Exploit Database

145,169 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-7302 WRITEUP CRITICAL
SGLang - Unauthenticated Path Traversal and Arbitrary File Write via Upload Filename
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including ../ sequences in the upload filename when sent to specific endpoints.
CVSS 9.1
CVE-2026-7301 WRITEUP CRITICAL
SGLang - Remote Code Execution
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the internet.
CVSS 9.8
CVE-2026-5760 WRITEUP CRITICAL
SGLang - Remote Code Execution via Malicious Tokenizer Chat Template
SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().
CVSS 9.8
CVE-2026-3989 WRITEUP HIGH
SGLangs replay_request_dump.py - Deserialization
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.
CVSS 7.8
CVE-2026-3989 WRITEUP HIGH
SGLangs replay_request_dump.py - Deserialization
SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.
CVSS 7.8
CVE-2026-3060 WRITEUP CRITICAL
SGLang < 0.5.10 - Unauthenticated Remote Code Execution via Pickle Deserialization
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
CVSS 9.8
CVE-2026-3060 WRITEUP CRITICAL
SGLang < 0.5.10 - Unauthenticated Remote Code Execution via Pickle Deserialization
SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
CVSS 9.8
CVE-2026-3059 WRITEUP CRITICAL
SGLang Multimodal Module - Deserialization
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
CVSS 9.8
CVE-2026-3059 WRITEUP CRITICAL
SGLang Multimodal Module - Deserialization
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
CVSS 9.8
CVE-2026-3059 WRITEUP CRITICAL
SGLang Multimodal Module - Deserialization
SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
CVSS 9.8
CVE-2026-8802 WRITEUP MEDIUM
opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic_filename results in path traversal. The attack may be launched remotely. The patch is identified as def0c27a0e252668df8d942fc31e16d1edfd7323. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure.
CVSS 4.3
CVE-2024-37054 GITHUB HIGH python
MLflow >= 0.9.0 - Remote Code Execution via PyFunc Model Deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.
by Spydomain
CVSS 8.8
CVE-2026-0596 GITHUB HIGH python
Command Injection in mlflow/mlflow
A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without proper sanitization. If the `model_uri` contains shell metacharacters, such as `$()` or backticks, it allows for command substitution and execution of attacker-controlled commands. This vulnerability affects the latest version of mlflow/mlflow and can lead to privilege escalation if a higher-privileged service serves models from a directory writable by lower-privileged users.
by SparshBiswas-AI
CVSS 7.8
CVE-2021-4034 NOMISEC HIGH
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
by trinetra-1308
1 stars
CVSS 7.8
CVE-2025-14177 GITHUB HIGH python
PHP 8.1.0-8.1.33, 8.2.0-8.2.29, 8.3.0-8.3.28, 8.4.0-8.4.15, 8.5.0 - Out-of-bounds Read in getimagesize()
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
by 34zY
CVSS 7.5
CVE-2026-8053 GITHUB HIGH shell
MongoDB, MongoDB Server - FlatBSON Duplicate Field Index Drift
An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series bucket catalog. Under certain conditions this can result in arbitrary code execution. This issue impacts MongoDB Server v5.0 versions prior to 5.0.33, v6.0 versions prior to 6.0.28, v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2.
by mgiay
CVSS 8.8
CVE-2026-45321 GITHUB CRITICAL shell
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
by nkopylov
CVSS 9.6
CVE-2026-31431 GITHUB HIGH c
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by 4xura
2 stars
CVSS 7.8
CVE-2026-31431 GITHUB HIGH python
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by royayub
CVSS 7.8
CVE-2026-39636 GITHUB MEDIUM python
WordPress Livemesh Addons for Elementor plugin <= 9.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for Elementor addons-for-elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through <= 9.0.
by CatchCatOoO
CVSS 6.5
CVE-2025-20260 GITHUB CRITICAL python
ClamAV < 1.0.9 - Heap-based Buffer Overflow in PDF Scanner
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.
by Alex-Acero-Security
CVSS 9.8
CVE-2026-8773 WRITEUP MEDIUM
linlinjava litemall Database Setting DbUtil.java load argument injection
A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database Setting Handler. The manipulation of the argument db/password leads to argument injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.7
CVE-2026-8784 WRITEUP MEDIUM
npitre cramfs-tools cramfsck.c change_file_status symlink
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named b4a3a695c9873f824907bd15659f2a6ac7667b4f. It is recommended to apply a patch to fix this issue.
CVSS 4.2
CVE-2026-8785 WRITEUP HIGH
projectworlds hospital-management-system-in-php GET Parameter update_info.php getAllPatientDetail sql injection
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing a manipulation of the argument appointment_no can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 7.3
CVE-2026-8786 WRITEUP MEDIUM
Tencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization authorization
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3