Exploit Database

135,559 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-15356 WRITEUP HIGH
Tenda Ac20 Firmware < 16.03.08.12 - Memory Corruption
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-15372 WRITEUP LOW
Youlai Vue3-element-admin < 3.4.0 - Code Injection
A weakness has been identified in youlaitech vue3-element-admin up to 3.4.0. This issue affects some unknown processing of the file src/views/system/notice/index.vue of the component Notice Handler. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-6275 WRITEUP LOW
WebAssembly wabt <1.0.37 - Use After Free
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
CVSS 3.3
CVE-2025-6274 WRITEUP LOW
WebAssembly wabt <1.0.37 - DoS
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
CVSS 3.3
CVE-2025-6273 WRITEUP LOW
WebAssembly wabt <1.0.37 - Info Disclosure
A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".
CVSS 3.3
CVE-2025-3122 WRITEUP LOW
Webassembly Binary Toolkit - NULL Pointer Dereference
A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 3.1
CVE-2025-3122 WRITEUP LOW
Webassembly Binary Toolkit - NULL Pointer Dereference
A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 3.1
CVE-2025-2584 WRITEUP MEDIUM
Webassembly Wabt - Out-of-Bounds Write
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 5.0
CVE-2025-2584 WRITEUP MEDIUM
Webassembly Wabt - Out-of-Bounds Write
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 5.0
CVE-2025-2368 WRITEUP MEDIUM
Webassembly Wabt - Out-of-Bounds Write
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVSS 6.3
CVE-2025-2368 WRITEUP MEDIUM
Webassembly Wabt - Out-of-Bounds Write
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVSS 6.3
CVE-2025-2368 WRITEUP MEDIUM
Webassembly Wabt - Out-of-Bounds Write
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVSS 6.3
CVE-2025-2368 WRITEUP MEDIUM
Webassembly Wabt - Out-of-Bounds Write
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
CVSS 6.3
CVE-2025-15412 WRITEUP MEDIUM
Webassembly Wabt < 1.0.39 - Memory Corruption
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
CVSS 5.3
CVE-2025-15412 WRITEUP MEDIUM
Webassembly Wabt < 1.0.39 - Memory Corruption
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
CVSS 5.3
CVE-2025-15411 WRITEUP MEDIUM
Webassembly Wabt < 1.0.39 - Memory Corruption
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
CVSS 5.3
CVE-2025-15411 WRITEUP MEDIUM
Webassembly Wabt < 1.0.39 - Memory Corruption
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
CVSS 5.3
CVE-2023-46332 WRITEUP MEDIUM
WebAssembly wabt <1.0.33 - Memory Corruption
WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.
CVSS 5.5
CVE-2023-46331 WRITEUP MEDIUM
WebAssembly wabt <1.0.33 - Memory Corruption
WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.
CVSS 5.5
CVE-2023-31670 WRITEUP HIGH
wasm2c/wasm2wat/wasm-decompile/wasm-validate <1.0.32 - DoS
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.
CVSS 7.5
CVE-2023-31669 WRITEUP MEDIUM
WebAssembly wat2wasm <1.0.32 - Code Injection
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
CVSS 5.5
CVE-2023-30300 WRITEUP MEDIUM
W3 Webassembly - Infinite Loop
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.
CVSS 5.5
CVE-2023-27119 WRITEUP MEDIUM
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
CVSS 5.5
CVE-2023-27117 WRITEUP HIGH
WebAssembly <1.0.29 - Buffer Overflow
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.
CVSS 7.8
CVE-2023-27116 WRITEUP MEDIUM
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.
CVSS 5.5
By Source
All 135,559 Writeup 55,491 Exploitdb 50,186 Nomisec 21,473 Metasploit 3,228 Github 2,591 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,953 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24