Html Exploits
2,074 exploits tracked across all sources.
CyberPanel 1.8.4 - Cross-Site Request Forgery
by Bilgi Birikim Sistemleri
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
by XORcat
Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
by Google Security Research
NVIDIA GeForce Experience < 3.19 - Code Execution via Web Helper Input Validation
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
by Rhino Security Labs
CVSS 7.8
Internet Explorer - Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
by Simon Zuckerbraun
CVSS 7.5
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write
by Google Security Research
Intelbras IWR 1000N 1.6.4 - Information Disclosure via v1/system/user Endpoint
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
by Social Engineering Neo
CVSS 9.8
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery via v1/system/user
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
by Social Engineering Neo
CVSS 8.8
Msvod v10 - Cross-Site Request Forgery via admin/member/edit.html
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
by ax8
CVSS 6.5
74cms 5.0.1 - Cross-Site Request Forgery via Admin User Addition
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
by ax8
CVSS 8.8
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)
by Bogdan Kurinnoy
Bolt CMS 3.6.6 - Cross-Site Request Forgery to Remote Code Execution via File Upload
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
by FelipeGaspar
CVSS 8.8
Contact Form by WD 1.13.1 CSRF to Local File Inclusion
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint with directory traversal sequences in the GET action parameter to load files via CSRF, bypassing authentication on vulnerable AJAX actions.
by Peyman Forouzan
CVSS 4.0
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion
by Google Security Research
WebKitGTK+ - 'ThreadedCompositor' Race Condition
by Google Security Research
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion
by Google Security Research
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery via Wi-Fi Settings
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
by Vikas Chaudhary
CVSS 6.5
Firefox < 66.0.1 and ESR < 60.6.1 - Memory Corruption via IonMonkey JIT Compiler
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
by xuechiyaobai
CVSS 8.8
Internet Explorer - Remote Code Execution via VBScript Engine Memory Handling
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.
by Google Security Research
CVSS 7.5
Internet Explorer - Security Feature Bypass via VBScript Execution Policy
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.
by Google Security Research
CVSS 4.3
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
by LiquidWorm
PilusCart 1.4.1 - Cross-Site Request Forgery via User Creation Endpoint
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
by Gionathan Reale
CVSS 8.8
ChakraCore - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.
by Fahad Aid Alharbi
CVSS 7.5
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
by Mr Winst0n
By Source