Writeup Exploits

63,677 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-25352 WRITEUP HIGH
libnested < 1.5.2 - Prototype Pollution via set Function
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)
CVSS 7.5
CVE-2022-25354 WRITEUP HIGH
set-in < 2.0.3 - Prototype Pollution via setIn Method
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049)
CVSS 8.6
CVE-2022-25372 WRITEUP HIGH
pritunl-client-electron < 1.2.3019.52a - Local Privilege Escalation via CREATOR OWNER ACL
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
CVSS 7.8
CVE-2022-25375 WRITEUP MEDIUM
Linux kernel <5.16.10 - Info Disclosure
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
CVSS 5.5
CVE-2022-25479 WRITEUP MEDIUM
Realtek RtsPer/RtsUer Kernel Memory Leak via PCIe/USB Drivers
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
CVSS 5.5
CVE-2022-25581 WRITEUP HIGH
classcms < 2.5 - Arbitrary File Upload and Remote Code Execution via Crafted .txt File
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.
CVSS 7.8
CVE-2022-25584 WRITEUP HIGH
Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E - Info Disclosure
Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information.
CVSS 7.5
CVE-2022-25643 WRITEUP CRITICAL
seatd 0.6.0-0.6.3 - Privilege Escalation via User-Supplied Socket Pathname
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
CVSS 9.8
CVE-2022-25765 WRITEUP HIGH
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
CVSS 7.3
CVE-2022-25842 WRITEUP MEDIUM
alibaba one-java-agent-plugin < 0.0.2 - Arbitrary File Write via Zip Slip Archive Extraction
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.
CVSS 6.9
CVE-2022-25845 WRITEUP HIGH
fastjson < 1.2.83 - Deserialization of Untrusted Data via autoType Bypass
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
CVSS 8.1
CVE-2022-25857 WRITEUP HIGH
snakeyaml < 1.31 - Denial of Service via Nested Collection Depth
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CVSS 7.5
CVE-2022-25858 WRITEUP MEDIUM
terser < 4.8.1 and 5.0.0-5.14.2 - Regular Expression Denial of Service
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
CVSS 5.3
CVE-2022-25867 WRITEUP HIGH
socket.io-client_java < 2.0.1 - NULL Pointer Dereference via Invalid Payload Format
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.
CVSS 7.5
CVE-2022-25878 WRITEUP HIGH
protobufjs < 6.11.3 - Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files
CVSS 8.2
CVE-2022-25882 WRITEUP HIGH
ONNX < 1.13.0 - Path Traversal via Tensor Proto External Data Field
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
CVSS 7.5
CVE-2022-25882 WRITEUP HIGH
ONNX < 1.13.0 - Path Traversal via Tensor Proto External Data Field
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
CVSS 7.5
CVE-2022-25883 WRITEUP MEDIUM
npmjs/semver <5.7.2 and >=7.0.0 <7.5.2 - Regular Expression Denial of Service via Range Function
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
CVSS 5.3
CVE-2022-25892 WRITEUP HIGH
muhammara < 2.6.1, 3.0.0-3.1.1 and hummus - Denial of Service via Malicious PDF Parsing
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
CVSS 7.5
CVE-2022-25895 WRITEUP HIGH
lite-dev-server - Path Traversal via req.url Input
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
CVSS 7.5
CVE-2022-25912 WRITEUP HIGH
simple-git < 3.15.0 - Remote Code Execution via Ext Transport Protocol in Clone Method
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).
CVSS 8.1
CVE-2022-25916 WRITEUP HIGH
mt7688-wiscan < 0.8.3 - OS Command Injection via wiscan.scan Function
Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.
CVSS 7.4
CVE-2022-25918 WRITEUP MEDIUM
shescape >=1.5.10 <1.6.1 - Regular Expression Denial of Service via escapeArgBash Function
The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.
CVSS 5.3
CVE-2022-25923 WRITEUP HIGH
exec-local-bin < 1.2.0 - OS Command Injection via theProcess() Function
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.
CVSS 7.4
CVE-2022-25927 WRITEUP MEDIUM
ua-parser-js 0.7.30-0.7.32 and 0.8.1-1.0.32 - Regular Expression Denial of Service via trim() Function
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
CVSS 5.3