Writeup Exploits
60,933 exploits tracked across all sources.
dedecms < 5.7.87 - Remote Code Execution via GetSystemFile Function
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability.
CVSS 6.3
GitLab 10.0-12.9.7, 12.10-12.10.6, 13.0 - Authenticated CI/CD Variable Exposure via Project Import
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables.
CVSS 6.4
GitLab <15.9.8-15.10.7-15.11.3 - Info Disclosure
An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.
CVSS 6.3
DedeCMS 5.7.106 - Unrestricted File Upload via UpDateMemberModCache Function
A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability.
CVSS 6.3
Dromara J2eeFAST < 2.6.0 - Cross-Site Scripting via System Message Handler
A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867.
CVSS 3.5
Dromara J2eeFAST <= 2.6.0 - Cross-Site Scripting in Announcement Handler
A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868.
CVSS 3.5
RuoYi < 4.7.6 - Arbitrary File Download via Background Management Module
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
CVSS 7.5
APNG_Optimizer 1.4 - Buffer Overflow via Ubuntu PNG Processing
APNG_Optimizer v1.4 was discovered to contain a buffer overflow via the component /apngopt/ubuntu.png.
CVSS 7.5
libvirt - Use-After-Free in SR-IOV PCI Device Capability Query
A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.
CVSS 5.5
Bus Dispatch and Information System 1.0 - SQL Injection via adminid Parameter
A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
CVSS 6.3
Simple Photo Gallery 1.0 - Unrestricted Upload of File with Dangerous Type
A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability.
CVSS 6.3
Wireshark 3.6.0-3.6.13 and 4.0.0-4.0.5 - Denial of Service via BLF File Parser
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVSS 5.3
Wireshark 3.6.0-3.6.13 and 4.0.0-4.0.5 - Denial of Service via Candump Log Parser
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVSS 5.3
Wireshark 3.6.0-3.6.13 and 4.0.0-4.0.5 - Denial of Service via VMS TCPIPtrace File Parser
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVSS 5.3
Wireshark 3.6.0-3.6.13 and 4.0.0-4.0.5 - Denial of Service via BLF File Parser
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVSS 5.3
Wireshark 3.6.0-3.6.13 and 4.0.0-4.0.5 - Denial of Service via NetScaler File Parser
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
CVSS 5.3
Wireshark 3.6.0-3.6.13 and 4.0.0-4.0.5 - Denial of Service via GDSDB Packet Parsing Infinite Loop
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
CVSS 6.3
ASUS RT-AC51U Firmware <= 3.0.0.4.380.8591 - Cross-Site Scripting in System Log Page
A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request.
CVSS 5.2
libtiff < 4.5.0 - Denial of Service via Crafted TIFF Image in tiffcp
A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
CVSS 5.5
Wireshark 3.6.0-3.6.13 and 4.0.0-4.0.5 - Denial of Service via XRA Dissector Infinite Loop
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
CVSS 5.3
MindSpore 2.0.0-alpha/2.0.0-rc1 - Memory Corruption in JsonHelper::UpdateArray
A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.
CVSS 3.5
ASUS RT-AC51U <3.0.0.4.380.8591 - DoS
An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request.
CVSS 5.5
SEMCMS v1.5 - SQL Injection via id Parameter at Ant_Suxin.php
SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.
CVSS 9.8
QEMU 8.0.0-8.0.4 - NULL Pointer Dereference in NVMe Directive Receive
QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.
CVSS 5.5
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 - Path Traversal via Attachment/DownloadTempFile
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.
CVSS 7.5
By Source