Exploit Database
145,874 exploits tracked across all sources.
qutebrowser 0.11.0-1.3.2 - Stored Cross-Site Scripting via History Page Title Attribute
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).
CVSS 6.1
Bouncy Castle Java Cryptography APIs <1.60 - Unsafe Reflection in XMSS/XMSS^MT Private Key Deserialization
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CVSS 9.8
LimeSurvey < 3.14.4 - Authenticated Remote Code Execution via Malicious ZIP Archive Upload
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that can be called under certain circumstances. This vulnerability appears to have been fixed in after commit 91d143230eb357260a19c8424b3005deb49a47f7 / version 3.14.4.
CVSS 8.8
Square Retrofit <2.5.0 - Path Traversal
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.
CVSS 7.5
Plexus-archiver <3.6.0 - Path Traversal
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
Plexus-archiver <3.6.0 - Path Traversal
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
zt-zip < 1.13 - Path Traversal via Zip Archive Entry Extraction
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
zt-zip < 1.13 - Path Traversal via Zip Archive Entry Extraction
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
zip4j < 1.3.3 - Path Traversal via Zip Archive Entry Extraction
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 6.5
QuaZIP < 0.7.6 - Path Traversal via Zip Archive Entry Extraction
QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725.
CVSS 9.8
Dolibarr < 7.0.2 - SQL Injection via Integer Parameter
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
CVSS 9.8
Dolibarr < 7.0.2 - Cross-Site Scripting via foruserlogin Parameter
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
CVSS 6.1
Ericsson-LG iPECS NMS A.1Ac - Auth Bypass
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
CVSS 9.8
Ericsson-LG iPECS NMS A.1Ac - Info Disclosure
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
CVSS 8.8
ILIAS 5.1.0-5.3.3 - Cross-Site Scripting via Invalid Date Input
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
CVSS 6.1
Responsive Cookie Consent <1.8 - XSS
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
CVSS 5.4
Catapult UK Cookie Consent <2.3.10 - XSS
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
CVSS 5.4
BigTree CMS < 4.2.22 - Stored Cross-Site Scripting via Users Management Page
BigTree before 4.2.22 has XSS in the Users management page via the name or company field.
CVSS 5.4
user_project/user and rainlab/user-plugin < 1.5.0 - Stored Cross-Site Scripting in Name Field
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
CVSS 6.1
wunderfarm WF Cookie Consent 1.1.3 - Stored Cross-Site Scripting via Page Title
An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a page title.
CVSS 6.1
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via Module Import XML Package
In CMS Made Simple (CMSMS) through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.
CVSS 7.2
ILIAS 5.3.4 - Cross-Site Scripting via PHP_SELF in shib_logout.php
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
CVSS 6.1
Call of Duty Modern Warfare 2 < 2018-04-26 - Remote Code Execution via Stack-Based Buffer Overflow
Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
CVSS 10.0
KONGTOP A303 A403 D303 D305 D403 Firmware - Unauthenticated Sensitive Information Exposure via Print_Password Function
KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances.
CVSS 9.8
By Source