Exploit Database

145,169 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-2512 WRITEUP CRITICAL
File Away < 3.9.9.0.1 - Unauthenticated Arbitrary File Upload via upload() Function
The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS 9.8
CVE-2025-2582 WRITEUP LOW
SimpleMachines SMF 2.1.4 - Cross-Site Scripting in ManageAttachments.php
A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.
CVSS 3.5
CVE-2025-2583 WRITEUP LOW
SimpleMachines SMF 2.1.4 - Cross-Site Scripting in ManageNews.php
A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.
CVSS 3.5
CVE-2025-26001 WRITEUP HIGH
Telesquare TLR-2005KSH 1.1.4 - Information Disclosure via getUserNamePassword Parameter
Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.
CVSS 7.5
CVE-2025-26002 WRITEUP CRITICAL
Telesquare TLR-2005KSH 1.1.4 - Unauthenticated Stack Overflow via admin.cgi setSyncTimeHost Parameter
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost.
CVSS 9.8
CVE-2025-26074 WRITEUP CRITICAL
Conductor Core < 3.21.13 - Remote Code Execution via Java Class Access
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
CVSS 9.8
CVE-2025-26125 WRITEUP HIGH
IObit Malware Fighter <12.1.0 - Privilege Escalation
An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges.
CVSS 7.3
CVE-2025-26153 WRITEUP MEDIUM
Chamilo LMS 1.11.28 - Stored Cross-Site Scripting in Message Compose Feature
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.
CVSS 5.4
CVE-2025-26159 WRITEUP MEDIUM
laravel-starter < 11.11.0 - Stored Cross-Site Scripting in Tags Feature
Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field.
CVSS 6.1
CVE-2025-26198 WRITEUP CRITICAL
CloudClassroom-PHP-Project v1.0 - Unauthenticated SQL Injection via Admin Login Username Field
CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR '1'='1, leading to complete compromise of the login mechanism and potential exposure of sensitive backend data.
CVSS 9.8
CVE-2025-26198 WRITEUP CRITICAL
CloudClassroom-PHP-Project v1.0 - Unauthenticated SQL Injection via Admin Login Username Field
CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR '1'='1, leading to complete compromise of the login mechanism and potential exposure of sensitive backend data.
CVSS 9.8
CVE-2025-26199 WRITEUP CRITICAL
CloudClassroom-PHP-Project 1.0 - Cleartext Transmission of Sensitive Information via HTTP Login
CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment.
CVSS 9.8
CVE-2025-26199 WRITEUP CRITICAL
CloudClassroom-PHP-Project 1.0 - Cleartext Transmission of Sensitive Information via HTTP Login
CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment.
CVSS 9.8
CVE-2025-26206 WRITEUP CRITICAL
selldone storefront 1.0 - Cross-Site Request Forgery via index.html
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component
CVSS 9.0
CVE-2025-26262 WRITEUP MEDIUM
R-fx Networks Linux Malware Detect <1.6.5 - Privilege Escalation
An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename.
CVSS 6.5
CVE-2025-26269 WRITEUP LOW
DragonflyDB Dragonfly < 1.29.0 - Authenticated Denial of Service via Lua Library Integer Underflow
DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
CVSS 3.3
CVE-2025-26278 WRITEUP HIGH
dref 0.1.2 - Denial of Service via Prototype Pollution in lib.set
A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVSS 7.5
CVE-2025-26326 WRITEUP HIGH
NVDA Remote 2.6.4 and Tele NVDA Remote 2025.3.3 - Improper Authentication via Weak Password Handling
A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered by the user and do not have an additional authentication or computer verification mechanism. Tests indicate that more than 1,000 systems use easy-to-guess passwords, many with less than 4 to 6 characters, including common sequences. This allows brute force attacks or trial-and-error attempts by malicious invaders. The vulnerability can be exploited by a remote attacker who knows or can guess the password used in the connection. As a result, the attacker gains complete access to the affected system and can execute commands, modify files, and compromise user security.
CVSS 8.8
CVE-2025-26326 WRITEUP HIGH
NVDA Remote 2.6.4 and Tele NVDA Remote 2025.3.3 - Improper Authentication via Weak Password Handling
A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered by the user and do not have an additional authentication or computer verification mechanism. Tests indicate that more than 1,000 systems use easy-to-guess passwords, many with less than 4 to 6 characters, including common sequences. This allows brute force attacks or trial-and-error attempts by malicious invaders. The vulnerability can be exploited by a remote attacker who knows or can guess the password used in the connection. As a result, the attacker gains complete access to the affected system and can execute commands, modify files, and compromise user security.
CVSS 8.8
CVE-2025-26625 WRITEUP HIGH
Git LFS 0.5.2-3.7.0 - Arbitrary File Write via Symbolic Link Collision
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.
CVE-2025-26794 WRITEUP HIGH
Exim 4.98 - Remote SQL Injection via SQLite Hints and ETRN Serialization
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
CVSS 7.5
CVE-2025-27090 WRITEUP MEDIUM
Sliver 1.5.26-1.5.42 - Server-Side Request Forgery via Reverse Port Forwarding
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so. The only impact that has been shown is the exposure of the server's IP address to a third party. This issue has been addressed in version 1.5.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 5.3
CVE-2025-27093 WRITEUP MEDIUM
Sliver <1.5.43-1.6.0-dev - Command Injection
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.
CVSS 6.3
CVE-2025-27106 WRITEUP HIGH
binance-trading-bot - Command Injection
binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Authenticated users of binance-trading-bot can achieve Remote Code Execution on the host system due to a command injection vulnerability in the `/restore` endpoint. The restore endpoint of binance-trading-bot is vulnerable to command injection via the `/restore` endpoint. The name of the uploaded file is passed to shell.exec without sanitization other than path normalization, resulting in Remote Code Execution. This may allow any authorized user to execute code in the context of the host machine. This issue has been addressed in version 0.0.100 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 8.8
CVE-2025-27107 WRITEUP HIGH
Minecraft <1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, 1.19.2-1...
Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java reflection on a thrown exception object it's possible to escape the JavaScript sandbox for IntegratedScripting's Variable Cards, and leverage that to construct arbitrary Java classes and invoke arbitrary Java methods. This vulnerability allows for execution of arbitrary Java methods, and by extension arbitrary native code e.g. from `java.lang.Runtime.exec`, on the Minecraft server by any player with the ability to create and use an IntegratedScripting Variable Card. Versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 fix the issue.