Exploitdb Exploits
50,076 exploits tracked across all sources.
Discourse < 3.3.2 - Unauthenticated Cache Poisoning via XHR Requests
Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
by İbrahimsql
CVSS 8.2
Netmake ScriptCase <9.12.006 - Command Injection
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.
by Alexandre ZANNI
CVSS 6.7
Microsoft Defender for Endpoint < 101.25022.0002 - Privilege Escalation
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
by Rich Mirch
CVSS 7.8
Sudo <1.9.17p1 - Privilege Escalation
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
by Stratascale
CVSS 9.3
sudo < 1.9.17p1 - Incorrect Authorization via Host Specification Bypass
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
by Rich Mirch
CVSS 2.8
Microsoft SharePoint Enterprise Server - Remote Code Execution via Untrusted Data Deserialization
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
by nu11secur1ty
CVSS 8.8
Moodle Remote Code Execution (CVE-2024-43425)
A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.
by Likhith Appalaneni
CVSS 8.1
Wing FTP Server NULL-byte Authentication Bypass (CVE-2025-47812)
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
by 4m3rr0r
CVSS 10.0
Gogs < 0.13.0 - Authenticated Remote Code Execution via SSH --split-string Argument Injection
The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
by cybersploit
CVSS 9.9
Microsoft 365 Apps and Excel - Use-After-Free
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
by nu11secur1ty
CVSS 7.8
freeSSHd 1.0.9 - Denial of Service
A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547.
by Fernando Mengali
CVSS 5.3
Social Warfare and Social Warfare Pro < 3.5.3 - Stored Cross-Site Scripting via swp_debug Parameter
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
by Huseyin Mardinli
CVSS 6.1
Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.
by Yesith Alvarez
CVSS 5.3
Pterodactyl Panel < 1.11.11 - Unauthenticated Remote Code Execution via Locale Endpoint
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
by Zen-kun04
CVSS 10.0
PX4-Autopilot 1.12.3 - Buffer Overflow
A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
by Mohammed Idrees Banyamer
CVSS 3.3
McAfee Agent < 5.7.6 - Insecure Storage of Sensitive Information in ma.db
Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.
by Keenan Scott
CVSS 6.1
OneTrust SDK 6.33.0 - Denial of Service via Prototype Pollution
An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerability.
by Alameen Karim Merali
CVSS 5.7
Microsoft 365 Apps and Office Long Term Servicing Channel - Use-After-Free
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
by nu11secur1ty
CVSS 8.4
Kubernetes ingress-nginx - Pod Network Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
by Likhith Appalaneni
CVSS 9.8
Fortinet Fortisase < 7.2.11 - Insufficient Session Expiration
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.
by Shahid Hakim
CVSS 4.8
AirKeyboard iOS App 1.0.5 - Unauthenticated Remote Input Injection
AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control.
by Chokri Hammedi
Windows SMB - Authenticated Privilege Escalation via Improper Access Control
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
by Mohammed Idrees Banyamer
CVSS 8.8
PCMan FTP Server 2.0.7 - Buffer Overflow
A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RMD Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by Fernando Mengali
CVSS 7.3
Microsoft 365 Apps and Excel - Use-After-Free
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
by nu11secur1ty
CVSS 7.8
By Source