Writeup Exploits
60,350 exploits tracked across all sources.
SourceCodester Pizzafy Ecommerce System view_prod.php sql injection
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects an unknown function of the file /view_prod.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVSS 6.3
SourceCodester Pizzafy Ecommerce System ajax.php save_category sql injection
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save_category of the file /admin/ajax.php?action=save_category. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVSS 6.3
Milesight Cameras Heap-based Buffer Overflow
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
CVSS 8.8
Milesight Cameras Use of Hard-coded Cryptographic Key
Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys.
CVSS 9.8
Milesight Cameras OS Command Injection
A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras.
CVSS 6.8
MIT Kerberos 5 < 1.22.3 - NULL Pointer Dereference
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
CVSS 5.9
Totolink A8000RU CGI cstecgi.cgi setWiFiWpsStart os command injection
A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument wscDisabled leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 9.8
Totolink A8000RU CGI cstecgi.cgi setUrlFilterRules os command injection
A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be launched remotely. The exploit has been made public and could be used.
CVSS 9.8
Totolink A8000RU CGI cstecgi.cgi setPptpServerCfg os command injection
A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 9.8
dubydu sqlite-mcp entry.py extract_to_json sql injection
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_filename results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The patch is named a5580cb992f4f6c308c9ffe6442b2e76709db548. Applying a patch is the recommended action to fix this issue.
CVSS 7.3
Totolink N300RT libapmib.so formWsc is_cmd_string_valid buffer overflow
A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so. Performing a manipulation of the argument localPin results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 7.2
Totolink N300RT formIpQoS buffer overflow
A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the argument entry_name can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used.
CVSS 7.2
TencentCloudBase CloudBase-MCP open-url API Endpoint interactive-server.ts openUrl server-side request forgery
A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2.17.1 is able to address this issue. The patch is identified as 3f678a1e7bd400cd76469d61024097d4920dc6b5. It is recommended to upgrade the affected component.
CVSS 7.3
SourceCodester Pizzafy Ecommerce System ajax.php delete_cart sql injection
A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function delete_cart of the file /admin/ajax.php?action=delete_cart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS 7.3
SourceCodester Pizzafy Ecommerce System ajax.php delete_menu sql injection
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function delete_menu of the file /admin/ajax.php?action=delete_menu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 7.3
SourceCodester Pizzafy Ecommerce System ajax.php login2 sql injection
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the argument e-mail leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS 7.3
SourceCodester Pizzafy Ecommerce System ajax.php login sql injection
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
CVSS 7.3
SourceCodester Pizzafy Ecommerce System ajax.php get_cart_count sql injection
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function get_cart_count of the file /admin/ajax.php?action=get_cart_count. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVSS 7.3
auth-js <2.69.1 - Path Traversal
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best practice and validate user controlled inputs, such as the userId are not affected by this. This issue has been patched in version 2.70.0.
NASA EOSDIS MODAPS v8.1 - SQL Injection
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
CVSS 9.4
Milesight Cameras Use of Hard-coded Credentials
Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials.
CVSS 8.8
Milesight Cameras Authorization Bypass Through User-Controlled Key
A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.
CVSS 7.1
Tenda AC18 V15.03.05.05 - Command Injection
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.
CVSS 9.8
MERCURY MIPC252W 1.0.5 - DoS
A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot.
CVSS 7.5
Mercury MIPC252W 1.0.5 - DoS
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection, leading to a denial-of-service condition.
CVSS 4.4
By Source