Exploit Database

145,709 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-6807 WRITEUP MEDIUM
NSA GRASSMARLIN Improper Restriction of XML External Entity Reference
A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from insufficient hardening of the XML parsing process.
CVSS 5.5
CVE-2026-37555 WRITEUP HIGH
libsndfile 1.2.2 - Memory Corruption
An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235) and close path (line 167) were not. When samplesperblock (int) * blocks (int) exceeds INT_MAX, the 32-bit multiplication overflows before being assigned to sf.frames (sf_count_t/int64). With samplesperblock=50000 and blocks=50000, the product 2500000000 overflows to -1794967296. This causes incorrect frame count leading to heap buffer overflow or denial of service. Both values come from the WAV file header and are attacker-controlled. This issue was discovered after an incomplete fix for CVE-2022-33065.
CVSS 7.5
CVE-2026-41940 WRITEUP CRITICAL
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVSS 9.8
CVE-2026-7393 WRITEUP MEDIUM
SourceCodester Pizzafy Ecommerce System File Extension admin_class_novo.php save_menu unrestricted upload
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performing a manipulation of the argument img results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVSS 4.7
CVE-2026-7394 WRITEUP MEDIUM
SourceCodester Pizzafy Ecommerce System GET Parameter view_order.php sql injection
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS 4.7
CVE-2026-7401 WRITEUP MEDIUM
SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting
A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument student_id/full_name/section/username results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.
CVSS 4.3
CVE-2025-13030 WRITEUP HIGH
django-mdeditor < 0.1.20 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload Endpoint
All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file names.
CVSS 7.1
CVE-2026-42996 WRITEUP CRITICAL
JS8Call < 2.3.1 and JS8Call-improved < 3.0 - Stack-based Buffer Overflow via Long Maidenhead Locator in APRSISClient.cpp
JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp.
CVE-2026-37535 WRITEUP HIGH
openxc/isotp-c Out-of-bounds Read in ISO-TP Single Frame Receive Handler
openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac (2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious CAN frame with an oversized length nibble can cause memory reads beyond the buffer, allowing attackers to cause a denial of service, or gain sensitive information.
CVSS 7.1
CVE-2026-37552 WRITEUP HIGH
MixPHP Framework 2.x-2.2.17 - Deserialization
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(), then executes the result via call_user_func(). No authentication or signature verification exists on the TCP connection. An attacker with access to the localhost TCP port (server binds 127.0.0.1) can send a crafted serialized PHP closure to achieve arbitrary code execution.
CVSS 8.4
CVE-2026-42471 WRITEUP HIGH
MixPHP Framework 2.x-2.2.17 - Deserialization
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-side RCE if connecting to a malicious server.
CVSS 8.1
CVE-2026-42472 WRITEUP CRITICAL
MixPHP Framework 2.x-2.2.17 - Deserialization
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.
CVSS 9.8
CVE-2026-42473 WRITEUP CRITICAL
MixPHP Framework 2.x-2.2.17 - Deserialization
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.
CVSS 9.8
CVE-2026-42474 WRITEUP MEDIUM
MixPHP Framework 2.x-2.2.17 - SQL Injection
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php.
CVSS 6.5
CVE-2026-42475 WRITEUP MEDIUM
MixPHP Framework 2.x-2.2.17 - SQL Injection
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php.
CVSS 6.5
CVE-2026-7580 WRITEUP MEDIUM
Exiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injection
A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 is recommended to address this issue. The patch is identified as 5a8b6b6ead12b39e3f32f978a4efd0233facbb01. It is suggested to upgrade the affected component. The fix in the source code mentions: "[J]ust to be safe, probably never happen".
CVSS 5.3
CVE-2026-7632 WRITEUP HIGH
code-projects Online Hospital Management System viewappointment.php sql injection
A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3
CVE-2026-40561 WRITEUP MEDIUM
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
CVSS 5.3
CVE-2026-7674 WRITEUP HIGH
Shenzhen Libituo Technology LBT-T300-HW1 Web Management start_single_service buffer overflow
A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 8.8
CVE-2026-31431 GITHUB HIGH python
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by danimrtzp
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by jbnetwork-git
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by astounds
CVSS 7.8
CVE-2026-31431 GITHUB HIGH python
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by pedromizz
CVSS 7.8
CVE-2026-31431 GITHUB HIGH python
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by AvPrince26
1 stars
CVSS 7.8
CVE-2026-41940 GITHUB CRITICAL go
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
by Ishanoshada
1 stars
CVSS 9.8