Exploit Database
144,326 exploits tracked across all sources.
React Server Components 19.0.0-19.0.4 19.1.0-19.1.5 19.2.0-19.2.4 - Denial of Service via Crafted HTTP Requests
A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable.
by adminlove520
OWASP CRS <4.22.0-3.3.8 - Info Disclosure
The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue.
by adminlove520
exiftool-vendored: Argument injection via newline characters in tag names
exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stay_open True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of those strings could split a single intended argument into multiple ExifTool arguments, allowing argument injection. The fix also rejects NUL bytes as unsafe control characters. Applications that pass attacker-controlled strings to affected APIs may allow an attacker to make ExifTool read files accessible to the ExifTool process, or write output to attacker-chosen file system paths accessible to that process. No remote code execution has been demonstrated. This vulnerability is fixed in 35.19.0.
by Dobby153
CVSS 8.2
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
by 6abc
CVSS 7.8
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
by rippsec
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
CVSS 6.1
CSZCMS 1.3.0 - Stored Cross-Site Scripting via Additional Meta Tag Parameter
Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.
CVSS 5.4
Binalyze IREC < 3.11.0 - Local Privilege Escalation via IREC.sys Driver
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.
CVSS 7.8
Super Store Finder <3.6 - SQL Injection
Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.
CVSS 9.8
Super Store Finder <3.6 - Info Disclosure
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.
CVSS 9.8
Student Attendance Management System v1 - XSS
Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php.
CVSS 6.1
Student Attendance Management System v1 - SQL Injection
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.
CVSS 8.8
Student Attendance Management System v1 - SQL Injection
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.
CVSS 8.8
Student Attendance Management System v1 - SQL Injection
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters.
CVSS 8.8
Student Attendance Management System v1 - SQL Injection
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php.
CVSS 8.8
Student Attendance Management System v1 - SQL Injection
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php.
CVSS 8.8
Hospital Management System v4 - SQL Injection
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVSS 9.8
Hospital Management System v4 - SQL Injection
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
CVSS 9.8
Hospital Management System v4 - SQL Injection
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
CVSS 9.8
Hospital Management System v4 - SQL Injection
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
CVSS 9.8
Hospital Management System v4 - XSS
Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
CVSS 6.1
Hospital Management System v4 - SQL Injection
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVSS 9.8
Hospital Management System v4 - SQL Injection
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
CVSS 8.8
Hospital Management System v4 - SQL Injection
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
CVSS 8.8
Cockpit CMS 2.6.3 - Arbitrary File Upload via Asset Upload Function
An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.
CVSS 6.1
By Source