Exploit Database

145,185 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-29135 WRITEUP CRITICAL
Tenda AC7 V15.03.06.44 - Stack-based Buffer Overflow via formWifiBasicSet Security Parameter
A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function.
CVSS 9.8
CVE-2025-29155 WRITEUP MEDIUM
Swagger Petstore 1.0.7 - Remote Code Execution via DELETE Endpoint
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint
CVSS 6.5
CVE-2025-29156 WRITEUP MEDIUM
Swagger Petstore 1.0.7 - Cross-Site Scripting via /api/v3/pet Endpoint
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet
CVSS 6.1
CVE-2025-29157 WRITEUP MEDIUM
Swagger Petstore 1.0.7 - Information Disclosure via Non-Existent Endpoint
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version
CVSS 6.5
CVE-2025-29214 WRITEUP HIGH
Tenda AX12 v22.03.01.46_CN - Stack-based Buffer Overflow via setMacFilterCfg
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_42F69C function at /goform/setMacFilterCfg.
CVSS 7.5
CVE-2025-29215 WRITEUP MEDIUM
Tenda AX12 v22.03.01.46_CN - Stack-based Buffer Overflow via SetNetControlList
Tenda AX12 v22.03.01.46_CN was discovered to contain a stack overflow via the sub_43fdcc function at /goform/SetNetControlList.
CVSS 6.5
CVE-2025-29218 WRITEUP MEDIUM
Tenda W18E v2.0 v16.01.0.11 - Stack-based Buffer Overflow via wifiPwd Parameter
Tenda W18E v2.0 v16.01.0.11 was discovered to contain a stack overflow in the wifiPwd parameter at /goform/setModules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVSS 6.5
CVE-2025-29366 WRITEUP CRITICAL
mupen64plus 2.6.0 - Remote Code Execution via Array Overflow in write_rdram_regs
In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine.
CVSS 9.8
CVE-2025-29366 WRITEUP CRITICAL
mupen64plus 2.6.0 - Remote Code Execution via Array Overflow in write_rdram_regs
In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine.
CVSS 9.8
CVE-2025-29384 WRITEUP CRITICAL
Tenda AC9 v1.0 V15.03.05.14_multi - Stack Overflow via wanMTU Parameter
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanMTU parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVSS 9.8
CVE-2025-29405 WRITEUP MEDIUM
emlog 2.5.1-2.5.6 - Arbitrary File Upload via Template Admin Endpoint
An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS 6.3
CVE-2025-29628 WRITEUP CRITICAL
Gardyn Home Kit Firmware < master.619 - Exposure of Sensitive Information via Insecure HTTP Connection
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker capturing device credentials or taking control of vulnerable home kits.
CVSS 9.4
CVE-2025-29632 WRITEUP MEDIUM
free5gc 4.0.0 - Buffer Overflow via AMF NGAP Handler
Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components
CVSS 5.4
CVE-2025-29708 WRITEUP CRITICAL
SourceCodester Company Website CMS 1.0 - File Upload
SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services.
CVSS 9.8
CVE-2025-29709 WRITEUP CRITICAL
SourceCodester Company Website CMS 1.0 - File Upload
SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio.
CVSS 9.8
CVE-2025-29710 WRITEUP MEDIUM
SourceCodester Company Website CMS 1.0 - Stored Cross-Site Scripting via Dashboard Services
SourceCodester Company Website CMS 1.0 is vulnerable to Cross Site Scripting (XSS) via /dashboard/Services.
CVSS 6.1
CVE-2025-29774 WRITEUP CRITICAL
xml-crypto < 6.0.1, 3.0.0-3.2.0, < 2.1.6 - Cryptographic Signature Verification Bypass
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.
CVE-2025-29775 WRITEUP CRITICAL
xml-crypto < 6.0.1, 3.0.0-3.2.1, < 2.1.6 - Cryptographic Signature Verification Bypass
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.
CVE-2025-29787 WRITEUP HIGH
zip 1.3.0-2.3.0 - Arbitrary File Write via Symbolic Link Canonicalization
`zip` is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the `zip` crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the archive without validation of the final canonicalized path, allowing maliciously crafted archives to overwrite arbitrary files in the file system when extracted. Users who extract untrusted archive files using the following high-level API method may be affected and critical files on the system may be overwritten with arbitrary file permissions, which can potentially lead to code execution. Version 2.3.0 fixes the issue.
CVE-2025-29788 WRITEUP MEDIUM
Syliud PayPal Plugin <2.0.1 - Info Disclosure
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Express Checkout process, PayPal will not receive the updated total amount. As a result, PayPal captures only the initially transmitted amount, while Sylius incorrectly considers the order fully paid based on the modified total. This flaw can be exploited both accidentally and intentionally, potentially enabling fraud by allowing customers to pay less than the actual order value. Attackers can intentionally pay less than the actual total order amount, business owners may suffer financial losses due to underpaid orders, and integrity of payment processing is compromised. The issue is fixed in versions 1.6.1, 1.7.1, 2.0.1, and above. To resolve the problem in the end application without updating to the newest patches, there is a need to overwrite `ProcessPayPalOrderAction`, `CompletePayPalOrderFromPaymentPageAction`, and `CaptureAction` with modified logic.
CVSS 6.5
CVE-2025-29925 WRITEUP MEDIUM
XWiki REST API - Private Pages Disclosure
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the wiki, though only for the main wiki. The problem has been patched in XWiki 15.10.14, 16.4.6, 16.10.0RC1. In those versions the endpoint can still be requested but the result is filtered out based on pages rights.
CVSS 5.3
CVE-2025-29927 WRITEUP CRITICAL
Next.js Middleware Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
CVSS 9.1
CVE-2025-30065 WRITEUP CRITICAL
Apache Parquet Java < 1.15.1 - Remote Code Execution via Schema Parsing
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.
CVSS 9.8
CVE-2025-30065 WRITEUP CRITICAL
Apache Parquet Java < 1.15.1 - Remote Code Execution via Schema Parsing
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.
CVSS 9.8
CVE-2025-30124 WRITEUP CRITICAL
Marbella KR8s Dashcam FF 2.0.8 - Info Disclosure
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this password.
CVSS 9.8