Exploit Database
134,721 exploits tracked across all sources.
Python JSON Logger <4 Mar 2025 - RCE
Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.
CVSS 8.8
Crates.io Libcontainer < 0.5.3 - Incorrect Default Permissions
libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.
CVSS 5.9
umatiGateway - Info Disclosure
umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.
CVSS 8.2
Go-vela Server < 0.25.3 - Authentication Bypass by Spoofing
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available.
CVSS 8.5
Pimcore < 11.5.4 - SQL Injection
Pimcore is an open source data and experience management platform. Prior to version 11.5.4, authenticated users can craft a filter string used to cause a SQL injection. Version 11.5.4 fixes the issue.
CVSS 8.8
Simplesamlphp Saml2 < 4.17.0 - Signature Verification Bypass
The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.
CVSS 8.6
Applio < 3.2.8-bugfix - Insecure Deserialization
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `infer.py`. The issue can lead to remote code execution. As of time of publication, a fix is available on the `main` branch of the Applio repository but not attached to a numbered release.
CVSS 9.8
Applio < 3.2.8-bugfix - Insecure Deserialization
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in model_information.py. `model_name` in model_information.py takes user-supplied input (e.g. a path to a model) and pass that value to the `run_model_information_script` and later to `model_information` function, which loads that model with `torch.load` in rvc/train/process/model_information.py (on line 16 in 3.2.8-bugfix), which is vulnerable to unsafe deserialization. The issue can lead to remote code execution. A patch is available in the `main` branch of the repository.
CVSS 9.8
Applio < 3.2.8-bugfix - Insecure Deserialization
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in inference.py. `model_file` in inference.py as well as `model_file` in tts.py take user-supplied input (e.g. a path to a model) and pass that value to the `change_choices` and later to `get_speakers_id` function, which loads that model with `torch.load` in inference.py (line 326 in 3.2.8-bugfix), which is vulnerable to unsafe deserialization. The issue can lead to remote code execution. A patch is available on the `main` branch of the repository.
CVSS 9.8
Espressif ESP32 - Info Disclosure
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
CVSS 6.8
Digiwin ERP 5.1 - Unrestricted Upload
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
Appventure Dietiqa - SQL Injection
A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20.
CVSS 9.8
Edimax Br-6478ac V3 Firmware - Command Injection
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare.
CVSS 6.5
Edimax Br-6478ac V3 Firmware - Command Injection
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup.
CVSS 6.5
Edimax Br-6478ac V3 Firmware - Stack Buffer Overflow
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function.
CVSS 6.5
Edimax Br-6478ac V3 Firmware - Command Injection
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat.
CVSS 6.5
Edimax Br-6478ac V3 Firmware - Code Injection
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel
CVSS 9.8
Leantime < 3.3.0 - XSS
Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().
CVSS 5.4
Personal-management-system Personal Management System - CSRF
Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none
CVSS 4.7
Mydata Ticket Sales Automation < 2025-04-03 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket Sales Automation: before 03.04.2025 (DD.MM.YYYY).
CVSS 9.8
Dlink Dir-823x Firmware - Code Injection
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8
CVSS 7.2
Dlink Dir-823x Firmware - OS Command Injection
An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c
CVSS 9.8
Dlink Dir-823x Firmware - OS Command Injection
An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c
CVSS 9.8
Dlink Dir-823x Firmware - OS Command Injection
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c
CVSS 9.8
Dlink Dir-823x Firmware - OS Command Injection
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234
CVSS 9.8
By Source