Exploit Database
143,246 exploits tracked across all sources.
Appwrite < 1.2.1 - Server-Side Request Forgery via Avatars Favicon Endpoint
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
CVSS 7.5
Appwrite < 1.2.1 - Server-Side Request Forgery via Avatars Favicon Endpoint
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
CVSS 7.5
forem < 2022.11.11 - Server-Side Request Forgery via /articles/{id}
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
CVSS 7.2
Jellyfin < 10.7.7 - Server-Side Request Forgery via /Repositories Component
Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
CVSS 7.5
openapi-generator < 6.4.0 - Server-Side Request Forgery via /api/gen/clients/{language}
openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
CVSS 9.1
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
CVSS 6.5
Halo < 1.6.1 - Arbitrary File Upload via Crafted .md File
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
CVSS 4.8
GDidees CMS <3.9.1 - Info Disclosure
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
CVSS 7.5
GDidees CMS v3.9.1 - Info Disclosure
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.
CVSS 7.5
SourceCodester Water Billing System v1.0 - XSS
SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module.
CVSS 6.1
SourceCodester Loan Mgmt <1.0 - XSS
SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.
CVSS 5.4
swftools 0.9.2 - Heap Buffer Overflow in swf_GetPlaceObject
swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.
CVSS 5.5
Netgate pfSense <2.7.0 - Command Injection
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
CVSS 8.8
N-able Take Control < 7.0.43 - Arbitrary File Deletion via TOCTOU Race Condition in BASupSrvcUpdater.exe
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.
CVSS 7.0
wasmtime 4.0.1-6.0.1 and cranelift-codegen 0.84.0-0.91.1 - Off-by-one Error in i8x16.select Instruction
wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.
CVSS 3.1
Rack 2.0.0-2.2.6.3 - Denial of Service in Header Parsing
There is a denial of service vulnerability in the header parsing component of Rack.
CVSS 5.3
Live2D Cubism Editor 4.2.03 - Out-of-bounds Write via MOC3 File Section Offset Table
Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file.
CVSS 7.8
maddy 0.2.0-0.6.2 - Authentication Bypass via SASL PLAIN Username
maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds.
CVSS 9.1
CairoSVG < 2.7.0 - Server-Side Request Forgery via External Host Requests
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default.
CVSS 9.9
readtomyshoe < 2023-03-13 - Sensitive Information Exposure via Google Cloud TTS Error Message
ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.
CVSS 7.4
BlackVue DR750-2CH LTE 1.012_2022.10.26 - Insufficient Firmware Authenticity Verification
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.
CVSS 9.8
BlackVue DR750-2CH LTE v.1.012_2022.10.26 - Unauthenticated Sensitive Information Exposure
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.
CVSS 7.5
BlackVue DR750-2CH LTE 1.012_2022.10.26 - Weak Default Passphrase Brute Force via WPA2 Handshake
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.
CVSS 9.8
Online Jewelry Shop v1.0 - Stored Cross-Site Scripting via Category Name Parameter
A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter.
CVSS 5.4
eXtplorer 2.1.15 - Remote Code Execution via Insecure Permissions in index.php
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent
CVSS 8.8
By Source