Exploit Database
144,877 exploits tracked across all sources.
aj-report 0.9.8.6 - Server-Side Request Forgery
Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.
CVSS 9.8
anji-plus AJ-Report 0.9.8.6 - Authentication Bypass via JWT Token Spoofing
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.
CVSS 8.8
Action Pack <7.0.8.7, <7.1.5.1, <7.2.2.1, <8.0.0.1 - XSS
Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.
Angular Expressions < 1.4.3 - Remote Code Execution via Sandbox Escape
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. The problem has been patched in version 1.4.3 of Angular Expressions. Two possible workarounds are available. One may either disable access to `__proto__` globally or make sure that one uses the function with just one argument.
dashboards-reporting <2.19.0.0 - XSS
dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.
CVSS 6.4
dashboards-reporting <2.19.0.0 - XSS
dashboards-reporting (aka Dashboards Reports) before 2.19.0.0, as shipped in OpenSearch before 2.19, allows XSS because Markdown is not sanitized when previewing a header or footer.
CVSS 6.4
CyberPanel < 2.3.7 - Missing Authorization for MySQL Restart Action
CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.
CVSS 4.3
BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 - Info Disclosure
Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs.
CVSS 6.5
BigAnt Office Messenger 5.6.06 - SQL Injection via dev_code Parameter
BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.
CVSS 6.3
BigAnt Office Messenger 5.6.06 - SQL Injection via dev_code Parameter
BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.
CVSS 6.3
I, Librarian <= 5.11.1 - Server-Side Request Forgery via Improper Input Validation
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php
CVSS 9.1
I, Librarian <= 5.11.1 - Server-Side Request Forgery via Improper Input Validation
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php
CVSS 9.1
Monica 4.1.2 - Stored Cross-Site Scripting via 'HOW YOU MET' Customization
Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS). A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS.
CVSS 5.4
pytorch_lightning < 2.3.3 - Remote Code Execution via Deepdiff Delta Dunder Attribute Bypass
A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default.
CVSS 9.8
Sensaphone WEB600 Firmware < 1.6.5.H - Cross-Site Scripting via @.xml GET Parameters
Cross Site Scripting vulnerability in Sensaphone WEB600 Monitoring System v.1.6.5.H and before allows a remote attacker to execute arbitrary code via a crafted GET requests to /@.xml, placing payloads in the g7200, g7300, g4601, and g1F02 parameters.
CVSS 6.1
WukongCRM-11.0-JAVA 11.3.3 - Arbitrary File Upload via /adminUser/updateImg
An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS 9.8
Chat2DB 0.3.5 - XML External Entity Injection via /datagrip/upload
An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.
CVSS 9.8
Stirling-PDF 0.35.1 - Server-Side Request Forgery via URL-to-PDF Endpoint
A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.
CVSS 7.5
phpgurukul Online Nurse Hiring System v1.0 - SQL Injection via Username Parameter
A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.
CVSS 9.8
phpgurukul Online Nurse Hiring System v1.0 - SQL Injection via Username Parameter
A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.
CVSS 9.8
jrohy/trojan 2.0.0-2.15.3 - Unauthenticated Privilege Escalation via Initialization Interface
An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.
CVSS 9.8
Dolibarr 21.0.0-beta - Stored Cross-Site Scripting in Events/Agenda Title Parameter
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
CVSS 9.0
Dolibarr 21.0.0-beta - Stored Cross-Site Scripting in Events/Agenda Title Parameter
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
CVSS 9.0
Dolibarr 21.0.0-beta - Stored Cross-Site Scripting via Product Title Parameter
A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
CVSS 9.0
Dolibarr 21.0.0-beta - Stored Cross-Site Scripting via Product Title Parameter
A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
CVSS 9.0
By Source