Text Exploits
31,386 exploits tracked across all sources.
Qualcomm Snapdragon Firmware - Use-After-Free via Race Condition in set_page_dirty()
Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24
by Google Security Research
CVSS 8.1
EquityPandit 1.0 Insecure Logging Information Disclosure
EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing user account credentials.
by ManhNho
CVSS 7.5
Phraseanet 4.0.3 - Authenticated Stored Cross-Site Scripting via Document Upload
Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or redirecting users when the file is viewed.
by Krzysztof Szulski
CVSS 6.4
Petraware pTransformer ADC <2.1.7.22827 - SQL Injection
Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.
by Faudhzan Rahman
CVSS 7.8
Deltek Maconomy 2.2.5 - Path Traversal
Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.W_MCS/ PATH_INFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS/etc/passwd URI.
by JameelNabbo
CVSS 9.8
Typora <0.9.9.24.6 - Path Traversal
Typora 0.9.9.24.6 on macOS allows directory traversal, for execution of arbitrary programs, via a file:/// or ../ substring in a shared note.
by Dhiraj Mishra
CVSS 7.8
Windows Kernel - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.
by Google Security Research
CVSS 7.8
Windows AppX Deployment Service - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
by SandboxEscaper
CVSS 7.8
Nagios XI 5.6.1 - SQL Injection via Username Parameter in Password Reset Form
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass (aka the reset password form). NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that can be done with the variable provided, and while the username value being passed does get used in a SQL query, it is passed through SQL escaping functions when creating the call. The vendor tried re-creating the issue with no luck
by JameelNabbo
CVSS 9.8
iPhone OS < 12.3 - Remote Code Execution via Use-After-Free
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.
by Google Security Research
CVSS 9.8
RarmaRadio 2.72.3 Server Field Buffer Overflow Denial of Service
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field via the Settings menu to trigger an application crash.
by Victor Mondragón
CVSS 6.2
RarmaRadio 2.72.3 Username Field Denial of Service
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an application crash.
by Victor Mondragón
CVSS 6.2
Horde Groupware < 5.2.22 - Cross-Site Request Forgery via treanBookmarkTags Parameter
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
by InfinitumIT
CVSS 8.8
Horde Groupware Webmail Edition <5.2.22 - XSS
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
by InfinitumIT
CVSS 6.1
Microsoft Windows (x86) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation
by SandboxEscaper
Windows Error Reporting - Privilege Escalation
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
by SandboxEscaper
CVSS 7.8
Zoho ManageEngine ServiceDesk Plus <10.5 - Info Disclosure
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
by Vingroup
CVSS 6.5
Zoho ManageEngine ServiceDesk Plus 9.3 - XSS
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
by Vingroup
CVSS 6.1
Carel pCOWeb < B1.2.4 - Stored Cross-Site Scripting in System Contact Field
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
by Luca.Chiou
CVSS 5.4
Carel pCOWeb <B1.2.4 - Info Disclosure
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.
by Luca.Chiou
CVSS 8.8
AUO Solar Data Recorder <1.3.0 - XSS
Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter.
by Luca.Chiou
CVSS 5.4
Moodle Jmol Plugin < 6.1 - Reflected Cross-Site Scripting via jsmol.php Data Parameter
A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript in the victim's browser by crafting a malicious link. This can be used to hijack user sessions or manipulate page content. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
by Dionach Ltd
CVSS 6.1
Moodle LMS Jmol plugin <6.1 - Path Traversal
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
by Dionach Ltd
CVSS 7.5
By Source