Writeup Exploits
60,534 exploits tracked across all sources.
DOMPurify 3.1.3-3.2.6/2.5.3-2.5.8 - XSS
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. Attackers can include closing rawtext tags like </textarea> in attribute values to break out of rawtext contexts and execute JavaScript when sanitized output is placed inside rawtext elements. The 3.x branch was fixed in 3.2.7; the 2.x branch was never patched.
CVSS 6.1
DOMPurify 3.1.3-3.2.6/2.5.3-2.5.8 - XSS
DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFE_FOR_XML regex. Attackers can include closing rawtext tags like </textarea> in attribute values to break out of rawtext contexts and execute JavaScript when sanitized output is placed inside rawtext elements. The 3.x branch was fixed in 3.2.7; the 2.x branch was never patched.
CVSS 6.1
Dify < 1.11.2 - Stored Cross-Site Scripting via Mermaid Diagram Rendering
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2.
CVSS 5.4
OpenEMR < 8.0.0 - Unauthenticated Token Disclosure via MedEx Callback Endpoint
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to complete third-party service compromise, PHI exfiltration, unauthorized actions on the MedEx platform, and HIPAA violations. The vulnerability exists because the endpoint bypasses authentication ($ignoreAuth = true) and performs a MedEx login whenever $_POST['callback_key'] is provided, returning the full JSON response including sensitive API tokens. This vulnerability is fixed in 8.0.0.
CVSS 10.0
OpenEMR 5.0.2-7.9.9 - Info Disclosure
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.
CVSS 9.6
Online Men's Salon Management System 1.0 - SQL Injection
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment.
CVSS 2.7
Online Men's Salon Management System 1.0 - SQL Injection
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php.
CVSS 2.7
Online Men's Salon Management System 1.0 - SQL Injection
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service.
CVSS 2.7
Online Men's Salon Management System 1.0 - SQL Injection
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php.
CVSS 2.7
Sourcecodester Pharmacy POS 1.0 - SQL Injection
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php.
CVSS 2.7
Sourcecodester Pharmacy POS 1.0 - SQL Injection
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.
CVSS 2.7
Pharmacy Point of Sale System 1.0 - SQL Injection
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php.
CVSS 2.7
Pharmacy Point of Sale System 1.0 - SQL Injection
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php.
CVSS 2.7
Logistic Hub Parcel's Management System 1.0 - SQL Injection
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php.
CVSS 2.7
Sourcecodester Logistic Hub 1.0 - SQL Injection
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php.
CVSS 7.2
dr_libs <=0.14.4 - Memory Corruption
dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) contain a heap buffer overflow vulnerability in the drwav__read_smpl_to_metadata_obj() function of dr_wav.h that allows memory corruption via crafted WAV files. Attackers can exploit a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2 to overflow heap allocations with 36 bytes of attacker-controlled data through any drwav_init_*_with_metadata() call on untrusted input.
CVSS 7.3
PhialsBasement nmap-mcp-server - Command Injection
A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488. It is best practice to apply a patch to resolve this issue.
CVSS 6.3
Juniper Junos OS Evolved 25.4-25.4R1-S1-EVO, 25.4R2-EVO - Remote Code Execution via Anomaly Detection
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root.
The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device.
Please note that this service is enabled by default as no specific configuration is required.
This issue affects Junos OS Evolved on PTX Series:
* 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO.
This issue does not affect Junos OS Evolved versions before 25.4R1-EVO.
This issue does not affect Junos OS.
CVSS 9.8
ccurtsinger/stabilizer szc - Command Injection
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper input handling where command-line arguments are directly concatenated into shell commands without validation
CVSS 7.8
ccurtsinger/stabilizer szc - Command Injection
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper input handling where command-line arguments are directly concatenated into shell commands without validation
CVSS 7.8
ccurtsinger/stabilizer szc - Command Injection
A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The vulnerability arises from improper input handling where command-line arguments are directly concatenated into shell commands without validation
CVSS 7.8
Step-Video-T2V - Remote Code Execution via Pickle Deserialization in API Endpoints
An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component
CVSS 9.8
WiseCleaner Wise Force Deleter <=7.3.2 - Arbitrary File Deletion
An issue in the WiseDelfile64.sys component of WiseCleaner Wise Force Deleter 7.3.2 and earlier allows attackers to delete arbitrary files via a crafted request.
CVSS 7.1
renren-security <5.5.0 - SQL Injection
renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component
CVSS 9.8
renren-security <5.5.0 - SQL Injection
renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component
CVSS 9.8
By Source