Exploit Database

132,943 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-60954 WRITEUP HIGH
Microweber CMS 2.0 - Info Disclosure
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.
CVSS 8.3
CVE-2025-6069 WRITEUP MEDIUM
html.parser - DoS
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
CVSS 4.3
CVE-2025-6075 WRITEUP MEDIUM
os.path.expandvars - Info Disclosure
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
CVSS 5.5
CVE-2025-6095 WRITEUP HIGH
Jasmin Ransomware 1.0.1 - SQL Injection
A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2025-6097 WRITEUP MEDIUM
UTT 进取 750W <5.0 - Auth Bypass
A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3
CVE-2025-6098 WRITEUP CRITICAL
UTT 进取 750W <5.0 - Buffer Overflow
A vulnerability was found in UTT 进取 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 9.8
CVE-2025-61132 WRITEUP HIGH
levlaz braindump <0.4.14 - Host Header Injection
A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
CVSS 7.1
CVE-2025-61132 WRITEUP HIGH
levlaz braindump <0.4.14 - Host Header Injection
A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
CVSS 7.1
CVE-2025-61136 WRITEUP HIGH
axewater sharewarez <2.4.3 - Host Header Injection
A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
CVSS 7.1
CVE-2025-61136 WRITEUP HIGH
axewater sharewarez <2.4.3 - Host Header Injection
A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
CVSS 7.1
CVE-2025-61140 WRITEUP CRITICAL
jsonpath 1.1.1 - Info Disclosure
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
CVSS 9.8
CVE-2025-61155 WRITEUP MEDIUM
GameDriverX64.sys <7.23.4.7 - Privilege Escalation
The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in kernel-mode context without proper authentication or access validation, allowing the attacker to terminate arbitrary processes, including critical system and security services, without requiring administrative privileges.
CVSS 5.5
CVE-2025-61301 WRITEUP HIGH
CAPEv2 - DoS
Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.
CVSS 7.5
CVE-2025-61506 WRITEUP CRITICAL
MediaCrush <1.0.1 - RCE
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
CVSS 9.8
CVE-2025-61514 WRITEUP MEDIUM
SageMath, Inc CoCalc <0d2ff58 - RCE
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 6.5
CVE-2025-61514 WRITEUP MEDIUM
SageMath, Inc CoCalc <0d2ff58 - RCE
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 6.5
CVE-2024-36109 WRITEUP HIGH
CoCalc - RCE
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows `<script>` tags to be included which execute when published. This issue has been addressed in commit `419862a9c9879c`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.6
CVE-2025-61524 WRITEUP HIGH
Casdoor <2.63.0 - Auth Bypass
An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login
CVSS 7.2
CVE-2025-61557 WRITEUP HIGH
nixseparatedebuginfod <0.4.1 - Path Traversal
nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.
CVSS 7.5
CVE-2025-61587 WRITEUP MEDIUM
Weblate <5.13.2 - Open Redirect
Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECT_DOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an attacker-controlled site. The redirect can also be used to initiate drive-by downloads (redirecting to a URL that serves a malicious file), increasing the risk to end users. This issue is fixed in version 5.13.3.
CVSS 6.1
CVE-2025-61594 WRITEUP HIGH
URI <1.0.4 - Auth Bypass
URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.
CVSS 7.5
CVE-2025-61594 WRITEUP HIGH
URI <1.0.4 - Auth Bypass
URI is a module providing classes to handle Uniform Resource Identifiers. In versions 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in Ruby 3.3 series), 1.0.3 and earlier (bundled in Ruby 3.4 series), when using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. This is a a bypass for the fix to CVE-2025-27221 that can expose user credentials. This issue has been fixed in versions 0.12.5, 0.13.3 and 1.0.4.
CVSS 7.5
CVE-2025-61598 WRITEUP MEDIUM
Discourse <3.6.2-3.6.0.beta2 - Info Disclosure
Discourse is an open source discussion platform. Version before 3.6.2 and 3.6.0.beta2, default Cache-Control response header with value no-store, no-cache was missing from error responses. This may caused unintended caching of those responses by proxies potentially leading to cache poisoning attacks. This vulnerability is fixed in 3.6.2 and 3.6.0.beta2.
CVSS 5.3
CVE-2025-61672 WRITEUP MEDIUM
Synapse <1.138.3, <1.139.0 - DoS
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2.
CVE-2025-61765 WRITEUP MEDIUM
Pypi Python-socketio < 5.14.0 - Insecure Deserialization
python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use for internal communications. When Socket.IO servers are configured to use a message queue backend such as Redis for inter-server communication, messages sent between the servers are encoded using the `pickle` Python module. When a server receives one of these messages through the message queue, it assumes it is trusted and immediately deserializes it. The vulnerability stems from deserialization of messages using Python's `pickle.loads()` function. Having previously obtained access to the message queue, the attacker can send a python-socketio server a crafted pickle payload that executes arbitrary code during deserialization via Python's `__reduce__` method. This vulnerability only affects deployments with a compromised message queue. The attack can lead to the attacker executing random code in the context of, and with the privileges of a Socket.IO server process. Single-server systems that do not use a message queue, and multi-server systems with a secure message queue are not vulnerable. In addition to making sure standard security practices are followed in the deployment of the message queue, users of the python-socketio package can upgrade to version 5.14.0 or newer, which remove the `pickle` module and use the much safer JSON encoding for inter-server messaging.
CVSS 6.4
By Source
All 132,943 Writeup 52,991 Exploitdb 50,135 Nomisec 21,420 Metasploit 3,228 Github 2,580 Vulncheck_xdb 903 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,917 c 3,577 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24