Inthewild Exploits
514 exploits tracked across all sources.
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection via Order REST Route Code Parameter
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
CVSS 9.8
Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Remote Code Execution via ICMP
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
CVSS 9.8
wpForo Forum < 2.1.7 - Authenticated Local File Include and Server-Side Request Forgery via file_get_contents
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to retrieve the contents of files like wp-config.php hosted on the system, perform a deserialization attack and possibly achieve remote code execution, and make requests to internal services.
CVSS 8.8
Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS 7.5
Microsoft Exchange Server - Remote Code Execution
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 8.8
Cisco Expressway Series/VCS - Command Injection
A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges.
CVSS 6.5
WAGO Compact Controller 100 Firmware 20-22 - Unauthenticated OS Command Injection
In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.
CVSS 9.8
TP-Link Archer AX21 Firmware < 1.1.4 - Unauthenticated Command Injection via Country Parameter
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
CVSS 8.8
ND Shortcodes <7.0 - Path Traversal
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks
CVSS 8.8
Enable Media Replace <4.0.2 - Code Injection
The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
CVSS 8.8
Harbor 1.1.0-2.5.3 - Unauthenticated Access to Image Repositories
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."
CVSS 7.5
ServiceNow Quebec Rome San Diego Tokyo Utah - Authenticated Exposure of Sensitive Information via ACL Bypass
ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.
Additional Details
This issue is present in the following supported ServiceNow releases:
* Quebec prior to Patch 10 Hot Fix 8b
* Rome prior to Patch 10 Hot Fix 1
* San Diego prior to Patch 7
* Tokyo prior to Tokyo Patch 1; and
* Utah prior to Utah General Availability
If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.
CVSS 9.9
Google Chrome < 108.0.5359.94 - Type Confusion in V8 via Crafted HTML Page
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS 8.8
Linux kernel <5.19.10 - Use After Free
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVSS 5.5
SAP Financial Consolidation <1010 - Privilege Escalation
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.
CVSS 5.4
Microsoft Windows BitLocker - Security Feature Bypass
BitLocker Security Feature Bypass Vulnerability
CVSS 4.6
Windows Mark of the Web - Privilege Escalation
Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS 5.4
Windows Mark of the Web - Privilege Escalation
Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS 5.4
Windows Mark of the Web - Privilege Escalation
Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS 5.4
Windows Mark of the Web - Privilege Escalation
Windows Mark of the Web Security Feature Bypass Vulnerability
CVSS 5.4
Apache Shiro < 1.10.0 - Authentication Bypass via RequestDispatcher
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
CVSS 9.8
Renault ZOE E-Tech Firmware - Authentication Bypass via Replay Attack
The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.
CVSS 8.1
Renault ZOE E-Tech Firmware - Authentication Bypass via Replay Attack
The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.
CVSS 8.1
Windows GDI - Elevation of Privilege
Windows GDI Elevation of Privilege Vulnerability
CVSS 7.8
Windows GDI - Elevation of Privilege
Windows GDI Elevation of Privilege Vulnerability
CVSS 7.8
By Source