Inthewild Exploits
518 exploits tracked across all sources.
Sonicwall Sma 200 Firmware - Out-of-Bounds Write
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
CVSS 9.8
Sonicwall Sma 210 Firmware < 9.0.0.10-28sv - SQL Injection
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
CVSS 9.8
Qualcomm Aqt1000 Firmware - Improper Input Validation
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CVSS 9.8
Microsoft Windows 10 - Improper Privilege Management
Windows Installer Elevation of Privilege Vulnerability
CVSS 7.8
Apple Ipados < 13.4 - Denial of Service
The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.
CVSS 5.3
ppp <2.4.8 - Buffer Overflow
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
CVSS 9.8
WordPress <2.14.0 - CSRF
The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu.
CVSS 8.8
PHPGurukul Car Rental Project v1.0 - RCE
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.
CVSS 7.2
Safari <13.0.5 - CSRF
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing.
CVSS 4.3
Rocklobster Contact Form 7 < 5.3.2 - Unrestricted File Upload
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
CVSS 10.0
Rocklobster Contact Form 7 < 5.3.2 - Unrestricted File Upload
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
CVSS 10.0
Exim < 4.94.2 - Use After Free
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
CVSS 9.8
D-Link DCS-2530L <1.06.01 - Info Disclosure
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure.
CVSS 7.5
Inspur Clusterengine - Remote Code Execution
A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server
CVSS 9.8
SEOWON INTECH SLC-130,SLR-120S - RCE
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
CVSS 9.8
MSI AmbientLink MsIo64 driver 1.0.0.8 - Buffer Overflow
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
CVSS 7.8
MSI AmbientLink MsIo64 driver 1.0.0.8 - Buffer Overflow
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
CVSS 7.8
Windows Win32k - Privilege Escalation
Windows Win32k Elevation of Privilege Vulnerability
CVSS 7.0
Google Chrome < 86.0.4240.111 - Out-of-Bounds Write
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS 9.6
Jiangmin Antivirus <16.0.13.129 - DoS
In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440.
CVSS 5.5
Windows Jet Database Engine - RCE
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
CVSS 7.0
Windows WalletService - Privilege Escalation
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1344, CVE-2020-1369.
CVSS 7.8
Microsoft Windows 10 - Remote Code Execution
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.
CVSS 8.8
FasterXML jackson-databind <2.9.10.4 - Code Injection
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CVSS 8.8
Microsoft Windows - RCE
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
CVSS 8.8
By Source