Writeup Exploits
63,677 exploits tracked across all sources.
simple-git <3.5.0 - Command Injection
The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover.
CVSS 8.1
Linux kernel <5.16.4 - Privilege Escalation
kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.
CVSS 7.8
TimescaleDB <2.5.2 - Privilege Escalation
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.)
CVSS 8.0
Hospital Management System v4.0 - SQL Injection
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php.
CVSS 7.5
BoltWire 7.10 and 8.00 - Cross-Site Scripting via Name and Lastname Parameters
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
CVSS 6.1
BoltWire 7.10 and 8.00 - Cross-Site Scripting via Name and Lastname Parameters
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters.
CVSS 6.1
Hospital Management System v4.0 - SQL Injection
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVSS 9.8
Victor CMS 1.0 - SQL Injection via user_firstname Parameter
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter.
CVSS 8.8
Gibbon CMS 22.0.01 - Stored Cross-Site Scripting via Name, Category, or Description Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.
CVSS 5.4
mozilocms 2.0 - Path Traversal via curent_dir Parameter
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir.
CVSS 9.1
Gibbon CMS v22.0.01 - Cross-Site Scripting via Name Parameters
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters.
CVSS 4.8
node-opcua < 2.74.0 - Denial of Service via Multiple CloseSession Requests
The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
CVSS 7.5
git-pull-or-clone <2.0.2 - Command Injection
The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection.
CVSS 9.8
GitPython <3.1.30 - Remote Code Execution via Malicious Clone URL
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
CVSS 8.1
Linux kernel <5.16.5 - Info Disclosure
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
CVSS 3.3
Genixcms 1.1.11 - Stored Cross-Site Scripting via intro_title and intro_image Parameters
In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.
CVSS 5.4
PluXml 5.8.7 - Stored Cross-Site Scripting via Author Parameter
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
CVSS 5.4
PluXml 5.8.7 - Stored Cross-Site Scripting via Categories Content and Thumbnail Parameters
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
CVSS 5.4
PluXml 5.8.7 - Stored Cross-Site Scripting in Media Management Component
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
CVSS 5.4
Flatpress v1.2.1 - Stored Cross-Site Scripting via SVG File Upload
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function.
CVSS 5.4
burden v3.0 - Stored Cross-Site Scripting in Add Category Function via Task Parameter
Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter.
CVSS 6.1
BackdropCMS 1.21.1 - Stored Cross-Site Scripting in Add Link Function
A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML.
CVSS 5.4
ZZ Inc. KeyMouse <=3.08 - Unauthenticated Update Code Execution
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.
CVSS 8.8
Anuko Time Tracker <1.20.0.5642 - SQL Injection
Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input.
CVSS 7.4
Weblate < 4.11 - Stored Cross-Site Scripting via User Name and Language Fields
Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed in the 4.11 release. Users unable to upgrade are advised to add their own neutralize logic.
CVSS 5.4
By Source