Exploitdb Exploits
49,989 exploits tracked across all sources.
Kaine Wise Chat < 2.7 - Open Redirect
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
by MTK
CVSS 6.1
Lua - Use After Free
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
by Fady Mohammed Osman
CVSS 7.5
Apple Iphone OS < 12.1.3 - Out-of-Bounds Write
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.
by Google Security Research
CVSS 7.8
Cisco Rv320 Firmware < 1.4.2.22 - OS Command Injection
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
by RedTeam Pentesting
CVSS 7.2
ImpressCMS 1.3.11 SQL Injection via bid Parameter
ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send POST requests to the admin.php endpoint with malicious 'bid' values containing SQL commands to extract sensitive database information.
by Mehmet Onder
CVSS 7.1
SimplePress CMS 1.0.7 SQL Injection via p and s Parameters
SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution
by Lee Mazzoleni
Joomla! Component JHotelReservation 6.0.7 - SQL Injection
by Ihsan Sencan
Joomla! Component J-CruisePortal 6.0.4 - SQL Injection
by Ihsan Sencan
Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)
by Saeed Hasanzadeh
Artifex Ghostscript < 9.26 - Remote Code Execution
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
by Google Security Research
CVSS 7.8
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
by Metasploit
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
by Metasploit
Zyxel Nbg-418n Firmware - CSRF
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
by Ali Can Gönüllü
CVSS 8.8
Alliedtelesis 8100l/8 Firmware - XSS
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
by AkkuS
CVSS 6.1
Nagios XI Magpie_debug.php Root Remote Code Execution
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
by Chris Lyne
CVSS 9.8
Microsoft Windows CONTACT - HTML Injection / Remote Code Execution
by hyp3rlinx
Joomla! Component vBizz 1.0.7 - Remote Code Execution
by Ihsan Sencan
Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection
by Ihsan Sencan
Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection
by Ihsan Sencan
By Source