Writeup Exploits
63,449 exploits tracked across all sources.
grunt < 1.3.0 - Arbitrary Code Execution via Insecure YAML Deserialization
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML.
CVSS 7.1
node-pdf-generator - Server-Side Request Forgery via Unsanitized URL Content
This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack.
CVSS 8.2
hello.js < 1.18.6 - Cross-Site Scripting via oauth_redirect URL Parameter
This affects the package hellojs before 1.18.6. The code get the param oauth_redirect from url and pass it to location.assign without any check and sanitisation. So we can simply pass some XSS payloads into the url param oauth_redirect, such as javascript:alert(1).
CVSS 9.9
mathjs < 7.5.1 - Prototype Pollution via deepExtend Function
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
CVSS 7.3
lightning-server - Cross-Site Scripting in Session Controller
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.
CVSS 6.3
Ts.ed < 5.65.7 - Prototype Pollution
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CVSS 5.6
scratch-svg-renderer < 0.2.0-prerelease.20201019174008 - Cross-Site Scripting via SVG Injection in loadString
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
CVSS 9.6
systeminformation < 4.27.11 - OS Command Injection via curl Parameter Concatenation
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVSS 8.8
browserless/chrome < 1.40.2 - Path Traversal via Workspace Endpoint
This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server.
CVSS 7.5
nodemailer <6.4.16 - Command Injection
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
CVSS 8.6
doc-path < 2.1.2 - Remote Code Execution via Untrusted Input
This affects the package doc-path before 2.1.2.
CVSS 7.5
phpoffice/phpspreadsheet <0.0.0 - XSS
This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as HTML. A fix for this issue is available on commit 0ed5b800be2136bcb8fa9c1bdf59abc957a98845/master branch.
CVSS 7.1
Package Systeminformation <4.30.2 - Code Injection
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVSS 7.3
Package Systeminformation <4.30.2 - Code Injection
This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands.
CVSS 7.3
mout < 1.2.3 - Prototype Pollution via deepFillIn and deepMixIn Functions
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.
CVSS 7.5
get-npm-package-version <1.0.7 - Command Injection
The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.
CVSS 7.3
JFrog Artifactory <5.11.8 and 6.8.0-6.8.17 - Remote Code Execution via FreeMarker Template Processing
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template.
CVSS 8.8
Dota 2 < 7.23f - Remote Code Execution via Crafted Map in GetValue Call
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.
CVSS 7.8
Notepad++ < 7.7 - Remote Code Execution or Denial of Service via Crafted .ml File
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVSS 7.8
Counter-Strike: Global Offensive <1.37.1.1 - RCE/DoS
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.
CVSS 8.8
LabVantage LIMS 8.3 - Info Disclosure
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.
CVSS 5.3
Adive Framework 2.0.8 - Stored Cross-Site Scripting via userUsername Parameter
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
CVSS 6.1
Adive Framework 2.0.8 - Stored Cross-Site Scripting via User Add Function
Adive Framework 2.0.8 has admin/user/add userName XSS.
CVSS 6.1
Adive Framework 2.0.8 - Cross-Site Request Forgery in Admin Config
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
CVSS 8.8
Gollem < 3.0.13 - Reflected Cross-Site Scripting via HTTP GET dir Parameter
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVSS 6.1
By Source