Writeup Exploits
63,677 exploits tracked across all sources.
easy-static-server - Path Traversal via req.url Input
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
CVSS 7.5
servst < 2.0.3 - Path Traversal via Improper File Path Sanitization
Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.
CVSS 7.5
liquidjs < 10.0.0 - Information Exposure via Prototype Property Leak
The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided.
CVSS 5.3
eta < 2.0.0 - Remote Code Execution via Express Render API View Options
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API.
**Note:** This is exploitable only for users who are rendering templates with user-defined data.
CVSS 8.1
vim/vim <9.0.0061 - Buffer Overflow
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVSS 7.8
Duplicator <1.4.7 - Info Disclosure
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
CVSS 7.5
Duplicator < 1.4.7.1 - Information Disclosure
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
CVSS 5.3
com.diffplug.gradle:goomph <3.37.2 - Code Injection
This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious.
CVSS 5.3
MODX Revolution <2.8.3-pl - Authenticated RCE
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator.
CVSS 7.2
Ametys CMS <4.5.0 - Info Disclosure
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
CVSS 5.3
Victor CMS 1.0 - SQL Injection
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability.
CVSS 9.8
Contao Managed Edition <1.5.0 - RCE
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
CVSS 9.8
Suzuki Connect <1.0.15 - Info Disclosure
Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.
CVSS 4.6
Abantecart <= 1.3.2 - Authenticated Remote Code Execution via Media Manager Image Upload
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
CVSS 7.2
SoroushPlus+ Messenger <1.0.30 - Auth Bypass
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.
CVSS 9.1
Teampass 2.1.26 - Reflected Cross-Site Scripting via index.php PATH_INFO
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.
CVSS 6.1
SimpleMachinesForum <2.1.1 - Authenticated RCE
SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. NOTE: the vendor's position is that administrators are intended to have the ability to modify themes, and can thus choose any PHP code that they wish to have executed on the server.
CVSS 7.2
ImpressCMS < 1.4.3 - SQL Injection
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to compromise the entire system.
CVSS 7.2
Openvswitch kernel module - Memory Corruption
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS 7.8
bookwyrm-social/bookwyrm <0.4.5 - Auth Bypass
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.
CVSS 9.8
Interview Management System 1.0 - Cross-Site Scripting via addQuestion.php Question Parameter
A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability.
CVSS 3.5
ecjia-daojia 1.38.1-20210202629 - Information Leakage via Installer Helper
ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors)
CVSS 7.5
InMailX 3.21.0601-3.22.0101 - Cross-Site Scripting in Outlook Tab Connection Name
InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.
CVSS 5.4
xpdf 4.03 - Heap Buffer Overflow in readXRefTable via Crafted PDF File
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
CVSS 5.5
LiteCart < 2.4.2 - Cross-Site Scripting
Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVSS 6.1
By Source