Text Exploits
31,386 exploits tracked across all sources.
ThinkPHP < 3.2.4 - Remote Code Execution via Public Endpoint
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
by Yang Chenglong
CVSS 8.8
WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
by ed0x21son
Craft CMS 3.1.12 Pro - Stored Cross-Site Scripting in Header Insertion Field
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
by Ismail Tasdelen
CVSS 6.1
Bolt 3.6.4 - Cross-Site Scripting via Slug, Teaser, or Title Parameter
Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
by Ismail Tasdelen
CVSS 6.1
Raisecom ISCOM HT803G-U/-W/-1GE/GPON <2.0.0_140521_R4.1.47.002 - Co...
An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a system call in the firmware. Because there is no user input validation, this leads to authenticated code execution on the device.
by JameelNabbo
CVSS 7.8
FiberHome AN5506-04-F RP2669 - Cross-Site Scripting
FiberHome an5506-04-f RP2669 devices have XSS.
by Tauco
CVSS 5.4
Cisco Webex Meetings < 33.6.6 Authenticated OS Command Injection via Update Service
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools. This vulnerability is fixed in Cisco Webex Meetings Desktop App Release 33.6.6 and 33.9.1 releases. This vulnerability is fixed in Cisco Webex Productivity Tools Release 33.0.7.
by SecureAuth
CVSS 7.8
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads
by Google Security Research
Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
by Google Security Research
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
by Google Security Research
Google Chrome < M72 - PaymentRequest Service Use-After-Free
by Google Security Research
Google Chrome < M72 - FileWriterImpl Use-After-Free
by Google Security Research
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image
by Google Security Research
Linux Kernel 4.19-4.19.24 - Out-of-bounds Write in SNMP NAT Module
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
by Google Security Research
CVSS 7.8
J2Store 3.3.0-3.3.6 - SQL Injection via product_option[] Parameter
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
by Andrei Conache
CVSS 9.8
WebKitGTK < 2.23.90 and WebKitGTK+ < 2.22.6 - Buffer Overflow via Script Dialog Size Manipulation
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
by Dhiraj Mishra
CVSS 9.8
Advance Gift Shop Pro Script 2.0.3 SQL Injection via search
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.
by Mr Winst0n
CVSS 8.2
News Website Script 2.0.5 SQL Injection via index.php
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive database information.
by Mr Winst0n
CVSS 8.2
ZZZCMS zzzphp 1.6.1 - Remote Code Execution via Template Parser If Label
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
by Yang Chenglong
CVSS 7.2
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection
by Mr Winst0n
Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by Charles Fol
CVSS 8.1
Micro Focus Filr 3.x - Authenticated Path Traversal and Arbitrary File Read
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
by SecureAuth
CVSS 6.5
By Source