Writeup Exploits

62,922 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-52881 WRITEUP HIGH
runc <1.4.0-rc.2 - Privilege Escalation
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
CVSS 7.5
CVE-2025-7700 WRITEUP MEDIUM
FFmpeg - Denial of Service via ALS Audio Decoder Memory Allocation Failure
A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.
CVSS 5.3
CVE-2026-33079 WRITEUP HIGH
Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker who can supply Markdown for parsing to cause denial of service. The regular expression used for parsing link titles contains overlapping alternatives that can trigger catastrophic backtracking. In both the double-quoted and single-quoted branches, a backslash followed by punctuation can be matched either as an escaped punctuation sequence or as two ordinary characters, creating an ambiguous pattern inside a repeated group. If an attacker supplies Markdown containing repeated ! sequences with no closing quote, the regex engine explores an exponential number of backtracking paths. This is reachable through normal Markdown parsing of inline links and block link reference definitions. A small crafted input can therefore cause significant CPU consumption and make applications using Mistune unresponsive.
CVSS 7.5
CVE-2026-36358 WRITEUP MEDIUM
Juzaweb CMS 5.0.0 - Cross-Site Scripting via Add Banner Ads Function
Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function
CVSS 5.4
CVE-2026-7875 WRITEUP HIGH
NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling
NanoClaw version 1.2.0 and prior contains a host/container filesystem boundary vulnerability in outbound attachment handling and outbox cleanup that allows a compromised or prompt-injected container to read files outside the intended outbox directory by supplying crafted messages_out.id and content.files values or creating symlinked outbox files. Attackers can exploit this vulnerability to trigger host-side reads of arbitrary files and in some cases achieve recursive deletion of paths outside the intended cleanup target.
CVSS 8.8
CVE-2026-8026 WRITEUP LOW
FlowiseAI Flowise API Response account.service.ts login information disclosure
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.
CVSS 3.7
CVE-2026-8027 WRITEUP MEDIUM
FlowiseAI Flowise User Controller authorization
A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated remotely. The affected component should be upgraded.
CVSS 4.3
CVE-2026-8028 WRITEUP LOW
FlowiseAI Flowise Endpoint account.service.ts verify information disclosure
A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.
CVSS 3.7
CVE-2019-15637 WRITEUP HIGH
Tableau Server 10.5-10.5.17 - XML External Entity Injection via Workbook
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
CVSS 8.1
CVE-2019-15715 WRITEUP HIGH
MantisBT < 1.3.20 - Authenticated Remote Code Execution via Command Injection
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
CVSS 7.2
CVE-2019-15810 WRITEUP MEDIUM
Netdisco 2.042010 - Reflected Cross-Site Scripting via Device Search URL Parameter
Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter.
CVSS 6.1
CVE-2019-15912 WRITEUP HIGH
ASUS ZigBee Devices - Denial of Service via Trust Center Rejoin
An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.
CVSS 7.5
CVE-2019-15914 WRITEUP HIGH
Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM DoS via ZigBee Trust Center Rejoin
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks.
CVSS 7.5
CVE-2019-15949 WRITEUP HIGH
Nagios XI < 5.6.6 - Authenticated Remote Command Execution via getprofile.sh
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.
CVSS 8.8
CVE-2019-15954 WRITEUP CRITICAL
Total.js CMS 12.0.0 - Authenticated RCE
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
CVSS 9.9
CVE-2019-16097 WRITEUP MEDIUM
Harbor 1.7.0-1.8.2 - Privilege Escalation
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
CVSS 6.5
CVE-2019-7172 WRITEUP MEDIUM
ATutor <= 2.2.4 - Stored Cross-Site Scripting in Real Name Field
A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php.
CVSS 6.1
CVE-2019-16114 WRITEUP CRITICAL
ATutor < 2.2.4 - Unauthenticated Remote Code Execution via Database Configuration Manipulation
In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php.
CVSS 9.8
CVE-2017-6483 WRITEUP MEDIUM
ATutor < 2.2.2 - Cross-Site Scripting in Language Edit Page
Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS 6.1
CVE-2017-14981 WRITEUP MEDIUM
ATutor < 2.2.2 - Cross-Site Scripting via RSS Feed URL Parameter
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.
CVSS 5.4
CVE-2016-2555 WRITEUP CRITICAL
ATutor 2.2.1 - SQL Injection via searchFriends Function
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVSS 9.8
CVE-2016-2555 WRITEUP CRITICAL
ATutor 2.2.1 - SQL Injection via searchFriends Function
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVSS 9.8
CVE-2016-2539 WRITEUP HIGH
ATutor < 2.2.1 - Cross-Site Request Forgery via install_modules.php
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
CVSS 8.8
CVE-2016-10400 WRITEUP HIGH
ATutor < 2.2.1 - Path Traversal via Icon Parameter
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.
CVSS 7.5
CVE-2015-6521 WRITEUP MEDIUM
ATutor LMS 2.2 - Multiple Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.
CVSS 5.4