Writeup Exploits

46,692 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-50652 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Path Traversal
An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint.
CVSS 7.5
CVE-2025-50653 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint.
CVSS 7.5
CVE-2025-50654 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.
CVSS 7.5
CVE-2025-50655 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint.
CVSS 7.5
CVE-2025-50657 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint.
CVSS 7.5
CVE-2025-50659 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint.
CVSS 7.5
CVE-2025-50660 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint.
CVSS 7.5
CVE-2025-50661 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log.
CVSS 7.5
CVE-2025-50662 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.
CVSS 7.5
CVE-2025-50663 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.
CVSS 7.5
CVE-2025-50664 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr.
CVSS 7.5
CVE-2025-50665 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and mem_utf8 parameters.
CVSS 7.5
CVE-2025-50666 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and time.
CVSS 7.5
CVE-2025-50667 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the iface parameter in the /wan_line_detection.asp endpoint.
CVSS 7.5
CVE-2025-50668 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /web_list_opt.asp endpoint.
CVSS 7.5
CVE-2025-50669 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wan_ping parameter in the /wan_ping.asp endpoint.
CVSS 7.5
CVE-2025-50670 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in the name, qq, and time parameters.
CVSS 7.5
CVE-2025-50671 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with excessively long strings in parameters name, en, user_id, shibie_name, time, act, log, and rpri.
CVSS 7.5
CVE-2025-50672 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_dlink.asp endpoint.
CVSS 7.5
CVE-2025-50673 WRITEUP HIGH
D-Link DI-8003 16.07.26A1 - Buffer Overflow
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint.
CVSS 7.5
CVE-2026-34166 WRITEUP LOW
LiquidJS has a Memory Limit Bypass via Quadratic Amplification in `replace` Filter
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limiter, but the actual output from str.split(pattern).join(replacement) can be quadratically larger when the pattern occurs many times in the input string. This allows an attacker who controls template content to bypass the memoryLimit DoS protection with approximately 2,500x amplification, potentially causing out-of-memory conditions. This vulnerability is fixed in 10.25.3.
CVSS 3.7
CVE-2026-35407 WRITEUP MEDIUM
Saleor has Cross-Account Email Change via Unbound Confirmation Token
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given authenticated user. As a result, a valid email-change token generated for one account can be replayed while authenticated as a different account. The second account’s email address is then updated to the token's new_email, even though that token was never issued for that account. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118.
CVSS 6.5
CVE-2026-39411 WRITEUP MEDIUM
LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected webapi routes. Affected routes include /webapi/chat/[provider], /webapi/models/[provider], /webapi/models/[provider]/pull, and /webapi/create-image/comfyui. This vulnerability is fixed in 2.1.48.
CVSS 5.0
CVE-2026-39412 WRITEUP MEDIUM
LiquidJS has an ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sort_natural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack. Applications relying on ownPropertyOnly: true as a security boundary (e.g., multi-tenant template systems) are exposed to information disclosure of sensitive prototype properties such as API keys and tokens. This vulnerability is fixed in 10.25.4.
CVSS 5.3
CVE-2026-39414 WRITEUP MEDIUM
MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing
MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processing CSV files containing lines longer than available memory. The CSV reader's nextSplit() function calls bufio.Reader.ReadBytes('\n') with no size limit, buffering the entire input in memory until a newline is found. A CSV file with no newline characters causes the entire contents to be read into a single allocation, leading to an OOM crash of the MinIO server process. This is exploitable by any authenticated user with s3:PutObject and s3:GetObject permissions. The attack is especially practical when combined with compression: a ~2 MB gzip-compressed CSV can decompress to gigabytes of data without newlines, allowing a small upload to cause large memory consumption on the server. However, compression is not required — a sufficiently large uncompressed CSV with no newlines triggers the same issue.
CVSS 6.5
By Source
All 46,692 Exploitdb 50,121 Writeup 46,692 Nomisec 21,135 Metasploit 3,189 Github 2,237 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24