Exploit Database

137,690 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-25177 WRITEUP HIGH
LuaJIT <2.1 - DoS
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).
CVSS 7.5
CVE-2024-25178 WRITEUP CRITICAL
LuaJIT <2.1 - Memory Corruption
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.
CVSS 9.1
CVE-2024-25180 WRITEUP CRITICAL
pdfmake 0.2.9 - RCE
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers.
CVSS 9.8
CVE-2024-25292 WRITEUP CRITICAL
RenderTune 1.1.4 - XSS
Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter.
CVSS 9.6
CVE-2024-25291 WRITEUP CRITICAL
Deskfiler <1.2.3 - RCE
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.
CVSS 9.8
CVE-2024-25344 WRITEUP MEDIUM
ITFlow.org <v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 - XSS
Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components.
CVSS 6.1
CVE-2024-25381 WRITEUP MEDIUM
Emlog Pro 2.2.8 - XSS
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
CVSS 6.1
CVE-2024-25415 WRITEUP HIGH
CE Phoenix <1.0.8.20 - RCE
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
CVSS 7.2
CVE-2024-25466 WRITEUP HIGH
React Native Document Picker <9.1.1 - Code Injection
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.
CVSS 7.8
CVE-2024-25503 WRITEUP MEDIUM
Advanced REST Client <17.0.9 - XSS
Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function.
CVSS 4.7
CVE-2024-25293 WRITEUP CRITICAL
mjml-app <3.1.0-beta - RCE
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.
CVSS 9.3
CVE-2024-23998 WRITEUP CRITICAL
Goanother Another Redis Desktop Manager < 1.6.1 - XSS
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.
CVSS 9.6
CVE-2024-23997 WRITEUP CRITICAL
Lukasbach Yana < 1.0.16 - XSS
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
CVSS 9.6
CVE-2024-23995 WRITEUP MEDIUM
Beekeeper Studio <4.1.13 - XSS
Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container.
CVSS 6.1
CVE-2024-22891 WRITEUP CRITICAL
Nteract <0.28.0 - RCE
Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.
CVSS 9.8
CVE-2024-25636 WRITEUP HIGH
Misskey <2024.2.0 - SSRF
Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Misskey instance fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate and take over an account on a remote server that satisfies all of the following properties: allows the threat actor to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as legitimate Activity Streams actors; and serves user-uploaded document in response to requests with an `Accept` header value of the Activity Streams media type. Version 2024.2.0 contains a patch for the issue.
CVSS 7.1
CVE-2024-25638 WRITEUP HIGH
dnsjava - RCE
dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.
CVSS 8.9
CVE-2024-25641 WRITEUP CRITICAL
Cacti Import Packages RCE
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.
CVSS 9.1
CVE-2024-25715 WRITEUP MEDIUM
Glewlwyd Sso Server < 2.7.6 - Open Redirect
Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.
CVSS 6.1
CVE-2024-25731 WRITEUP HIGH
Elinksmart Esmartcam - Hard-coded Credentials
The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi).
CVSS 7.5
CVE-2024-25737 WRITEUP MEDIUM
Vufind < 9.1.1 - XSS
A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.
CVSS 5.4
CVE-2024-2511 WRITEUP MEDIUM
TLS Server <default - DoS
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.
CVSS 5.9
CVE-2024-2553 WRITEUP LOW
Remyandrade Product Review/rating System - XSS
A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257052.
CVSS 3.5
CVE-2024-26141 WRITEUP MEDIUM
Rack < 2.2.8.1 - Denial of Service
Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.
CVSS 5.8
CVE-2024-26143 WRITEUP MEDIUM
Rails < 7.0.8.1 - XSS
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.
CVSS 6.1
By Source
All 137,690 Writeup 57,947 Exploitdb 49,983 Nomisec 21,442 Metasploit 3,217 Github 2,520 Vulncheck_xdb 901 Inthewild 514 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,909 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24