Writeup Exploits
63,687 exploits tracked across all sources.
npm 7.0.0-8.1.3 - Insufficient Verification of Data Authenticity in npm ci Command
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.
CVSS 9.0
npm 7.0.0-8.1.3 - Insufficient Verification of Data Authenticity in npm ci Command
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.
CVSS 9.0
npm 7.0.0-8.1.3 - Insufficient Verification of Data Authenticity in npm ci Command
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. NOTE: The npm team believes this is not a vulnerability. It would require someone to socially engineer package.json which has different dependencies than package-lock.json. That user would have to have file system or write access to change dependencies. The npm team states preventing malicious actors from socially engineering or gaining file system access is outside the scope of the npm CLI.
CVSS 9.0
npm < 6.14.6 - Information Exposure via Log File
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
CVSS 4.4
npm < 6.14.6 - Information Exposure via Log File
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
CVSS 4.4
npm < 6.13.4 - Arbitrary File Overwrite via Global Binary Installation
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of packages that also create a serve binary would overwrite the previous serve binary. This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVSS 7.7
npm < 6.13.3 - Arbitrary File Write via package.json bin Field
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVSS 7.7
npm CLI <6.13.3 - Arbitrary File Write
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.
CVSS 7.7
Nagios XI <= 5.8.5 - Open Redirect via Login Function
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
CVSS 6.1
Nagios XI <5.8.5 - Privilege Escalation
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
CVSS 6.5
Nagios XI <= 5.8.5 - Unauthenticated Email Address Change
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
CVSS 4.3
Nagios XI <= 5.8.5 - Authenticated Cross-Site Scripting in Schedule Report Function
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
CVSS 6.5
TiddlyWiki5 v5.2.2 - Arbitrary File Upload via Crafted SVG File
An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here.
CVSS 9.8
Werkzeug < 2.1.0 - HTTP Request Smuggling via Crafted Request Body
Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor's position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project
CVSS 9.8
Xampp for Windows <8.1.4 - Code Injection
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
CVSS 8.8
NETGEAR ProSafe SSL VPN - SQL Injection
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
CVSS 9.8
MISP < 2.4.158 - Deserialization of Untrusted Data via PHAR
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
CVSS 9.8
OWASP AntiSamy < 1.6.7 - Cross-Site Scripting via HTML Tag Smuggling in STYLE Content
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
CVSS 6.1
Linux Kernel < 5.17.3 - Use-After-Free via io_uring Timeout Race Condition
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
CVSS 7.0
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting via Signup Parameter
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.
CVSS 5.4
iSpy 7.2.2.0 - Remote Command Execution via Path Traversal
iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal.
CVSS 9.8
iSpy 7.2.2.0 - Remote Command Execution via Path Traversal
iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal.
CVSS 9.8
iSpyConnect iSpy 7.2.2.0 - Unauthenticated Authentication Bypass via Crafted URL
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.
CVSS 9.8
ZoneMinder < 1.36.13 - Remote Code Execution via Invalid Language Setting
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
CVSS 9.8
PRIMEUR SPAZIO 2.5.1.954 - Unauthenticated Sensitive Data Exposure via HTTP Request
The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.
CVSS 7.5
By Source