Exploit Database

144,785 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-44415 WRITEUP MEDIUM
DI_8200-16.07.26A1 - Buffer Overflow
A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.
CVSS 6.5
CVE-2024-44450 WRITEUP MEDIUM
AIMS eCrew - Authorization Bypass Through User-Controlled Key
Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190.
CVSS 5.4
CVE-2024-44541 WRITEUP CRITICAL
evilnapsis Inventio Lite <v4 - SQL Injection
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."
CVSS 9.8
CVE-2024-44541 WRITEUP CRITICAL
evilnapsis Inventio Lite <v4 - SQL Injection
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."
CVSS 9.8
CVE-2024-44542 WRITEUP CRITICAL
todesk 1.1 - SQL Injection via News Parameter
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.
CVSS 9.8
CVE-2024-44546 WRITEUP CRITICAL
Powerjob >= 3.2.0 - SQL Injection via Version Parameter
Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.
CVSS 9.8
CVE-2024-44734 WRITEUP HIGH
Mirotalk <9de226 - Privilege Escalation
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.
CVSS 7.5
CVE-2024-44731 WRITEUP MEDIUM
Mirotalk - DOM-based Cross-Site Scripting via RTC Message Payload
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.
CVSS 4.7
CVE-2024-44730 WRITEUP CRITICAL
Mirotalk - Incorrect Access Control in handleDataChannelChat Function
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.
CVSS 9.1
CVE-2024-44729 WRITEUP HIGH
Mirotalk <9de226 - Privilege Escalation
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.
CVSS 7.5
CVE-2023-27054 WRITEUP MEDIUM
MiroTalk P2P < 2023-02-18 - Cross-Site Scripting via Name Parameter in Settings Module
A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.
CVSS 6.1
CVE-2023-27054 WRITEUP MEDIUM
MiroTalk P2P < 2023-02-18 - Cross-Site Scripting via Name Parameter in Settings Module
A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.
CVSS 6.1
CVE-2024-44756 WRITEUP CRITICAL
NUS-M9 ERP Mgmt SW v3.0.0 - SQL Injection
NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin.
CVSS 9.8
CVE-2024-44757 WRITEUP HIGH
NUS-M9 ERP Mgmt <3.0.0 - Info Disclosure
An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.
CVSS 7.5
CVE-2024-44758 WRITEUP CRITICAL
NUS-M9 ERP Management Software <3.0.0 - Code Injection
An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files.
CVSS 9.8
CVE-2024-44759 WRITEUP HIGH
NUS-M9 ERP Mgmt <3.0.0 - Info Disclosure
An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.
CVSS 7.5
CVE-2024-44760 WRITEUP HIGH
Shenzhou News Union Enterprise Management System <18.8 - Incorrect Access Control
Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server.
CVSS 7.5
CVE-2024-44761 WRITEUP CRITICAL
EQ Enterprise Management System <2.0.0 - Path Traversal
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
CVSS 9.8
CVE-2024-44765 WRITEUP MEDIUM
MGT-COMMERCE GmbH CloudPanel <2.4.2 - Auth Bypass
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality.
CVSS 6.5
CVE-2024-44825 WRITEUP HIGH
InVesalius3 <3.1.99995 - Path Traversal
Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file.
CVSS 7.5
CVE-2024-42845 WRITEUP HIGH
InVesalius <3.1.99998 - Code Injection
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
CVSS 8.0
CVE-2024-42845 WRITEUP HIGH
InVesalius <3.1.99998 - Code Injection
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
CVSS 8.0
CVE-2024-44843 WRITEUP MEDIUM
SteVe 3.7.1 - Improper Authentication via Crafted OCPP Requests
An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests.
CVSS 5.9
CVE-2024-44849 WRITEUP CRITICAL
Qualitor <= 8.24 - Remote Code Execution via Arbitrary File Upload in checkAcesso.php
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.
CVSS 9.8
CVE-2024-44851 WRITEUP MEDIUM
Perfex CRM 1.1.0 - Stored Cross-Site Scripting in Discussion Content Parameter
A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
CVSS 5.4
By Source
All 144,785 Writeup 62,533 Exploitdb 50,076 Nomisec 22,490 Github 3,720 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,618 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25