Exploit Database

146,462 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-32857 WRITEUP MEDIUM
agentejo/cockpit < 0.12.2 - Cross-Site Scripting in htmleditor.js
Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in `htmleditor.js` may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
CVSS 6.1
CVE-2026-34965 WRITEUP HIGH
Cockpit CMS Authenticated Remote Code Execution via Collections
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.
CVSS 8.8
CVE-2026-34965 WRITEUP HIGH
Cockpit CMS Authenticated Remote Code Execution via Collections
Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server.
CVSS 8.8
CVE-2020-35848 WRITEUP CRITICAL
Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller New Password Function
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
CVSS 9.8
CVE-2020-35848 WRITEUP CRITICAL
Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller New Password Function
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
CVSS 9.8
CVE-2020-35848 WRITEUP CRITICAL
Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller New Password Function
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.
CVSS 9.8
CVE-2020-35847 WRITEUP CRITICAL
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
CVE-2020-35847 WRITEUP CRITICAL
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
CVE-2020-35847 WRITEUP CRITICAL
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
CVE-2020-35846 WRITEUP CRITICAL
Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller Check Function
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
CVSS 9.8
CVE-2020-35846 WRITEUP CRITICAL
Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller Check Function
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
CVSS 9.8
CVE-2020-35846 WRITEUP CRITICAL
Agentejo Cockpit < 0.11.2 - NoSQL Injection via Auth Controller Check Function
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
CVSS 9.8
CVE-2020-35131 WRITEUP CRITICAL
Cockpit < 0.6.1 - Remote Code Execution via registerCriteriaFunction
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
CVSS 9.8
CVE-2020-35131 WRITEUP CRITICAL
Cockpit < 0.6.1 - Remote Code Execution via registerCriteriaFunction
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
CVSS 9.8
CVE-2020-14408 WRITEUP MEDIUM
Agentejo Cockpit 0.10.2 - Reflected Cross-Site Scripting via /auth/login to Parameter
An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
CVSS 6.1
CVE-2026-7397 WRITEUP MEDIUM
NousResearch hermes-agent file_tools.py _check_sensitive_path symlink
A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function _check_sensitive_path of the file tools/file_tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.9.0 is able to mitigate this issue. The patch is identified as 311dac197145e19e07df68feba2cd55d896a3cd1. Upgrading the affected component is recommended.
CVSS 4.4
CVE-2026-7400 WRITEUP HIGH
geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.1.0 is capable of addressing this issue. The name of the patch is 45364545fc60dc80aadcd4379f08042d3d3d292e. Upgrading the affected component is advised.
CVSS 7.3
CVE-2026-7407 WRITEUP MEDIUM
SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_settings of the component Setting Handler. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS 4.7
CVE-2026-7408 WRITEUP MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
CVSS 4.7
CVE-2026-7409 WRITEUP MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php save_user sql injection
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
CVSS 4.7
CVE-2026-7410 WRITEUP MEDIUM
SourceCodester Pizzafy Ecommerce System ajax.php add_to_cart sql injection
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2026-7418 WRITEUP HIGH
UTT HiPER 1250GW NTP strcpy buffer overflow
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 8.8
CVE-2026-7419 WRITEUP HIGH
UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVSS 8.8
CVE-2026-7420 WRITEUP HIGH
UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVSS 8.8
CVE-2026-7439 WRITEUP MEDIUM
AgentFlow Local Web API Content-Type Validation Bypass
AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation weakness through browser-driven or local cross-origin requests to abuse the localhost API and enable attack chains against the local control plane.
CVSS 4.4