Text Exploits
31,386 exploits tracked across all sources.
MyBB < 1.8.19 - Stored Cross-Site Scripting via Video MyCode in Visual Editor
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
by Numan OZDEMIR
CVSS 5.4
CWJoomla <2.0.7, <1.0.6 - SQL Injection
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
by Haboob Team
CVSS 9.8
RICOH Aficio MP 301 Printer - Cross-Site Scripting
by Ismail Tasdelen
Collectric CMU 1.0 SQL Injection via lang Parameter
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.
by Simon Brannstrom
CVSS 8.2
Google Chrome < 69.0.3497.81 - Use-After-Free in WebRTC via Crafted Video File
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
by Google Security Research
CVSS 8.8
Google Chrome < 69.0.3497.81 - Out-of-bounds Read in WebRTC Forward Error Correction
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
by Google Security Research
CVSS 8.8
Windows Kernel API - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
Windows 10 and Windows Server 2016 - Security Feature Bypass via Device Guard File Validation
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 3.3
Wechat Broadcast < 1.2.0 - Path Traversal via Image.php URL Parameter
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
by Manuel García Cárdenas
CVSS 9.8
Localize My Post 1.0 - Path Traversal via AJAX Include File Parameter
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
by Manuel García Cárdenas
CVSS 7.5
rcfilters 2.1.6 - Cross-Site Scripting via _whatfilter and _messages Parameters
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
by Fahimeh Rezaei
CVSS 5.4
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution via URI Handler
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.
by Che-Chun Kuo
CVSS 8.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
by Larry W. Cashdollar
CVSS 4.8
Arigato Autoresponder and Newsletter 2.5.0-2.5.1.5 - Authenticated Stored Cross-Site Scripting via POST Variable Classes
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
by Larry W. Cashdollar
CVSS 4.8
Arigato Autoresponder and Newsletter 2.5.0-2.5.1.4 - Stored XSS via filter_signup_date
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - SQL Injection
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
by Larry W. Cashdollar
CVSS 7.2
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
by Larry W. Cashdollar
CVSS 4.8
JCK Editor 6.4.4 - SQL Injection via jtreelink Parent Parameter
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
by Hamza Megahed
CVSS 9.8
By Source