Exploit Database
129,816 exploits tracked across all sources.
auth-js <2.69.1 - Path Traversal
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best practice and validate user controlled inputs, such as the userId are not affected by this. This issue has been patched in version 2.70.0.
NASA EOSDIS MODAPS v8.1 - SQL Injection
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
CVSS 9.4
Milesight Cameras Use of Hard-coded Credentials
Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.
CVSS 8.8
Milesight Cameras Authorization Bypass Through User-Controlled Key
A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.
CVSS 7.1
Tenda AC18 V15.03.05.05 - Command Injection
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.
CVSS 9.8
MERCURY MIPC252W 1.0.5 - DoS
A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot.
CVSS 7.5
Mercury MIPC252W 1.0.5 - DoS
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.
CVSS 4.4
MERCURY IP camera MIPC252W 1.0.5 - DoS
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication failure state, preventing legitimate clients from authenticating and leading to a denial of service.
CVSS 6.2
MERCURY MIPC252W 1.0.5 - Auth Bypass
MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the same session. As a result, RTSP methods such as SETUP, PLAY, and TEARDOWN can be processed even when the Authorization header contains an empty or invalid response value, as long as the nonce and session identifier correspond to a previously authenticated session. This allows an attacker with network access to reuse session parameters and issue unauthorized RTSP control commands without computing a valid Digest response.
CVSS 9.8
OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication
OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress legitimate events on different accounts by matching event_name and message_id parameters.
CVSS 4.3
OpenClaw < 2026.3.31 - Arbitrary File Write via Symlink Following in SSH Sandbox Tar Upload
OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host.
CVSS 8.1
OpenClaw < 2026.3.31 - Sender Allowlist Bypass via Graph API Thread History
OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability in MS Teams thread history fetched via Graph API. Attackers can retrieve thread messages that should be filtered by sender allowlists, bypassing message filtering restrictions.
CVSS 5.4
OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files.
CVSS 5.5
OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution
OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system configurations and compromise host execution integrity.
CVSS 6.5
OpenClaw < 2026.3.31 - Path Traversal via Inbound Channel Attachment Path in ACP Dispatch
OpenClaw before 2026.3.31 contains a path traversal vulnerability in ACP dispatch that allows attackers to read arbitrary files by manipulating inbound channel attachment paths. Remote attackers can bypass attachment-cache and root directory checks to access files outside intended directories.
CVSS 6.5
OpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP Discovery
OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose browser state.
CVSS 5.8
Totolink A8000RU CGI cstecgi.cgi setTelnetCfg os command injection
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS 9.8
Totolink A8000RU CGI cstecgi.cgi setMiniuiHomeInfoShow os command injection
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys_info results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS 9.8
Totolink A8000RU CGI cstecgi.cgi setAdvancedInfoShow os command injection
A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 9.8
Totolink A8000RU CGI cstecgi.cgi setLoginPasswordCfg os command injection
A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS 9.8
Totolink A8000RU CGI cstecgi.cgi CsteSystem os command injection
A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now public and may be used.
CVSS 9.8
ChatGPTNextWeb NextChat route.ts proxyHandler server-side request forgery
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 7.3
ChatGPTNextWeb NextChat Artifacts Endpoint route.ts storeUrl server-side request forgery
A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 7.3
OSPG binwalk WinCE Extraction Plugin winceextract.py read_null_terminated_string path traversal
A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file_name leads to path traversal. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project maintainer confirms this issue: "I accept the existence of the Path Traversal vulnerability. However, as stated in the Github link, it reached EOL and as a result no actions should be expected." The GitHub repository mentions, that "[u]sers and contributors should migrate to binwalk v3." This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 5.3
aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp DecodeRlsMessage uncaught exception
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be initiated remotely. Upgrading to version 3.2.8 is sufficient to fix this issue. The identifier of the patch is ca1a66fffe282767bb08618af9f848e3b68ea47b. It is suggested to upgrade the affected component. This behavior is related to CVE-2024-37877. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS 5.3
By Source