Writeup Exploits
60,350 exploits tracked across all sources.
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
CVSS 9.8
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
CVSS 9.8
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
CVSS 9.8
Agentejo Cockpit < 0.11.2 - SQL Injection
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
CVSS 9.8
Cockpit <0.6.1 - RCE
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
CVSS 9.8
Cockpit <0.6.1 - RCE
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
CVSS 9.8
Agentejo Cockpit - XSS
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
CVSS 6.1
NousResearch hermes-agent file_tools.py _check_sensitive_path symlink
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.9.0 is able to mitigate this issue. The patch is identified as 311dac197145e19e07df68feba2cd55d896a3cd1. Upgrading the affected component is recommended.
CVSS 4.4
geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.1.0 is capable of addressing this issue. The name of the patch is 45364545fc60dc80aadcd4379f08042d3d3d292e. Upgrading the affected component is advised.
CVSS 7.3
SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of the component Setting Handler. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS 4.7
SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
CVSS 4.7
SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
CVSS 4.7
SourceCodester Pizzafy Ecommerce System ajax.php add_to_cart sql injection
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
UTT HiPER 1250GW NTP strcpy buffer overflow
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 8.8
UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVSS 8.8
UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVSS 8.8
AgentFlow Local Web API Content-Type Validation Bypass
AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation weakness through browser-driven or local cross-origin requests to abuse the localhost API and enable attack chains against the local control plane.
CVSS 4.4
VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 1.0.1 is able to mitigate this issue. The patch is identified as 141335da044e53c3f5b315e0386e01238405b771. It is advisable to upgrade the affected component.
CVSS 7.3
shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.
CVSS 7.5
EnTech Taiwan TVicPort 4.0 - Privilege Escalation
An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.
CVSS 7.8
TOTOLINK N200RE V5 - Command Injection
TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function.
CVSS 9.8
TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 - Buffer Overflow
TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function.
CVSS 7.5
By Source