Exploit Database
145,169 exploits tracked across all sources.
octokit/endpoint 4.1.0-10.1.2 - Regular Expression Denial-of-Service in parse Function
@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific `options` parameters, the `endpoint.parse(options)` call can be triggered, leading to a regular expression denial-of-service (ReDoS) attack. This causes the program to hang and results in high CPU utilization. The issue occurs in the `parse` function within the `parse.ts` file of the npm package `@octokit/endpoint`. Version 10.1.3 contains a patch for the issue.
CVSS 5.3
Lakeus <1.3.1+REL1.39,1.3.1+REL1.42,1.4.0 - XSS
Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with `(editinterface)` rights can edit system messages that are improperly handled in order to send raw HTML. In the case of `lakeus-footermessage`, this will affect all users if the server is configured to link back to this repository. Otherwise, the system messages in themeDesigner.js are only used when the user enables it in their preferences. Versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0 contain a patch.
CVSS 4.7
@octokit/plugin-paginate-rest <11.4.1 - ReDoS
@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package `@octokit/plugin-paginate-rest`, when calling `octokit.paginate.iterator()`, a specially crafted `octokit` instance—particularly with a malicious `link` parameter in the `headers` section of the `request`—can trigger a ReDoS attack. Version 11.4.1 contains a fix for the issue.
CVSS 5.3
@octokit/request-error <6.1.7 - ReDoS
@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processing, leading to excessive resource consumption. This can significantly degrade server performance or cause a denial-of-service (DoS) condition, impacting availability. Version 6.1.7 contains a fix for the issue.
CVSS 5.3
@octokit/request <9.2.1-8.4.1 - ReDoS
@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to versions 9.2.1 and 8.4.1, the regular expression `/<([^>]+)>; rel="deprecation"/` used to match the `link` header in HTTP responses is vulnerable to a ReDoS (Regular Expression Denial of Service) attack. This vulnerability arises due to the unbounded nature of the regex's matching behavior, which can lead to catastrophic backtracking when processing specially crafted input. An attacker could exploit this flaw by sending a malicious `link` header, resulting in excessive CPU usage and potentially causing the server to become unresponsive, impacting service availability. Versions 9.2.1 and 8.4.1 fix the issue.
CVSS 5.3
ruby-saml <1.12.4,1.18.0 - Auth Bypass
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
CVSS 9.8
ruby-saml <1.12.4,1.18.0 - Auth Bypass
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
CVSS 9.8
ruby-saml < 1.12.4 - Denial of Service via Compressed SAML Response Bypass
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.
CVSS 7.5
Label Studio < 1.16.0 - Cross-Site Scripting via label_config Query Parameter
Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue.
CVSS 6.1
MouseTooltipTranslator pdf.mjs - Browser-Mediated Request Forgery
The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to download and display to the extension user. Because pdf.mjs is imported in viewer.html and viewer.html is accessible to all URLs, an attacker can force the user’s browser to make a request to any arbitrary URL. After discussion with maintainer, patching this issue would require disabling a major feature of the extension in exchange for a low severity vulnerability. Decision to not patch issue.
Vega < 5.26.0 and vega-selections < 5.4.2 - Cross-Site Scripting via vlSelectionTuples Function
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the `vlSelectionTuples` function can be used to call JavaScript functions, leading to cross-site scripting.`vlSelectionTuples` calls multiple functions that can be controlled by an attacker, including one call with an attacker-controlled argument. This can be used to call `Function()` with arbitrary JavaScript and the resulting function can be called with `vlSelectionTuples` or using a type coercion to call `toString` or `valueOf`. Version 5.26.0 of vega and 5.4.2 of vega-selections fix this issue.
TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 - Stored Cross-Site Scripting via UPnP Port Mapping Description
A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
CVSS 5.4
Tenda AC10 V4.0si_V16.03.10.20 - Buffer Overflow via AdvSetMacMtuWan serviceName2
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.
CVSS 4.6
Tenda AC10 V4.0si_V16.03.10.20 - Stack-based Buffer Overflow via wanSpeed2
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.
CVSS 7.5
Tenda AC10 V4.0si_V16.03.10.20 - Stack-based Buffer Overflow via wanMTU2
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.
CVSS 7.5
Tenda AC10 V4.0si_V16.03.10.20 - Buffer Overflow via AdvSetMacMtuWan mac2 Parameter
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.
CVSS 9.8
Tenda AC10 V4.0si_V16.03.10.20 - Stack-based Buffer Overflow via cloneType2
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.
CVSS 7.5
Tenda AC10 V4.0si_V16.03.10.20 - Buffer Overflow via AdvSetMacMtuWan serverName2
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.
CVSS 4.6
TOTOLINK A3002R V4.0.0-B20230531.1404 - OS Command Injection via bandstr Parameter
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
CVSS 9.8
FS Inc S3150-8T2F <S3150-8T2F_2.2.0D_135103 - XSS
FS Inc S3150-8T2F prior to version S3150-8T2F_2.2.0D_135103 is vulnerable to Cross Site Scripting (XSS) in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this input is saved, it is later executed in the browser of any user accessing the affected page, including administrators, resulting in arbitrary script execution in the user's browser.
CVSS 7.1
Unifiedtransform v2.0 - Privilege Escalation
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
CVSS 6.5
Unifiedtransform 2.0 - Privilege Escalation via /students/edit/{id} Endpoint
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
CVSS 6.5
Unifiedtransform 2.0 - Incorrect Access Control via Teacher Attendance Endpoint
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1.
CVSS 4.3
Unifiedtransform 2.0 - Cross-Site Scripting in Create Assignment Function
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
CVSS 5.4
Unifiedtransform 2.0 - Privilege Escalation via Incorrect Access Control
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.
CVSS 3.3
By Source