Writeup Exploits
54,084 exploits tracked across all sources.
Sentry <25.5.0 - Auth Bypass
Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a user's account. With a specially timed requests and redirect flows, an attacker could generate multiple authorization codes that could be used to exchange for access and refresh tokens. This was possible even after de-authorizing the particular application. This issue has been patched in version 25.5.0. Self-hosted Sentry users should upgrade to version 25.5.0 or higher. Sentry SaaS users do not need to take any action.
CVSS 7.5
RestDB's Codehooks.io MCP Server <0.2.2 - Command Injection
RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to command injection attacks as part of some of its MCP Server tools definition and implementation. This could result in a user initiated remote command injection attack on a running MCP Server. This issue has been patched in version 0.2.2.
Discourse <3.4.7-3.5.0.beta.8 - Info Disclosure
Discourse is an open-source community discussion platform. Prior to version 3.4.7 on the `stable` branch and version 3.5.0.beta.8 on the `tests-passed` branch, upon issuing a physical security key for 2FA, the server generates a WebAuthn challenge, which the client signs. The challenge is not cleared from the user’s session after authentication, potentially allowing reuse and increasing security risk. This is fixed in versions 3.4.7 and 3.5.0.beta.8.
CVSS 9.8
Graylog < 6.2.4 - Improper Authorization
Graylog is a free and open log management platform. In versions 6.2.0 to before 6.2.4 and 6.3.0-alpha.1 to before 6.3.0-rc.2, Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests to the Graylog REST API and exploit a weak permission check for token creation. This issue has been patched in versions 6.2.4 and 6.3.0-rc.2. A workaround involves disabling the respective configuration found in System > Configuration > Users > "Allow users to create personal access tokens".
CVSS 8.8
pluginsGLPI's Database Inventory Plugin <1.0.3 - Privilege Escalation
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.
CVSS 4.3
DjVuLibre <3.5.29 - Buffer Overflow
DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.
GStreamer - Memory Corruption
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.
CVSS 9.1
zippies/testplatform <2016-07-19 - Path Traversal
The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
yuriyouzhou/KG-fashion-chatbot <2018-05-22 - Path Traversal
The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Unizar-30226-2019-06 - Path Traversal
The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Umeshpatil-dev/Home__internet - Path Traversal
The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
stonethree/s3label <2019-08-14 - Path Traversal
The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
sravaniboinepelli/AutomatedQuizEval <2020-04-27 - Path Traversal
The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
shaolo1/VideoServer <2019-09-21 - Path Traversal
The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
scorelab/OpenMF <2022-05-03 - Path Traversal
The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
sanojtharindu/caretakerr-api <2021-05-17 - Path Traversal
The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Ralphjzhang/iasset <2022-05-04 - Path Traversal
The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
piaoyunsoft/bt_lnmp <2019-10-10 - Path Traversal
The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 7.5
longmaoteamtf/audio_aligner_app - Path Traversal
The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
heidi-luong1109/shackerpanel <2021-05-25 - Path Traversal
The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
duducosmos/livro_python <2018-06-06 - Path Traversal
The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
deepaliupadhyay/RealEstate <2018-11-30 - Path Traversal
The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
chainer/chainerrl-visualizer <0.1.1 - Path Traversal
The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
ceeceevip/cockybook <2015-04-16 - Path Traversal
The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
Python-Flask-Restful-API <2019-09-16 - Path Traversal
The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
By Source