John

4 exploits Active since Jul 2001
CVE-2024-28823 WRITEUP MEDIUM WRITEUP
Amazon AWS aws-js-s3-explorer 1.0.0 - XSS
Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.
CVSS 6.1
CVE-2026-23523 WRITEUP CRITICAL WRITEUP
Dive <0.13.0 - Command Injection
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0.
CVSS 9.6
CVE-2001-1107 EXPLOITDB text WRITEUP
SnapStream PVS 1.2a - Info Disclosure
SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server.
CVE-2014-9034 EXPLOITDB php WORKING POC
WordPress Long Password DoS
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.