Exploitdb Exploits
49,996 exploits tracked across all sources.
Microsoft Edge < 1.8.3 - Out-of-Bounds Write
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
by Google Security Research
CVSS 7.5
iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
by AkkuS
Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting
by L0RD
Siemens Simatic S7 Cpu 1200 Firmware - XSS
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by t4rkd3vilz
AF_PACKET chocobo_root Privilege Escalation
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
by Metasploit
CVSS 7.8
Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read
by Paul Taylor
Siemens Simatic S7-1500 Cpu Firmware < 1.5.1 - Denial of Service
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
by t4rkd3vilz
Frappe Erpnext - XSS
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
by Veerababu Penugonda
CVSS 6.1
Intel Atom C < 3.1 - Information Disclosure
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
by Google Security Research
CVSS 5.5
Makemytrip - Cleartext Storage
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
by Divya Jain
CVSS 6.5
Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hijack user sessions and gain unauthorized access to the PACS system.
by Safak Aslan
CVSS 5.3
Teradek VidiU Pro 3.0.3 - CSRF
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
by LiquidWorm
CVSS 4.3
Teradek VidiU Pro 3.0.3 - SSRF
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
by LiquidWorm
CVSS 6.5
Teradek Cube 7.3.6 - CSRF
Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface.
by LiquidWorm
CVSS 4.3
Teradek Slice 7.3.15 - CSRF
Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user visits the page.
by LiquidWorm
CVSS 4.3
By Source