Exploit Database
144,747 exploits tracked across all sources.
PHPGurukul Small CRM 3.0 - SQL Injection in Change Password Handler
A vulnerability classified as critical was found in PHPGurukul Small CRM 3.0. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260479.
CVSS 6.3
Suricata 6.0.0-6.0.19 - Policy Bypass via Fragmented Packet Reassembly Failure
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine.
Mishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem.
CVSS 5.3
OpenCTI < 6.1.9 - Unauthenticated Improper Access Control via GraphQL Introspection Query Bypass
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query. GraphQL Queries in OpenCTI can be validated using the `secureIntrospectionPlugin`. The regex check in the plkugin can be bypassed by removing the carriage return and line feed characters (`\r\n`). Running a curl command against a local instance of OpenCTI will result in a limited error message. By running the same Introspection query without the `\r\n` characters, the unauthenticated user is able to successfully run a full Introspection query. Bypassing this restriction allows the attacker to gather a wealth of information about the GraphQL endpoint functionality that can be used to perform actions and/or read data without authorization. These queries can also be weaponized to conduct a Denial of Service (DoS) attack if sent repeatedly. Users should upgrade to version 6.1.9 to receive a patch for the issue.
CVSS 6.5
Discourse < 3.2.3 and < 3.3.0.beta4 - Server-Side Request Forgery via FastImage Library
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastImage library to redirect requests to an internal Discourse IP. This issue is patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches. No known workarounds are available.
CVSS 6.4
Formwork < 1.13.1 - Authenticated Stored Cross-Site Scripting via Site Options
Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1.
CVSS 4.8
Discourse < 3.2.3 - Cross-Site Scripting via Onebox Data
Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3.
CVSS 6.3
@grpc/grps-js <1.10.9, 1.9.15, 1.8.22 - Memory Corruption
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` channel option: If an incoming message has a size on the wire greater than the configured limit, the entire message is buffered before it is discarded; and/or if an incoming message has a size within the limit on the wire but decompresses to a size greater than the limit, the entire message is decompressed into memory, and on the server is not discarded. This has been patched in versions 1.10.9, 1.9.15, and 1.8.22.
CVSS 5.3
Aimeos HTML client <2020.10.27-2024.04.5 - Info Disclosure
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue.
CVSS 5.3
WooCommerce 8.8.0-8.8.5 - Cross-Site Scripting via Order Attribution URL Parameter
WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the `Sourcebuster.js` library and then inserted without proper sanitization to the classic checkout and registration forms. Versions 8.8.5 and 8.9.3 contain a patch for the issue. As a workaround, one may disable the Order Attribution feature.
CVSS 5.4
gorilla/schema < 1.4.1 - Memory Exhaustion via Sparse Slice Allocation
gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue.
CVSS 7.5
Discourse < 3.2.5 - Denial of Service via Long Tag Group Name
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5.
CVSS 4.9
Cilium 1.13.0-1.13.16 - Exposure of Sensitive Information via cilium-bugtool Envoy Dump
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool` can contain sensitive data when the tool is run (with the `--envoy-dump` flag set) against Cilium deployments with the Envoy proxy enabled. Users of the TLS inspection, Ingress with TLS termination, Gateway API with TLS termination, and Kafka network policies with API key filtering features are affected. The sensitive data includes the CA certificate, certificate chain, and private key used by Cilium HTTP Network Policies, and when using Ingress/Gateway API and the API keys used in Kafka-related network policy. `cilium-bugtool` is a debugging tool that is typically invoked manually and does not run during the normal operation of a Cilium cluster. This issue has been patched in Cilium v1.15.6, v1.14.12, and v1.13.17. There is no workaround to this issue.
CVSS 7.9
Roundcube Webmail < 1.5.7 and 1.6.x < 1.6.7 - Cross-Site Scripting via SVG Animate Attributes
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
CVSS 6.1
GriceMobile <4.5.2 - Code Injection
The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity.
CVSS 8.2
Mister org.mistergroup.shouldianswer 1.4.264 - Unauthenticated Phone Call Placement via DefaultDialerActivity Intent
The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component.
CVSS 7.5
htop-dev htop <2.20 - Memory Corruption
An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function.
CVSS 8.4
Safe Exam Browser <3.5.0 - Info Disclosure
Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity. By exploiting this flaw, an attacker can bypass exam controls and gain an unfair advantage during exams.
CVSS 8.2
DuxCMS3 v3.1.3 - SQL Injection via Keyword Parameter
DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id.
CVSS 6.0
DuxCMS3 v3.1.3 - SQL Injection via Keyword Parameter
DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id.
CVSS 6.0
DuxCMS v3.1.3 - SQL Injection via SendTpl Keyword Parameter
DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/SendTpl/index?keyword=.
CVSS 9.8
MangoOS < 5.2.0 - Stored Cross-Site Scripting
A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 5.4
MangoOS < 5.2.0 - Authenticated Remote Code Execution via Active Process Command
MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.
CVSS 7.2
MangoOS < 5.2.0 - Client-Side Template Injection via Platform Management Edit Page
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
CVSS 4.6
MangoOS < 5.1.4 and Mango API < 4.5.5 - Arbitrary File Upload and Remote Code Execution
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
CVSS 8.8
NPM WS < 5.2.4 - NULL Pointer Dereference
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and [email protected] (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.
CVSS 7.5
By Source