Exploit Database

145,357 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-63388 WRITEUP CRITICAL
Dify v1.9.1 - Origin Validation Error in /console/api/system-features Endpoint
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any external domain to make authenticated cross-origin requests. NOTE: the Supplier disputes this, providing the rationale of "sending requests with credentials does not provide any additional access compared to unauthenticated requests."
CVSS 9.1
CVE-2025-63389 WRITEUP CRITICAL
ollama < 0.12.3 - Unauthenticated API Endpoint Access
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations.
CVSS 9.8
CVE-2025-63390 WRITEUP MEDIUM
AnythingLLM 1.8.5 - Unauthenticated Workspace Information Disclosure via /api/workspaces Endpoint
An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote attackers to enumerate and retrieve detailed information about all configured workspaces. Exposed data includes: workspace identifiers (id, name, slug), AI model configurations (chatProvider, chatModel, agentProvider), system prompts (openAiPrompt), operational parameters (temperature, history length, similarity thresholds), vector search settings, chat modes, and timestamps.
CVSS 5.3
CVE-2025-63419 WRITEUP MEDIUM
CrushFTP < 11.3.7_60 - Cross-Site Scripting via File Share Email Body
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
CVSS 6.1
CVE-2025-63419 WRITEUP MEDIUM
CrushFTP < 11.3.7_60 - Cross-Site Scripting via File Share Email Body
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
CVSS 6.1
CVE-2025-63420 WRITEUP MEDIUM
CrushFTP 11.0.1-11.3.7_57 - Stored Cross-Site Scripting in Admin Panel Reports
CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.
CVSS 4.1
CVE-2025-63420 WRITEUP MEDIUM
CrushFTP 11.0.1-11.3.7_57 - Stored Cross-Site Scripting in Admin Panel Reports
CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.
CVSS 4.1
CVE-2025-63497 WRITEUP HIGH
Rickxy Hospital Management System <1.0 - SQL Injection
The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL queries without proper sanitization, allowing authenticated attackers (doctor role) to execute arbitrary SQL queries.
CVSS 7.1
CVE-2025-63498 WRITEUP MEDIUM
alinto SOGo 5.12.3 - Cross-Site Scripting via userName Parameter
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.
CVSS 6.1
CVE-2025-63551 WRITEUP HIGH
MetInfo < 8.1 - Server-Side Request Forgery via XML External Entity Injection
A Server-Side Request Forgery (SSRF) vulnerability, achievable through an XML External Entity (XXE) injection, exists in MetInfo Content Management System (CMS) thru 8.1. This flaw stems from a defect in the XML parsing logic, which allows an attacker to construct a malicious XML entity that forces the server to initiate an HTTP request to an arbitrary internal or external network address. Successful exploitation could lead to internal network reconnaissance, port scanning, or the retrieval of sensitive information. The vulnerability may be present in the backend API called by or associated with the path `/admin/#/webset/?head_tab_active=0`, where user-provided XML data is processed.
CVSS 7.5
CVE-2025-63617 WRITEUP MEDIUM
kutangguo ktg-mes < 2025-10-08 - Deserialization of Untrusted Data via fastjson
ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserialization vulnerability. This is because it uses a vulnerable version of fastjson and deserializes unsafe input data.
CVSS 6.5
CVE-2025-63662 WRITEUP HIGH
GT Edge AI Platform <v2.0.10-dev - Info Disclosure
Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.
CVSS 7.5
CVE-2025-63663 WRITEUP HIGH
GT Edge AI Platform <v2.0.10 - Info Disclosure
Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.
CVSS 7.5
CVE-2025-63664 WRITEUP HIGH
GT Edge AI Platform <2.0.10-dev - Info Disclosure
Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.
CVSS 7.5
CVE-2025-63665 WRITEUP CRITICAL
GT Edge AI Community Edition < 2.0.12 - Remote Code Execution via Prompt Window JSON Injection
An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window.
CVSS 9.8
CVE-2025-63689 WRITEUP CRITICAL
ycf1998 money-pos < 2025-09-14 - SQL Injection via orderby Parameter
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter
CVSS 10.0
CVE-2025-63708 WRITEUP MEDIUM
SourceCodester AI Font Matcher - XSS
Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly sanitized. An attacker can intercept fetch requests to the webfonts endpoint and inject malicious JavaScript payloads through font family names, resulting in session cookie theft, account hijacking, and unauthorized actions performed on behalf of authenticated users. The vulnerability can be exploited by injecting a fetch hook that returns controlled font data containing malicious scripts.
CVSS 6.1
CVE-2025-63721 WRITEUP HIGH
HummerRisk < 1.5.0 - Authenticated Remote Code Execution via Snakeyaml Deserialization
HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server.
CVSS 8.8
CVE-2025-63729 WRITEUP CRITICAL
Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 - Info Disclosure
An issue was discovered in Syrotech SY-GPON-1110-WDONT SYRO_3.7L_3.1.02-240517 allowing attackers to exctract the SSL Private Key, CA Certificate, SSL Certificate, and Client Certificates in .pem format in firmware in etc folder.
CVSS 9.0
CVE-2025-63744 WRITEUP MEDIUM
radare2 < 6.0.5 - NULL Pointer Dereference in bin_dyldcache load() Function
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and crash the program.
CVSS 4.3
CVE-2025-63745 WRITEUP MEDIUM
radare2 < 6.0.5 - Denial of Service via NULL Pointer Dereference in bin_ne.c info()
A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading to a denial of service when the tool processes malformed data.
CVSS 5.5
CVE-2025-63828 WRITEUP MEDIUM
Backdrop CMS 1.32.1 - Host Header Injection
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
CVSS 6.1
CVE-2025-63829 WRITEUP HIGH
eProsima Fast-DDS <v3.3 - Memory Corruption
eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.
CVSS 7.5
CVE-2025-63830 WRITEUP MEDIUM
CKFinder 1.4.3 - Stored Cross-Site Scripting via SVG File Upload
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
CVSS 6.1
CVE-2025-63888 WRITEUP CRITICAL
ThinkPHP 5.0.24 - Remote Code Execution via Template File Inclusion
The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability.
CVSS 9.8