Text Exploits
31,383 exploits tracked across all sources.
Anchor CMS 0.12.7 - Stored Cross-Site Scripting via Page Description Field
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
by /bin/neko
CVSS 5.4
FreeFloat FTP Server 1.0 - Buffer Overflow
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by Fernando Mengali
CVSS 7.3
CloudClassroom-PHP-Project v1.0 - SQL Injection via Registration Form Pass Parameter
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
by Sanjay Singh
CVSS 7.3
ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)
by LiquidWorm
DIGITS: WordPress Mobile <8.4.6.1 - Info Disclosure
The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.
by Saleh Tarawneh
CVSS 9.8
Campcodes Online Hospital Management System 1.0 - SQL Injection via fromdate/todate Parameter
A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by Carine Constantino
CVSS 7.3
Broadcom Automic Automation Agent Unix <24.3.0 HF4-21.0.13 HF1 - Pr...
Broadcom Automic
Automation Agent Unix versions <
24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution
rights on the agent executable to escalate their privileges.
by Flora Schäfer
ASPECT-Enterprise <3.* - Binary Planting
DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
by LiquidWorm
CVSS 6.8
OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation
Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82.
by Abdualhadi khalifa
CVSS 9.8
ERPNEXT 14.82.1 and 14.74.3 - Cross-Site Request Forgery
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections.
by Ahmed Thaiban
CVSS 8.1
Grokability Snipe-IT <8.1.0 - Info Disclosure
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
by Sn1p3r-H4ck3r
CVSS 5.0
Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
by hyp3rlinx
Windows 10 1507-22H2 and Windows 11 22H2 - Unauthenticated Spoofing via NTLM File Path Control
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
by hyp3rlinx
CVSS 6.5
Online Exam Mastering System 1.0 - Cross-Site Scripting via Feedback q Parameter
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code.
by Pruthu Raut
CVSS 6.1
Langflow AI - Unauthenticated Remote Code Execution
Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.
by VeryLazyTech
CVSS 9.8
AnyDesk 7.0.15,9.0.1 - Code Injection
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.
by Parastou Razi
ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal
by LiquidWorm
ABB ASPECT/ENT/NEXUS/MATRIX Firmware < 3.08.03 - Unauthenticated Remote Code Execution
Unauthorized Access vulnerabilities allow Remote Code Execution.
Affected products:
ABB ASPECT - Enterprise v3.08.02;
NEXUS Series v3.08.02;
MATRIX Series v3.08.02
by LiquidWorm
CVSS 10.0
compop.ca ONLINE MALL 3.5.3 - Remote Code Execution via rid, tid, et, and ts Parameters
An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.
by dmlino
CVSS 9.8
PHPGurukul Blood Bank & Donor Management System 2.4 - Cross-Site Request Forgery in /logout.php
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
by Kwangyun Keum
CVSS 4.3
TP-Link VN020 F3v(T) TT_V6.2.1021 - DoS
A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.
by Mohamed Maatallah
CVSS 6.5
KodExplorer 4.52 - Open Redirect via User Login Link Parameter
KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.
by Rahad Chowdhury
CVSS 6.1
Software AG webMethods <10.15.0 - Info Disclosure
The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.
by Rasime Ekici
CVSS 7.5
By Source