Exploit Database
145,324 exploits tracked across all sources.
EmbedVideo < 4.0.0 - Stored Cross-Site Scripting via Arbitrary HTML Attributes
The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. This issue has been patched via commit 4e075d3.
CVSS 8.6
Flag Forge <2.3.2 - Info Disclosure
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public API responses while keeping the endpoint publicly accessible. Users should upgrade to version 2.3.2 or later to eliminate exposure. There are no workarounds for this vulnerability.
CVSS 5.3
formbricks < 4.0.1 - Unauthenticated Authentication Bypass via JWT Signature Verification Missing
Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the token’s signature, expiration, issuer, or audience. If an attacker learns the victim’s actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victim’s password. This issue has been patched in version 4.0.1.
CVSS 9.4
TOTOLINK N600R v4.3.0cu.7866_B20220506 - DoS
TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the ssid parameter in the setWiFiBasicConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 7.5
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via webExcptypemanFilte Page Argument
A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used.
CVSS 7.2
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via qossetting Page Parameter
A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.2
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via VirtualSer Page Parameter
A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
CVSS 7.2
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via SetIpBind HTTP Request Handler
A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.2
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via SetIpBind HTTP Request Handler
A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.2
Tenda WH450 1.0.0.18 - OS Command Injection via CheckTools ipaddress Parameter
A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via PPTPDClient Username Parameter
A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used.
CVSS 9.8
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via PPTPClient netmsk Parameter
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 9.8
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via Natlimit Page Parameter
A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVSS 9.8
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via NatStaticSetting Page Parameter
A vulnerability was detected in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/NatStaticSetting. The manipulation of the argument page results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
CVSS 9.8
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via SafeUrlFilter Page Parameter
A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVSS 9.8
Tenda WH450 1.0.0.18 - Stack-Based Buffer Overflow via L7Port HTTP Request Handler
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
CVSS 7.3
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via L7Im Page Argument
A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 9.8
Tenda WH450 1.0.0.18 - Stack-based Buffer Overflow via CheckTools ipaddress Parameter
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 9.8
Tenda FH1201 1.2.0.14(408) - Stack-based Buffer Overflow via SetIpBind Page Argument
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVSS 8.8
Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155) - Stack-based Buffer Overflow via webSiteId Argument
A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVSS 8.8
Tenda AC18 15.03.05.05 - Stack-based Buffer Overflow via SetDlnaCfg scanList Parameter
A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
CVSS 8.8
Tenda AC18 15.03.05.05 - Stack-based Buffer Overflow via mac Argument in GetParentControlInfo
A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS 8.8
Tenda WH450 1.0.0.18 - Buffer Overflow
A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVSS 9.8
TOTOLINK N600R <4.3.0cu.7866_B20220506 - Buffer Overflow
A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS 8.8
Nagios Fusion <2024R2 - Auth Bypass
A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack.
CVSS 7.6
By Source