Exploit Database

145,039 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-46332 WRITEUP MEDIUM
WebAssembly wabt <1.0.33 - Memory Corruption
WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.
CVSS 5.5
CVE-2023-46331 WRITEUP MEDIUM
WebAssembly wabt <1.0.33 - Memory Corruption
WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.
CVSS 5.5
CVE-2023-31670 WRITEUP HIGH
wasm2c/wasm2wat/wasm-decompile/wasm-validate <1.0.32 - DoS
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.
CVSS 7.5
CVE-2023-31669 WRITEUP MEDIUM
WebAssembly wat2wasm <1.0.32 - Code Injection
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
CVSS 5.5
CVE-2023-30300 WRITEUP MEDIUM
WebAssembly 1.0 - Infinite Loop in hang.wasm Component
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.
CVSS 5.5
CVE-2023-27119 WRITEUP MEDIUM
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
CVSS 5.5
CVE-2023-27117 WRITEUP HIGH
WebAssembly <1.0.29 - Buffer Overflow
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.
CVSS 7.8
CVE-2023-27116 WRITEUP MEDIUM
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.
CVSS 5.5
CVE-2023-27115 WRITEUP MEDIUM
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
CVSS 5.5
CVE-2023-27115 WRITEUP MEDIUM
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
CVSS 5.5
CVE-2022-43283 WRITEUP MEDIUM
wabt wasm2c v1.0.29 - Denial of Service via CWriter::Write Abort
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
CVSS 5.5
CVE-2022-43282 WRITEUP HIGH
wasm-interp <1.0.29 - Memory Corruption
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.
CVSS 7.1
CVE-2022-43281 WRITEUP HIGH
wasm-interp <1.0.29 - Buffer Overflow
wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h.
CVSS 7.8
CVE-2022-43280 WRITEUP HIGH
wasm-interp <1.0.29 - Memory Corruption
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
CVSS 7.1
CVE-2025-15424 WRITEUP HIGH
Yonyou KSOA 9.0 - SQL Injection via worksheet/agent_worksdel.jsp ID Parameter
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2025-15425 WRITEUP HIGH
Yonyou KSOA 9.0 - SQL Injection via /worksheet/del_user.jsp ID Parameter
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2025-15426 WRITEUP HIGH
H-ui.admin <3.1 - Unrestricted Upload
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2025-15428 WRITEUP HIGH
UTT 512W < 1.7.7-171114 - Buffer Overflow via Remote Control Profile Argument
A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-15429 WRITEUP HIGH
UTT 512W < 1.7.7-171114 - Buffer Overflow via formConfigCliForEngineerOnly addCommand Parameter
A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the argument addCommand leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-15430 WRITEUP HIGH
UTT 512W < 1.7.7-171114 - Buffer Overflow via formFtpServerShareDirSelcet oldfilename Parameter
A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing a manipulation of the argument oldfilename results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-15431 WRITEUP HIGH
UTT 512W < 1.7.7-171114 - Buffer Overflow via formFtpServerDirConfig Filename Parameter
A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2025-15442 WRITEUP MEDIUM
crmeb < 5.6.1 - SQL Injection via cate_id Parameter in Product List Export
A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. This manipulation of the argument cate_id causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.7
CVE-2025-15443 WRITEUP MEDIUM
crmeb < 5.6.1 - SQL Injection via cate_id Parameter in Product Export
A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. Such manipulation of the argument cate_id leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.7
CVE-2025-15454 WRITEUP LOW
zhanglun lettura < 0.1.22 - Cross-Site Scripting in RSS Handler
A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The patch is identified as 67213093db9923e828a6e3fd8696a998c85da2d4. It is best practice to apply a patch to resolve this issue.
CVSS 3.1
CVE-2025-15454 WRITEUP LOW
zhanglun lettura < 0.1.22 - Cross-Site Scripting in RSS Handler
A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The patch is identified as 67213093db9923e828a6e3fd8696a998c85da2d4. It is best practice to apply a patch to resolve this issue.
CVSS 3.1