Github Exploits
1,000 exploits tracked across all sources.
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by Security-Phoenix-demo
5 stars
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by shyambhanushali
10 stars
Backdrop CMS <1.28.5-1.29.3 - XSS
An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within <img> tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting.
by moften
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by imbas007
1 stars
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by C00LN3T
2 stars
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by cybertechajju
22 stars
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by lincemorado97
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by arashiyans
1 stars
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by sumanrox
38 stars
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by StillSoul
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by nehkark
5 stars
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by onlylovetx
2 stars
Rejected
Rejected reason: This CVE is a duplicate of CVE-2025-55182.
by heiheishushu
7 stars
Liquidlabs Magicai - XSS
MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a multipart/form-data POST request. Due to insufficient input sanitization, attackers can inject HTML-based JavaScript payloads. This payload is stored and rendered unsanitized in subsequent views, leading to execution in other users' browsers when they access affected content. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially leading to session hijacking, privilege escalation, data exfiltration, or administrative account takeover. The application does not implement a Content Security Policy (CSP) or adequate input filtering to prevent such attacks. A fix should include proper sanitization, output encoding, and strong CSP enforcement to mitigate exploitation.
by xchg-rax-rax
CVSS 4.8
Avtech Dgm1104 Firmware - XSS
A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field.
by xchg-rax-rax
CVSS 6.1
Avtech Dgm1104 Firmware - Command Injection
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
by xchg-rax-rax
CVSS 8.8
Avtech Dgm1104 Firmware - Command Injection
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
by xchg-rax-rax
CVSS 6.5
NetScaler ADC/NetScaler Gateway - XSS
Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
by 7amzahard
8 stars
Nagios Log Server < 2026 - Incorrect Permission Assignment
Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to '/usr/local/nagioslogserver/scripts', while several scripts in this directory are owned by root and may be executed via sudo without a password. A local attacker running as 'www-data' can move one of these root-owned scripts to a backup name and create a replacement script with attacker-controlled content at the original path, then invoke it with sudo. This allows arbitrary commands to be executed with root privileges, providing full compromise of the underlying operating system.
by mcorybillington
CVSS 7.8
Fortinet Fortiweb < 7.0.12 - OS Command Injection
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
by lincemorado97
D-Link DIR-859 <A3 1.05 - Auth Bypass
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page.
by spicy-bear
CVSS 9.8
Sonicwall Sonicos < 7.1.1-7058 - Authentication Bypass
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
by spicy-bear
CVSS 9.8
N-able N-Central Authentication Bypass and XXE Scanner
N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
by horizon3ai
Linux-PAM - Privilege Escalation
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
by N3k0t-dev
Microsoft Windows Server 2012 - Insecure Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
by N3k0t-dev
By Source