Writeup Exploits
63,731 exploits tracked across all sources.
Linux Kernel < 5.19.7 - Use-After-Free in anon_vma Reuse
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
CVSS 5.5
Warpinator < 1.2.14 - Directory Traversal via Symbolic Link
Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links.
CVSS 7.5
Linux Kernel < 4.9.335 - Use-After-Free in Bluetooth L2CAP Core
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.
We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
CVSS 8.0
siyucms v6.1.7 - Remote Code Execution
Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges
CVSS 7.2
dedecms v6.1.9 - Cross-Site Request Forgery
DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords.
CVSS 8.8
AutoTaxi Stand Management System v1.0 - XSS
AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component search.php.
CVSS 6.1
Keycloak < 21.1.2 - Cross-Site Scripting via AssertionConsumerServiceURL or redirect_uri
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.
CVSS 10.0
DedeCMS V6 6.1.9 - Remote Code Execution via file_manage_control.php
dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.
CVSS 9.8
Simple Inventory Management System v1.0 - SQL Injection
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
CVSS 9.8
Tenda AC18 V15.03.05.19 - Buffer Overflow
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.
CVSS 9.8
Lin-CMS <0.2.1 - Privilege Escalation
An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.
CVSS 6.6
Avery Dennison Monarch Printer M9855 - XSS
Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS).
CVSS 6.1
CRMEB 4.4.4 - Arbitrary File Download
CRMEB 4.4.4 is vulnerable to Any File download.
CVSS 7.5
Artifex MuJS 1.0.0-1.3.x - Remote Code Execution via Crafted JavaScript File
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CVSS 8.8
Artifex MuJS 1.0.0-1.3.x - Remote Code Execution via Crafted JavaScript File
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
CVSS 8.8
maccms10 v2022.1000.3032 - Reflected Cross-Site Scripting via AD Management Name Parameter
A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module.
CVSS 6.1
KioWare < 8.33 - Remote Code Execution via KioUtils.Execute
KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.
CVSS 5.4
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
CVSS 9.8
Py7zr < 0.20.1 - Path Traversal
A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.
CVSS 9.1
phpmyfaq < 3.1.9 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
CVSS 6.1
phpmyfaq < 3.1.9 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
CVSS 6.1
WBCE CMS < 1.6.5 - Weak Password Generation via Insecure rand() Usage
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
CVSS 9.1
WBCE CMS < 1.6.5 - Weak Password Generation via Insecure rand() Usage
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
CVSS 9.1
WBCE CMS < 1.6.5 - Brute-Force Protection Bypass via X-Forwarded-For Header
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The application fully trusts the `X-Forwarded-For` header without validating it or restricting its usage. This issue is fixed in version 1.6.5.
CVSS 8.1
WBCE CMS < 1.6.5 - Brute-Force Protection Bypass via X-Forwarded-For Header
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The application fully trusts the `X-Forwarded-For` header without validating it or restricting its usage. This issue is fixed in version 1.6.5.
CVSS 8.1
By Source