Writeup Exploits
57,446 exploits tracked across all sources.
TextNow <24.17.0.2 - Code Injection
The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.
CVSS 6.5
Puppeteer-Renderer <3.2.0 - Path Traversal
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
CVSS 6.5
Contour <1.28.3 - Privilege Escalation
Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVSS 9.8
DNSCrypt-proxy <2.1.5 - Privilege Escalation
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.
CVSS 7.8
Aegon Life v1.0 - SQL Injection
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
CVSS 8.8
Aegon Life v1.0 - XSS
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
CVSS 6.1
Zulip <8.4 - Memory Corruption
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
CVSS 7.5
Zulip <8.4 - Memory Corruption
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
CVSS 7.5
FFmpeg n6.1.1 - DoS
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
CVSS 6.2
FFmpeg n7.0 - Data Race
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
CVSS 5.9
FFmpeg n6.1.1 - DoS
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
CVSS 6.5
FFmpeg n6.1.1 - Buffer Overflow
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
CVSS 6.2
FFmpeg n6.1.1 - Memory Corruption
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
CVSS 6.2
FFmpeg n6.1.1 - DoS
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.
CVSS 5.3
moby <26.0.2 - Null Pointer Dereference
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.
CVSS 6.5
moby <25.0.5 - Use After Free
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
CVSS 6.5
RaspAP raspap-webgui <3.0.9 - Command Injection
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.
CVSS 9.8
moby <v25.0.3 - Memory Corruption
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
CVSS 8.1
moby <v25.0.3 - Memory Corruption
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
CVSS 8.1
Zulip 8.3 - XSS
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.
CVSS 5.4
Zulip 8.3 - XSS
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts.
CVSS 5.4
Prestashop 8.1.4 - Memory Corruption
In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.
CVSS 5.3
Adguard Home <0.107.52 - Info Disclosure
An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.
CVSS 4.9
Oncord+ Android Infotainment Systems OS <Android 12 - RCE
An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component.
CVSS 7.3
Org.keycloak Keycloak-services < 24.0.5 - Information Disclosure
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
CVSS 8.1
By Source