Exploit Database
144,668 exploits tracked across all sources.
OpenZeppelin Contracts <5.0.2/4.9.6 - Memory Corruption
OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6.
CVSS 6.5
yard < 0.9.36 - Cross-Site Scripting in frames.erb Template
YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
CVSS 5.4
Docassemble - Local File Inclusion
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
CVSS 7.5
dp-golang <1.2.7 - Privilege Escalation
dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group
CVSS 7.3
Parse Server <6.5.0, <7.0.0-alpha.20 - SQL Injection
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.
CVSS 10.0
phpMyFAQ >=3.2.5 <3.2.6 - Stored Cross-Site Scripting via Email Field
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.
CVSS 5.5
pgx <4.18.2, <5.5.4 - SQL Injection
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
CVSS 9.8
pgx <4.18.2, <5.5.4 - SQL Injection
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
CVSS 9.8
JSONata <1.8.7, >1.4.0 & <2.0.4 - RCE
JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually.
CVSS 9.8
Django <3.2.25, <4.2.11, <5.0.3 - DoS
In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665.
CVSS 5.3
phpseclib <1.0.23, 2.0.47, 3.0.36 - DoS
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
CVSS 7.5
phpseclib <1.0.23, <2.0.47, <3.0.36 - DoS
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
CVSS 7.5
GL-iNet Firmware - Unauthenticated Sensitive Information Exposure via File Download Commands
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.
CVSS 7.5
maildev 2.0.0-beta1-2.1.0 - Remote Code Execution via Crafted Content-ID Header
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.
CVSS 9.1
Leantime 3.0.6 - Cross-Site Request Forgery
Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users, specifically administrators.
CVSS 8.8
ChatGPT个人专用版 - Server Side Request Forgery
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.
CVSS 5.8
Unifiedtransform v2.X - Stored Cross-Site Scripting via Syllabus Module File Upload
Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.
CVSS 5.4
Macro Expert <4.9.4 - Privilege Escalation
Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary.
CVSS 7.8
Petrol Pump MGMT Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
CVSS 6.1
Petrol Pump Mangement Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
CVSS 6.1
Petrol Pump Mangement Software <1.0 - SQL Injection
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
CVSS 9.8
Petrol Pump Mangement Software <1.0 - RCE
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
CVSS 9.8
XPixelGroup BasicSR <=1.4.2 - Code Injection
XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable.
CVSS 5.3
GLPI 10.0.8-10.0.12 - Unauthenticated Reflected Cross-Site Scripting via Debug Bar
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.
CVSS 5.3
Coder < 2.6.1, 2.7.0-2.7.2, 2.8.0-2.8.3 - OIDC Email Domain Verification Bypass
Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user's email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider.
Coder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting.
CVSS 8.2
By Source