Inthewild Exploits
514 exploits tracked across all sources.
Apache Commons Configuration <2.8 - RCE
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.
CVSS 9.8
HIWIN Robot System Software <3.3.21.9869 - DoS
HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition.
CVSS 7.5
DrayTek Vigor Routers - Buffer Overflow via wlogin.cgi Username/Password
An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.
CVSS 10.0
Apache Shiro < 1.9.1 - Authorization Bypass via RegexRequestMatcher Misconfiguration
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVSS 9.8
Sophos Firewall <19.0 MR1 - Code Injection
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
CVSS 9.8
Sophos Firewall <19.0 MR1 - Code Injection
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
CVSS 9.8
GLPI 9.3.0-9.5.7 - Unauthenticated SQL Injection via Login Page
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVSS 9.8
Mini-Tmall v1.0 - Privilege Escalation
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.
CVSS 8.8
Windows Network File System - Remote Code Execution
Windows Network File System Remote Code Execution Vulnerability
CVSS 9.8
Windows Network File System - Remote Code Execution
Windows Network File System Remote Code Execution Vulnerability
CVSS 9.8
Apache Tomcat 8.5.38-8.5.78 and 10.1.0-M1-10.1.0-M14 - Denial of Service via EncryptInterceptor
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
CVSS 7.5
Linux Kernel 4.14-<5.18 - Local Privilege Escalation via Reference Count Mismanagement in net/sched
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
CVSS 7.8
Django 2.2-2.2.27, 3.2-3.2.12, 4.0-4.0.3 - SQL Injection via QuerySet Column Alias Dictionary Expansion
An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
CVSS 9.8
Firefox < 99.0 and Firefox ESR < 91.8 - Use-After-Free via Localization Link
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
CVSS 6.5
Firefox < 99.0 and Firefox ESR < 91.8 - Use-After-Free via Localization Link
By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.
CVSS 6.5
Adobe Acrobat/Reader DC < 22.001.20085 & < 17.012.30205 - Out-of-bounds Read via Crafted File
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS 5.5
SoroushPlus+ Messenger <1.0.30 - Auth Bypass
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.
CVSS 9.1
wger-project/wger <2.2 - Info Disclosure
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.
CVSS 9.8
wger-project/wger <2.2 - Info Disclosure
Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.
CVSS 9.8
Openvswitch kernel module - Memory Corruption
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS 7.8
WatchGuard XTM Firebox Unauthenticated Remote Command Execution
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
CVSS 9.8
Atlassian Bitbucket Data Center <7.17.6 - Code Injection
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
CVSS 9.8
Kingsoft WPS Office < 11.2.0.10382 - Remote Code Execution via Registry Modification
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
CVSS 9.8
net-snmp < 5.9.2 - Authenticated Improper Input Validation via Malformed OID SET Requests
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVSS 6.5
net-snmp < 5.9.2 - Authenticated Improper Input Validation via Malformed OID SET Requests
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range.
CVSS 6.5
By Source