Exploit Database

145,026 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-12928 WRITEUP HIGH
Code-projects Online Job Search Engine 1.0 - SQL Injection
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 7.3
CVE-2025-12974 WRITEUP HIGH
Gravity Forms WordPress <2.9.21.1 - RCE
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through the chunked upload mechanism. This makes it possible for unauthenticated attackers to upload executable .phar files and achieve remote code execution on the server, granted they can discover or enumerate the upload path. In order for an attacker to achieve RCE, the web server needs to be set up to process .phar file as PHP via file handler mapping or similar.
CVSS 8.1
CVE-2025-1207 WRITEUP LOW
TFTPD64 4.64 - Denial of Service in DNS Handler
A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 3.1
CVE-2025-1211 WRITEUP MEDIUM
Hex hackney < 1.21.0 - Server-Side Request Forgery via URL Parsing Bypass
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 (which is correct), and hackney will refer the host as 127.2.2.2/. This vulnerability can be exploited when users rely on the URL function for host checking.
CVSS 6.5
CVE-2025-13033 WRITEUP HIGH
Nodemailer <=7.0.7 - Quoted Recipient Address Email Misdirection
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.
CVSS 7.5
CVE-2025-13058 WRITEUP LOW
extplorer < 2.1.15 - Cross-Site Scripting in Filename Handler
A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. The affected element is an unknown function of the component Filename Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The patch is identified as 002def70b985f7012586df2c44368845bf405ab3. Applying a patch is advised to resolve this issue.
CVSS 3.5
CVE-2025-13121 WRITEUP HIGH
cameasy Liketea 1.0.0 - SQL Injection via StoreController API Endpoint
A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such manipulation of the argument lng/lat leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVSS 7.3
CVE-2025-13168 WRITEUP MEDIUM
ury < 0.2.1 - SQL Injection via overrided_past_order_list search_term Parameter
A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overrided_past_order_list of the file ury/ury/api/pos_extend.py. This manipulation of the argument search_term causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. Upgrading to version 0.2.1 is able to mitigate this issue. Patch name: 063384e0dddfd191847cd2d6524c342cc380b058. It is suggested to upgrade the affected component. The vendor replied and reacted very professional.
CVSS 6.3
CVE-2025-13171 WRITEUP MEDIUM
ZZCMS 2023 - SQL Injection via /admin/wangkan_list.php keyword Parameter
A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
CVSS 6.3
CVE-2025-13181 WRITEUP LOW
h3blog 1.0 - Cross-Site Scripting via Name Argument in /admin/cms/material/add
A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 3.5
CVE-2025-13182 WRITEUP LOW
h3blog 1.0 - Cross-Site Scripting via Title Parameter in Category Add Function
A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
CVSS 3.5
CVE-2025-13199 WRITEUP MEDIUM
Email Logging Interface 2.0 - Path Traversal via Username Argument
A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '../filedir'. The attack is only possible with local access. The exploit has been made public and could be used.
CVSS 5.3
CVE-2025-13255 WRITEUP MEDIUM
projectworlds Advanced Library Management System 1.0 - SQL Injection via book_search.php book_pub/book_title Parameter
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. This issue affects some unknown processing of the file /book_search.php. Performing a manipulation of the argument book_pub/book_title results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS 6.3
CVE-2025-13258 WRITEUP HIGH
Tenda AC20 <= 16.03.08.12 - Buffer Overflow via WifiExtraSet wpapsk_crypto Argument
A vulnerability was detected in Tenda AC20 up to 16.03.08.12. The impacted element is an unknown function of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
CVSS 8.8
CVE-2025-13279 WRITEUP MEDIUM
Nero Social Networking Site 1.0 - SQL Injection via Profilefriends.php ID Parameter
A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS 6.3
CVE-2025-13371 WRITEUP HIGH
MoneySpace plugin <2.13.9 - Info Disclosure
The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details (PAN, card holder name, expiry month/year, and CVV) in WordPress post_meta using base64_encode(), and then embedding these values into the publicly accessible mspaylink page's inline JavaScript without any authentication or authorization check. This makes it possible for unauthenticated attackers who know or can guess an order_id to access the mspaylink endpoint and retrieve full credit card numbers and CVV codes directly from the HTML/JS response, constituting a severe PCI-DSS violation.
CVSS 8.6
CVE-2025-13425 WRITEUP LOW
OSV-SCALIBR < 0.3.4 - Denial of Service via Filesystem Traversal Fallback Path
A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR.
CVE-2025-13446 WRITEUP HIGH
Tenda AC21 16.03.08.16 - Stack-Based Buffer Overflow via timeZone/time Parameter
A vulnerability has been found in Tenda AC21 16.03.08.16. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone/time leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-13575 WRITEUP MEDIUM
fabian blog_site 1.0 - SQL Injection via Category Handler name/field
A security vulnerability has been detected in code-projects Blog Site 1.0. Impacted is the function category_exists of the file /resources/functions/blog.php of the component Category Handler. Such manipulation of the argument name/field leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.
CVSS 6.3
CVE-2025-13646 WRITEUP HIGH
Modula Image Gallery 2.13.1-2.13.2 - Authenticated Arbitrary File Upload via ajax_unzip_file Function
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files with race condition on the affected site's server which may make remote code execution possible.
CVSS 7.5
CVE-2025-13786 WRITEUP HIGH
wtcms < 2019-12-20 - Remote Code Execution via Index.php Content Argument
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2025-13790 WRITEUP MEDIUM
Scada-LTS < 2.7.8.1 - Cross-Site Request Forgery
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2025-13791 WRITEUP MEDIUM
Scada-LTS < 2.7.8.1 - Path Traversal in Project Import via ZIPProjectManager
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-13804 WRITEUP MEDIUM
NutzBoot < 2.6.0-SNAPSHOT - Exposure of Sensitive Information in Ethereum Wallet Handler
A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVSS 4.3
CVE-2025-13805 WRITEUP LOW
NutzBoot < 2.6.0-SNAPSHOT - Remote Code Execution via LiteRpc-Serializer Deserialization
A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been made available to the public and could be used for attacks.
CVSS 3.7