Exploit Database

146,251 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-38831 GITLAB HIGH
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
by eliezr34
CVSS 7.8
CVE-2025-24054 NOMISEC MEDIUM
Windows 10 1507-22H2 and Windows 11 22H2 - Unauthenticated Spoofing via NTLM File Path Control
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
by simantchaudhari
CVSS 6.5
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by deckhouse
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by cyber-joker
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by jodonnel
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by ashok523
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by aestechno
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by johanburati
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by 3jee
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by Spoo1k
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by LeonardoNovais7
CVSS 7.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by bryanvine
CVSS 7.8
CVE-2026-41940 NOMISEC CRITICAL
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
by merdw
2 stars
CVSS 9.8
CVE-2026-31431 NOMISEC HIGH
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
by boliu83
CVSS 7.8
CVE-2026-41940 NOMISEC CRITICAL
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
by senyx122
CVSS 9.8
CVE-2026-41940 GITHUB CRITICAL python
cPanel and WHM Authentication Bypass via Login Flow
cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
by george1-adel
1 stars
CVSS 9.8
CVE-2025-56568 WRITEUP HIGH
Open5GS < 2.7.5 - Denial of Service via Malformed NGAP Message Length Field
Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol configuration data.
CVSS 7.5
CVE-2026-28532 WRITEUP MEDIUM
FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions
FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. Attackers with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads and crash all affected routers in the OSPF area or autonomous system.
CVSS 6.5
CVE-2026-32148 WRITEUP MEDIUM
Lockfile checksums not verified in Hex allows dependency integrity bypass
Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However, Hex.RemoteConverger.verify_resolved/2 never executes checksum verification because the lock data returned by Hex.Utils.lock/1 uses string-based dependency names, while the verification logic compares against atom-based names. This type mismatch causes the verification code path to be silently skipped. Checksums are still validated when packages are initially downloaded from the registry, but mismatches between the lockfile and resolved dependencies are not detected. An attacker who can influence cached packages (e.g., via local cache poisoning or a compromised registry) can provide modified dependency contents that will be accepted without detection. The mix.lock file is silently rewritten with the checksum values from the registry, erasing evidence of tampering. This issue affects hex: from 0.16.0 before 2.4.2.
CVSS 5.9
CVE-2026-36766 WRITEUP MEDIUM
shopizer < 2.16.0 - Authenticated Cross-Site Scripting via XssHttpServletRequestWrapper
Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream() or getReader() functions.
CVSS 5.4
CVE-2026-36766 WRITEUP MEDIUM
shopizer < 2.16.0 - Authenticated Cross-Site Scripting via XssHttpServletRequestWrapper
Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream() or getReader() functions.
CVSS 5.4
CVE-2026-41174 WRITEUP MEDIUM
Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same restriction to middleware references nested inside a Chain middleware's spec.chain.middlewares[]. An actor with permission to create or update Traefik CRDs in their own namespace can exploit this to cause Traefik to resolve and apply middleware objects from another namespace, bypassing the documented isolation boundary. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.
CVSS 6.4
CVE-2026-7501 WRITEUP LOW
LinkStackOrg LinkStack UserController.php editPage cross site scripting
A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through a pull request but has not reacted yet.
CVSS 3.5
CVE-2026-7502 WRITEUP MEDIUM
LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization
A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
CVSS 5.4
CVE-2026-7503 WRITEUP HIGH
code-projects for Plugin cstecgi.cgi setWiFiMultipleConfig buffer overflow
A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument wepkey2 results in buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
CVSS 8.8