Exploit Database
145,365 exploits tracked across all sources.
TOTOLINK CA300-PoE 6.2c.884 - OS Command Injection via QuickSetting hour/minute Parameter
A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
TOTOLINK A702R 4.0.0-B20230721.1521 - Buffer Overflow via IPv6 Setup HTTP POST Request
A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CodeAstro Patient Record Management System 1.0 - Cross-Site Request Forgery
A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CouchCMS 2.4 - Authenticated Path Traversal and Information Disclosure
** Disputed ** An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. NOTE: A community member states that this is not a CouchCMS vulnerability and that if /\<file> is accessible it is a web-server configuration issue.
CVSS 6.5
Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T - Auth Bypass
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to the administrative panel.
CVSS 8.2
Eclipse Cyclone DDS <v0.10.5 - Privilege Escalation
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
CVSS 10.0
OpenDDS < 3.33.0 - Denial of Service via RTPS Protocol Integer Overflow
An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.
CVSS 7.5
miniserve < 0.32.0 - Arbitrary File Overwrite via Symlink Race in Upload Finalization
A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume).
CVSS 6.8
docopt.cpp 0.6.2 - Integer Overflow in LeafPattern::match
A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy bypass in applications that rely on occurrence-based limits, rate-gating, or safety toggles. In hardened builds (e.g., UBSan or -ftrapv), the overflow may also result in process abort (DoS).
CVSS 4.4
orjson < 3.11.4 - Denial of Service via Deeply Nested JSON Documents
The orjson.dumps function in orjson thru 3.11.4 does not limit recursion for deeply nested JSON documents.
CVSS 7.5
gpsd < 3.27.1 - Denial of Service via Integer Underflow in NAVCOM Packet Parsing
An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.
CVSS 7.5
ComfyUI-Manager <3.38 - Info Disclosure
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
CVSS 7.5
AIRTH SMART HOME AQI MONITOR Bootloader 1.005 - Unauthenticated Sensitive Information Exposure via UART Port
An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access
CVSS 4.6
Monkeybread Software MBS DynaPDF Plugin <v21.3.1.1 - DoS
A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 7.5
Open TFTP Server MultiThreaded <1.7 - DoS
A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet.
CVSS 7.5
ZITADEL < 4.7.1 - Unauthenticated Server-Side Request Forgery via x-zitadel-forward-host Header
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI (V2) treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This allows an unauthenticated attacker to force the server to make HTTP requests to arbitrary domains, such as internal addresses, and read the responses, enabling data exfiltration and bypassing network-segmentation controls. This issue is fixed in version 4.7.1.
CVSS 9.3
Aircompressor <3.3 - Info Disclosure
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via crafted compressed input. With certain crafted compressed inputs, elements from the output buffer can end up in the uncompressed output, potentially leaking sensitive data. This is relevant for applications that reuse the same output buffer to uncompress multiple inputs. This can be the case of a web server that allocates a fix-sized buffer for performance purposes. There is similar vulnerability in GHSA-cmp6-m4wj-q63q. This issue is fixed in version 3.4.
CVSS 7.5
parse-server < 8.6.0-alpha.2 - Improper Privilege Management in GitHub CI Workflow
Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions which are defined in the workflow. Code from a fork or lifecycle scripts is potentially included. Only the repository's CI/CD infrastructure is affected, including any public GitHub forks with GitHub Actions enabled. This issue is fixed version 8.6.0-alpha.2 and commits 6b9f896 and e3d27fe.
CVSS 9.8
Frappe Learning Management System 2.0.0-2.41.9 - Stored XSS via Job Course and Batch Description
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.
CVSS 5.4
Composer 2.0.0-2.2.25 and 2.0.0-2.9.2 - Terminal Output Injection via ANSI Control Characters
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit and this has thus a low severity but we still publish a CVE as it has potential for abuse, and we want to be on the safe side informing users that they should upgrade. Versions 2.2.26 and 2.9.3 contain a patch for the issue.
CVSS 4.3
Sequoia < 2.1.0 - Denial of Service via AES Key Unwrap Panic
In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
CVSS 5.3
MISP < 2.5.28 - Cross-Site Scripting in Workflow Execution Path
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.
CVSS 5.4
MISP < 2.5.28 - Cross-Site Scripting in Workflow Execution Path
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.
CVSS 5.4
yzcheng90 X-SpringBoot <5.0 - Path Traversal
A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
UTT HiPER 840G < 3.1.1-190328 - Buffer Overflow via setSysAdm API passwd1 Parameter
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
By Source