Writeup Exploits
63,466 exploits tracked across all sources.
hosted-git-info < 2.8.9 - Regular Expression Denial of Service via shortcutMatch
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
CVSS 5.3
kill-by-port < 0.0.2 - OS Command Injection via Unsanitized Input to killByPort Function
This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVSS 6.3
browserslist 4.0.0-4.16.5 - Regular Expression Denial of Service
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
CVSS 5.3
tyk-identity-broker < 1.1.1 - Authentication Bypass via Go XML Parser
The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip (encoding/decoding XML data).
CVSS 4.8
postcss 7.0.0-7.0.35 - Regular Expression Denial of Service in Source Map Parsing
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
CVSS 5.3
handlebars < 4.7.7 - Remote Code Execution via Untrusted Template Compilation
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS 5.6
handlebars < 4.7.7 - Prototype Pollution via Template Compilation
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
CVSS 5.6
trailing-slash < 2.0.1 - Open Redirect via Trailing Double Slashes
The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::createTrailing(), as the web server uses relative URLs instead of absolute URLs.
CVSS 5.4
total.js < 3.4.9 - Remote Code Execution via U.set() and U.get() Functions
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVSS 9.8
total4 < 0.0.43 - Remote Code Execution via U.set() and U.get() Functions
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVSS 9.8
elFinder: Command injection in resize background color parameter when using ImageMagick CLI
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg (background color) parameter is accepted from user input and passed through image resize/rotate processing. In configurations that use the ImageMagick CLI backend, this value is incorporated into shell command strings without sufficient escaping. An attacker able to invoke the resize command with a crafted bg value may achieve arbitrary command execution as the web server process user. This vulnerability is fixed in 2.1.67.
CVSS 9.8
Studio-42 elFinder 2.1.62 - Stored Cross-Site Scripting via Filename Restriction Bypass
Studio-42 eLfinder 2.1.62 contains a filename restriction bypass leading to a persistent Cross-site Scripting (XSS) vulnerability.
CVSS 6.1
Studio-42 elFinder 2.1.62 - Remote Code Execution via Unrestricted .php8 File Upload
Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension.
CVSS 9.8
elFinder < 2.1.62 - Path Traversal via LocalVolumeDriver Connector
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
CVSS 6.5
Studio-42 elFinder < 2.1.61 - Remote Code Execution via File Upload
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
CVSS 9.8
Studio-42 elFinder 2.0.4-2.1.59 - Unauthenticated Arbitrary File Upload via connector.minimal.php
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.
CVSS 9.8
elFinder < 2.1.59 - Remote Code Execution via Archive Command Injection
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.
CVSS 9.8
elFinder < 2.1.58 - Remote Code Execution via .phar File Upload
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVSS 8.1
elFinder < 2.1.58 - Remote Code Execution via .phar File Upload
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVSS 8.1
elFinder < 2.1.58 - Remote Code Execution via .phar File Upload
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVSS 8.1
elFinder < 2.1.48 - OS Command Injection in PHP Connector
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVSS 9.8
elFinder < 2.1.48 - OS Command Injection in PHP Connector
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVSS 9.8
elFinder < 2.1.48 - OS Command Injection in PHP Connector
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVSS 9.8
elFinder < 2.1.46 - Server-Side Request Forgery via get_remote_contents()
A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. This occurs in get_remote_contents() in php/elFinder.class.php.
CVSS 7.7
elFinder < 2.1.45 - Information Exposure via PHP curl Extension
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set.
CVSS 5.9
By Source