Writeup Exploits

62,633 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-7414 WRITEUP CRITICAL
Hardcoded credentials in Yarbo robot firmware
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyone who knows them.
CVSS 9.8
CVE-2026-7413 WRITEUP HIGH
Persistent undocumented backdoor access in Yarbo robot
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates.
CVSS 7.2
CVE-2026-8080 WRITEUP MEDIUM
MISP core - Stored XSS in MISP template (old engine) element attribute type
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted arbitrary values for the TemplateElementAttribute type and category fields without validating them against the known MISP attribute type and category definitions. An attacker with permission to create or modify template element attributes could store a crafted type value. This affects the old templating (not more accessible in 2.5.37) engine from MISP which will be removed in 2.5.38
CVSS 5.4
CVE-2026-8081 WRITEUP MEDIUM
router-for-me CLIProxyAPI api_tools.go server-side request forgery
A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/api_tools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2011-3357 WRITEUP
MantisBT < 1.2.8 - Remote File Inclusion via Action Parameter
Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.
CVE-2011-3578 WRITEUP
MantisBT < 1.2.8 - Cross-Site Scripting via Action Parameter
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.
CVE-2011-4127 WRITEUP
Linux kernel <3.2.2 - Privilege Escalation
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
CVE-2011-4197 WRITEUP
pfSense <2.0.1 - SSL/TLS Privilege Escalation
etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.
CVE-2011-4341 WRITEUP
Symphony CMS <2.2.4 - SQL Injection
Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via the filter parameter to (1) symphony/publish/comments or (2) symphony/publish/images. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks via error messages. NOTE: some of these details are obtained from third party information.
CVE-2011-4596 WRITEUP
OpenStack Nova < 2011.3.1 - Authenticated Path Traversal via S3/RegisterImage Tarball or Manifest
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
CVE-2011-4715 WRITEUP
Koha < 3.4.7 and 3.6 < 3.6.1 and LibLime Koha < 4.2 - Path Traversal via KohaOpacLanguage Cookie
Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha 3.4 before 3.4.7 and 3.6 before 3.6.1, and LibLime Koha 4.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the KohaOpacLanguage cookie to cgi-bin/opac/opac-main.pl, related to Output.pm.
CVE-2011-4802 WRITEUP
Dolibarr < 3.1.0 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
CVE-2011-4814 WRITEUP
Dolibarr < 3.1.0 - Cross-Site Scripting via PATH_INFO and optioncss Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php.
CVE-2011-4885 WRITEUP
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-4958 WRITEUP
SilverStripe < 2.3.13 and 2.4.x < 2.4.6 - Cross-Site Scripting via QUERY_STRING to Template Placeholders
Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/.
CVE-2011-4959 WRITEUP
SilverStripe 2.3.x < 2.3.12 and 2.4.x < 2.4.6 - SQL Injection via MySQL Far East Character Encoding
SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-5035 WRITEUP
Oracle Glassfish < 3.1.1 - Denial of Service via Predictable Hash Collisions
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
CVE-2012-0038 WRITEUP MEDIUM
Linux Kernel < 3.1.9 - Denial of Service via Malformed ACL in xfs_acl_from_disk
Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow.
CVSS 5.5
CVE-2012-0045 WRITEUP
Linux Kernel < 3.2.14 - Denial of Service via KVM em_syscall Opcode Handling
The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file.
CVE-2012-0207 WRITEUP HIGH
Linux Kernel < 3.2.1 - Denial of Service via IGMP Packet Divide-By-Zero
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
CVSS 7.5
CVE-2012-0830 WRITEUP
PHP 5.3.9 - Remote Code Execution via Large Number of Variables
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
CVE-2012-0879 WRITEUP MEDIUM
Linux Kernel < 2.6.33 - Denial of Service via CLONE_IO Feature
The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.
CVSS 5.5
CVE-2012-0957 WRITEUP
Linux kernel <3.4.16 - Info Disclosure
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality.
CVE-2012-0973 WRITEUP
OSClass < 2.3.5 - SQL Injection via sCategory Parameter
Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.
CVE-2012-0974 WRITEUP
OSClass < 2.3.5 - Cross-Site Scripting via Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php.
By Source
All 62,633 Writeup 62,633 Exploitdb 50,076 Nomisec 22,505 Github 3,761 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,641 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,335 bash 462 java 371 c++ 261 javascript 231 shell 140 go 75 postscript 25 typescript 25