Exploit Database

146,719 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-20834 WRITEUP HIGH
node-tar < 2.2.2 and 3.0.0-4.4.2 - Arbitrary File Overwrite via Hardlink Extraction
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).
CVSS 7.5
CVE-2018-20962 WRITEUP MEDIUM
Backpack\CRUD < 3.4.9 - Cross-Site Scripting via Select Field Type
The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type.
CVSS 6.1
CVE-2018-21029 WRITEUP CRITICAL
systemd 239-245 - Improper Certificate Validation in DNS Over TLS
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)
CVSS 9.8
CVE-2018-21036 WRITEUP HIGH
Sails.js < 1.0.0-46 - Denial of Service via Empty WebSocket Pathname
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.
CVSS 7.5
CVE-2018-25032 WRITEUP HIGH
zlib <1.2.12 - Memory Corruption
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVSS 7.5
CVE-2018-25075 WRITEUP MEDIUM
karsany OBridge <1.3 - SQL Injection
A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376.
CVSS 4.6
CVE-2018-25080 WRITEUP LOW
mobiledetect < 2.8.32 - Cross-Site Scripting via $_SERVER['PHP_SELF'] in session_example.php
A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability.
CVSS 3.5
CVE-2018-25080 WRITEUP LOW
mobiledetect < 2.8.32 - Cross-Site Scripting via $_SERVER['PHP_SELF'] in session_example.php
A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability.
CVSS 3.5
CVE-2018-25115 WRITEUP CRITICAL
D-Link DIR Series service.cgi - Unauthenticated Command Injection
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
CVSS 9.8
CVE-2018-25116 WRITEUP MEDIUM
MyBB Thread Redirect Plugin 0.2.1 - XSS
MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.
CVSS 6.1
CVE-2018-25117 WRITEUP CRITICAL
Vesta Control Panel a3f0fa1-ee03eff - Embedded Malicious Code via Compromised Installer
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot that uses Lua for second- and third-stage components. The compromise leaked administrative credentials (base64-encoded admin password and server domain) to an external URL during installation and/or resulted in the installer dropping and executing a DDoS malware payload under local system privileges. Compromised servers were subsequently observed participating in large-scale DDoS activity. Vesta acknowledged exploitation in the wild in October 2018.
CVE-2018-25118 WRITEUP CRITICAL
GeoVision embedded IP devices - Command Injection
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
CVE-2018-25120 WRITEUP CRITICAL
D-Link DNS-343 ShareCenter <1.05 - Command Injection
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.
CVSS 9.8
CVE-2018-25132 WRITEUP MEDIUM
MyBB Trending Widget Plugin 1.2 - XSS
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.
CVSS 6.1
CVE-2018-2628 WRITEUP CRITICAL
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 9.8
CVE-2018-3740 WRITEUP HIGH
Sanitize < 4.6.0 and 3.0.0-4.6.3 - Improper Input Validation
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
CVSS 7.5
CVE-2018-12607 WRITEUP MEDIUM
GitLab CE/EE <10.7.6, <10.8.5, <11.0.1 - XSS
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding.
CVSS 5.4
CVE-2018-12606 WRITEUP MEDIUM
GitLab CE/EE <10.7.6, <10.8.5, <11.0.1 - XSS
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVSS 5.4
CVE-2018-12605 WRITEUP MEDIUM
GitLab 10.7.x < 10.7.6 - Cross-Site Scripting via url_for Arbitrary Protocol
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
CVSS 5.4
CVE-2018-3760 WRITEUP HIGH
Redhat Cloudforms < 2.12.4 - Information Disclosure
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
CVSS 7.5
CVE-2018-3786 WRITEUP CRITICAL
egg-scripts < 2.8.1 - OS Command Injection via Command Line Argument
A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument.
CVSS 9.8
CVE-2018-4121 WRITEUP HIGH
Safari < 11.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVSS 8.8
CVE-2018-4878 WRITEUP HIGH
Adobe Flash Player < 28.0.0.161 - Use-After-Free in Primetime SDK Media Player Listener Handling
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
CVSS 7.8
CVE-2018-4878 WRITEUP HIGH
Adobe Flash Player < 28.0.0.161 - Use-After-Free in Primetime SDK Media Player Listener Handling
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
CVSS 7.8
CVE-2018-5333 WRITEUP MEDIUM
Linux kernel <4.14.13 - Memory Corruption
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
CVSS 5.5