Exploit Database

145,324 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-60830 WRITEUP MEDIUM
redragon-erp v1.0 - Deserialization
redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key.
CVSS 6.5
CVE-2025-60833 WRITEUP MEDIUM
uzy-ssm-mall 1.1.0 - XML External Entity Injection in /mall/wxpay/pay
An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data.
CVSS 6.5
CVE-2025-60834 WRITEUP MEDIUM
uzy-ssm-mall <v1.1.0 - Code Injection
A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input.
CVSS 6.5
CVE-2025-60880 WRITEUP HIGH
Bagisto 2.3.6 - Authenticated Stored Cross-Site Scripting via SVG File Upload
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in the browser, potentially leading to session hijacking, data theft, or unauthorized actions.
CVSS 8.3
CVE-2025-60912 WRITEUP LOW
phpipam < 1.7.3 - Cross-Site Request Forgery in Database Export Functionality
phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an administrator has an active session.
CVSS 3.3
CVE-2025-60935 WRITEUP MEDIUM
Blitz Panel <1.17.0 - Open Redirect
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication.
CVSS 6.1
CVE-2025-60954 WRITEUP HIGH
Microweber CMS 2.0 - Info Disclosure
Microweber CMS 2.0 has Weak Password Requirements. The application does not enforce minimum password length or complexity during password resets. Users can set extremely weak passwords, including single-character passwords, which can lead to account compromise, including administrative accounts.
CVSS 8.3
CVE-2025-6069 WRITEUP MEDIUM
CPython < 3.9.24, 3.10.0-3.10.18, 3.11.0-3.11.13, 3.12.0-3.12.11, 3.13.0-3.13.5, 3.14.0a1-3.14.0b2 - DoS via HTML Parser
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
CVSS 4.3
CVE-2025-6075 WRITEUP MEDIUM
os.path.expandvars - Info Disclosure
If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
CVSS 5.5
CVE-2025-6095 WRITEUP HIGH
Jasmin Ransomware 1.0.1 - SQL Injection
A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2025-6097 WRITEUP MEDIUM
UTT 750W < 5.0 - Unauthenticated Unverified Password Change via formDefineManagement
A vulnerability was found in UTT 进取 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3
CVE-2025-6098 WRITEUP CRITICAL
UTT 750W < 5.0 - Buffer Overflow via API passwd1 Parameter
A vulnerability was found in UTT 进取 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 9.8
CVE-2025-61132 WRITEUP HIGH
levlaz braindump <0.4.14 - Host Header Injection
A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
CVSS 7.1
CVE-2025-61132 WRITEUP HIGH
levlaz braindump <0.4.14 - Host Header Injection
A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
CVSS 7.1
CVE-2025-61136 WRITEUP HIGH
axewater sharewarez <2.4.3 - Host Header Injection
A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
CVSS 7.1
CVE-2025-61136 WRITEUP HIGH
axewater sharewarez <2.4.3 - Host Header Injection
A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links without a fixed SERVER_NAME.
CVSS 7.1
CVE-2025-61140 WRITEUP CRITICAL
dchester/jsonpath 1.1.1 - Prototype Pollution via Value Function
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
CVSS 9.8
CVE-2025-61155 WRITEUP MEDIUM
GameDriverX64.sys <7.23.4.7 - Privilege Escalation
The GameDriverX64.sys kernel-mode anti-cheat driver (v7.23.4.7 and earlier) contains an access control vulnerability in one of its IOCTL handlers. A user-mode process can open a handle to the driver device and send specially crafted IOCTL requests. These requests are executed in kernel-mode context without proper authentication or access validation, allowing the attacker to terminate arbitrary processes, including critical system and security services, without requiring administrative privileges.
CVSS 5.5
CVE-2025-61301 WRITEUP HIGH
CAPEv2 - Denial of Service via Oversized Behavior Data
Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.
CVSS 7.5
CVE-2025-61506 WRITEUP CRITICAL
MediaCrush < 1.0.1 - Unauthenticated Arbitrary File Upload via /upload Endpoint
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
CVSS 9.8
CVE-2025-61514 WRITEUP MEDIUM
SageMath, Inc CoCalc <0d2ff58 - RCE
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 6.5
CVE-2025-61514 WRITEUP MEDIUM
SageMath, Inc CoCalc <0d2ff58 - RCE
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS 6.5
CVE-2024-36109 WRITEUP HIGH
CoCalc - Stored Cross-Site Scripting via Published Markdown Script Tags
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows `<script>` tags to be included which execute when published. This issue has been addressed in commit `419862a9c9879c`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 7.6
CVE-2025-61524 WRITEUP HIGH
Casdoor < 2.63.0 - Authenticated Permission Bypass via URL Concatenation
An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass the system's permission verification mechanism by directly concatenating URLs after login
CVSS 7.2
CVE-2025-61557 WRITEUP HIGH
nixseparatedebuginfod <0.4.1 - Path Traversal
nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.
CVSS 7.5