Writeup Exploits
62,260 exploits tracked across all sources.
OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler
OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with JavaScript payloads in metadata fields such as Study Description, which are reflected without sanitization in popup.jsp and archiving/uploadfiles_jsp.java when processed through the Upload DICOM images feature.
CVSS 6.1
OSCAL-GUI Reflected XSS via project parameter in oscal.php
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that breaks out of the JavaScript string and HTML attribute context in the body onload event handler to execute arbitrary scripts when the link is visited by a victim.
CVSS 6.1
OSCAL-GUI Reflected XSS via project parameter in oscal-forms.php
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to the project_id variable without sanitization in oscal-functions.php, and when the supplied project ID is not found, the unsanitized value is concatenated into an error message via the Messages() function and reflected into the HTML response body without encoding.
CVSS 6.1
FastapiAdmin 2.2.0 - Stored Cross-Site Scripting in AI Assistant Chat
A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message.
CVSS 5.4
bookcars 8.3 - Unauthenticated Authentication Bypass via Forged JWT Token
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
CVSS 9.1
bookcars 8.3 - Unauthenticated Arbitrary File Deletion via Directory Traversal
An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences.
CVSS 5.3
FastapiAdmin 2.2.0 - Stored Cross-Site Scripting via Notice Content Parameter
A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the notice_content parameter.
CVSS 6.1
FastapiAdmin 2.2.0 - Authenticated Denial of Service via Scheduled Task Func Field Manipulation
An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) via manipulating the func field of scheduled tasks.
CVSS 6.5
bookcars 8.3 - Authenticated Unrestricted File Rename and Directory Traversal via /api/create-user
An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE).
CVSS 8.8
bookcars 8.3 - Authenticated Arbitrary File Upload and Remote Code Execution via /api/create-car-image
An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS 5.4
bookcars 8.3 - Authentication Bypass via Forged JWT Token
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
CVSS 9.8
bookcars 8.3 - Authenticated Privilege Escalation via User Type Modification
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.
CVSS 8.1
AgentChat 2.3.0 - Unauthenticated Information Disclosure via User Info Endpoint
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.
CVSS 7.5
Tenda US_W3V1.0BR 1.0.0.3 - Denial of Service via Go Parameter in ask_to_reboot
Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 7.5
Tenda W3 v1.0.0.3(2204) - Stack-based Buffer Overflow in formwrlSSIDset wl_radio Parameter
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 7.5
Tenda W3 v1.0.0.3(2204) - Denial of Service via wl_radio Parameter Overflow
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 6.5
Tenda W3 v1.0.0.3(2204) - Denial of Service via Go Parameter Stack Overflow
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 6.5
Tenda W3 v1.0.0.3(2204) - Denial of Service via formSetCfm Param_1 Stack Overflow
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS 6.5
Tenda O3 Wireless Router 1.0.0.5(4180) - Denial of Service via R7WebsSecurityHandler Username Parameter
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS 4.9
Tenda O3 Wireless Router 1.0.0.5(4180) - Multiple Stack Overflow via fromVirtualSer Parameters
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS 7.5
Tenda O3 Wireless Router 1.0.0.5(4180) - Stack Overflow in fromNetToolGet Domain Parameter
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS 7.5
Tenda O3 Wireless Router 1.0.0.5(4180) - Stack Overflow via fromNetToolGet ip Parameter
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a HTTP request.
CVSS 7.5
Tenda O3v3 1.0.0.5 - Denial of Service via formSetCfm save_list_data Parameter
Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS 7.5
Tenda W3 v1.0.0.3(2204) - Stack Overflow in formWifiRadioSet wl_radio Parameter
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS 7.5
Tenda W3 v1.0.0.3(2204) - Stack Overflow via formwrlSSIDset Parameters
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS 7.5
By Source