Exploit Database
145,039 exploits tracked across all sources.
WebAssembly wabt <1.0.33 - Memory Corruption
WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.
CVSS 5.5
WebAssembly wabt <1.0.33 - Memory Corruption
WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.
CVSS 5.5
wasm2c/wasm2wat/wasm-decompile/wasm-validate <1.0.32 - DoS
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.
CVSS 7.5
WebAssembly wat2wasm <1.0.32 - Code Injection
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
CVSS 5.5
WebAssembly 1.0 - Infinite Loop in hang.wasm Component
An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.
CVSS 5.5
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
CVSS 5.5
WebAssembly <1.0.29 - Buffer Overflow
WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.
CVSS 7.8
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.
CVSS 5.5
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
CVSS 5.5
WebAssembly <1.0.29 - Memory Corruption
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.
CVSS 5.5
wabt wasm2c v1.0.29 - Denial of Service via CWriter::Write Abort
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
CVSS 5.5
wasm-interp <1.0.29 - Memory Corruption
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.
CVSS 7.1
wasm-interp <1.0.29 - Buffer Overflow
wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h.
CVSS 7.8
wasm-interp <1.0.29 - Memory Corruption
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
CVSS 7.1
Yonyou KSOA 9.0 - SQL Injection via worksheet/agent_worksdel.jsp ID Parameter
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
Yonyou KSOA 9.0 - SQL Injection via /worksheet/del_user.jsp ID Parameter
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
H-ui.admin <3.1 - Unrestricted Upload
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
UTT 512W < 1.7.7-171114 - Buffer Overflow via Remote Control Profile Argument
A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
UTT 512W < 1.7.7-171114 - Buffer Overflow via formConfigCliForEngineerOnly addCommand Parameter
A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the argument addCommand leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
UTT 512W < 1.7.7-171114 - Buffer Overflow via formFtpServerShareDirSelcet oldfilename Parameter
A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing a manipulation of the argument oldfilename results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
UTT 512W < 1.7.7-171114 - Buffer Overflow via formFtpServerDirConfig Filename Parameter
A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
crmeb < 5.6.1 - SQL Injection via cate_id Parameter in Product List Export
A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. This manipulation of the argument cate_id causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.7
crmeb < 5.6.1 - SQL Injection via cate_id Parameter in Product Export
A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. Such manipulation of the argument cate_id leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.7
zhanglun lettura < 0.1.22 - Cross-Site Scripting in RSS Handler
A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The patch is identified as 67213093db9923e828a6e3fd8696a998c85da2d4. It is best practice to apply a patch to resolve this issue.
CVSS 3.1
zhanglun lettura < 0.1.22 - Cross-Site Scripting in RSS Handler
A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The patch is identified as 67213093db9923e828a6e3fd8696a998c85da2d4. It is best practice to apply a patch to resolve this issue.
CVSS 3.1
By Source