Text Exploits
31,346 exploits tracked across all sources.
FreshRSS 1.11.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.
by Netsparker
CVSS 6.1
DomainMOD <4.11.01 - XSS
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
by Mohammed Abdul Raheem
CVSS 4.8
DomainMOD <4.11.01 - XSS
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
by Mohammed Abdul Raheem
CVSS 4.8
DomainMOD <4.11.01 - XSS
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
by Mohammed Abdul Raheem
CVSS 4.8
DomainMOD <4.11.01 - XSS
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
by Mohammed Abdul Raheem
CVSS 5.4
Dolibarr ERP/CRM <8.0.3 - XSS
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.
by AkkuS
CVSS 6.1
Wireshark <2.6.5-2.4.11 - Buffer Overflow
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
by Google Security Research
CVSS 7.5
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
by Google Security Research
Rockwellautomation Powermonitor 1000 Firmware - Authentication Bypass
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
by Luca.Chiou
CVSS 8.1
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Code Injection
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâs web browser to gain access to the affected device.
by Luca.Chiou
CVSS 6.1
Mozilla Firefox 63.0.1 - Denial of Service (PoC)
by SAIKUMAR CHEBROLU
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
by Loading Kura Kura
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
by Javier Olmedo
Synaccess netBooter NP-02x/NP-08x 6.8 - Auth Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.
by LiquidWorm
CVSS 9.8
PHPOffice PhpSpreadsheet <1.5.0 - XSS
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
by Alex Leahu
CVSS 8.8
Easy Testimonials <3.2 - XSS
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.
by En_dust
CVSS 6.1
Abisoftgt Ticketly - SQL Injection
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
by Javier Olmedo
CVSS 9.8
WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter
WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based blind, and stacked query attacks against the backend database.
by AkkuS
CVSS 8.2
By Source