Writeup Exploits

60,959 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-2672 WRITEUP MEDIUM
Tsinghua Unigroup EA 3.2.210802 - Path Traversal
A security flaw has been discovered in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is the function Download of the file /Search/Subject/downLoad. Performing a manipulation of the argument path results in path traversal. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2026-24126 WRITEUP MEDIUM
Weblate <5.16.0 - Command Injection
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh-add`. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management console.
CVSS 6.6
CVE-2026-24745 WRITEUP MEDIUM
InvoicePlane 1.7.0 - Authenticated Stored Cross-Site Scripting via SVG Logo Upload
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Login Logo functions of InvoicePlane version 1.7.0. In the Upload Login Logo, the application allows uploading svg files. Although administrator privileges are required to exploit it, this is still considered a critical vulnerability as it can cause actions such as unauthorized modification of application data, creation of persistent backdoors through stored malicious scripts, and full compromise of the application's integrity. Version 1.7.1 patches the issue.
CVSS 5.7
CVE-2026-25548 WRITEUP CRITICAL
InvoicePlane 1.7.0 - RCE via LFI & Log Poisoning
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists in InvoicePlane 1.7.0 through a chained Local File Inclusion (LFI) and Log Poisoning attack. An authenticated administrator can execute arbitrary system commands on the server by manipulating the `public_invoice_template` setting to include poisoned log files containing PHP code. Version 1.7.1 patches the issue.
CVSS 9.1
CVE-2026-25594 WRITEUP MEDIUM
InvoicePlane < 1.7.1 - Stored Cross-Site Scripting via Family Name Field
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Family Name field. The `family_name` value is rendered without HTML encoding inside the family dropdown on the product form. When an administrator creates a family with a malicious name, the payload executes in the browser of any administrator who visits the product form. Version 1.7.1 patches the issue.
CVSS 4.8
CVE-2026-25595 WRITEUP MEDIUM
InvoicePlane < 1.7.1 - Authenticated Stored Cross-Site Scripting via Invoice Number Field
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any administrator views the affected invoice or visits the dashboard. Version 1.7.1 patches the issue.
CVSS 4.8
CVE-2026-25596 WRITEUP MEDIUM
InvoicePlane < 1.7.1 - Authenticated Stored Cross-Site Scripting via Product Unit Name Field
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject malicious JavaScript that executes when any administrator views an invoice containing a product with the malicious unit. Version 1.7.1 patches the issue.
CVSS 4.8
CVE-2026-26270 WRITEUP MEDIUM
InvoicePlane - Authenticated Stored Cross-Site Scripting via Invoice Group Identifier Format Field
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane (latest version) that allows an authenticated user with permissions to manage Invoice Groups to inject malicious JavaScript into the "Identifier Format" field. This script executes when any user views the invoice list or the main dashboard. Version 1.7.1 patches the issue.
CVSS 5.4
CVE-2026-26281 WRITEUP MEDIUM
InvoicePlane - Authenticated Stored Cross-Site Scripting in Sumex Invoice View
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting (XSS) vulnerability in the Sumex invoice view allows an authenticated user with client and invoice management privileges to execute arbitrary JavaScript in the browser of any user viewing the invoice. This can lead to session hijacking, data theft, or other malicious actions on behalf of the victim user. Version 1.7.1 patches the issue.
CVSS 4.4
CVE-2026-2676 WRITEUP MEDIUM
GoogTech sms-ssm - Improper Authorization in LoginInterceptor API Interface
A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.
CVSS 6.3
CVE-2026-2682 WRITEUP MEDIUM
Tsinghua Unigroup EA System <3.2.210802 - SQL Injection
A vulnerability has been found in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). Impacted is an unknown function of the file /mine/PublicReport/prinReport.html?token=java. Such manipulation of the argument comid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2026-2683 WRITEUP MEDIUM
Tsinghua Unigroup EA 3.2.210802 - Path Traversal
A vulnerability was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The affected element is an unknown function of the file /Using/Subject/downLoad.html. Performing a manipulation of the argument path results in path traversal. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2026-2684 WRITEUP HIGH
Tsinghua Unigroup EA <=3.2.210802 - Unrestricted Upload
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2026-2686 WRITEUP CRITICAL
SECCN Dingcheng G10 3.1.0.181203 - Command Injection
A security vulnerability has been detected in SECCN Dingcheng G10 3.1.0.181203. This impacts the function qq of the file /cgi-bin/session_login.cgi. The manipulation of the argument User leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVSS 9.8
CVE-2009-5154 WRITEUP CRITICAL
MOBOTIX S14 Firmware - Use of Hard-coded Credentials
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.
CVSS 9.8
CVE-2012-6684 WRITEUP
RedCloth < 4.2.9 - Cross-Site Scripting via JavaScript URI
Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.
CVE-2014-0645 WRITEUP
EMC Cloud Tiering Appliance 9.x-10 SP1 and File Management Appliance 7.x - Weak Password Hash Storage
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.
CVE-2014-1263 WRITEUP
Apple macOS X < 10.9.2 - Certificate Hostname Validation Bypass via Numerical IP Address
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
CVE-2014-3926 WRITEUP MEDIUM
lg_project/lg < 1.8 - Cross-Site Scripting via addr Parameter
Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter.
CVSS 6.1
CVE-2014-4976 WRITEUP
Dell SonicWall Scrutinizer 11.0.1 - Privilege Escalation
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.
CVE-2014-4976 WRITEUP
Dell SonicWall Scrutinizer 11.0.1 - Privilege Escalation
Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi.
CVE-2014-7922 WRITEUP
Google Play Services SDK < 6.1 - OAuth Token Scope Bypass via _opt_ Parameter Injection
The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument.
CVE-2015-0921 WRITEUP
McAfee ePolicy Orchestrator < 4.6.9 and 5.x < 5.1.2 - Authenticated XML External Entity Injection via Server Task Log
XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the conditionXML parameter to the taskLogTable to orionUpdateTableFilter.do.
CVE-2015-1206 WRITEUP MEDIUM
Google Chrome <M40 - Buffer Overflow
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
CVSS 5.5
CVE-2015-1207 WRITEUP MEDIUM
Google Chrome - Double Free in FFMPEG libavformat/mov.c via Crafted .m4a File
Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.
CVSS 6.5
By Source
All 60,959 Writeup 60,959 Exploitdb 50,031 Nomisec 22,040 Metasploit 3,243 Github 3,066 Vulncheck_xdb 909 Inthewild 514 Gitlab 463 Gitee 415 Patchapalooza 312
By Language
text 31,353 python 6,278 ruby 5,933 c 3,604 perl 2,849 html 2,058 php 1,327 bash 460 java 364 c++ 253 javascript 222 shell 108 go 65 postscript 25 xml 24