Writeup Exploits
63,697 exploits tracked across all sources.
NETGEAR ProSafe SSL VPN - SQL Injection
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
CVSS 9.8
MISP < 2.4.158 - Deserialization of Untrusted Data via PHAR
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
CVSS 9.8
OWASP AntiSamy < 1.6.7 - Cross-Site Scripting via HTML Tag Smuggling in STYLE Content
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
CVSS 6.1
Linux Kernel < 5.17.3 - Use-After-Free via io_uring Timeout Race Condition
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
CVSS 7.0
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting via Signup Parameter
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.
CVSS 5.4
iSpy 7.2.2.0 - Remote Command Execution via Path Traversal
iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal.
CVSS 9.8
iSpy 7.2.2.0 - Remote Command Execution via Path Traversal
iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal.
CVSS 9.8
iSpyConnect iSpy 7.2.2.0 - Unauthenticated Authentication Bypass via Crafted URL
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.
CVSS 9.8
ZoneMinder < 1.36.13 - Remote Code Execution via Invalid Language Setting
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
CVSS 9.8
PRIMEUR SPAZIO 2.5.1.954 - Unauthenticated Sensitive Data Exposure via HTTP Request
The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.
CVSS 7.5
Linux kernel <5.17.5 - Info Disclosure
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.
CVSS 7.8
WP-UserOnline <= 2.88.0 - Authenticated Stored Cross-Site Scripting in Naming Conventions
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS 5.5
GitLab GitHub Repo Import Deserialization RCE
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
CVSS 9.9
Tenda AX1803 v1.0.0.1_2890 - Buffer Overflow via NTP Server Parameter in SetSysTimeCfg
Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service.
CVSS 7.5
WBCE CMS 1.5.2 - Cross-Site Scripting via namesection2 Parameter
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
CVSS 5.4
WBCE CMS 1.5.2 - Stored Cross-Site Scripting via User Save Endpoint
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.
CVSS 5.4
PyScript <2022-05-04 - Info Disclosure
pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.
CVSS 7.5
SQUIRREL 3.2 - Heap-based Buffer Overflow in sqbaselib.cpp
Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.
CVSS 10.0
Joyebike Wolf 2022 Firmware - Denial of Service via RF Key Fob Request Jamming
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.
CVSS 6.8
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 - SQL Injection via search_product.php Keyword Parameter
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.
CVSS 9.8
food-order-and-table-reservation-system 1.0 - SQL Injection via catid Parameter
Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters.
CVSS 9.8
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 - Cross-Site Scripting via ctg_name Parameter
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters.
CVSS 4.8
WAVLINK WN535 G3 - Cross-Site Scripting via Hostname Parameter
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
CVSS 6.1
Reprise License Manager 14.2bl4-16.0 - Cross-Site Scripting via Signing Form Password Field
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.
CVSS 6.1
isic.lk < 2018-02-13 - Unrestricted File Upload via TinyMCE File Manager
File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.
CVSS 7.2
By Source