Exploit Database

145,273 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-46070 NOMISEC MEDIUM
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.
by sanupl
1 stars
CVSS 4.8
CVE-2021-46070 NOMISEC MEDIUM
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.
by sanupl
CVSS 4.8
CVE-2021-46068 NOMISEC MEDIUM
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.
by sanupl
CVSS 4.8
CVE-2021-46068 NOMISEC MEDIUM
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.
by sanupl
1 stars
CVSS 4.8
CVE-2021-46072 NOMISEC MEDIUM
Vehicle Service Management System 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.
by sanupl
1 stars
CVSS 4.8
CVE-2021-46073 NOMISEC MEDIUM
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
by sanupl
CVSS 4.8
CVE-2021-46073 NOMISEC MEDIUM
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
by sanupl
1 stars
CVSS 4.8
CVE-2021-46074 NOMISEC MEDIUM
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.
by sanupl
CVSS 4.8
CVE-2021-46074 NOMISEC MEDIUM
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.
by sanupl
1 stars
CVSS 4.8
CVE-2021-46075 NOMISEC HIGH
Sourcecodester Vehicle Service Mgmt 1.0 - Privilege Escalation
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.
by sanupl
CVSS 7.2
CVE-2021-46075 NOMISEC HIGH
Sourcecodester Vehicle Service Mgmt 1.0 - Privilege Escalation
A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.
by sanupl
1 stars
CVSS 7.2
CVE-2021-46076 NOMISEC HIGH
Sourcecodester Vehicle Service Management System 1.0 - Code Injection
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.
by sanupl
CVSS 8.8
CVE-2024-28397 NOMISEC MEDIUM
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
by y0naldez
CVSS 5.3
CVE-2021-46076 NOMISEC HIGH
Sourcecodester Vehicle Service Management System 1.0 - Code Injection
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution.
by sanupl
1 stars
CVSS 8.8
CVE-2021-46078 NOMISEC MEDIUM
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.
by sanupl
CVSS 4.8
CVE-2021-46078 NOMISEC MEDIUM
Sourcecodester Vehicle Service Mgmt 1.0 - XSS
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.
by sanupl
1 stars
CVSS 4.8
CVE-2021-46079 NOMISEC HIGH
Sourcecodester Vehicle Service Mgmt 1.0 - File Upload
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.
by sanupl
CVSS 7.2
CVE-2021-46079 NOMISEC HIGH
Sourcecodester Vehicle Service Mgmt 1.0 - File Upload
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.
by sanupl
1 stars
CVSS 7.2
CVE-2021-46080 NOMISEC MEDIUM
Vehicle Service Management System 1.0 - CSRF
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.
by sanupl
1 stars
CVSS 4.8
CVE-2021-46080 NOMISEC MEDIUM
Vehicle Service Management System 1.0 - CSRF
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.
by sanupl
CVSS 4.8
CVE-2021-46067 NOMISEC CRITICAL
In Vehicle Service Management System 1.0 - Info Disclosure
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.
by sanupl
CVSS 9.8
CVE-2021-46067 NOMISEC CRITICAL
In Vehicle Service Management System 1.0 - Info Disclosure
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.
by sanupl
1 stars
CVSS 9.8
CVE-2026-45185 NOMISEC CRITICAL
Exim 4.97-4.99.2 - Unauthenticated Use-After-Free via TLS Close Notify During CHUNKING Transfer
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
by liamromanis101
CVSS 9.8
CVE-2024-34568 NOMISEC MEDIUM
Themeqx LetterPress <= 1.2.1 - Stored Cross-Site Scripting
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeqx LetterPress allows Stored XSS.This issue affects LetterPress: from n/a through 1.2.1.
by sanupl
1 stars
CVSS 5.9
CVE-2026-35455 NOMISEC HIGH
immich has Stored XSS via OCR Text in 360° Panorama Viewer
immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR overlay enabled. The attacker uploads an equirectangular image containing crafted text; OCR extracts it, and the panorama viewer renders it via innerHTML without sanitization. This enables session hijacking (via persistent API key creation), private photo exfiltration, and access to GPS location history and face biometric data. This vulnerability is fixed in 2.7.0.
by emanuelepns
CVSS 7.3