Text Exploits
31,346 exploits tracked across all sources.
XMLBlueprint <16.191112 - XML External Entity Injection
XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload.
by Javier Olmedo
CVSS 8.1
Cups Easy (Purchase & Inventory) 1.0 - CSRF
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via userdelete.php.
by J3rryBl4nks
CVSS 6.5
Centreon 19.10.5 - 'centreontrapd' Remote Command Execution
by Fabien AUNAY
Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting
by LiquidWorm
Octeth Oempro - SQL Injection
Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
by Bruno de Barros Bulle
CVSS 9.8
Adive Framework 2.0.8 - CSRF
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
by Sarthak Saini
CVSS 8.8
macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image
by Google Security Research
Topmanage Olk Webstore - XSS
An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack.
by Joel Aviad Ossi
CVSS 6.1
Topmanage Olk Webstore - CSRF
In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts.
by Joel Aviad Ossi
CVSS 8.8
TP-Link TP-SG105E V4 - DoS
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.
by PCEumel
CVSS 7.5
Genexis Platinum-4410 <2.1 - Auth Bypass
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.
by Husinul Sanub
CVSS 9.8
KeePass Password Safe <2.44 - DoS
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
by Mustafa Emre Gül
CVSS 7.5
ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
by Ertebat Gostar Co
Adive Framework 2.0.8 - CSRF
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
by Sarthak Saini
CVSS 8.8
Adive Framework 2.0.8 - XSS
Adive Framework 2.0.8 has admin/user/add userName XSS.
by Sarthak Saini
CVSS 6.1
Adive Framework 2.0.8 - XSS
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
by Sarthak Saini
CVSS 6.1
Easy XML Editor <1.7.8 - XML External Entity Injection
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
by Javier Olmedo
CVSS 8.1
Trend Micro Maximum Security 2019 - Privilege Escalation
by hyp3rlinx
Trend Micro Maximum Security 2019 - Arbitrary Code Execution
by hyp3rlinx
By Source