Exploit Database

147,896 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-4500 WRITEUP MEDIUM
bagofwords1 bagofwords code_execution.py generate_df injection
A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used. Upgrading to version 0.0.298 will fix this issue. The name of the patch is 47b20bcda31264635faff7f6b1c8095abe1861c6. It is recommended to upgrade the affected component.
CVSS 6.3
CVE-2026-4505 WRITEUP MEDIUM
eosphoros-ai DB-GPT FastAPI Endpoint controller.py module_plugin.refresh_plugins unrestricted upload
A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py of the component FastAPI Endpoint. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2026-4506 WRITEUP MEDIUM
Mindinventory MindSQL mindsql_core.py ask_db code injection
A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function ask_db of the file mindsql/core/mindsql_core.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2026-4507 WRITEUP MEDIUM
Mindinventory MindSQL mindsql_core.py ask_db sql injection
A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function ask_db of the file mindsql/core/mindsql_core.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2026-4508 WRITEUP HIGH
PbootCMS Member Login MemberController.php checkUsername sql injection
A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVSS 7.3
CVE-2026-32941 NOMISEC MEDIUM
Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports
Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM (Out-of-Memory) vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an attacker-controlled 4-byte length prefix to allocate memory, with ServerMaxMessageSize allowing single allocations of up to ~2 GiB. A compromised implant or an attacker with valid credentials can exploit this by sending fabricated length prefixes over concurrent yamux streams (up to 128 per connection), forcing the server to attempt allocating ~256 GiB of memory and triggering an OS OOM kill. This crashes the Sliver server, disrupts all active implant sessions, and may degrade or kill other processes sharing the same host. The same pattern also affects all implant-side readers, which have no upper-bound check at all. The issue was not fixed at the the time of publication.
by skoveit
CVSS 6.5
CVE-2026-1492 NOMISEC CRITICAL
WordPress User Registration & Membership Plugin <=5.1.2 - Privilege Escalation
The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration.
by the8frust
CVSS 9.8
CVE-2021-29447 NOMISEC HIGH
WordPress 5.6.0-5.7.0 - Authenticated XML External Entity Injection via Media Library File Upload
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
by danilo1992-sys
CVSS 7.1
CVE-2025-11926 NOMISEC MEDIUM
Related Posts Lite <= 1.12 - Authenticated Stored Cross-Site Scripting via Admin Settings
The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
by prabhatverma47
CVSS 4.4
CVE-2026-0561 GITHUB MEDIUM shell
Shield Security Plugin <21.0.8 - XSS
The Shield Security plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 21.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
by Sechunt3r
CVSS 6.1
CVE-2024-44722 WRITEUP CRITICAL
SysAK < 2.0 - OS Command Injection via Command Parameter
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.
CVSS 9.8
CVE-2024-44722 WRITEUP CRITICAL
SysAK < 2.0 - OS Command Injection via Command Parameter
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.
CVSS 9.8
CVE-2025-67260 WRITEUP HIGH
Terrapack TkWebCoreNG 1.0.20200914 - Code Injection
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0.
CVSS 8.8
CVE-2025-10762 WRITEUP MEDIUM
kuaifan DooTask <1.2.49 - SQL Injection
A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS 6.3
CVE-2025-10762 WRITEUP MEDIUM
kuaifan DooTask <1.2.49 - SQL Injection
A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS 6.3
CVE-2024-34906 WRITEUP MEDIUM
dootask v0.30.13 - Arbitrary File Upload and Remote Code Execution via Crafted PDF File
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVSS 5.4
CVE-2026-29828 WRITEUP MEDIUM
dootask < 1.6.27 - Stored Cross-Site Scripting via Project Description Input
DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field projectDesc.
CVSS 6.1
CVE-2026-29828 WRITEUP MEDIUM
dootask < 1.6.27 - Stored Cross-Site Scripting via Project Description Input
DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/<id> page via the input field projectDesc.
CVSS 6.1
CVE-2026-30578 WRITEUP MEDIUM
File Thinghie 2.5.7 - Cross-Site Scripting via Dir Parameter
File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code.
CVSS 6.5
CVE-2026-30578 WRITEUP MEDIUM
File Thinghie 2.5.7 - Cross-Site Scripting via Dir Parameter
File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code.
CVSS 6.5
CVE-2026-30579 WRITEUP MEDIUM
File Thingie 2.5.7 - Stored Cross-Site Scripting via Uploaded Filename
File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload.
CVSS 6.5
CVE-2026-30579 WRITEUP MEDIUM
File Thingie 2.5.7 - Stored Cross-Site Scripting via Uploaded Filename
File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload.
CVSS 6.5
CVE-2026-30580 WRITEUP MEDIUM
File Thingie 2.5.7 - Path Traversal
File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system.
CVSS 4.3
CVE-2026-30580 WRITEUP MEDIUM
File Thingie 2.5.7 - Path Traversal
File Thingie 2.5.7 is vulnerable to Directory Traversal. A malicious user can leverage the "create folder from url" functionality of the application to read arbitrary files on the target system.
CVSS 4.3
CVE-2026-4486 WRITEUP HIGH
D-Link DIR-513 Web Service formEasySetPassword stack-based overflow
A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8