Exploit Database

145,365 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-6621 WRITEUP MEDIUM
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via QuickSetting hour/minute Parameter
A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-6627 WRITEUP HIGH
TOTOLINK A702R 4.0.0-B20230721.1521 - Buffer Overflow via IPv6 Setup HTTP POST Request
A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-6664 WRITEUP MEDIUM
CodeAstro Patient Record Management System 1.0 - Cross-Site Request Forgery
A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CVE-2025-67004 WRITEUP MEDIUM
CouchCMS 2.4 - Authenticated Path Traversal and Information Disclosure
** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is not a CouchCMS vulnerability and that if /\<file> is accessible it is a web-server configuration issue.
CVSS 6.5
CVE-2025-67070 WRITEUP HIGH
Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T - Auth Bypass
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to the administrative panel.
CVSS 8.2
CVE-2025-67109 WRITEUP CRITICAL
Eclipse Cyclone DDS <v0.10.5 - Privilege Escalation
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
CVSS 10.0
CVE-2025-67111 WRITEUP HIGH
OpenDDS < 3.33.0 - Denial of Service via RTPS Protocol Integer Overflow
An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.
CVSS 7.5
CVE-2025-67124 WRITEUP MEDIUM
miniserve < 0.32.0 - Arbitrary File Overwrite via Symlink Race in Upload Finalization
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume).
CVSS 6.8
CVE-2025-67125 WRITEUP MEDIUM
docopt.cpp 0.6.2 - Integer Overflow in LeafPattern::match
A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy bypass in applications that rely on occurrence-based limits, rate-gating, or safety toggles. In hardened builds (e.g., UBSan or -ftrapv), the overflow may also result in process abort (DoS).
CVSS 4.4
CVE-2025-67221 WRITEUP HIGH
orjson < 3.11.4 - Denial of Service via Deeply Nested JSON Documents
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
CVSS 7.5
CVE-2025-67269 WRITEUP HIGH
gpsd < 3.27.1 - Denial of Service via Integer Underflow in NAVCOM Packet Parsing
An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.
CVSS 7.5
CVE-2025-67303 WRITEUP HIGH
ComfyUI-Manager <3.38 - Info Disclosure
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
CVSS 7.5
CVE-2025-67399 WRITEUP MEDIUM
AIRTH SMART HOME AQI MONITOR Bootloader 1.005 - Unauthenticated Sensitive Information Exposure via UART Port
An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access
CVSS 4.6
CVE-2025-67432 WRITEUP HIGH
Monkeybread Software MBS DynaPDF Plugin <v21.3.1.1 - DoS
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 7.5
CVE-2025-67433 WRITEUP HIGH
Open TFTP Server MultiThreaded <1.7 - DoS
A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet.
CVSS 7.5
CVE-2025-67494 WRITEUP CRITICAL
ZITADEL < 4.7.1 - Unauthenticated Server-Side Request Forgery via x-zitadel-forward-host Header
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.
CVSS 9.3
CVE-2025-67721 WRITEUP HIGH
Aircompressor <3.3 - Info Disclosure
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via crafted compressed input. With certain crafted compressed inputs, elements from the output buffer can end up in the uncompressed output, potentially leaking sensitive data. This is relevant for applications that reuse the same output buffer to uncompress multiple inputs. This can be the case of a web server that allocates a fix-sized buffer for performance purposes. There is similar vulnerability in GHSA-cmp6-m4wj-q63q. This issue is fixed in version 3.4.
CVSS 7.5
CVE-2025-67727 WRITEUP CRITICAL
parse-server < 8.6.0-alpha.2 - Improper Privilege Management in GitHub CI Workflow
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions which are defined in the workflow. Code from a fork or lifecycle scripts is potentially included. Only the repository's CI/CD infrastructure is affected, including any public GitHub forks with GitHub Actions enabled. This issue is fixed version 8.6.0-alpha.2 and commits 6b9f896 and e3d27fe.
CVSS 9.8
CVE-2025-67730 WRITEUP MEDIUM
Frappe Learning Management System 2.0.0-2.41.9 - Stored XSS via Job Course and Batch Description
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.
CVSS 5.4
CVE-2025-67746 WRITEUP MEDIUM
Composer 2.0.0-2.2.25 and 2.0.0-2.9.2 - Terminal Output Injection via ANSI Control Characters
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit and this has thus a low severity but we still publish a CVE as it has potential for abuse, and we want to be on the safe side informing users that they should upgrade. Versions 2.2.26 and 2.9.3 contain a patch for the issue.
CVSS 4.3
CVE-2025-67897 WRITEUP MEDIUM
Sequoia < 2.1.0 - Denial of Service via AES Key Unwrap Panic
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
CVSS 5.3
CVE-2025-67906 WRITEUP MEDIUM
MISP < 2.5.28 - Cross-Site Scripting in Workflow Execution Path
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.
CVSS 5.4
CVE-2025-67906 WRITEUP MEDIUM
MISP < 2.5.28 - Cross-Site Scripting in Workflow Execution Path
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.
CVSS 5.4
CVE-2025-6731 WRITEUP MEDIUM
yzcheng90 X-SpringBoot <5.0 - Path Traversal
A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-6732 WRITEUP HIGH
UTT HiPER 840G < 3.1.1-190328 - Buffer Overflow via setSysAdm API passwd1 Parameter
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8