Exploit Database
144,722 exploits tracked across all sources.
Puppeteer-Renderer <3.2.0 - Path Traversal
puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server.
CVSS 6.5
Contour <1.28.3 - Privilege Escalation
Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVSS 9.8
DNSCrypt-proxy <2.1.5 - Privilege Escalation
Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.
CVSS 7.8
Aegon Life v1.0 - SQL Injection via client_id Parameter
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
CVSS 8.8
Aegon Life Insurance Management System 1.0 - Cross-Site Scripting via insertClient.php Name Parameter
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
CVSS 6.1
zulip_server 8.0-8.3 - Memory Leak in Popover Handling
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
CVSS 7.5
zulip_server 8.0-8.3 - Memory Leak in Popover Handling
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.
CVSS 7.5
FFmpeg n6.1.1 - Integer Overflow in DXA Demuxer
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.
CVSS 6.2
FFmpeg n7.0 - Race Condition in VP9 Decoder
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread.
CVSS 5.9
FFmpeg n6.1.1 - Denial of Service via Crafted VQA File Integer Overflow
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file.
CVSS 6.5
FFmpeg < 3.4.14 - Integer Overflow in CAF Decoder
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.
CVSS 6.2
FFmpeg n6.1.1 - Denial of Service via Integer Overflow in AVI Demuxer
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.
CVSS 6.2
FFmpeg n6.1.1 - Denial of Service via WAVARC Decoder Integer Overflow
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition.
CVSS 5.3
moby <26.0.2 - Null Pointer Dereference
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.
CVSS 6.5
Moby < 26.0.0 - Race Condition in Layer Snapshot Adapter
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
CVSS 6.5
RaspAP raspap-webgui <3.0.9 - Command Injection
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.
CVSS 9.8
moby < 25.0.3 - Race Condition in streamformatter Package
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
CVSS 8.1
moby < 25.0.3 - Race Condition in streamformatter Package
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
CVSS 8.1
Zulip 8.3 - Cross-Site Scripting via construct_copy_div Function
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.
CVSS 5.4
Zulip 8.3 - Cross-Site Scripting via replace_emoji_with_text Function
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts.
CVSS 5.4
Prestashop 8.1.4 - Memory Corruption
In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php.
CVSS 5.3
Adguard Home <0.107.52 - Info Disclosure
An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.
CVSS 4.9
Oncord+ Android Infotainment Systems OS <Android 12 - RCE
An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component.
CVSS 7.3
Keycloak < 24.0.5 - Authenticated Privilege Escalation via Admin REST API Endpoints
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
CVSS 8.1
Keycloak < 24.0.5 - Authenticated Privilege Escalation via Admin REST API Endpoints
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
CVSS 8.1
By Source