Writeup Exploits
63,677 exploits tracked across all sources.
libnested < 1.5.2 - Prototype Pollution via set Function
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930)
CVSS 7.5
set-in < 2.0.3 - Prototype Pollution via setIn Method
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049)
CVSS 8.6
pritunl-client-electron < 1.2.3019.52a - Local Privilege Escalation via CREATOR OWNER ACL
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
CVSS 7.8
Linux kernel <5.16.10 - Info Disclosure
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
CVSS 5.5
Realtek RtsPer/RtsUer Kernel Memory Leak via PCIe/USB Drivers
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
CVSS 5.5
classcms < 2.5 - Arbitrary File Upload and Remote Code Execution via Crafted .txt File
Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.
CVSS 7.8
Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E - Info Disclosure
Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information.
CVSS 7.5
seatd 0.6.0-0.6.3 - Privilege Escalation via User-Supplied Socket Pathname
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
CVSS 9.8
pdfkit < 0.8.7.2 - Command Injection via URL Parameter
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
CVSS 7.3
alibaba one-java-agent-plugin < 0.0.2 - Arbitrary File Write via Zip Slip Archive Extraction
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.
CVSS 6.9
fastjson < 1.2.83 - Deserialization of Untrusted Data via autoType Bypass
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
CVSS 8.1
snakeyaml < 1.31 - Denial of Service via Nested Collection Depth
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CVSS 7.5
terser < 4.8.1 and 5.0.0-5.14.2 - Regular Expression Denial of Service
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
CVSS 5.3
socket.io-client_java < 2.0.1 - NULL Pointer Dereference via Invalid Payload Format
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.
CVSS 7.5
protobufjs < 6.11.3 - Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files
CVSS 8.2
ONNX < 1.13.0 - Path Traversal via Tensor Proto External Data Field
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
CVSS 7.5
ONNX < 1.13.0 - Path Traversal via Tensor Proto External Data Field
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
CVSS 7.5
npmjs/semver <5.7.2 and >=7.0.0 <7.5.2 - Regular Expression Denial of Service via Range Function
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
CVSS 5.3
muhammara < 2.6.1, 3.0.0-3.1.1 and hummus - Denial of Service via Malicious PDF Parsing
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
CVSS 7.5
lite-dev-server - Path Traversal via req.url Input
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
CVSS 7.5
simple-git < 3.15.0 - Remote Code Execution via Ext Transport Protocol in Clone Method
The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306).
CVSS 8.1
mt7688-wiscan < 0.8.3 - OS Command Injection via wiscan.scan Function
Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.
CVSS 7.4
shescape >=1.5.10 <1.6.1 - Regular Expression Denial of Service via escapeArgBash Function
The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Regular Expression Denial of Service (ReDoS) via the escape function in index.js, due to the usage of insecure regex in the escapeArgBash function.
CVSS 5.3
exec-local-bin < 1.2.0 - OS Command Injection via theProcess() Function
Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization.
CVSS 7.4
ua-parser-js 0.7.30-0.7.32 and 0.8.1-1.0.32 - Regular Expression Denial of Service via trim() Function
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
CVSS 5.3
By Source