protection DVP version 2.10 is susceptible to an authenticated remote code execution vulnerability due to a cross-site request forgery (CSRF) flaw within the web management interface. This vulnerability permits attackers with legitimate credentials to exploit the CSRF weak...

The Tenda FH303/A300 firmware version V5.07.68_EN exposes a session weakness that may enable unauthorized individuals to alter DNS settings. This vulnerability arises from inadequate cookie validation, allowing attackers to utilize specially crafted admin cookies to send GET requests to the /gofo...

The Tenda W3002R, A302, and W309R wireless routers running version V5.07.64_en exhibit a vulnerability related to cookie session validation. This flaw allows unauthenticated attackers to send crafted GET requests to the /goform/AdvSetDns endpoint, enabling them to alter DNS settings. By exploitin...

The Tenda W308R v2, specifically version V5.07.48, is susceptible to a vulnerability that enables attackers to exploit cookie session weaknesses. By manipulating the admin language cookie, attackers can send crafted GET requests to the goform/AdvSetDns endpoint, successfully altering DNS settings...

Alloksoft Video Joiner version 4.6.1217 is affected by a buffer overflow vulnerability that could allow local attackers to execute arbitrary code. This can be triggered by supplying a crafted string in the License Name field during the license registration process. By exploiting this flaw, attack...

Allok Soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 is susceptible to a buffer overflow vulnerability. This flaw enables local attackers to execute arbitrary code by inputting an oversized string in the License Name field. By crafting malicious input that exploits structured exception handler (...

SysGauge version 4.5.18 is susceptible to a buffer overflow vulnerability in its proxy configuration handler. This issue allows local attackers to exploit the application by injecting an oversized string into the Proxy Server Host Name field within the Options menu. Such an action can lead to an ...

LifeSize ClearSea 3.1.4 is susceptible to directory traversal vulnerabilities that permit authenticated attackers to manipulate path parameters within the smartgui interface. By exploiting these weaknesses, attackers can upload and download arbitrary files, gaining the potential to write files to...

The BuddyPress Xprofile Custom Fields version 2.6.3 has a vulnerability that enables authenticated users to execute remote code. By manipulating unescaped POST parameters, specifically 'field_hiddenfile' and 'field_deleteimg', attackers can delete arbitrary files from the server during profile ed...

The persistent cross-site scripting vulnerability in MyBB Recent Threads version 17.0 enables attackers to inject malicious JavaScript into the subject lines of threads. When users view the index page, the injected scripts execute in their browsers, compromising user sessions and data privacy. Th...

SysGauge Pro 4.6.12 is susceptible to a local buffer overflow vulnerability in its Register function. This flaw allows local attackers to overwrite the structured exception handler by providing a specially crafted unlock key. The vulnerability enables the execution of arbitrary code with applicat...

PDFunite version 0.41.0 is susceptible to a buffer overflow vulnerability that may allow local attackers to crash the application when processing specially crafted PDF files during merge operations. The issue arises in the XRef::getEntry function within libpoppler, leading to a segmentation fault...

The librsvg2-bin version 2.40.13 is susceptible to a buffer overflow vulnerability that can be exploited by local attackers. This vulnerability arises when the rsvg conversion tool processes malformed SVG files, which may lead to a denial of service by causing segmentation faults in the cairo ima...

Free Download Manager version 2.0 Built 417 exposes a local buffer overflow vulnerability within its URL import functionality. By crafting a malicious URL file, attackers can exploit this vulnerability through the File > Import > Import lists of downloads menu. This leads to a buffer overflow in ...

A stack-based buffer overflow vulnerability exists within Allok Video to DVD Burner 2.6.1217, specifically in the License Name field. This flaw can be exploited by local attackers to execute arbitrary code through a specially crafted input. By injecting a malicious string of 780 bytes consisting ...

Allok AVI to DVD SVCD VCD Converter version 4.0.1217 exhibits a structured exception handling (SEH) based buffer overflow vulnerability. This issue allows local attackers to execute arbitrary code by inserting a specially crafted malicious string into the License Name field. When the crafted inpu...

The Easy MPEG to DVD Burner version 1.7.11 is susceptible to a local buffer overflow due to improper handling of structured exception handling (SEH). Attackers can exploit this vulnerability by crafting a malicious username string that injects arbitrary code into the program. This crafted payload...

The Prime95 29.4b8 version is susceptible to a local buffer overflow vulnerability due to flawed handling of structured exception handling (SEH). This flaw enables attackers to execute arbitrary code by injecting malicious payloads through the optional proxy hostname field in the PrimeNet setting...

XATABoost CMS version 1.0.0 is susceptible to a union-based SQL injection flaw which enables unauthenticated attackers to execute arbitrary SQL queries via manipulated input in the id parameter. By crafting specific GET requests to news.php, an attacker can retrieve sensitive information from the...