Writeup Exploits

60,101 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-25015 WRITEUP MEDIUM
Icehrm - XSS
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.
CVSS 5.4
CVE-2022-25014 WRITEUP MEDIUM
Icehrm - XSS
Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link.
CVSS 6.1
CVE-2022-25013 WRITEUP MEDIUM
Icehrm - XSS
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.
CVSS 6.1
CVE-2018-12420 WRITEUP HIGH
IceHrm <23.0.1.OS - Info Disclosure
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.
CVSS 7.5
CVE-2024-46076 WRITEUP CRITICAL
Ruoyi < 4.7.9 - Code Injection
RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.
CVSS 9.8
CVE-2024-46209 WRITEUP MEDIUM
Redaxo - XSS
A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.
CVSS 5.4
CVE-2024-46209 WRITEUP MEDIUM
Redaxo - XSS
A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter.
CVSS 5.4
CVE-2024-46210 WRITEUP HIGH
Redaxo - Unrestricted File Upload
An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS 7.2
CVE-2024-46215 WRITEUP MEDIUM
KM08-708H-v1.1 - Buffer Overflow
A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.
CVSS 6.5
CVE-2024-46237 WRITEUP MEDIUM
Phpgurukul Hospital Management System - XSS
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.
CVSS 5.4
CVE-2024-46258 WRITEUP HIGH
Randygaul Cute Png - Out-of-Bounds Write
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h.
CVSS 7.8
CVE-2024-46259 WRITEUP HIGH
Randygaul Cute Png - Out-of-Bounds Write
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h.
CVSS 7.8
CVE-2024-46261 WRITEUP HIGH
Randygaul Cute Png - Out-of-Bounds Write
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h.
CVSS 7.8
CVE-2024-46263 WRITEUP HIGH
Randygaul Cute Png - Out-of-Bounds Write
cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h.
CVSS 7.8
CVE-2024-46264 WRITEUP HIGH
Randygaul Cute Png - Out-of-Bounds Write
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h.
CVSS 7.8
CVE-2024-46267 WRITEUP HIGH
Randygaul Cute Png - Out-of-Bounds Write
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h.
CVSS 7.8
CVE-2024-46274 WRITEUP HIGH
Randygaul Cute Png - Out-of-Bounds Write
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h.
CVSS 7.8
CVE-2024-46276 WRITEUP HIGH
Randygaul Cute Png - Out-of-Bounds Write
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h.
CVSS 7.8
CVE-2024-46278 WRITEUP HIGH
Sismics Teedy - XSS
Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
CVSS 8.4
CVE-2024-46377 WRITEUP CRITICAL
Mayurik Best House Rental Management System - Unrestricted File Upload
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.
CVSS 9.8
CVE-2024-46451 WRITEUP CRITICAL
Totolink T8 Firmware - Buffer Overflow
TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter.
CVSS 9.8
CVE-2024-46452 WRITEUP MEDIUM
VigyBag Open Source Online Shop <commit 3f0e21b - SSRF
A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL.
CVSS 6.1
CVE-2024-46479 WRITEUP CRITICAL
Venki Supravizio Bpm < 18.0.1 - Unrestricted File Upload
Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.
CVSS 9.9
CVE-2024-46480 WRITEUP HIGH
Venki Supravizio Bpm < 18.0.1 - Insufficiently Protected Credentials
An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system.
CVSS 8.4
CVE-2024-46481 WRITEUP HIGH
Venki Supravizio Bpm < 18.1.1 - Open Redirect
The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.
CVSS 7.2
By Source
All 60,101 Writeup 60,101 Exploitdb 49,996 Nomisec 21,648 Metasploit 3,219 Github 2,559 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,937 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24