Writeup Exploits
54,687 exploits tracked across all sources.
Edimax Br-6478ac V3 Firmware - Command Injection
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat.
CVSS 6.5
Edimax Br-6478ac V3 Firmware - Code Injection
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel
CVSS 9.8
Leantime < 3.3.0 - XSS
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().
CVSS 5.4
Personal-management-system Personal Management System - CSRF
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none
CVSS 4.7
Mydata Ticket Sales Automation < 2025-04-03 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).
CVSS 9.8
Dlink Dir-823x Firmware - Code Injection
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8
CVSS 7.2
Dlink Dir-823x Firmware - OS Command Injection
An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c
CVSS 9.8
Dlink Dir-823x Firmware - OS Command Injection
An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c
CVSS 9.8
Dlink Dir-823x Firmware - OS Command Injection
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c
CVSS 9.8
Dlink Dir-823x Firmware - OS Command Injection
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234
CVSS 9.8
Netgear R6100 Firmware - Buffer Overflow
Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value
CVSS 9.8
Alfa Wifi Camppro Firmware - Buffer Overflow
Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value
CVSS 9.8
Alfa Wifi Camppro Firmware - Buffer Overflow
Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value
CVSS 9.8
Alfa Wifi Camppro Firmware - Buffer Overflow
Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser
CVSS 9.8
Sqlite - Integer Overflow
In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.
CVSS 5.6
Motivian Content Management System - Unrestricted File Upload
File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component.
CVSS 8.2
Tenda Ac8 Firmware - Stack Buffer Overflow
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list.
CVSS 9.8
Tenda Ac7 Firmware - Stack Buffer Overflow
A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function.
CVSS 9.8
Smartbear Swagger Petstore - Command Injection
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint
CVSS 6.5
Smartbear Swagger Petstore - XSS
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet
CVSS 6.1
Smartbear Swagger Petstore - Command Injection
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version
CVSS 6.5
Tenda Ax12 Firmware - Stack Buffer Overflow
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.
CVSS 7.5
Tenda Ax12 Firmware - Stack Buffer Overflow
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
CVSS 6.5
Tenda W18e Firmware - Stack Buffer Overflow
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS 6.5
mupen64plus <2.6.0 - RCE
In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine.
CVSS 9.8
By Source