Exploit Database
144,178 exploits tracked across all sources.
Hytec Inter HWL-2511-SS <v1.05 - Command Injection
Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.
CVSS 9.8
Samsung mTower < 0.3.0 - NULL Pointer Dereference via TEE_AllocateTransientObject
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.
CVSS 7.5
Samsung mTower < 0.3.0 - NULL Pointer Dereference via TEE_GetObjectInfo1
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.
CVSS 7.5
Teleport <= 17.5.1 - Unauthenticated Remote Authentication Bypass
Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.
CVSS 9.8
Teleport < 10.1.2 and < 8.3.17 - Unauthenticated Remote Code Execution via SSH Agent Installation Link
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.
CVSS 8.8
Teleport <6.2.12 & <7.1.1 - Info Disclosure
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVSS 6.5
Teleport <6.2.12 & <7.1.1 - Info Disclosure
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVSS 6.5
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - Code Injection
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVSS 5.3
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
Teleport <4.4.11, <5.2.4, <6.2.12, <7.1.1 - SSRF
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVSS 9.8
Hospital Information System 1.0 - SQL Injection
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVSS 9.8
png2webp 1.0.4 - Out-of-bounds Write via w2p Function
png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file.
CVSS 5.5
FRRouting < 8.4 - Out-of-bounds Read in BGP Capability Message Parser
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.
CVSS 9.1
FLIR AX8 Firmware <= 1.46.16 - Remote Command Injection via res.php id Parameter
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the root privileges. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.
CVSS 9.8
FLIR AX8 Firmware <= 1.46.16 - Remote Command Injection via res.php id Parameter
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the root privileges. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.
CVSS 9.8
camp_project camp < 2022-07-21 - Insufficiently Protected Credentials via StaticFileHandler
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie.
CVSS 9.8
camp_project camp < 2022-07-21 - Insufficiently Protected Credentials via StaticFileHandler
patrickfuller camp up to and including commit bbd53a256ed70e79bd8758080936afbf6d738767 is vulnerable to Incorrect Access Control. Access to the password.txt file is not properly restricted as it is in the root directory served by StaticFileHandler and the Tornado rule to throw a 403 error when password.txt is accessed can be bypassed. Furthermore, it is not necessary to crack the password hash to authenticate with the application because the password hash is also used as the cookie secret, so an attacker can generate his own authentication cookie.
CVSS 9.8
DDMAL MEI2Volpiano < 0.8.2 - XML External Entity Injection via xml.etree Library
DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input.
CVSS 7.5
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection.
CVSS 8.8
JFinal CMS 5.1.0 - SQL Injection
JFinal CMS 5.1.0 is vulnerable to SQL Injection.
CVSS 8.8
By Source