Exploitdb Exploits
50,076 exploits tracked across all sources.
Bang Resto 1.0 - SQL Injection via btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty Parameter
Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter.
by Rahad Chowdhury
CVSS 8.8
Microsoft 365 Apps and Office - Remote Code Execution via Heap-based Buffer Overflow
Microsoft Word Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 7.8
Linux Kernel < 6.3 - Microarchitectural Resource Sharing via IBRS STIBP Bypass
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.
This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
by nu11secur1ty
CVSS 5.6
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
by Rafael Cintra Lopes
Franklin Fueling Systems TS-550 - Default Password
by Parsa Rezaie Khiabanloo
InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.
by Zer0FauLT
CVSS 9.8
Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation
by LiquidWorm
Ever Gauzy 0.281.9 - JWT Authentication Bypass via Weak HMAC Secret
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.
by nu11secur1ty
CVSS 9.8
BrainyCP 1.0 - Authenticated Remote Code Execution via Crontab Configuration Injection
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port.
by Ahmet Ümit BAYRAM
CVSS 8.8
SourceCodester Online Computer and Laptop Store 1.0 - Unrestricted ...
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.
by Matisse Beckandt
CVSS 6.3
Microsoft Edge Chromium < 111.0.1661.41 - Authentication Bypass by Spoofing via Webview2
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
by nu11secur1ty
CVSS 8.2
Paradox Security Systems IPR512 - DoS
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.
by Giorgi Dograshvili
CVSS 7.5
ESET Endpoint Antivirus < 8.1.2062.0 - Local Privilege Escalation via File Deletion
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
by Milad karimi
CVSS 7.8
ActFax 10.10 - Privilege Escalation
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.
by Birkan ALHAN
CVSS 6.2
By Source