Exploit Database
146,462 exploits tracked across all sources.
PHP 8.1.0-8.1.33, 8.2.0-8.2.29, 8.3.0-8.3.28, 8.4.0-8.4.15, 8.5.0 - Out-of-bounds Read in getimagesize()
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
by gl1tch0x1
CVSS 7.5
PHP CGI Argument Injection Remote Code Execution
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
by gl1tch0x1
CVSS 9.8
Linux Kernel - KASLR Base Leak via EntryBleed TLB Prefetch Side-Channel
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
by ngtuonghung
CVSS 5.5
GitHub Enterprise Server RCE via Git Push Option Injection
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.
by lysophavin18
CVSS 8.8
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
by IvoAlbacete
CVSS 9.8
A command injection vulnerability was found in the PPTP VPN Clients on the ADM
A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied input before it is passed to a system shell. Successful exploitation allows an attacker to achieve Remote Code Execution (RCE) and fully compromise the system.
Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1.
by uky007
CVSS 9.1
School Management System - Unauthenticated Reflected Cross-Site Scripting via register.php type Parameter
A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.
CVSS 6.1
School Management System - Unauthenticated Reflected Cross-Site Scripting via register.php type Parameter
A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.
CVSS 6.1
HTMLy 3.1.1 - Stored Cross-Site Scripting via Content Creation Endpoint
Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code
CVSS 8.9
htmly 3.0.8 - Cross-Site Scripting via Author Name Parameter
htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads.
CVSS 6.1
HTMLy 3.1.1 - Stored Cross-Site Scripting via Content Creation Endpoint
Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code
CVSS 8.9
htmly 2.8.1 - Arbitrary File Deletion via Backup View Component
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.
CVSS 8.1
htmly 2.8.1 - Stored Cross-Site Scripting in Blog Title Field
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website name.
CVSS 6.1
htmly 2.8.1 - Stored Cross-Site Scripting in Regular Post Content Field
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through special content.
CVSS 6.1
htmly <2.8.1 - Privilege Escalation
In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host.
CVSS 9.1
htmly < 2.8.1 - Path Traversal and Arbitrary File Deletion via File Parameter
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.
CVSS 8.1
htmly 2.8.0 - Stored Cross-Site Scripting via Blog Title Tagline or Description
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
CVSS 5.4
htmly <2.7.5 - Privilege Escalation
An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.
CVSS 6.5
Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function
The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism,
allowing an attacker with network access to directly access and modify
its configuration and operational functions without needing credentials.
CVSS 9.4
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.
An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
CVSS 7.5
OpenClaw < 2026.3.31 - Compiler Binary Substitution via Environment Variable Override in Host Execution Policy
OpenClaw before 2026.3.31 contains an incomplete host-env-security-policy.json that fails to restrict compiler binary environment variables, allowing untrusted models to substitute CC, CXX, CARGO_BUILD_RUSTC, and CMAKE_C_COMPILER via environment overrides. Attackers with approved host-exec requests can override compiler binaries to execute arbitrary code during build processes.
CVSS 6.1
OpenClaw < 2026.3.31 - Resource Consumption via Discord Audio Preflight Before Member Authorization
OpenClaw before 2026.3.31 performs Discord audio preflight transcription before validating member authorization, allowing unauthenticated attackers to consume resources. Remote attackers can trigger audio preflight processing without member allowlist validation to cause resource exhaustion.
CVSS 5.3
OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints
OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper administrative privileges.
CVSS 6.5
OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation
OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly validate message senders. Attackers can fetch thread-root and reply context messages that should be filtered by sender allowlists, bypassing access controls.
CVSS 5.4
OpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin Installation
OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.
CVSS 4.6
By Source