Writeup Exploits
62,992 exploits tracked across all sources.
Sourcegraph < 3.15.1 - Open Redirect via SafeRedirectURL Validation Bypass
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.
CVSS 6.1
G.SKILL Trident Z Lighting Control <1.00.08 - Privilege Escalation
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM.
CVSS 7.8
php-fusion 9.03.50 - SQL Injection via members.php sort_order Parameter
PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query.
CVSS 8.8
fastecdsa < 2.1.2 - Improper Verification of Cryptographic Signature
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a usability problem. There are some threat models where an attacker can benefit by successfully guessing users for whom signature verification will fail.
CVSS 7.5
SolarWinds MSP PME <1.1.15 - Code Execution
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.
CVSS 7.8
Roundcube Webmail < 1.4.4 - Stored Cross-Site Scripting via HTML Message CDATA
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
CVSS 6.1
osTicket < 1.14.2 - Stored Cross-Site Scripting via SLA Name
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
CVSS 5.4
Roundcube Webmail <1.4.4 - Path Traversal
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.
CVSS 9.8
Roundcube Webmail < 1.4.4 - Remote Code Execution via Shell Metacharacters in Image Configuration
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
CVSS 9.8
php-fusion 9.03.50 - Cross-Site Scripting via FAQ or Shoutbox Admin Panel go Parameter
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
CVSS 5.4
LeptonCMS 4.5.0 - Stored Cross-Site Scripting via Event Handler Injection
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.
CVSS 6.1
HashiCorp Consul <1.6.6-1.7.4 - DoS
HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.
CVSS 7.5
nystudio107 SEOmatic < 3.2.49 - Server-Side Template Injection via Twig Template
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
CVSS 7.5
HashiCorp Consul <1.6.6-1.7.4 - Info Disclosure
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
CVSS 5.3
Gossipsub 1.0 - Invalid Message Spam Resistance Bypass
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVSS 9.8
OpenTrace <v1.0.17 - Info Disclosure
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.
CVSS 9.8
Dolibarr < 11.0.4 - Cross-Site Scripting
Dolibarr before 11.0.4 allows XSS.
CVSS 5.4
HashiCorp Consul <1.6.6-1.7.4 - Privilege Escalation
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
CVSS 7.5
Sysax Multi Server 6.90 - Reflected Cross-Site Scripting via SCGI SID Parameter
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
CVSS 6.1
HashiCorp Consul <1.6.6, <1.7.4 - DoS
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
CVSS 7.5
GitLab CE/EE <13.0.5 - Info Disclosure
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
CVSS 6.3
OpenSIS < 7.5 - Cross-Site Scripting via SideForStudent.php modname Parameter
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter.
CVSS 6.1
OpenSIS Community Edition < 7.6 - Unauthenticated Arbitrary Password Reset via ResetUserInfo.php
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.
CVSS 7.5
openSIS <= 7.4 - SQL Injection
openSIS through 7.4 allows SQL Injection.
CVSS 9.8
FreeRDP < 2.1.1 - Out-of-bounds Read in NTLM Challenge Message
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
CVSS 7.1
By Source