Text Exploits
31,386 exploits tracked across all sources.
Blackcat CMS 1.4 - Authenticated Remote Code Execution via jQuery Plugin Manager
Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter.
by Mirabbas Ağalarov
CVSS 7.2
Blackcat CMS 1.4 - Authenticated Stored Cross-Site Scripting via Page Modification
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page.
by Mirabbas Ağalarov
CVSS 5.4
CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS)
by Mirabbas Ağalarov
CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI)
by Mirabbas Ağalarov
CmsMadeSimple v2.2.17 - Remote Code Execution (RCE)
by Mirabbas Ağalarov
Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS)
by Mirabbas Ağalarov
TP-Link TL-WR740N - Authenticated Directory Transversal
by Anish Feroz
Winter CMS < 1.2.3 - Authenticated Stored Cross-Site Scripting via SVG Logo Upload
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually.
by abhishek morla
CVSS 2.0
ProjeQtOr Project Management System v10.4.1 - Multiple XSS
by Mirabbas Ağalarov
News Portal v4.0 - SQL Injection (Unauthorized)
by Hubert Wojciechowski
Cisco UCS Director Unauthenticated Remote Code Execution
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.
by Fatih Sencer
CVSS 9.8
Frappe Framework ERPNext 13.4.0 Remote Code Execution
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the gi_frame attribute to traverse the call stack and invoke os.popen to execute system commands.
by Sander Ferdinand
CVSS 8.8
Ateme TITAN File 3.9.12.4 - Authenticated Server-Side Request Forgery via Job Callback URL Parameter
Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations.
by LiquidWorm
CVSS 6.5
Netlify CMS 2.10.192 - Stored Cross-Site Scripting via New Post Body Parameter
A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.
by tmrswrr
CVSS 5.4
IP-DOT BuildaGate <v.BuildaGate5 - XSS
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL.
by Idan Malihi
CVSS 6.1
Windows 10, 11, and Server - Remote Code Execution
HTTP Protocol Stack Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 9.8
Faculty Evaluation System v1.0 - SQL Injection
by Andrey Stoykov
Microsoft Outlook - Remote Code Execution
Microsoft Outlook Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 8.8
Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)
by Okan Kurtulus
Microsoft Edge Chromium < 114.0.1823.51 - Information Disclosure
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
by nu11secur1ty
CVSS 6.5
By Source