Exploit Database

125,823 exploits tracked across all sources.

Sort: Activity Stars

CVE-2025-55182 NOMISEC CRITICAL

React Server Components <19.2.0 - RCE

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

by devianntsec

CVSS 10.0

View

CVE-2023-4863 NOMISEC HIGH

Google Chrome <116.0.5845.187 - Buffer Overflow

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

by jpselva

CVSS 8.8

View

CVE-2022-1026 NOMISEC HIGH

Kyocera Net Viewer - Insufficiently Protected Credentials

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.

by D4RKMATT3R

CVSS 8.6

View

CVE-2017-0144 NOMISEC HIGH

Microsoft Server Message Block < 4.0e - Remote Code Execution

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

by ichhyak22

CVSS 8.8

View

CVE-2026-41651 WRITEUP HIGH

PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5. A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`: 1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING. 2. Silent state-transition rejection (lines 873–882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` → `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags. 3. Late flag read at execution time (lines 2273–2277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags.

CVSS 8.8

View

CVE-2026-6355 WRITEUP MEDIUM

Augmentt < 1.0 - IDOR

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration.

CVSS 6.5

View

CVE-2026-6356 WRITEUP CRITICAL

Augmentt 1.0 - Privilege Escalation

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.

CVSS 9.6

View

CVE-2026-21876 NOMISEC CRITICAL

OWASP CRS <4.22.0-3.3.8 - Info Disclosure

The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.

by CVEs-Labs

CVSS 9.3

View

CVE-2020-8956 METASPLOIT LOW ruby

Pulse Secure Desktop Client <9.0R5, <9.1R4 - Info Disclosure

Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled.

CVSS 3.3

View

CVE-2020-9934 METASPLOIT MEDIUM ruby

Apple Ipados < 13.6 - Denial of Service

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.

by mattshockl, timwr

CVSS 5.5

View

CVE-2018-12465 METASPLOIT CRITICAL ruby

Micro Focus SMG <471 - Command Injection

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).

by Mehmet Ince <[email protected]>

CVSS 9.1

View

CVE-2024-28185 METASPLOIT CRITICAL ruby

Judge0 - Code Injection

Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.

by Tanto Security, Takahiro Yokoyama

CVSS 10.0

View

CVE-2024-21887 METASPLOIT CRITICAL ruby

Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

by sfewer-r7

CVSS 9.1

View

CVE-2024-21893 METASPLOIT HIGH ruby

Ivanti SAML - Server Side Request Forgery (SSRF)

A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.

by sfewer-r7

CVSS 8.2

View

CVE-2024-21888 METASPLOIT HIGH ruby

Ivanti Connect Secure - Improper Privilege Management

A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.

by sfewer-r7

CVSS 8.8

View

CVE-2023-36661 METASPLOIT HIGH ruby

Shibboleth XMLTooling <3.2.4 - SSRF

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

by sfewer-r7

CVSS 7.5

View

CVE-2024-21887 METASPLOIT CRITICAL ruby

Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection

by sfewer-r7

CVSS 9.1

View

CVE-2020-4429 METASPLOIT CRITICAL ruby

IBM Data Risk Manager - Hard-coded Credentials

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.

CVSS 9.8

View

CVE-2020-4427 METASPLOIT CRITICAL ruby

IBM Data Risk Manager < 2.0.6.1 - Authentication Bypass

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.

CVSS 9.8

View

CVE-2015-2843 METASPLOIT ruby

Goautodial Goadmin CE - SQL Injection

Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.

by Chris McCurley

View

CVE-2021-33550 METASPLOIT HIGH ruby

Multiple Camera Devices - Command Injection