Inthewild Exploits
514 exploits tracked across all sources.
eNdonesia 8.7 - SQL Injection via diskusi.php rid Parameter
SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.
CVSS 9.8
RedCloth 4.0.0-4.3.2 - Regular Expression Denial of Service in sanitize_html
A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVSS 7.5
PowerJob V4.3.1 - Insecure Permissions via List Job Interface
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
CVSS 5.3
PowerJob V4.3.1 - Insecure Permissions via List Job Interface
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.
CVSS 5.3
Zyxel ATP/USG/ZyWALL/VPN Series Firmware 4.60-5.36 - Unauthenticated Remote Code Execution via IKE Packet Decoder
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
CVSS 9.8
Zyxel ATP/USG/ZyWALL/VPN Series Firmware 4.60-5.36 - Unauthenticated Remote Code Execution via IKE Packet Decoder
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
CVSS 9.8
Windows Server 2008, 2012, 2016, 2019, 2022 - Remote Code Execution via DHCP Server Service
DHCP Server Service Remote Code Execution Vulnerability
CVSS 8.8
eXtplorer 2.1.15 - Remote Code Execution via Insecure Permissions in index.php
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent
CVSS 8.8
readtomyshoe < 2023-03-13 - Sensitive Information Exposure via Google Cloud TTS Error Message
ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.
CVSS 7.4
MStore API < 3.9.2 - Unauthenticated Authentication Bypass via Listing REST API
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.
CVSS 9.8
ZCBS/ZBBS/ZPBS 4.14k - Cross-Site Scripting
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).
CVSS 6.1
STAGIL Navigation for Jira <2.0.52 - Path Traversal
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
CVSS 7.5
Apache Dubbo 2.7.0-2.7.21, 3.0.0-3.0.13, 3.1.0-3.1.5 - Remote Code Execution via Generic Invoke Deserialization
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.
CVSS 5.0
kodcloud kodexplorer < 4.49 - Cross-Site Request Forgery
A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.
CVSS 4.3
Shopware 5.5.10 - Cross-Site Scripting via Recovery/Install URI
Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI.
CVSS 6.1
Data Illusion Survey Software Solutions ngSurvey <2.4.28 - DoS
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".
CVSS 7.5
Nexxt Nebula 1200-AC <15.03.06.60 - Auth Bypass, Command Injection
Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.
CVSS 9.8
Arris TG2482A Firmware <= 9.1.103GEM9 - Remote Code Execution via Ping Utility
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
CVSS 8.8
Nexxt Amp300 ARN02304U8 RCE via Ping Feature JSON Host Field
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
CVSS 8.8
WordPress 4.2-6.1.1 - Unauthenticated Blind SSRF via Pingback TOCTOU Race Condition
WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.
CVSS 5.9
Boxbilling < 0.0.1 - Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1.
CVSS 7.2
Apache Tomcat 8.5.50-8.5.81, 10.1.0-M1-10.1.0-M16 - Cross-Site Scripting in Form Authentication Example
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
CVSS 6.1
Django 3.2-3.2.14 - SQL Injection via Trunc() and Extract() Database Functions
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
CVSS 9.8
Apache Shiro < 1.9.1 - Authorization Bypass via RegexRequestMatcher Misconfiguration
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVSS 9.8
Spring Security 5.6.0-5.6.8 and 5.7.0-5.7.4 - Authorization Bypass via Forward or Include Dispatcher Types
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)
CVSS 9.8
By Source