Writeup Exploits

60,239 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-53360 WRITEUP MEDIUM
pluginsGLPI's Database Inventory Plugin <1.0.3 - Privilege Escalation
pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. In versions prior to 1.0.3, any authenticated user could send requests to agents. This issue has been patched in version 1.0.3.
CVSS 4.3
CVE-2025-53367 WRITEUP HIGH
DjVuLibre <3.5.29 - Buffer Overflow
DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns method is affected by an OOB-write vulnerability, because it does not check that the xr pointer stays within the bounds of the allocated buffer. This can lead to writes beyond the allocated memory, resulting in a heap corruption condition. An out-of-bounds read with pr is also possible for the same reason. This issue has been patched in version 3.5.29.
CVE-2024-47774 WRITEUP CRITICAL
GStreamer - Memory Corruption
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.
CVSS 9.1
CVE-2022-31588 WRITEUP CRITICAL
zippies/testplatform <2016-07-19 - Path Traversal
The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31587 WRITEUP CRITICAL
yuriyouzhou/KG-fashion-chatbot <2018-05-22 - Path Traversal
The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31586 WRITEUP CRITICAL
Unizar-30226-2019-06 - Path Traversal
The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31585 WRITEUP CRITICAL
Umeshpatil-dev/Home__internet - Path Traversal
The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31584 WRITEUP CRITICAL
stonethree/s3label <2019-08-14 - Path Traversal
The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31583 WRITEUP CRITICAL
sravaniboinepelli/AutomatedQuizEval <2020-04-27 - Path Traversal
The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31582 WRITEUP CRITICAL
shaolo1/VideoServer <2019-09-21 - Path Traversal
The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31581 WRITEUP CRITICAL
scorelab/OpenMF <2022-05-03 - Path Traversal
The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31580 WRITEUP CRITICAL
sanojtharindu/caretakerr-api <2021-05-17 - Path Traversal
The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31579 WRITEUP CRITICAL
Ralphjzhang/iasset <2022-05-04 - Path Traversal
The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31578 WRITEUP HIGH
piaoyunsoft/bt_lnmp <2019-10-10 - Path Traversal
The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 7.5
CVE-2022-31577 WRITEUP CRITICAL
longmaoteamtf/audio_aligner_app - Path Traversal
The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31576 WRITEUP CRITICAL
heidi-luong1109/shackerpanel <2021-05-25 - Path Traversal
The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31575 WRITEUP CRITICAL
duducosmos/livro_python <2018-06-06 - Path Traversal
The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31574 WRITEUP CRITICAL
deepaliupadhyay/RealEstate <2018-11-30 - Path Traversal
The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31573 WRITEUP CRITICAL
chainer/chainerrl-visualizer <0.1.1 - Path Traversal
The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31572 WRITEUP CRITICAL
ceeceevip/cockybook <2015-04-16 - Path Traversal
The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31571 WRITEUP CRITICAL
Python-Flask-Restful-API <2019-09-16 - Path Traversal
The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31570 WRITEUP CRITICAL
adriankoczuruek/ceneo-web-scrapper <2021-03-15 - Path Traversal
The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.8
CVE-2022-31568 WRITEUP CRITICAL
Rexians/rex-web <2022-06-05 - Path Traversal
The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31567 WRITEUP CRITICAL
DSABenchmark/DSAB <2.1 - Path Traversal
The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 9.3
CVE-2022-31566 WRITEUP HIGH
DSAB-local/DSAB <2019-02-18 - Path Traversal
The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
CVSS 8.6
By Source
All 60,239 Writeup 60,239 Exploitdb 50,004 Nomisec 21,786 Metasploit 3,223 Github 2,597 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,339 python 5,976 ruby 5,912 c 3,567 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24