Github Exploits
2,268 exploits tracked across all sources.
Karamasoft UltimateEditor 1 - Info Disclosure
Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI.
by Gr4y21
CVSS 9.8
Kentico 11-12 - Info Disclosure
Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library permissions correctly. The vendor states that by default all users can read/modify/upload files, and it’s up to the administrator to decide who should have access to the media library and set the permissions accordingly. See the vendor documentation in the references for more information
by Gr4y21
CVSS 9.1
Chiefonboarding < 2.0.47 - CSRF
Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47.
by tomorroisnew
Mosparo < 1.0.2 - Open Redirect
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
by tomorroisnew
Nextcloud Enterprise Server < 22.2.10.4 - SSRF
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.
by tomorroisnew
gVectors Team wpForo Forum <2.0.5 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
by tomorroisnew
MultiSafepay <4.13.1 - Info Disclosure
Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <= 4.13.1 at WordPress.
by tomorroisnew
Wordplus Better Messages < 1.9.9.149 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated.
by tomorroisnew
Tenda AC10-1200 - Buffer Overflow
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow in the setSmartPowerManagement function.
by tomorroisnew
Bookwyrm < 0.3.0 - SSRF
BookWyrm is a decentralized social network for tracking reading habits and reviewing books. The functionality to load a cover via url is vulnerable to a server-side request forgery attack. Any BookWyrm instance running a version prior to v0.3.0 is susceptible to attack from a logged-in user. The problem has been patched and administrators should upgrade to version 0.3.0 As a workaround, BookWyrm instances can close registration and limit members to trusted individuals.
by tomorroisnew
Lifterlms < 1.4.0 - XSS
The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue
by tomorroisnew
Hubspot < 8.8.15 - SSRF
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks
by tomorroisnew
Showdoc < 2.10.3 - XSS
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
by tomorroisnew
livehelperchat/livehelperchat <3.97 - SSRF
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
by tomorroisnew
Spirit < 0.12.3 - Open Redirect
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
by tomorroisnew
Plezi WordPress <1.0.3 - XSS
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue
by tomorroisnew
WordPress <1.3.6.3 - XSS
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Scripting issue
by tomorroisnew
Shareaholic < 9.7.6 - Incorrect Authorization
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
by tomorroisnew
MapSVG WP <6.2.20 - SQL Injection
The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.
by tomorroisnew
FormCraft WP <3.8.28 - SSRF
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users
by tomorroisnew
WP Voting Contest <3.0 - XSS
The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
by tomorroisnew
AnyComment WP <0.2.18 - Privilege Escalation
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
by tomorroisnew
AnyComment WordPress <0.2.18 - CSRF
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
by tomorroisnew
Tenda AC10-1200 <15.03.06.23 - Buffer Overflow
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
by tomorroisnew
Tenda AC10-1200 <15.03.06.23 - Buffer Overflow
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.
by tomorroisnew
By Source