Exploit Database

145,309 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-10054 WRITEUP HIGH
Datomic < 0.9.5697 - Remote Code Execution via H2 CREATE ALIAS
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
CVSS 8.8
CVE-2018-10054 WRITEUP HIGH
Datomic < 0.9.5697 - Remote Code Execution via H2 CREATE ALIAS
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
CVSS 8.8
CVE-2025-5695 WRITEUP MEDIUM
FLIR AX8 Firmware 1.46.0-1.46.16 - Remote Command Injection via subscriptions.php
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 will fix this issue. It is suggested to upgrade the affected component. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
CVSS 4.7
CVE-2025-57105 WRITEUP CRITICAL
D-Link DI-7400G+ Firmware - OS Command Injection via ac_mng_srv_host Parameter
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.
CVSS 9.8
CVE-2025-57199 WRITEUP HIGH
AVTECH DGM1104 FullImg-1015-1004-1006-1003 - Authenticated Command Injection via NetFailDetectD Binary
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
CVSS 8.8
CVE-2025-57244 WRITEUP MEDIUM
OpenKM Community Edition 6.3.12 - Stored Cross-Site Scripting via User Account Creation Interface
OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.
CVSS 5.4
CVE-2025-57310 WRITEUP HIGH
simple_faucet_script v1.07 - Cross-Site Request Forgery via Admin Ads Endpoint
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.
CVSS 8.8
CVE-2025-57353 WRITEUP MEDIUM
messageformat/runtime 3.0.1 - Prototype Pollution via Nested Message Key Processing
The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing specially crafted input. This can result in the injection of arbitrary properties into the Object.prototype, potentially leading to denial of service conditions or unexpected application behavior. The vulnerability allows attackers to alter the prototype of base objects, impacting all subsequent object instances throughout the application's lifecycle.
CVSS 5.3
CVE-2025-57330 WRITEUP HIGH
web3-core-subscriptions < 1.10.4 - Prototype Pollution via attachToObject Function
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 7.5
CVE-2025-57329 WRITEUP HIGH
web3-core-method < 1.10.4 - Prototype Pollution via attachToObject Function
web3-core-method is a package designed to creates the methods on the web3 modules. A Prototype Pollution vulnerability in the attachToObject function of web3-core-method version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 7.5
CVE-2025-57328 WRITEUP HIGH
toggle-array < 1.0.1 - Prototype Pollution via Enable/Disable Function
toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 7.5
CVE-2025-57327 WRITEUP HIGH
spmrc < 1.2.0 - Prototype Pollution via set and config Functions
spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 7.5
CVE-2025-57326 WRITEUP HIGH
sassdoc-extras < 2.5.1 - Prototype Pollution via byGroupAndType Function
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 7.5
CVE-2025-57325 WRITEUP HIGH
rollbar < 2.26.4 - Prototype Pollution via utility.set Function
rollbar is a package designed to effortlessly track and debug errors in JavaScript applications. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. A Prototype Pollution vulnerability in the utility.set function of rollbar v2.26.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 7.5
CVE-2025-57324 WRITEUP MEDIUM
parse < 5.3.0 - Prototype Pollution via SingleInstanceStateController.initializeState
parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 6.5
CVE-2025-57323 WRITEUP HIGH
mpregular < 0.2.0 - Prototype Pollution via mp.addEventHandler
mpregular is a package that provides a small program development framework based on RegularJS. A Prototype Pollution vulnerability in the mp.addEventHandler function of mpregular version 0.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 7.5
CVE-2025-57321 WRITEUP CRITICAL
magix-combine-ex < 1.2.10 - Prototype Pollution via util-deps.addFileDepend
A Prototype Pollution vulnerability in the util-deps.addFileDepend function of magix-combine-ex versions thru 1.2.10 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 9.8
CVE-2025-57320 WRITEUP MEDIUM
json-schema-editor-visual < 1.1.1 - Prototype Pollution via setData and deleteData Functions
json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 6.5
CVE-2025-57319 WRITEUP HIGH
fast-redact 3.5.0 - Prototype Pollution via nestedRestore Function
fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence. NOTE: the Supplier disputes this because the reporter only demonstrated access to properties by an internal utility function, and there is no means for achieving prototype pollution via the public API.
CVSS 7.5
CVE-2025-57318 WRITEUP HIGH
csvjson < 5.1.0 - Prototype Pollution via toCsv Function
A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
CVSS 7.5
CVE-2025-57389 WRITEUP MEDIUM
Luci OpenWRT v18.06.2 - Reflected Cross-Site Scripting via /admin/system/packages Endpoint
A reflected cross-site scripting (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload. This vulnerability was fixed in OpenWRT v19.07.0.
CVSS 5.4
CVE-2025-57392 WRITEUP HIGH
BenimPOS Masaustu 3.0.x - Insecure File Permissions
BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILE_ALL_ACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon launch by another user or elevated context.
CVSS 7.8
CVE-2025-57423 WRITEUP MEDIUM
MyClub 0.5 - Unauthenticated SQL Injection via /articles Endpoint Query Parameters
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a crafted GET request, potentially leading to information disclosure or manipulation of the database.
CVSS 6.5
CVE-2025-57460 WRITEUP CRITICAL
machpanel 8.0.32 - Unrestricted File Upload Leading to Webshell
File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.
CVSS 9.8
CVE-2025-57462 WRITEUP MEDIUM
machpanel 8.0.32 - Stored Cross-Site Scripting via Crafted PDF File
Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.
CVSS 6.1