Writeup Exploits
64,419 exploits tracked across all sources.
pyload < 0.5.0b3.dev77 - Unauthenticated Information Exposure via Flask Config Endpoint
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.
CVSS 7.5
pyload 0.5.0 - Unauthenticated Path Traversal via Unrestricted File Upload
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.
CVSS 8.8
pyLoad js2py Python Execution
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
CVSS 9.8
pyload-ng v0.5.0b3.dev85 - Remote Code Execution via Crafted HTTP Request
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
CVSS 9.8
lua-shmem v1.0-1 - Buffer Overflow via shmem_write Function
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.
CVSS 8.2
luci-app-lucky v2.8.3 - Info Disclosure
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
CVSS 9.8
luci-app-sms-tool <1.9.6 - Command Injection
luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter.
CVSS 6.3
Kaiten 57.128.8 - User Account Enumeration via Login Response Discrepancy
Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists.
CVSS 5.3
gost 2.11.5 - Authentication Bypass via SSH HostKeyCallback Misconfiguration
An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey
CVSS 9.8
Async <= 2.6.4 and <= 3.2.5 - Denial of Service via Inefficient Regular Expression in autoInject
Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.
CVSS 7.5
BigBlueButton - Privilege Escalation
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the `/usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0` directory with the goal of privilege escalation, potentially exposing sensitive information on the server. This issue has been patched in version(s) 2.6.18, 2.7.8 and 3.0.0-alpha.7.
CVSS 3.7
ChurchCRM < 5.9.2 - Authenticated SQL Injection via EID Parameter in GetText.php
ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue.
CVSS 8.8
Envoy < 1.30.4, 1.29.7, 1.28.5, 1.27.7 - Use-After-Free in Route Hash Policy Cookie Attributes
Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be immediately apparent if it was configured. Memory allocated for holding attribute values is freed after configuration was parsed. During request processing Envoy will attempt to copy content of de-allocated memory into request cookie header. This can lead to arbitrary content of Envoy's memory to be sent to the upstream service or abnormal process termination. This vulnerability is fixed in Envoy versions v1.30.4, v1.29.7, v1.28.5, and v1.27.7. As a workaround, do not use cookie attributes in route action hash policy.
CVSS 6.5
rails_admin < 2.3.0 and >=3.0.0.beta <3.1.3 - Cross-Site Scripting via List View HTML Title Attribute
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
CVSS 5.4
Parse Server < 6.5.7 and 7.0.0-7.1.0 - SQL Injection via PostgreSQL Configuration
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available.
CVSS 9.8
Wagtail 2.0-5.2.5, 6.0-6.0.5 - Denial of Service via parse_query_string Inefficient Regular Expression
Wagtail is an open source content management system built on Django. A bug in Wagtail's `parse_query_string` would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, `parse_query_string` would take an unexpectedly large amount of time to process, resulting in a denial of service. In an initial Wagtail installation, the vulnerability can be exploited by any Wagtail admin user. It cannot be exploited by end users. If your Wagtail site has a custom search implementation which uses `parse_query_string`, it may be exploitable by other users (e.g. unauthenticated users). Patched versions have been released as Wagtail 5.2.6, 6.0.6 and 6.1.3.
CVSS 6.5
Aimeos Frontend Controller < 2020.10.15 - Insecure Direct Object Reference
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object reference allows an attacker to disable subscriptions and reviews of another customer. Versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
CVSS 5.3
Discourse < 3.2.5 - Unauthenticated iframe Injection via Allowed Iframes Bypass
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 6.1
Aimeos ai-admin-jsonadm < 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, 2024.4.2 - Incorrect Authorization
aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.
CVSS 5.5
ai-admin-graphql 2022.04.1-2022.10.9, 2023.04.1-2023.10.5, 2024.04.1-2024.04.5 - Improper Access Control
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.
CVSS 7.1
ai-admin-graphql 2022.04.1-2022.10.9 - Insufficient Access Control via GraphQL API
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions 2022.10.10, 2023.10.6, and 2024.4.2 contain a patch for the issue.
CVSS 3.8
aimeos/ai-controller-frontend <2024.04.2,2023.10.9,2022.10.8,2021.1...
aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.
CVSS 5.3
NationalSecurityAgency skills-service < 2.12.6 - Cross-Site Request Forgery via Admin Video Upload Endpoint
SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint
`/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to a cross-site request forgery (CSRF) vulnerability. Due to the endpoint being CSRFable e.g POST request, supports a content type that can be exploited (multipart file upload), makes a state change and has no CSRF mitigations in place (samesite flag, CSRF token). It is possible to perform a CSRF attack against a logged in admin account, allowing an attacker that can target a logged in admin of Skills Service to modify the videos, captions, and text of the skill. Version 2.12.6 contains a patch for this issue.
CVSS 4.4
ZITADEL 2.53.0-2.53.7 - Unauthorized Exposure of User Sessions via Session Listing
ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent (browser). Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information (e.g. when created though the session service) were incorrectly listed exposing potentially other user's sessions. Versions 2.55.1, 2.54.5, and 2.53.8 contain a fix for the issue. There is no workaround since a patch is already available.
CVSS 5.7
Bert-VITS2 < 2.3 - OS Command Injection via data_dir Parameter
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier.
CVSS 9.8
By Source