Inthewild Exploits
518 exploits tracked across all sources.
SolarWinds Web Help Desk - Hardcoded Credential
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVSS 9.1
SolarWinds Web Help Desk - Hardcoded Credential
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVSS 9.1
Veritas Netbackup < 8.1.2 - Path Traversal
In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
CVSS 9.8
Premmerce Permalink Manager <2.3.10 - Path Traversal
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through <= 2.3.10.
CVSS 8.3
ChatGPT个人专用版 - Server Side Request Forgery
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.
CVSS 5.8
Inperstton Slivery Extender <1.0.2 - Code Injection
Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Slivery Extender slivery-extender allows Remote Code Inclusion.This issue affects Slivery Extender: from n/a through <= 1.0.2.
CVSS 8.5
QNAP OS - Buffer Overflow
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
CVSS 7.2
L2/L3 Management service - Buffer Overflow
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVSS 9.8
Microsoft Exchange Server - Untrusted Search Path
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 8.8
Microsoft Exchange Server - Untrusted Search Path
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 8.8
Microsoft Exchange Server - Untrusted Search Path
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 8.8
Microsoft Windows 11 22h2 < 10.0.22621.3296 - Buffer Over-read
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVSS 5.5
Microsoft Windows 11 22h2 < 10.0.22621.3296 - Buffer Over-read
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVSS 5.5
Qnap Qts < 4.5.4.2627 - Authentication Bypass
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
CVSS 9.8
Ivanti Connect Secure - Out-of-Bounds Write
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
CVSS 9.8
NPM Jsonpath-plus < 10.2.0 - Code Injection
All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.
**Note:**
There were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226).
CVSS 9.8
NPM Mysql2 < 3.9.4 - Code Injection
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
CVSS 9.8
Microsoft Sharepoint Server - Use After Free
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS 7.8
Microsoft Sharepoint Server - Use After Free
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS 7.8
Skype < 8.113 - Remote Code Execution
Skype for Consumer Remote Code Execution Vulnerability
CVSS 8.8
Microsoft Exchange Server - Authentication Bypass
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS 9.8
Microsoft Exchange Server - Authentication Bypass
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS 9.8
Microsoft Windows 10 1507 < 10.0.10240.20526 - Use After Free
Windows Hyper-V Remote Code Execution Vulnerability
CVSS 8.1
Microsoft Confidental Containers < 0.3.3 - Path Traversal
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
CVSS 9.0
Microsoft 365 Apps - Code Injection
Microsoft Outlook Remote Code Execution Vulnerability
CVSS 8.8
By Source