Exploit Database

136,378 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-49767 WRITEUP HIGH
Werkzeug <3.0.6 - DoS
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.
CVSS 7.5
CVE-2024-49770 WRITEUP HIGH
oak <17.1.3 - Info Disclosure
`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Context.send` API. However, prior to version 17.1.3, this can be bypassed by encoding `/` as its URL encoded form `%2F`. For an attacker this has potential to read sensitive user data or to gain access to server secrets. Version 17.1.3 fixes the issue.
CVE-2024-50340 WRITEUP HIGH
Symfony Runtime < 5.4.46 - Injection
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.3
CVE-2024-50349 WRITEUP MEDIUM
Git - Info Disclosure
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.2, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones.
CVSS 4.7
CVE-2024-50647 WRITEUP HIGH
python_food V1.0 - Info Disclosure
The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization.
CVSS 7.5
CVE-2024-50648 WRITEUP CRITICAL
Guchengwuyue Yshopmall - Path Traversal
yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.
CVSS 9.8
CVE-2024-50649 WRITEUP CRITICAL
Timgreen Python Book - Path Traversal
The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.
CVSS 9.8
CVE-2024-50650 WRITEUP HIGH
Timgreen Python Book - Incorrect Authorization
python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVSS 7.5
CVE-2024-50651 WRITEUP MEDIUM
Geeeeeeeek Java Shop - IDOR
java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVSS 6.5
CVE-2024-50652 WRITEUP MEDIUM
Geeeeeeeek Java Shop - Unrestricted File Upload
A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.
CVSS 4.3
CVE-2024-50654 WRITEUP HIGH
Pickmall Lilishop < 4.2.4 - Origin Validation Error
lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.
CVSS 7.5
CVE-2024-50655 WRITEUP MEDIUM
Emlog < 2.3.18 - XSS
emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.
CVSS 5.4
CVE-2024-50672 WRITEUP CRITICAL
Adapt Learning Adapt Authoring Tool <= 0.11.3 - SQL Injection
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application.
CVSS 9.8
CVE-2024-50672 WRITEUP CRITICAL
Adapt Learning Adapt Authoring Tool <= 0.11.3 - SQL Injection
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application.
CVSS 9.8
CVE-2024-50671 WRITEUP MEDIUM
Adapt Learning Adapt Authoring Tool <= 0.11.3 - Info Disclosure
Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users.
CVSS 4.3
CVE-2024-50677 WRITEUP MEDIUM
Oroinc Oroplatform - XSS
A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.
CVSS 6.1
CVE-2024-50807 WRITEUP MEDIUM
Trippo Responsive Filemanager 9.14.0 - XSS
Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions.
CVSS 6.1
CVE-2024-50848 WRITEUP MEDIUM
RWS Worldserver - XXE
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.
CVSS 6.5
CVE-2024-50849 WRITEUP MEDIUM
RWS Worldserver - XSS
A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code.
CVSS 4.8
CVE-2024-50857 WRITEUP MEDIUM
Gestioip - XSS
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.
CVSS 4.8
CVE-2024-50858 WRITEUP HIGH
Gestioip - CSRF
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.
CVSS 8.8
CVE-2024-50859 WRITEUP MEDIUM
Gestioip - XSS
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.
CVSS 4.8
CVE-2024-50861 WRITEUP MEDIUM
Gestioip - XSS
The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.
CVSS 6.1
CVE-2024-50919 WRITEUP CRITICAL
Jpress < 5.1.1 - Code Injection
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution
CVSS 9.8
CVE-2024-50947 WRITEUP HIGH
Davidepianca98 Kmqtt - Denial of Service
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS 7.5
By Source
All 136,378 Writeup 56,303 Exploitdb 50,186 Nomisec 21,473 Metasploit 3,228 Github 2,598 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 python 5,960 ruby 5,960 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24