Exploit Database
145,169 exploits tracked across all sources.
D-Link DIR-823x Firmware - OS Command Injection via macaddr Parameter
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c
CVSS 9.8
D-Link DIR-823x Firmware - OS Command Injection via Function 0x417234
An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234
CVSS 9.8
Netgear R6100 Firmware V1.0.1.28 - Buffer Overflow via QUERY_STRING
Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value
CVSS 9.8
ALFA WiFi CampPro Firmware - Buffer Overflow via newap_text_0 Key Value
Buffer Overflow vulnerability in ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the newap_text_0 key value
CVSS 9.8
ALFA WiFi CampPro Firmware ALFA_CAMPRO-co-2.29 - Buffer Overflow via GAPSMinute3 Key Value
Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value
CVSS 9.8
ALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 - Buffer Overflow via StorageEditUser hiddenIndex
Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the hiddenIndex in the function StorageEditUser
CVSS 9.8
SQLite 3.49.0 - Denial of Service via sqlite3_db_config Integer Overflow
In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.
CVSS 5.6
Motivian Content Management System 41.0.0 - Remote Code Execution via Gallery Images Upload
File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component.
CVSS 8.2
Tenda AC8 V16.03.34.06 - Stack-based Buffer Overflow via fromSetRouteStatic Parameter
Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list.
CVSS 9.8
Tenda AC7 V15.03.06.44 - Stack-based Buffer Overflow via formWifiBasicSet Security Parameter
A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function.
CVSS 9.8
Swagger Petstore 1.0.7 - Remote Code Execution via DELETE Endpoint
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint
CVSS 6.5
Swagger Petstore 1.0.7 - Cross-Site Scripting via /api/v3/pet Endpoint
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet
CVSS 6.1
Swagger Petstore 1.0.7 - Information Disclosure via Non-Existent Endpoint
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version
CVSS 6.5
Tenda AX12 v22.03.01.46_CN - Stack-based Buffer Overflow via setMacFilterCfg
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.
CVSS 7.5
Tenda AX12 v22.03.01.46_CN - Stack-based Buffer Overflow via SetNetControlList
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
CVSS 6.5
Tenda W18E v2.0 v16.01.0.11 - Stack-based Buffer Overflow via wifiPwd Parameter
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS 6.5
mupen64plus 2.6.0 - Remote Code Execution via Array Overflow in write_rdram_regs
In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine.
CVSS 9.8
mupen64plus 2.6.0 - Remote Code Execution via Array Overflow in write_rdram_regs
In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine.
CVSS 9.8
Tenda AC9 v1.0 V15.03.05.14_multi - Stack Overflow via wanMTU Parameter
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS 9.8
emlog 2.5.1-2.5.6 - Arbitrary File Upload via Template Admin Endpoint
An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS 6.3
Gardyn Home Kit Firmware < master.619 - Exposure of Sensitive Information via Insecure HTTP Connection
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker capturing device credentials or taking control of vulnerable home kits.
CVSS 9.4
free5gc 4.0.0 - Buffer Overflow via AMF NGAP Handler
Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components
CVSS 5.4
SourceCodester Company Website CMS 1.0 - File Upload
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services.
CVSS 9.8
SourceCodester Company Website CMS 1.0 - File Upload
SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio.
CVSS 9.8
SourceCodester Company Website CMS 1.0 - Stored Cross-Site Scripting via Dashboard Services
SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services.
CVSS 6.1
By Source