Text Exploits
31,386 exploits tracked across all sources.
WUZHI CMS 4.1.0 - CSRF
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
by jiguang
CVSS 8.8
Catapult UK Cookie Consent <2.3.10 - XSS
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
by B0UG
CVSS 5.4
Monstra CMS 3.0.4 - Unauthenticated Arbitrary File Deletion via Files Manager
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
by Wenming Jiang
CVSS 6.5
Adobe Flash Player < 29.0.0.113 - Heap Overflow
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 6.5
Adobe Flash Player < 29.0.0.113 - Out-of-bounds Write
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 29.0.0.113 - Out-of-bounds Write
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 29.0.0.113 - Out-of-bounds Read
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 6.5
WSO2 Identity Server < 5.5.0 - Stored Cross-Site Scripting via Dashboard
WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.
by SEC Consult
CVSS 5.4
NComputing vSpace Pro <11 - Info Disclosure
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
by Javier Bernardo
CVSS 7.5
Monstra CMS 3.0.4 - Stored Cross-Site Scripting in Blog Page Content
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
by Wenming Jiang
CVSS 4.8
Drupal Avatar Uploader 7.x-1.0-beta8 - Unauthenticated Path Traversal
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
by Larry W. Cashdollar
CVSS 7.5
Western Bridge Cobub Razor <0.8.0 - Info Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.
by Kyhvedn
CVSS 7.5
Western Bridge Cobub Razor 0.8.0 - Info Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.
by Kyhvedn
CVSS 5.3
Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.
by Sureshbabu Narvaneni
CVSS 5.3
PDFunite 0.41.0 Buffer Overflow via Malformed PDF
PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF file to the pdfunite utility.
by Hamm3r.py
CVSS 6.2
librsvg2-bin 2.40.13 - Malformed SVG Buffer Overflow
librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor.
by Hamm3r.py
CVSS 6.2
Geist WatchDog Console 3.2.2 - Authenticated Stored Cross-Site Scripting via Server Description
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
by bzyo
CVSS 4.8
Geist WatchDog Console 3.2.2 - Info Disclosure
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
by bzyo
CVSS 4.9
Geist WatchDog Console <3.2.2 - Info Disclosure
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
by bzyo
CVSS 7.8
Caldera Forms < 1.6.0-rc.1 - Stored Cross-Site Scripting via Greeting Message, Email Log, or Imported Form
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
by Federico Scalco
CVSS 4.8
Rvsitebuilder CMS - Database Backup Download
by Hesam Bazvand
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
by Keerati T.
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
by Keerati T.
Match Clone Script 1.0.4 - Cross-Site Scripting via Search Field
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).
by ManhNho
CVSS 6.1
By Source