Github Exploits
3,729 exploits tracked across all sources.
ingress-nginx < 1.11.5 and 1.12.0 - Remote Code Execution via auth-url Annotation Injection
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
by lufeirider
Kubernetes ingress-nginx - Pod Network Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
by lufeirider
Kubernetes ingress-nginx mirror annotations - Controller Code Execution
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
by lufeirider
Lost and Found Information System 1.0 - Cross-Site Scripting via Page Parameter
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.
by Rezur0x7
CVSS 6.1
Lost and Found Information System 1.0 - SQL Injection via id Parameter
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.
by Rezur0x7
CVSS 9.8
Lost and Found Information System 1.0 - SQL Injection via id Parameter
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.
by Rezur0x7
CVSS 8.8
Lost and Found Information System 1.0 - Cross-Site Scripting via User Profile Name Fields
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
by Rezur0x7
CVSS 5.4
SysAid On-Prem <= 23.3.40 - XML External Entity
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
by watchtowrlabs
SysAid On-Prem <= 23.3.40 - XML External Entity
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
by watchtowrlabs
XWiki Admin Tools 4.4-4.5.1 - Cross-Site Request Forgery via Shell Command Execution
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the attacker can leave a comment on any page in the wiki it is sufficient to include an image with an URL like `/xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked` in the comment. When an admin views the comment, the file `/tmp/attacked` will be created on the server. The output of the command is also vulnerable to XWiki syntax injection which offers a simple way to execute Groovy in the context of the XWiki installation and thus an even easier way to compromise the integrity and confidentiality of the whole XWiki installation. This has been patched by adding a form token check in version 4.5.1 of the admin tools. Some workarounds are available. The patch can be applied manually to the affected wiki pages. Alternatively, the document `Admin.RunShellCommand` can also be deleted if the possibility to run shell commands isn't needed.
by Mehran-Seifalinia
Ninja Forms < 3.6.26 - Unauthenticated Reflected Cross-Site Scripting
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.
by Mehran-Seifalinia
ingress-nginx < 1.11.5 and 1.12.0 - Remote Code Execution via auth-url Annotation Injection
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
by hakaioffsec
Kubernetes ingress-nginx - Pod Network Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
by hakaioffsec
Kubernetes ingress-nginx mirror annotations - Controller Code Execution
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
by hakaioffsec
File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated Arbitrary File Read
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read the contents of arbitrary files on the server, which can contain sensitive information.
by whattheslime
CVSS 7.5
Ollama < 0.1.47 - Path Traversal via ZIP Archive Extraction
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
by pankass
Ivanti Endpoint Manager Cloud Services Appliance - Unauthenticated Path Traversal
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
by flyingllama87
yeti-platform <2.1.12 - Auth Bypass
yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).
by Somchandra17
Microsoft Defender < - Privilege Escalation
Microsoft Defender Security Feature Bypass Vulnerability
by ig-labs
OpenSSH - Denial of Service via Ping Packet Memory Exhaustion
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
by dolutech
Microsoft Edge Chromium < 133.0.3065.69 - Security Feature Bypass via URL Redirection
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
by toxy4ny
Prusa PrusaSlicer through 2.6.1 - Code Injection
In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.
by Pallangyo98
CVSS 5.3
changedetection.io <=0.45.20 - Remote Command Execution via Jinja2 SSTI
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
by Pallangyo98
CVSS 10.0
changedetection.io <=0.45.20 - Remote Command Execution via Jinja2 SSTI
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
by TU-M
CVSS 10.0
Microsoft 365 Apps and Office 2016-2019 - Remote Code Execution via Moniker Link
Microsoft Outlook Remote Code Execution Vulnerability
by Cyber-Trambon
CVSS 9.8
By Source