Exploit Database

140,114 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-39205 WRITEUP CRITICAL
pyload-ng <0.5.0b3.dev85 - RCE
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
CVSS 9.8
CVE-2024-32880 WRITEUP CRITICAL
Pyload < 0.5.0 - Unrestricted File Upload
pyload is an open-source Download Manager written in pure Python. An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution. There is no fix available at the time of publication.
CVSS 9.1
CVE-2024-24808 WRITEUP MEDIUM
pyLoad - Open Redirect
pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.
CVSS 4.7
CVE-2024-22416 WRITEUP CRITICAL
pyLoad <0.5.0b3 - CSRF
pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.
CVSS 9.6
CVE-2024-22416 WRITEUP CRITICAL
pyLoad <0.5.0b3 - CSRF
pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.
CVSS 9.6
CVE-2024-22416 WRITEUP CRITICAL
pyLoad <0.5.0b3 - CSRF
pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.
CVSS 9.6
CVE-2024-21645 WRITEUP MEDIUM
Pyload < 0.4.9 - Injection
pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77.
CVSS 5.3
CVE-2024-21644 WRITEUP HIGH
Pyload < 0.4.9 - Improper Access Control
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.
CVSS 7.5
CVE-2024-21644 WRITEUP HIGH
Pyload < 0.4.9 - Improper Access Control
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.
CVSS 7.5
CVE-2023-47890 WRITEUP HIGH
Pyload < 0.5.0b3.dev75 - Path Traversal
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.
CVSS 8.8
CVE-2023-0297 WRITEUP CRITICAL
pyLoad js2py Python Execution
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
CVSS 9.8
CVE-2024-39205 WRITEUP CRITICAL
pyload-ng <0.5.0b3.dev85 - RCE
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
CVSS 9.8
CVE-2024-39207 WRITEUP HIGH
lua-shmem <1.0-1 - Buffer Overflow
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.
CVSS 8.2
CVE-2024-39208 WRITEUP CRITICAL
luci-app-lucky v2.8.3 - Info Disclosure
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
CVSS 9.8
CVE-2024-39209 WRITEUP MEDIUM
luci-app-sms-tool <1.9.6 - Command Injection
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter.
CVSS 6.3
CVE-2024-39211 WRITEUP MEDIUM
Kaiten 57.128.8 - Info Disclosure
Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists.
CVSS 5.3
CVE-2024-39223 WRITEUP CRITICAL
Ginuerzh Gost - IDOR
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey
CVSS 9.8
CVE-2024-39249 WRITEUP HIGH
Async <3.2.5 - DoS
Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.
CVSS 7.5
CVE-2024-39302 WRITEUP LOW
BigBlueButton - Privilege Escalation
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.
CVSS 3.7
CVE-2024-39304 WRITEUP HIGH
Churchcrm < 5.9.2 - SQL Injection
ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue.
CVSS 8.8
CVE-2024-39305 WRITEUP MEDIUM
Envoy - Use After Free
Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be immediately apparent if it was configured. Memory allocated for holding attribute values is freed after configuration was parsed. During request processing Envoy will attempt to copy content of de-allocated memory into request cookie header. This can lead to arbitrary content of Envoy's memory to be sent to the upstream service or abnormal process termination. This vulnerability is fixed in Envoy versions v1.30.4, v1.29.7, v1.28.5, and v1.27.7. As a workaround, do not use cookie attributes in route action hash policy.
CVSS 6.5
CVE-2024-39308 WRITEUP MEDIUM
Rails Admin < 2.3.0 - XSS
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
CVSS 5.4
CVE-2024-39309 WRITEUP CRITICAL
NPM Parse-server < 6.5.7 - SQL Injection
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available.
CVSS 9.8
CVE-2024-39317 WRITEUP MEDIUM
Wagtail < 5.2.6 - Denial of Service
Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.
CVSS 6.5
CVE-2024-39319 WRITEUP MEDIUM
Aimeos Frontend Controller < 2020.10.15 - IDOR
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
CVSS 5.3
By Source
All 140,114 Writeup 60,101 Exploitdb 49,996 Nomisec 21,652 Metasploit 3,219 Github 2,560 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,937 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24