Exploitdb Exploits
152 exploits tracked across all sources.
Firefox ESR < 60.7.2, Firefox < 67.0.4, Thunderbird < 60.7.2 - RCE
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.
CVSS 10.0
SolarWinds Orion NPM <10.3.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.
MyBB <1.8.26 - XSS
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
CVSS 6.1
(pending title)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4344. Reason: This candidate is a duplicate of CVE-2012-4344. Notes: All CVE users should reference CVE-2012-4344 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Blink1control2 < 2.2.7 - Broken Cryptographic Algorithm
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
by p1ckzi
CVSS 7.5
Google Chrome <78.0.3904.87 - Use After Free
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by Forrest Orr
CVSS 8.8
Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)
by samguy
Node-serialize < 0.0.4 - Insecure Deserialization
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
by Beren Kuday GÖRÜN
CVSS 9.8
Microsoft Internet Explorer - Use After Free
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
by SlidingWindow
CVSS 8.8
Microsoft Internet Explorer - Use After Free
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
by Forrest Orr
CVSS 7.5
Mozilla Firefox < 68.4.1 - Type Confusion
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1.
by Forrest Orr
CVSS 8.8
Xmind 2020 - XSS
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.
by TaurusOmar
CVSS 6.1
Pabloandumundu Tagstoo - XSS
Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer.
by TaurusOmar
CVSS 5.4
StudyMD 0.3.2 - XSS
StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.
by TaurusOmar
CVSS 7.2
SnipCommand 0.1.0 - XSS
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs.
by TaurusOmar
CVSS 6.1
Moeditor 0.2.0 - XSS
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on the victim's system.
by TaurusOmar
CVSS 7.2
Marky 0.0.1 - XSS
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution.
by TaurusOmar
CVSS 7.2
Markright 1.0 - XSS
Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim's system.
by TaurusOmar
CVSS 7.2
Markdownify 1.2.0 - XSS
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution.
by TaurusOmar
CVSS 7.2
Markdown Explorer 0.1.1 - XSS
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access.
by Taurus Omar
CVSS 6.1
Freeter 1.2.1 - XSS
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution.
by TaurusOmar
CVSS 7.2
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by r4j0x00
CVSS 6.5
Google Chrome < 83.0.4103.106 - Out-of-Bounds Write
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by r4j0x00
CVSS 8.8
MyBB <1.8.26 - SQL Injection
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
by SivertPL
CVSS 8.8
By Source