Exploitdb Exploits
50,135 exploits tracked across all sources.
Telegram Desktop - Resource Allocation Without Limits
Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger an application crash.
by Aryan Chehreghani
CVSS 7.5
WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection
by Niraj Mahajan
Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Tagoletta
Atlassian Confluence Server and Data Center - OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
by Fellipe Oliveira
CVSS 9.8
Properfraction Profilepress < 3.1.3 - Missing Authentication
A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. .
by Numan Rajkotiya
CVSS 9.8
Umbraco CMS <=8.9.1 - Path Traversal
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
by BitTheByte
CVSS 6.5
Phpgurukul Bus Pass Management System - Injection
A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by Aryan Chehreghani
CVSS 7.3
Zeslecp < 3.1.9 - OS Command Injection
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a specified listening host.
by numan türle
CVSS 8.8
Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)
by Musyoka Ian
Strapi <3.0.0-beta.17.8 - RCE
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
by David Utón
CVSS 7.2
Strapi CMS Unauthenticated Password Reset
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
by David Anglada
CVSS 9.8
Usermin 1.820 - Remote Code Execution (RCE) (Authenticated)
by numan türle
MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation (2)
by ninpwn
COMMAX WebViewer ActiveX Control 2.1.4.5 - Buffer Overflow
COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in Commax_WebViewer.ocx to cause buffer overflow conditions and potentially gain code execution.
by LiquidWorm
COMMAX UMS Client ActiveX Control 1.7.0.2 - Buffer Overflow
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corruption and potentially gain system-level access.
by LiquidWorm
CyberPanel 2.1 - Remote Code Execution (RCE) (Authenticated)
by numan türle
WordPress Plugin Mail Masta 1.0 - Local File Inclusion (2)
by Matheus Alexandre
Online Leave Management System 1.0 - Arbitrary File Upload to Shell (Unauthenticated)
by Justin White
HP Officejet 7110 Firmware - XSS
A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).
by Tyler Butler
CVSS 4.8
Simple Phone Book 1.0 - 'Username' SQL Injection (Unauthenticated)
by Justin White
RaspAP 2.6.6 - Remote Code Execution (RCE) (Authenticated)
by Moritz Gruber
Online Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Halit AKAYDIN
Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)
by Justin White
By Source