Writeup Exploits
60,946 exploits tracked across all sources.
eBay API MCP Server - Code Injection
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file. An attacker can inject arbitrary environment variables into the .env file. This could lead to configuration overwrites, Denial of Service, and potential RCE. There was no fix for this issue at the time of publication.
CVSS 8.3
rhymix < 2.1.24 - Server-Side Request Forgery via XML External Entity Injection
Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities.
CVSS 4.1
detronetdip E-commerce 1.0.0 - Auth Bypass
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 5.4
detronetdip E-commerce 1.0.0 - Auth Bypass
A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the argument ID results in authorization bypass. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 5.4
detronetdip E-commerce 1.0.0 - Cross-Site Scripting via get_safe_value Function
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 3.5
detronetdip E-commerce 1.0.0 - Cross-Site Scripting via get_safe_value Function
A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS 3.5
Device Web Interface - Info Disclosure
The embedded web interface of the device does not support HTTPS/TLS for
authentication and uses HTTP Basic Authentication. Traffic is encoded
but not encrypted, exposing user credentials to passive interception by
attackers on the same network.
CVSS 7.5
Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller - Unauthenticated Remote PLC Manipulation
The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication.
CVSS 8.2
openITCOCKPIT <=5.3.1 - Deserialization
openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. openITCOCKPIT Community Edition 5.3.1 and earlier contains an unsafe PHP deserialization pattern in the processing of changelog entries. Serialized changelog data derived from attacker-influenced application state is unserialized without restricting allowed classes. Although no current application endpoint was found to introduce PHP objects into this data path, the presence of an unrestricted unserialize() call constitutes a latent PHP object injection vulnerability. If future code changes, plugins, or refactors introduce object values into this path, the vulnerability could become immediately exploitable with severe impact, including potential remote code execution.
CVSS 7.5
USR-W610 < 3.1.1.0 - Unauthenticated Administrative Access via Blank Credentials
The web management interface of the device allows the administrator
username and password to be set to blank values. Once applied, the
device permits authentication with empty credentials over the web
management interface and Telnet service. This effectively disables
authentication across all critical management channels, allowing any
network-adjacent attacker to gain full administrative control without
credentials.
CVSS 9.8
fast-xml-parser 4.1.3-5.3.4 - Cross-Site Scripting via DOCTYPE Entity Name Regex Bypass
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot (.) in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow built-in XML entities (<, >, &, ", ') with arbitrary values. This bypasses entity encoding and leads to XSS when parsed output is rendered. This vulnerability is fixed in 5.3.5.
CVSS 9.3
USR-W610 < 3.1.1.0 - Unauthenticated Denial of Service via Forged Management Frames
The Wi-Fi router is vulnerable to de-authentication attacks due to the
absence of management frame protection, allowing forged deauthentication
and disassociation frames to be broadcast without authentication or
encryption. An attacker can use this to cause unauthorized disruptions
and create a denial-of-service condition.
CVSS 7.5
Device Web Interface - Info Disclosure
The web management interface of the device renders the passwords in a
plaintext input field. The current password is directly visible to
anyone with access to the UI, potentially exposing administrator
credentials to unauthorized observation via shoulder surfing,
screenshots, or browser form caching.
CVSS 5.7
Key Systems GFMS 20230721a - Info Disclosure
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to obtain sensitive information via the sid query parameter.
CVSS 7.1
Key Systems GFMS 20230721a - Privilege Escalation
An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality.
CVSS 9.4
Key Systems Inc Global Facilities Management Software 20230721a - Cross-Site Scripting via Function Parameter
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter.
CVSS 8.2
Key Systems Inc Global Facilities Management Software 20230721a - Cross-Site Scripting via selectgroup and gn Parameters
Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the selectgroup and gn parameters on the /?Function=Groups endpoint.
CVSS 7.6
Print Shop Pro WebDesk 18.34 - Privilege Escalation
An issue in edu Business Solutions Print Shop Pro WebDesk v.18.34 (fixed in 19.76) allows a remote attacker to escalate privileges via the AccessID parameter.
CVSS 9.8
OpenSourcePOS 3.4.1 - SQL Injection
OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or parameter binding. This allows an attacker with access to modify the currency_symbol value to inject arbitrary SQL expressions, which are executed when the affected query is subsequently processed.
CVSS 5.3
OpenSourcePOS 3.4.1 - Local File Inclusion and Remote Code Execution via Invoice Type Manipulation
OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code Execution (RCE).
CVSS 8.8
OpenSourcePOS 3.4.1 - Local File Inclusion and Remote Code Execution via Invoice Type Manipulation
OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code Execution (RCE).
CVSS 8.8
OpenSourcePOS 3.4.1 - SQL Injection
OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or parameter binding. This allows an attacker with access to modify the currency_symbol value to inject arbitrary SQL expressions, which are executed when the affected query is subsequently processed.
CVSS 5.3
OpenSourcePOS 3.4.1 - Cross-Site Scripting in Item Management and Sales Invoice Function
A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVSS 6.5
OpenSourcePOS 3.4.1 - Stored Cross-Site Scripting via Item Category Parameter
A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.
CVSS 6.5
OpenSourcePOS 3.4.1 - Remote Code Execution via Crafted AJAX Response
An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.
CVSS 7.4
By Source