Writeup Exploits
60,534 exploits tracked across all sources.
Tenda AC15V1.0 V15.03.05.18 - Buffer Overflow
A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
CVSS 9.8
OpenViking <=0.2.1 - Path Traversal
OpenViking versions 0.2.1 and prior, fixed in commit 46b3e76, contain a path traversal vulnerability in the .ovpack import handling that allows attackers to write files outside the intended import directory. Attackers can craft malicious ZIP archives with traversal sequences, absolute paths, or drive prefixes in member names to overwrite or create arbitrary files with the importing process privileges.
CVSS 7.8
Canonical LXD 6.6 - Authenticated Certificate Enumeration via GET /1.0/certificates Endpoint
Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.
CVSS 4.3
Tuya App and SDK 24.07.11 - Denial of Service via JSON Data Point Handler
A vulnerability was determined in Tuya App and SDK 24.07.11 on Android. Affected by this vulnerability is an unknown functionality of the component JSON Data Point Handler. This manipulation of the argument cruise_time causes denial of service. Remote exploitation of the attack is possible. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been publicly disclosed and may be utilized. There is ongoing doubt regarding the real existence of this vulnerability. The vendor disagrees with the conclusion of the finding: "The described vulnerability fails to prove its feasibility or exploitability by attackers. The issue essentially does not constitute a security vulnerability, aligning more closely with abnormal product functionality." These considerations are properly reflected within the CVSS vector.
CVSS 3.1
xlnt-community xlnt <=1.6.1 - Buffer Overflow
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.
CVSS 3.3
xlnt-community xlnt <=1.6.1 - Buffer Overflow
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.
CVSS 3.3
xlnt-community xlnt <=1.6.1 - Buffer Overflow
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.
CVSS 3.3
xlnt-community xlnt <=1.6.1 - Buffer Overflow
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.
CVSS 3.3
xlnt-community xlnt <=1.6.1 - Buffer Overflow
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.
CVSS 3.3
Dataease SQLBot <1.5.1 - Auth Bypass
A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is said to be difficult. The exploit has been made public and could be used. A comment in the source code warns users about using this feature. The vendor was contacted early about this disclosure.
CVSS 3.7
@tootallnate/once < 3.0.1 - Incorrect Control Flow Scoping via AbortSignal Option
Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.
CVSS 3.3
mailparser < 3.9.3 - Cross-Site Scripting via textToHtml URL Sanitization Bypass
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded malicious JavaScript code.
CVSS 6.1
mailparser < 3.9.3 - Cross-Site Scripting via textToHtml URL Sanitization Bypass
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded malicious JavaScript code.
CVSS 6.1
Tenda AC6V2.0 V15.03.06.23 - Buffer Overflow
An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability.
CVSS 7.5
AFFiNE < 0.25.4 - Remote Code Execution via Crafted affine: URL Handler
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in two common scenarios: 1/ A victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or 2/ A victim clicks on a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes AFFiNE custom URL handler, which launches the AFFiNE app and processes the crafted URL. This results in arbitrary code execution on the victim’s machine, without further interaction. This issue has been patched in version 0.25.4.
CVSS 8.8
theshit <0.2.0 - Privilege Escalation
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.
CVSS 8.4
ModelScope ms-agent <v1.6.0rc1 - Command Injection
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
CVSS 6.5
ModelScope ms-agent <v1.6.0rc1 - Command Injection
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
CVSS 6.5
Freetype 2.13.2-2.13.3 - Memory Corruption
An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.
CVSS 5.3
Tenda AC15V1.0 V15.03.05.18 - Command Injection
An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.
CVSS 9.8
exiv2 < 0.28.8 - Out-of-bounds Read in CRW Image Parser
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability is in the CRW image parser. This issue has been patched in version 0.28.8.
CVSS 8.1
sourcecodester PPES 1.0 - SQL Injection
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.
CVSS 9.8
Pharmacy Point of Sale System 1.0 - SQL Injection
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php.
CVSS 9.8
Pharmacy Point of Sale System 1.0 - SQL Injection
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php.
CVSS 9.8
Pharmacy Point of Sale System 1.0 - SQL Injection
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php.
CVSS 9.8
By Source