Writeup Exploits
62,994 exploits tracked across all sources.
Lua <= 5.4.0 - Heap-Based Buffer Over-Read via Stack Resize and Garbage Collection Interaction
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
CVSS 8.8
Artifex Ghostscript 9.50 and 9.52 - Memory Corruption via Non-Standard PostScript Operator
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
CVSS 9.8
bsdiff4 < 1.2.0 - Out-of-bounds Write via Crafted Patch File
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
CVSS 7.8
gnome_display_manager < 3.36.2 - Local Privilege Escalation via Unresponsive Accounts Daemon
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
CVSS 7.2
accountsservice < 0.6.55 - Denial of Service via Improper Privilege Management
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion.
CVSS 3.3
Roundcube Webmail < 1.3.15 and 1.4.8 - Stored Cross-Site Scripting via SVG in HTML Messages
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
CVSS 6.1
GoPro gpmf-parser 1.5 - Denial of Service via Division By Zero in GPMF_ScaledData()
GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.
CVSS 7.5
WSO2 Management Console <5.10 - XSS
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
CVSS 6.1
SEOWON INTECH SLC-130,SLR-120S - RCE
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
CVSS 9.8
Untangle Firewall NG <16.0 - Info Disclosure
Untangle Firewall NG before 16.0 uses MD5 for passwords.
CVSS 5.3
systemd < 245-rc1 - Use-After-Free via Asynchronous Polkit Queries
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
CVSS 7.8
FeiFeiCMS v4.1.190209 - Cross-Site Request Forgery via Admin Account Creation
A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.
CVSS 8.8
Gnuboard5 <=5.3.2.8 - SQL Injection
SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php.
CVSS 9.8
FHEM 6.0 - Local File Inclusion via FileLog_logWrapper File Parameter
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.
CVSS 7.5
Yellowfin Business Intelligence 7.3 - Stored Cross-Site Scripting via MIAdminStyles.i4 Admin UI
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.
CVSS 9.0
Yellowfin Business Intelligence 7.3 - Stored Cross-Site Scripting via MIAdminStyles.i4 Admin UI
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.
CVSS 5.4
uftpd 2.7-2.10 - Unauthenticated Directory Traversal via FTP Command Chroot Bypass
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.
CVSS 9.8
baigo CMS v4.0-beta-1 - Cross-Site Scripting via Profile Info Submission Form
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
CVSS 6.1
baigo CMS v4.0-beta-1 - Cross-Site Scripting via Profile Info Submission Form
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.
CVSS 6.1
baigoSSO 3.0.1 - Remote Code Execution via Configuration Screen Form Field
baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BG_SITE_NAME field in the opt_base.inc.php file.
CVSS 7.2
Pluck 4.7.10 - Remote Code Execution via Trashcan Restore Item File Upload
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
CVSS 7.2
libsixel < 1.8.4 - Denial of Service via Crafted PNG File
An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.
CVSS 6.5
libsixel < 1.8.4 - Denial of Service via Crafted PNG File
An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.
CVSS 6.5
libsixel < 1.8.5 - Denial of Service via Crafted PSD File
An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.
CVSS 6.5
libsixel < 1.8.5 - Denial of Service via Crafted PSD File
An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.
CVSS 6.5
By Source