Publicly Disclosed
PoC Exploits

In certain versions of Splunk Enterprise and Splunk Cloud Platform, an unauthenticated user may exploit a flaw in the PostgreSQL sidecar service endpoint, enabling them to create or truncate arbitrary files. This vulnerability arises from the absence of proper authentication mechanisms on the end...

The Iptanus File Upload WordPress plugin prior to version 5.1.7 is susceptible to a vulnerability that arises from improper file handling. Specifically, when the duplicatepolicy setting is configured to 'maintain both', a Time-of-Check to Time-of-Use (TOCTOU) race condition occurs between the fil...

A remote code execution vulnerability found in React Server Components allows attackers to exploit improperly handled payloads. This issue affects versions 19.0.0 through 19.2.0, compromising server function endpoints through unsafe deserialization of HTTP request payloads. As a result, this flaw...

A vulnerability in the CodeAstro Student Attendance Management System 1.0 has been identified, specifically within the function located at /attendance-php/Admin/createStudents.php. This flaw allows for SQL injection through manipulated input of the admissionNumber argument. As a result, attackers...

A security issue has been identified in the D-Link DCS-935L HD Wi-Fi Camera where the snprintf function within the HTTP Handler component is vulnerable to format string manipulation. Specifically, this vulnerability allows attackers to exploit arguments incorrectly, potentially leading to remote ...

The Windows Composite Image File System (CimFS) is impacted by a vulnerability that allows an attacker to potentially elevate their privileges on affected Microsoft products. This elevation of privilege vulnerability can enable unauthorized access to system resources, posing a risk for exploitati...

The Nefteprodukttekhnika BUK TS-G Gas Station Automation System versions 2.9.1 through 2.10.2 on Linux presents an Improper Authentication flaw within its system configuration module. The /php/ajax-login.php endpoint reveals the administrator's user ID in response to any HTTP POST request contain...

A Cross-Site Request Forgery vulnerability exists in JupyterHub versions 4.1.0 to 5.4.4, where the implementation of XSRF protection fails to properly validate requests flagged with Sec-Fetch-Mode: no-cors. This allows attackers to bypass XSRF safeguards on HTTP form endpoints, notably /hub/spawn...

Dagster, an orchestration platform for managing data assets, has a vulnerability in its handling of dynamic partition keys. In versions prior to 1.13.1 for Dagster Core and 0.29.1 for its libraries, the system allowed the construction of SQL WHERE clauses that lacked proper escaping. This flaw en...

A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...

Certain versions of the Django web framework, specifically 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, exhibit a vulnerability due to the caching of parsed Accept-Language headers. This caching mechanism is intended to enhance performance by avoiding repetitive parsing. However, wh...

The Store Locator plugin for WordPress prior to version 1.6.9 fails to adequately sanitize and escape the metadata for store logos before saving and displaying it. This gap allows users with administrative privileges to execute Stored Cross-Site Scripting (XSS) attacks, even in scenarios where th...

The Store Locator plugin for WordPress prior to version 1.6.9 is susceptible to a path traversal vulnerability. This issue arises from improper validation of parameters used in file paths, permitting high-privilege users, such as administrators, to access sensitive files on the server. Malicious ...

A security flaw in Cisco Unified Communications Manager and its Session Management Edition allows unauthenticated remote attackers to exploit server-side request forgery (SSRF). By sending a specially crafted HTTP request, attackers may manipulate the affected device, leading to unauthorized file...

A security feature bypass vulnerability exists in Microsoft Windows, referred to as 'YellowKey.' This flaw could allow unauthorized access to restricted features, compromising system integrity. A proof of concept has been publicly released, contrary to established security practices. Users are ad...

A deserialization vulnerability exists in Jenkins versions 2.567 and earlier, including LTS version 2.555.2 or earlier. This flaw can allow attackers to control the deserialization of arbitrary types through a maliciously crafted `config.xml` submission. Once exploited, this vulnerability opens a...

The Saleor e-commerce platform exhibits an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated users to retrieve sensitive information in plain text. Specifically, orders created prior to Saleor version 3.2.0 can have personally identifiable information (PII) exfiltrat...

A vulnerability has been detected in the CodeAstro Human Resource Management System version 1.0 that allows an SQL injection attack in the Invoice function of the Payroll.php controller. Manipulation of the ID argument permits attackers to execute arbitrary SQL commands. This flaw presents a sign...

A security flaw has been identified in the CodeAstro Human Resource Management System 1.0 that allows for cross-site scripting (XSS) attacks through the manipulation of the 'protitle' argument in the Projects Management Page. This vulnerability can be exploited remotely, potentially compromising ...

A cross site scripting vulnerability exists in CodeAstro's Human Resource Management System version 1.0, specifically within the Dashboard Interface component in the file /dashboard/add_tod. The issue arises due to inadequate input validation of the todo_data argument. This flaw permits remote at...

A command injection vulnerability exists in PAN-OS software that allows authenticated administrators to bypass system restrictions, enabling the execution of arbitrary commands with root user privileges. To exploit this vulnerability, access to the PAN-OS Command Line Interface (CLI) or Web UI is...

The Advanced Custom Fields: Extended plugin for WordPress is susceptible to a privilege escalation vulnerability due to a validation bypass in the after_validate_save_post() function. This function improperly trusts the attacker-controlled _acf_post_id POST parameter, which allows unauthorized us...

Versions 5.5.15 and earlier of SimpleHelp, along with pre-release 6.0 versions, are susceptible to an authentication bypass vulnerability in the OIDC authentication process. When configured to use OIDC authentication, the system fails to validate the cryptographic signatures of identity tokens du...

A vulnerability has been identified in PbootCMS versions up to 3.2.12, specifically in the Password Handler function 'retrieve' within the MemberController.php file. This flaw allows for the manipulation of input parameters such as username, password, email, and checkcode, leading to a compromise...

A vulnerability exists in the Groww Stock, Mutual Fund, Gold App for Android, specifically within the WebView URL Handler component. This flaw allows for improper authorization related to handling custom URL schemes, enabling potential exploitation of user data on affected devices. Attackers may ...

A vulnerability exists in Oracle's PeopleSoft Enterprise PeopleTools that potentially allows an unauthenticated attacker to gain unauthorized access via HTTP, compromising the integrity and confidentiality of the system. If exploited, this could enable a malicious actor to take full control over ...

A SQL injection vulnerability has been identified in the Vendor XYZ plugin for WordPress, allowing attackers to execute arbitrary SQL queries. This could result in unauthorized access to sensitive information and potential data breaches. It is crucial for users to update their plugins to the late...

The Secure Copy Content Protection and Content Locking plugin for WordPress prior to version 5.1.5 is vulnerable due to inadequate sanitization and escaping of certain settings. This oversight allows high privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attack...

A flaw in the JCE editor extension for Joomla permits unauthorized users to create new editor profiles. This malicious capability exposes the site to risks, including the ability to upload PHP code and execute it, potentially leading to a full compromise of the website security. Site administrato...

An OS Command Injection vulnerability exists in Ivanti Sentry versions before R10.5.2, R10.6.2, and R10.7.1, allowing an unauthenticated remote attacker to execute arbitrary commands with root privileges. This high-risk vulnerability could potentially compromise the integrity and security of the ...

The UpdraftPlus: WP Backup & Migration Plugin for WordPress has a vulnerability that allows unauthenticated attackers to bypass authentication mechanisms. This occurs due to inadequate validation of remote communications messages in the UpdraftPlus_Remote_Communications_V2::wp_loaded function. At...

An issue exists whereby processing a specially crafted PKCS#7 or S/MIME signed message can trigger a use-after-free condition during signature verification, possibly leading to crashes or memory corruption. The vulnerability arises when the SignedData digestAlgorithms field is empty, causing Open...

A vulnerability exists in CMS Made Simple version 2.2.8, where the News module can be exploited through a specially crafted URL, allowing an unauthenticated attacker to perform blind time-based SQL injection utilizing the m1_idlist parameter. This can potentially expose sensitive information and ...

A vulnerability exists in Microsoft's Windows BitLocker that allows unauthorized users to bypass crucial security features through physical attacks. This weakness could lead to potential data breaches, as attackers could exploit this flaw to gain unauthorized access to protected data. It is imper...

A vulnerability in PHPUnit's eval-stdin.php script prior to versions 4.8.28 and 5.6.3 permits remote attackers to execute arbitrary PHP code. This occurs through crafted HTTP POST requests containing PHP code snippets that initiate execution, particularly when /vendor folders are publicly accessi...

A significant use-after-free vulnerability has been identified in Apple’s iOS and macOS products, impacting versions prior to the latest updates. This flaw arises due to improper memory management, allowing maliciously crafted web content to trigger arbitrary code execution. Apple has acknowledge...

An OS Command Injection vulnerability exists in Ivanti Sentry versions before R10.5.2, R10.6.2, and R10.7.1, allowing an unauthenticated remote attacker to execute arbitrary commands with root privileges. This high-risk vulnerability could potentially compromise the integrity and security of the ...

A vulnerability exists in the ngx_http_rewrite_module of NGINX Plus and NGINX Open Source, triggered when a rewrite directive is followed by an if or set directive that includes a Perl-Compatible Regular Expression (PCRE) capture and a replacement string with a question mark. Attackers can exploi...

A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...

A vulnerability exists in Arista EOS that affects devices with tunnel decapsulation configurations, such as VXLAN and GRE. The issue arises when the switch fails to verify the tunnel protocol type during the decapsulation process, allowing it to incorrectly process and forward unexpected tunneled...

A vulnerability present in the CLI of multiple Cisco Catalyst SD-WAN products allows an authenticated local attacker with netadmin privileges to execute arbitrary commands as the root user. This flaw arises from inadequate validation of user-supplied input, enabling an attacker to upload a specia...

An out of bounds read and write vulnerability exists in the V8 engine of Google Chrome prior to version 149.0.7827.103, allowing remote attackers to execute arbitrary code within a sandbox environment by utilizing a specially crafted HTML page. This vulnerability poses a significant risk, as it c...

The Discord Client contains a local privilege escalation vulnerability that enables local attackers to gain elevated privileges by exploiting the discord_rpc module. By triggering this vulnerability, an attacker with access to execute low-privileged code can manipulate the application's file load...

A memory allocation issue exists in Apache HTTP Server's mod_http module, which can lead to denial of service when an attacker sends crafted HTTP requests with excessive size values. This vulnerability affects a wide range of Apache HTTP Server versions, making it critical for users to implement ...

Multiple versions of Drupal, including those prior to 7.58 and various 8.x releases, are susceptible to a vulnerability that permits remote attackers to execute arbitrary code. This exploit takes advantage of configuration flaws in several subsystems, particularly those using default or common mo...

GLPI, a widely used asset and IT management software, is susceptible to SQL injection due to vulnerabilities in its Computer Virtual Machine form and inventory request feature. This flaw allows attackers to manipulate database queries, potentially compromising sensitive data. Users are encouraged...

A potential vulnerability exists in the ServiceNow AI Platform, which may allow an unauthenticated user to execute arbitrary code in the ServiceNow Sandbox under specific conditions. ServiceNow has released security updates to address this issue for both hosted and self-hosted customers. Users ar...

The IO::Compress module for Perl is vulnerable to arbitrary code execution due to its handling of user-supplied output glob strings. When the _parseOutputGlob() method wraps these strings in double quotes, it can inadvertently allow an attacker to inject Perl code. The vulnerability resides in th...

SolarWinds Serv-U is vulnerable to a denial of service attack in which specially crafted POST requests can crash the Serv-U service without requiring authentication. This vulnerability arises from the handling of the Content-Encoding: deflate header, which can lead to service disruption. Users ar...

A security flaw exists in the Next.js framework that allows an attacker to bypass authorization checks if such checks are implemented in middleware. This vulnerability arises in versions prior to 14.2.25 and 15.2.3. To mitigate risk, it is recommended to restrict incoming requests that include th...