Publicly Disclosed
PoC Exploits

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

A vulnerability allows unauthenticated attackers to exploit the mail server product, facilitating the upload of arbitrary files to any location on the server. This could lead to unauthorized actions, including the potential for remote code execution, thereby compromising the integrity and securit...

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

BloofoxCMS version 0.5.2.1 is plagued by a stored cross-site scripting vulnerability in the articles text parameter. This flaw allows authenticated attackers to inject malicious JavaScript payloads into the text field, which can then be executed in the browsers of unsuspecting users. Such an atta...

The MyBB Delete Account Plugin version 1.4 is susceptible to a cross-site scripting (XSS) vulnerability. This flaw arises from improper validation of the input field used for account deletion reasons, enabling attackers to inject malicious scripts. These scripts can be executed within the admin i...

PhreeBooks version 5.2.3 is susceptible to an authenticated file upload vulnerability in its Image Manager component. This flaw enables malicious actors to upload unauthorized files, such as a PHP web shell, which can lead to remote code execution on the affected server. By exploiting unrestricte...

PhreeBooks version 5.2.3 is susceptible to an authenticated file upload vulnerability in its Image Manager component. This flaw enables malicious actors to upload unauthorized files, such as a PHP web shell, which can lead to remote code execution on the affected server. By exploiting unrestricte...

YetiShare File Hosting Script version 5.1.0 is susceptible to a server-side request forgery (SSRF) vulnerability. This flaw enables attackers to exploit the url parameter within the url_upload_handler endpoint, allowing unauthorized access to sensitive local system files by utilizing the file:///...

LiteSpeed Web Server Enterprise 5.4.11 is susceptible to an authenticated command injection flaw. This vulnerability allows authenticated administrators to execute arbitrary shell commands through the 'Command' parameter in the server's external app configuration interface. By exploiting this vul...

Epson USB Display 1.6.0.0 has a critical vulnerability due to an unquoted service path in the EMP_UDSA service, which operates under LocalSystem privileges. This flaw enables attackers to exploit the service by placing malicious executables in intermediate directories, thereby gaining elevated sy...

PEEL Shopping version 9.3.0 is vulnerable to a stored cross-site scripting flaw in the address parameter of the change_params.php script. This security issue allows attackers to inject malicious JavaScript into the address text box, which can be executed when users interact with the affected form...

PDF Complete Corporate Edition version 4.1.45 is susceptible to a locally exploitable vulnerability due to an unquoted service path in the 'pdfcDispatcher' service. This weakness could enable attackers with local access to potentially inject malicious executables into the service binary location....

Nsauditor 3.2.2.0 is vulnerable to a denial of service attack, which can be exploited by malicious actors to crash the application. Attackers can achieve this by inputting a large buffer of 10,000 characters into the Event Description field, leading to an application crash. This vulnerability emp...

The Managed Switch Port Mapping Tool version 2.85.2 is susceptible to a denial of service vulnerability. Attackers can exploit this flaw by entering an oversized buffer, specifically a 10,000-character payload, into the IP Address and SNMP Community Name fields. This action can lead to a crash of...

AgataSoft PingMaster Pro version 2.1 is vulnerable to a denial of service attack caused by improper handling of input in the Trace Route feature. Attackers can exploit this flaw by entering an excessively long hostname—up to 10,000 characters—into the input field. This action can lead to a crash ...

PEEL Shopping version 9.3.0 has a stored cross-site scripting vulnerability affecting the 'Comments / Special Instructions' parameter on the purchase page. This vulnerability allows attackers to inject malicious JavaScript payloads that execute when the page is reloaded, potentially leading to th...

LogonExpert 8.1 is vulnerable to an unquoted service path issue in its LogonExpertSvc service, which operates with LocalSystem privileges. This vulnerability allows attackers to exploit improperly quoted paths, creating opportunities to place malicious executables in intermediate directories. If ...

Unified Remote version 3.9.0.2463 is susceptible to a remote code execution vulnerability that allows attackers to send specially crafted network packets. When exploited, this vulnerability enables the execution of arbitrary commands on the affected system. By connecting to port 9512, attackers c...

The unquoted service path vulnerability in Softros LAN Messenger version 9.6.4 affects the SoftrosSpellChecker service, allowing local attackers to exploit an improperly specified service path. By targeting the unquoted path located at 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spe...

Certain versions of Textpattern prior to 4.8.3 are susceptible to an authenticated remote code execution vulnerability. This flaw allows authenticated users to upload malicious PHP files, potentially enabling attackers to execute arbitrary commands on the server. By exploiting this weakness, an a...

The dataSIMS Avionics ARINC 664-1 version 4.5.3 includes a vulnerability that could be exploited through a local buffer overflow. By manipulating the milstd1553result.txt file, attackers may craft a malicious file with specific payload and alignment sections, enabling them to overwrite memory and...

The MyBB Trending Widget Plugin version 1.2 is susceptible to cross-site scripting attacks, allowing malicious actors to inject harmful scripts via thread titles. When users view the trending widget, the injected scripts execute, potentially leading to unauthorized access or data manipulation. Th...

The MyBB Thread Redirect Plugin version 0.2.1 is susceptible to a cross-site scripting vulnerability through its custom text input field for thread redirects. This security flaw allows attackers to insert malicious SVG scripts that can execute when other users access the affected thread. Such scr...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

n8n, an open-source workflow automation platform, has a Remote Code Execution vulnerability affecting specific versions. Authenticated users can inadvertently supply expressions that, under certain circumstances, are evaluated in a context insufficiently isolated from the runtime. This flaw enabl...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The Really Simple Security plugins for WordPress exhibit a vulnerability in versions 9.0.0 to 9.1.1.1, where improper error handling in the two-factor REST API actions allows unauthenticated attackers to gain access as any existing user on the site, including administrators. This vulnerability be...

The List Site Contributors plugin for WordPress is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability through the 'alpha' parameter. This issue arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject malicious scripts into pages...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The 'create core' API in Apache Solr, from versions 8.6 to 9.10.0, is affected by insufficient input validation on certain API parameters. This flaw permits unauthorized filesystem access, potentially allowing users to create cores using unexpected configuration sets if accessible. Particularly o...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

EduSoho versions earlier than 22.4.7 are susceptible to an arbitrary file read vulnerability through the classroom-course-statistics export functionality. This flaw allows attackers without authentication to exploit crafted path traversal sequences in the fileNames[] parameter, enabling them to a...

EduSoho versions earlier than 22.4.7 are susceptible to an arbitrary file read vulnerability through the classroom-course-statistics export functionality. This flaw allows attackers without authentication to exploit crafted path traversal sequences in the fileNames[] parameter, enabling them to a...

EduSoho versions earlier than 22.4.7 are susceptible to an arbitrary file read vulnerability through the classroom-course-statistics export functionality. This flaw allows attackers without authentication to exploit crafted path traversal sequences in the fileNames[] parameter, enabling them to a...

The vulnerability in VB-Audio's Voicemeeter and Matrix products arises from improper initialization of FILE_OBJECT->FsContext in their virtual audio drivers. An unprivileged local user can exploit this flaw by opening a handle with specific file attribute values. If the driver does not correctly ...

VB-Audio's Voicemeeter and Matrix products have a vulnerability in their virtual audio drivers that can lead to denial-of-service attacks. Specifically, improper exception handling in the driver allows a local unprivileged user to map non-paged pool memory into user space, potentially resulting i...

The VB-Audio Matrix and Matrix Coconut drivers are vulnerable to a local privilege escalation issue due to improper memory mapping in the vbmatrixvaio64*_win10.sys driver. An unprivileged attacker can exploit this by sending specific IOCTL commands that allow them to read and write kernel memory,...

VB-Audio's Voicemeeter and Matrix products are affected by a vulnerability in their virtual audio drivers. This flaw allows a local, unprivileged attacker to exploit a memory allocation issue, exposing a length value associated with the allocation. By corrupting this length, the attacker can trig...

An authentication bypass vulnerability exists in SmarterMail's password reset API, enabling unauthenticated attackers to reset administrator passwords without proper verification. This flaw allows attackers to submit a new password along with a target administrator username, facilitating unauthor...

A vulnerability has been identified in the Tenda AX1803 router, specifically within the 'fromGetWifiGuestBasic' function located in the '/goform/WifiGuestSet' file. This flaw occurs due to improper handling of input parameters, including 'guestWrlPwd', 'guestEn', 'guestSsid', 'hideSsid', and 'gue...

A vulnerability has been discovered in the Totolink NR1800X router, specifically affecting version 9.1.0u.6279_B20210910. This flaw is located in the 'setWizardCfg' function within the POST Request Handler of the /cgi-bin/cstecgi.cgi file. Attackers can exploit this weakness by manipulating the '...

A security vulnerability has been identified in the Totolink NR1800X router, specifically in the setTracerouteCfg function located within the /cgi-bin/cstecgi.cgi file. This vulnerability arises from improper handling of the argument command, which allows an attacker to inject arbitrary commands....

A use-after-free vulnerability in the Linux kernel's bridge subsystem can be exploited during router port configuration when multicast snooping is enabled. The glitch arises when a multicast router port gets re-added to the global list, despite being removed from it. This leads to memory manageme...

A vulnerability has been discovered in the Totolink NR1800X router, specifically within the setWanCfg function located in the /cgi-bin/cstecgi.cgi file. This issue allows for command injection through improper handling of the Hostname parameter, enabling remote attackers to execute malicious comm...

A security flaw exists in the Sangfor Operation and Maintenance Security Management System prior to version 3.0.12, specifically affecting the password recovery function. This vulnerability allows attackers to manipulate the 'flag' argument in the /fort/login/edit_pwd_mall endpoint, leading to we...