Ruby Exploits
6,001 exploits tracked across all sources.
Microsoft Exchange ProxyShell RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by Orange Tsai, Jang (@testanull), PeterJson, brandonshi123, mekhalleh (RAMELLA Sébastien), Donny Maasland, Rich Warren, Spencer McIntyre, wvu
CVSS 9.1
Microsoft Exchange Server - Security Feature Bypass via Unrestricted File Upload
Microsoft Exchange Server Security Feature Bypass Vulnerability
by Orange Tsai, Jang (@testanull), PeterJson, brandonshi123, mekhalleh (RAMELLA Sébastien), Donny Maasland, Rich Warren, Spencer McIntyre, wvu
CVSS 6.6
Microsoft Exchange ProxyNotShell RCE
Microsoft Exchange Server Elevation of Privilege Vulnerability
by Orange Tsai, Spencer McIntyre, DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q, Piotr Bazydło, Rich Warren, Soroush Dalili
CVSS 8.8
DotNetNuke < 9.1.1 - Remote Code Execution via Cookie Deserialization
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."
by Jon Park, Jon Seigel
CVSS 8.8
Dnnsoftware Dotnetnuke < 9.2.2 - Weak Encryption
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811.
by Jon Park, Jon Seigel
CVSS 7.5
Dnnsoftware Dotnetnuke < 9.2.1 - Weak Encryption
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters.
by Jon Park, Jon Seigel
CVSS 7.5
DNN 9.2-9.2.2 - Info Disclosure
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
by Jon Park, Jon Seigel
CVSS 7.5
Sami FTP Server 2.0.1 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
by Muhammad Ahmed Siddiqui, Critical Security, n30m1nd, aushack, bcoles
Symantec Endpoint Protection Manager < 11.0.7405.1424 and 12.1 < 12.1.4023.4080 - XML External Entity Injection
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Stefan Viehbock, Chris Graham
GiveWP Unauthenticated Donation Process Exploit
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2.
by Villu Orav, EQSTLab, cuokon, Julien Ahrens, Valentin Lobstein
CVSS 9.8
WordPress <= 5.0.3 - Authenticated Path Traversal via Image Crop Filename
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
by RIPSTECH Technology, Wilfried Becard <[email protected]>
CVSS 6.5
vtiger CRM 5.1.0-5.4.0 - Authentication Bypass via Improper Session Validation
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
by Egidio Romano, juan vazquez
CVSS 9.8
vtiger CRM 6.4.0 - Authenticated Remote Code Execution via Company Logo Upload
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
by Benjamin Daniel Mussler, Touhid M.Shaikh <[email protected]>, SecureLayer7.net
CVSS 7.3
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
CVSS 9.8
vBulletin 5.0.0-5.7.5 and 6.0.0-6.0.3 - Unauthenticated API Controller Method Invocation
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.
by Egidio Romano (EgiX), Valentin Lobstein
CVSS 10.0
PyTorch Model Server Registration and Deserialization RCE
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
by Idan Levcovich, Guy Kaplan, Gal Elbaz, Swapneil Kumar Dash, Spencer McIntyre
CVSS 8.3
Apache Tomcat 5.5.0-5.5.28 and 6.0.0-6.0.20 - Unauthenticated Privilege Escalation via Default Blank Admin Password
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
IBM Cognos Express 9.0 - Unauthenticated Denial of Service via Hardcoded Credentials
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
HP Operations Manager 8.10 - Unauthenticated Remote Code Execution via Tomcat Manager Upload
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
IBM Rational Quality Manager and Rational Test Lab Manager - Remote Code Execution via Default Tomcat ADMIN Password
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
HP Operations Manager - Remote Code Execution via Default Credentials and File Upload
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
Apache Tomcat 5.5.0-5.5.28 and 6.0.0-6.0.20 - Unauthenticated Privilege Escalation via Default Blank Admin Password
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
by jduck
IBM Cognos Express 9.0 - Unauthenticated Denial of Service via Hardcoded Credentials
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
by jduck
HP Operations Manager 8.10 - Unauthenticated Remote Code Execution via Tomcat Manager Upload
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
by jduck
IBM Rational Quality Manager and Rational Test Lab Manager - Remote Code Execution via Default Tomcat ADMIN Password
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
by jduck
By Source