Exploitdb Exploits
2,012 exploits tracked across all sources.
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
Apple Safari < 12 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
Apple Safari < 12 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
Internet Explorer <11 - Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
by Google Security Research
CVSS 7.5
Plainview Activity Monitor < 20180826 - OS Command Injection
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by Lydéric Lefebvre
CVSS 8.8
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
by r3m0t3nu11
Creatiwity wityCMS 0.6.2 - CSRF
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.
by Porhai Eung
CVSS 8.8
Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak
by Google Security Research
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
by Google Security Research
Microhard Systems IPn4G 1.1.0 - CSRF
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.
by LiquidWorm
CVSS 6.5
G DATA Total Security <25.4.0.3 - Buffer Overflow
The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument.
by Filipe Xavier Oliveira
CVSS 8.8
Tor < 0.3.2.10 - Use After Free
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
by t4rkd3vilz
CVSS 7.5
Damicms - CSRF
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
by bay0net
CVSS 8.8
BEESCMS 4.0 - CSRF
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
by bay0net
CVSS 8.8
LFCMS 3.7.0 - CSRF
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
by bay0net
CVSS 8.8
LFCMS 3.7.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
by bay0net
CVSS 8.8
Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User)
by L0RD
Maccms 10 - CSRF
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
by bay0net
CVSS 8.8
Apple Safari < 11.1.1 - Out-of-Bounds Read
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.
by Google Security Research
CVSS 8.8
Apple Safari < 11.1.1 - Use After Free
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.
by Google Security Research
CVSS 8.8
By Source