Writeup Exploits

63,622 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-37366 WRITEUP HIGH
ctparental < 4.45.03 - Cross-Site Request Forgery in Admin Panel
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.
CVSS 8.8
CVE-2021-37365 WRITEUP MEDIUM
CTparental < 4.45.03 - Cross-Site Scripting via 'cat' Query Parameter in bl_categories_help.php
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
CVSS 6.1
CVE-2021-37392 WRITEUP MEDIUM
RPCMS < 1.8 - Stored Cross-Site Scripting via Nickname Variable
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS.
CVSS 5.4
CVE-2021-37393 WRITEUP MEDIUM
rpcms < 1.8 - Stored Cross-Site Scripting via Nickname Variable
In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS.
CVSS 5.4
CVE-2021-37394 WRITEUP HIGH
rpcms < 1.8 - Unauthenticated Privilege Escalation via Role Parameter Manipulation
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.
CVSS 8.8
CVE-2021-37473 WRITEUP CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via products-order Parameter
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database.
CVSS 9.8
CVE-2021-37475 WRITEUP CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via template-properties-order Parameter
In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database.
CVSS 9.8
CVE-2021-37476 WRITEUP CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via Product ID Parameter
In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database.
CVSS 9.8
CVE-2021-37477 WRITEUP CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via children_order Parameter
In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database.
CVSS 9.8
CVE-2021-37478 WRITEUP CRITICAL
NavigateCMS < 2.9.4 - SQL Injection via block-order Parameter
In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database.
CVSS 9.8
CVE-2026-29043 WRITEUP MEDIUM
HDF5 H5T__ref_mem_setnull Heap Buffer Overflow
HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems.
CVSS 5.5
CVE-2026-34734 WRITEUP HIGH
HDF5: H5T__conv_struct Use After Free
HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term.
CVSS 7.8
CVE-2026-26200 WRITEUP HIGH
HDF5 < 1.14.4.2 - Heap Buffer Overflow via Crafted h5 File
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. Real-world exploitability of this issue in terms of remote-code execution is currently unknown. Version 1.14.4-2 fixes the issue.
CVSS 7.8
CVE-2025-7069 WRITEUP LOW
HDF5 1.14.6 - Heap-Based Buffer Overflow in H5FS__sect_link_size
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-7068 WRITEUP LOW
HDF5 1.14.6 - Memory Leak in H5FL__malloc
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-7067 WRITEUP LOW
HDF5 1.14.6 - Heap-Based Buffer Overflow in H5FS__sinfo_serialize_node_cb
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-6858 WRITEUP LOW
HDF5 <1.14.6 - Null Pointer Dereference
A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-6857 WRITEUP LOW
HDF5 1.14.6 - Stack-Based Buffer Overflow in H5G__node_cmp3 Function
A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-6856 WRITEUP LOW
HDF5 1.14.6 - Use-After-Free in H5FL__reg_gc_list
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-6818 WRITEUP LOW
HDF5 1.14.6 - Heap-Based Buffer Overflow in H5O__chunk_protect
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-6817 WRITEUP LOW
HDF5 1.14.6 - Uncontrolled Resource Consumption in H5C__load_entry
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource consumption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-6816 WRITEUP LOW
HDF5 1.14.6 - Heap-Based Buffer Overflow in H5O__fsinfo_encode
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-6750 WRITEUP LOW
HDF5 1.14.6 - Heap-Based Buffer Overflow in H5O__mtime_new_encode
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS 3.3
CVE-2025-6516 WRITEUP MEDIUM
HDF5 < 1.14.6 - Heap-Based Buffer Overflow in H5F_addr_decode_len
A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS 5.3
CVE-2025-6270 WRITEUP MEDIUM
HDF5 < 2.0.0 - Heap-Based Buffer Overflow in H5FS__sect_find_node
A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVSS 5.3