Exploit Database

145,259 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-45467 WRITEUP HIGH
Unitree Go1 <= Go1_2022_05_11 - Insecure Firmware Update Permissions via MD5 Checksum
Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation.
CVSS 7.1
CVE-2025-45487 WRITEUP CRITICAL
Linksys E5600 v1.1.0.26 - OS Command Injection via runtime.InternetConnection
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function.
CVSS 9.8
CVE-2025-45488 WRITEUP CRITICAL
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS mailex Parameter
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.
CVSS 9.8
CVE-2025-45489 WRITEUP CRITICAL
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS Hostname Parameter
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter.
CVSS 9.8
CVE-2025-45490 WRITEUP CRITICAL
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS Password Parameter
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter.
CVSS 9.8
CVE-2025-45491 WRITEUP CRITICAL
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS Username Parameter
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter.
CVSS 9.8
CVE-2025-45492 WRITEUP CRITICAL
Netgear EX8000 V1.0.0.126 - OS Command Injection via Iface Parameter in action_wireless
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
CVSS 9.8
CVE-2025-45493 WRITEUP MEDIUM
Netgear EX8000 Firmware V1.0.0.126 - Command Injection via iface Parameter in action_bandwidth Function
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.
CVSS 6.5
CVE-2025-45512 WRITEUP MEDIUM
DENX U-Boot 1.1.3 - Arbitrary Code Execution via Unsigned Firmware Installation
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
CVSS 6.5
CVE-2025-45512 WRITEUP MEDIUM
DENX U-Boot 1.1.3 - Arbitrary Code Execution via Unsigned Firmware Installation
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
CVSS 6.5
CVE-2025-45529 WRITEUP HIGH
Siteserver CMS 7.3.1 - Arbitrary File Read via ReadTextAsynchronous Function
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.
CVSS 7.1
CVE-2025-45766 WRITEUP HIGH
poco v1.14.1-release - Use of a Broken or Risky Cryptographic Algorithm
poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS 7.0
CVE-2025-45767 WRITEUP HIGH
jose 6.0.10 - Use of a Broken or Risky Cryptographic Algorithm
jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication.
CVSS 7.0
CVE-2025-45767 WRITEUP HIGH
jose 6.0.10 - Use of a Broken or Risky Cryptographic Algorithm
jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication.
CVSS 7.0
CVE-2025-45768 WRITEUP HIGH
pyjwt - Weak Encryption via Insufficient Key Length Enforcement
pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).
CVSS 7.0
CVE-2025-45769 WRITEUP MEDIUM
firebase/php-jwt < 6.11.0 - Inadequate Encryption Strength
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS 6.5
CVE-2025-45769 WRITEUP MEDIUM
firebase/php-jwt < 6.11.0 - Inadequate Encryption Strength
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS 6.5
CVE-2025-45770 WRITEUP HIGH
jwt < 5.4.3 - Inadequate Encryption Strength
jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS 7.0
CVE-2025-45805 WRITEUP HIGH
phpgurukul Doctor Appointment Management System 1.0 - Authenticated Stored Cross-Site Scripting via Doctor Profile Name
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.
CVSS 7.6
CVE-2025-45854 WRITEUP CRITICAL
jehc-bpm < 2.0.1 - Unauthenticated Remote Code Execution via execParams
/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.
CVSS 10.0
CVE-2025-4516 WRITEUP MEDIUM
CPython - Info Disclosure
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
CVE-2025-4517 WRITEUP CRITICAL
Python <3.14 - Path Traversal
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVSS 9.4
CVE-2025-4517 WRITEUP CRITICAL
Python <3.14 - Path Traversal
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVSS 9.4
CVE-2025-46000 WRITEUP MEDIUM
simogeo Filemanager < 2.5.0 - Arbitrary File Upload and Remote Code Execution via SVG File
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 6.5
CVE-2025-46001 WRITEUP CRITICAL
simogeo Filemanager 2.3.0 - Arbitrary File Upload via is_allowed_file_type() Function
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS 9.8