Writeup Exploits
60,509 exploits tracked across all sources.
zyddnys manga-image-translator <=beta-0.3 - SSRF
A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 6.3
zyddnys manga-image-translator <=beta-0.3 - SSRF
A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 6.3
zyddnys manga-image-translator <=beta-0.3 - SSRF
A vulnerability was determined in zyddnys manga-image-translator up to beta-0.3. The affected element is the function to_pil_image of the file manga-image-translator-main/server/request_extraction.py of the component Translate Endpoints. This manipulation causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 6.3
ClasroomIO <0.2.6 - Privilege Escalation
An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile
CVSS 8.1
Sunbird-Ed SunbirdEd-portal 1.13.4 - SSRF
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
CVSS 7.5
Sunbird-Ed SunbirdEd-portal 1.13.4 - SSRF
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
CVSS 7.5
Easy Grade Pro 4.1.0.2 - Denial of Service via Crafted .EGP File Parsing
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.
CVSS 3.3
OpenClaw Agent Platform 2026.2.6 - RCE
A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.
CVSS 9.8
OpenClaw Agent Platform 2026.2.6 - RCE
A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.
CVSS 9.8
OpenClaw <2026.2.23 - Command Injection
OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag checks via abbreviated options. Remote attackers can execute sort commands with abbreviated long options to skip approval requirements in allowlist mode.
CVSS 8.8
OpenClaw <2026.2.14 - Path Traversal
OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch is enabled without filesystem sandbox containment, attackers can exploit crafted paths including directory traversal sequences or absolute paths to escape workspace boundaries and modify arbitrary files.
CVSS 8.8
OpenClaw <2026.2.17 - Path Traversal
OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attackers with config modification capabilities can exploit this by specifying absolute paths, traversal sequences, or symlinks to access sensitive files readable by the OpenClaw process user, including API keys and credentials.
CVSS 4.4
OpenClaw 2026.2.21-2-2026.2.22 & @openclaw/voice-call 2026.2.21-2026.2.22 - DoS via Media-Stream WebSocket
OpenClaw versions 2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated clients to establish connections. Remote attackers can hold idle pre-authenticated sockets open to consume connection resources and degrade service availability for legitimate streams.
CVSS 7.5
OpenClaw <2026.2.21 - Command Injection
OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and inject arbitrary systemd directives. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of the OpenClaw gateway service user.
CVSS 7.1
PHPEMS 11.0 - Cross-Site Scripting via askcontent Parameter
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 3.5
WP ULike Plugin <5.0.1 - Stored XSS
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[wp_ulike_likers_box]` shortcode `template` attribute in all versions up to, and including, 5.0.1. This is due to the use of `html_entity_decode()` on shortcode attributes without subsequent output sanitization, which effectively bypasses WordPress's `wp_kses_post()` content filtering. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The post must have at least one like for the XSS to render.
CVSS 6.4
spin.js < 3.0.0 - Cross-Site Scripting via Prototype Pollution in spin() Function
Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a prototype pollution first, before being able to execute arbitrary JavaScript in the context of the user's browser.
CVSS 6.1
MC4WP: Mailchimp for WordPress <=4.11.1 - Auth Bypass
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the `_mc4wp_action` POST parameter without validation, allowing unauthenticated attackers to force the form to process unsubscribe actions instead of subscribe actions. This makes it possible for unauthenticated attackers to arbitrarily unsubscribe any email address from the connected Mailchimp audience via the `_mc4wp_action` parameter, granted they can obtain the form ID (which is publicly exposed in the HTML source).
CVSS 6.5
MiCode FileExplorer - Unauthenticated Authentication Bypass in SwiFTP FTP Server
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary username and password combinations to the PASS command handler, which unconditionally grants access and allows listing, reading, writing, and deleting files exposed by the FTP server. The MiCode/Explorer open source project has reached end-of-life status.
CVSS 9.8
LimeSurvey <6.15.4+250710 - SQL Injection
SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database.
CVSS 7.5
LimeSurvey <6.15.0+250623 - Deserialization
A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.
CVSS 9.8
Deutsche Telekom AG Portal - Auth Bypass
Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31.
CVSS 9.4
Deutsche Telekom AG Portal - Auth Bypass
Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-24, fixed 2025-11-03.
CVSS 9.1
generatedata 4.0.14 - Cross-Site Scripting
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14.
CVSS 6.1
generatedata 4.0.14 - Cross-Site Scripting
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14.
CVSS 6.1
By Source