Exploit Database
145,259 exploits tracked across all sources.
Unitree Go1 <= Go1_2022_05_11 - Insecure Firmware Update Permissions via MD5 Checksum
Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation.
CVSS 7.1
Linksys E5600 v1.1.0.26 - OS Command Injection via runtime.InternetConnection
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function.
CVSS 9.8
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS mailex Parameter
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.
CVSS 9.8
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS Hostname Parameter
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter.
CVSS 9.8
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS Password Parameter
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter.
CVSS 9.8
Linksys E5600 v1.1.0.26 - OS Command Injection via DynDNS Username Parameter
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter.
CVSS 9.8
Netgear EX8000 V1.0.0.126 - OS Command Injection via Iface Parameter in action_wireless
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
CVSS 9.8
Netgear EX8000 Firmware V1.0.0.126 - Command Injection via iface Parameter in action_bandwidth Function
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.
CVSS 6.5
DENX U-Boot 1.1.3 - Arbitrary Code Execution via Unsigned Firmware Installation
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
CVSS 6.5
DENX U-Boot 1.1.3 - Arbitrary Code Execution via Unsigned Firmware Installation
A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
CVSS 6.5
Siteserver CMS 7.3.1 - Arbitrary File Read via ReadTextAsynchronous Function
An arbitrary file read vulnerability in the ReadTextAsynchronous function of SSCMS v7.3.1 allows attackers to read arbitrary files via sending a crafted GET request to /cms/templates/templatesAssetsEditor.
CVSS 7.1
poco v1.14.1-release - Use of a Broken or Risky Cryptographic Algorithm
poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS 7.0
jose 6.0.10 - Use of a Broken or Risky Cryptographic Algorithm
jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication.
CVSS 7.0
jose 6.0.10 - Use of a Broken or Risky Cryptographic Algorithm
jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication.
CVSS 7.0
pyjwt - Weak Encryption via Insufficient Key Length Enforcement
pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).
CVSS 7.0
firebase/php-jwt < 6.11.0 - Inadequate Encryption Strength
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS 6.5
firebase/php-jwt < 6.11.0 - Inadequate Encryption Strength
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS 6.5
jwt < 5.4.3 - Inadequate Encryption Strength
jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS 7.0
phpgurukul Doctor Appointment Management System 1.0 - Authenticated Stored Cross-Site Scripting via Doctor Profile Name
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment.
CVSS 7.6
jehc-bpm < 2.0.1 - Unauthenticated Remote Code Execution via execParams
/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.
CVSS 10.0
CPython - Info Disclosure
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
Python <3.14 - Path Traversal
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVSS 9.4
Python <3.14 - Path Traversal
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVSS 9.4
simogeo Filemanager < 2.5.0 - Arbitrary File Upload and Remote Code Execution via SVG File
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 6.5
simogeo Filemanager 2.3.0 - Arbitrary File Upload via is_allowed_file_type() Function
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS 9.8
By Source