Text Exploits
31,383 exploits tracked across all sources.
Casdoor < 1.331.0 - Cross-Site Request Forgery via Password Reset Endpoint
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
by Van Lam Nguyen
CVSS 6.5
XWiki Platform - Remote Code Execution
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.
by Maksim Rogov
CVSS 9.8
Tourism Management System 2.0 - Unrestricted Shell Upload and Remote Code Execution
A Shell Upload vulnerability in Tourism Management System 2.0 allows an attacker to upload and execute arbitrary PHP shell scripts on the server, leading to remote code execution and unauthorized access to the system. This can result in the compromise of sensitive data and system functionality.
by Debug Security
CVSS 7.2
Concrete CMS 9.0-9.4.2 - Stored Cross-Site Scripting via Home Folder on Members Dashboard
Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page. Version 8 was not affected. A rogue admin could set up a malicious folder containing XSS to which users could be directed upon login. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks sealldev (Noah Cooper) for reporting via HackerOne.
by Chokri Hammedi
CVSS 4.8
Casdoor < 1.331.0 - Cross-Site Request Forgery via Password Reset Endpoint
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
by Van Lam Nguyen
CVSS 6.5
ClipBucket 5.5.2 Build 90 file_downloader.php - Remote Command Execution
An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter
by Mukundsinh Solanki (r00td3str0y3r)
CVSS 6.5
ClipBucket <5.5.0 - Unauthenticated File Upload
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler
by Mukundsinh Solanki (r00td3str0y3r)
CVSS 7.3
GeoVision GV-ASWeb <= 6.1.2.0 - Authenticated Remote Code Execution via Notification Settings
GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise.
by Giorgi Dograshvili
CVSS 8.8
GeoVision ASManager <6.2.0 - Info Disclosure
GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.
by Giorgi Dograshvili
CVSS 5.1
Lingdang CRM < 8.6.5.4 - SQL Injection via getvaluestring Parameter
A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 8.6.5.4 can resolve this issue. The affected component should be upgraded. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+."
by Beatriz Fresno Naumova
CVSS 6.3
Windows File Explorer - Info Disclosure
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
by Ruben Enkaoua
CVSS 6.5
Soosyze CMS 2.0 - Brute-Force Login via Unrestricted Authentication Attempts
Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts.
by Beatriz Fresno Naumova
CVSS 5.4
RiteCMS 3.0.0 - Cross-site Scripting
RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section.
by Gurjot Singh
CVSS 6.1
Mojo in Google Chrome <134.0.6998.177 - RCE
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
by nu11secur1ty
CVSS 8.3
Windows 10/11, Server 2008 - Privilege Escalation via QoS Scheduler TOCTOU
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
by nu11secur1ty
CVSS 7.8
Grav CMS 1.7.48 - Authenticated Remote Code Execution via Plugin Upload
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.
by /bin/neko
CVSS 8.1
VMware vCenter Server 8.0-8.0 U3e and Cloud Foundation 4.5.x-5.x - Reflected Cross-Site Scripting
VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.
by Imraan Khan (Lich-Sec)
CVSS 4.3
Microsoft Edge Chromium < 135.0.3179.98 - Unauthenticated Information Disclosure
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
by nu11secur1ty
CVSS 7.4
Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2008 - Local Code Execution via VHDX Integer Overflow
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
by nu11secur1ty
CVSS 7.8
Mezzanine CMS 6.1.0 - Stored Cross-Site Scripting via Blog Post Injection
A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post.
by Kevin Dicks
CVSS 4.8
Invision Community 4.7.20 - (calendar/view.php) SQL Injection
by Egidio Romano
Xlightftpd Xlight FTP Server 1.1 - DoS
A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560.
by Fernando Mengali
CVSS 5.3
Microsoft Edge - Cross-Site Scripting Filter Bypass via HTML Attribute Mishandling
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."
by nu11secur1ty
live_helper_chat < 4.61 - Stored Cross-Site Scripting via Operator Name Parameter
A stored cross-site scripting (XSS) vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter.
by Manojkumar J
CVSS 5.4
Live Helper Chat < 4.61 - Stored Cross-Site Scripting via Telegram Bot Username Parameter
A stored cross-site scripting (XSS) vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter.
by Manojkumar J
CVSS 5.4
By Source