Exploit Database

146,657 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-7078 WRITEUP HIGH
Tenda F456 httpd SetIpBind fromSetIpBind buffer overflow
A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
CVSS 8.8
CVE-2026-7079 WRITEUP HIGH
Tenda F456 httpd AdvSetWan fromAdvSetWan buffer overflow
A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 8.8
CVE-2026-7080 WRITEUP HIGH
Tenda F456 httpd PPTPUserSetting fromPPTPUserSetting buffer overflow
A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVSS 8.8
CVE-2026-7081 WRITEUP HIGH
Tenda F456 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow
A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVSS 8.8
CVE-2026-7082 WRITEUP HIGH
Tenda F456 httpd WrlExtraSet formWrlExtraSet buffer overflow
A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.
CVSS 8.8
CVE-2026-7089 WRITEUP MEDIUM
code-projects Home Service System Appointment Booking booking.php cross site scripting
A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS 4.3
CVE-2026-7090 WRITEUP LOW
code-projects Chat System send_message.php cross site scripting
A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
CVSS 2.4
CVE-2022-23636 NOMISEC MEDIUM
Wasmtime <0.34.1-0.33.1 - Memory Corruption
Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an `externref` global will result in an invalid drop of a `VMExternRef` via an uninitialized pointer. A number of conditions listed in the GitHub Security Advisory must be true in order for an instance to be vulnerable to this issue. Maintainers believe that the effective impact of this bug is relatively small because the usage of `externref` is still uncommon and without a resource limiter configured on the `Store`, which is not the default configuration, it is only possible to trigger the bug from an error returned by `mprotect` or `VirtualAlloc`. Note that on Linux with the `uffd` feature enabled, it is only possible to trigger the bug from a resource limiter as the call to `mprotect` is skipped. The bug has been fixed in 0.34.1 and 0.33.1 and users are encouraged to upgrade as soon as possible. If it is not possible to upgrade to version 0.34.1 or 0.33.1 of the `wasmtime` crate, it is recommend that support for the reference types proposal be disabled by passing `false` to `Config::wasm_reference_types`. Doing so will prevent modules that use `externref` from being loaded entirely.
by cyhe50
CVSS 5.1
CVE-2026-22812 GITHUB HIGH
OpenCode <1.0.216 - Command Injection
OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive CORS) to execute arbitrary shell commands with the user's privileges. This vulnerability is fixed in 1.0.216.
by Hex-Neo
1 stars
CVSS 8.8
CVE-2026-6043 NOMISEC HIGH
Insecure Default Configuration in P4 Server
P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the built-in 'remote' user. These default settings, taken together, can lead to unauthorized access to source code repositories and other managed assets. The 2026.1 release, expected in May 2026, enforces secure-by-default configurations on upgrade and new installations
by flyingllama87
CVE-2026-0911 GITHUB HIGH python
Hustle - Email Marketing - File Upload
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
by murrez
CVSS 7.5
CVE-2026-7055 WRITEUP HIGH
Tenda F456 httpd VirtualSer fromVirtualSer buffer overflow
A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVSS 8.8
CVE-2026-7056 WRITEUP HIGH
Tenda F456 httpd SafeUrlFilter fromSafeUrlFilter buffer overflow
A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be performed from remote. The exploit is now public and may be used.
CVSS 8.8
CVE-2026-7057 WRITEUP HIGH
Tenda F456 httpd setcfm buffer overflow
A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVSS 8.8
CVE-2026-7063 WRITEUP HIGH
code-projects Employee Management System Endpoint eprocess.php sql injection
A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVSS 7.3
CVE-2014-3566 NOMISEC LOW
SSL/TLS Version Detection
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
by josecl200
CVSS 3.4
CVE-2026-7045 WRITEUP MEDIUM
baomidou dynamic-datasource 2.5.0 - Expression Injection
A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the component StandardEvaluationContext/SpelExpressionParser. This manipulation causes injection. The attack may be initiated remotely. Patch name: 273fcedaee984c08197c0890f14190b86ab7e0b8. It is recommended to apply a patch to fix this issue.
CVSS 6.3
CVE-2026-7053 WRITEUP HIGH
Tenda F456 httpd L7Prot frmL7ProtForm buffer overflow
A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVSS 8.8
CVE-2026-7054 WRITEUP HIGH
Tenda F456 httpd PPTPDClient fromPptpUserAdd buffer overflow
A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the argument opttype/usernamewith can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 8.8
CVE-2025-60787 NOMISEC HIGH
MotionEye <= 0.43.1b4 - Authenticated Configuration Command Injection
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
by Revnin
CVSS 7.2
CVE-2024-51482 NOMISEC CRITICAL
ZoneMinder <1.37.64 - SQL Injection
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65.
by Revnin
CVSS 9.9
CVE-2025-8061 GITHUB HIGH c++
Lenovo Dispatcher <3.1 - Privilege Escalation
A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.
by vxqs
CVSS 7.0
CVE-2026-41242 GITHUB CRITICAL javascript
protobufjs Type Fields - Arbitrary Code Execution
protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.
by 4chech
CVSS 9.8
CVE-2026-21877 GITHUB CRITICAL
n8n 0.123.0-1.121.2 - Authenticated Remote Code Execution via Git Node
n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended.
by monkeontheroof
CVSS 9.9
CVE-2026-7023 WRITEUP MEDIUM
ByteDance coze-studio databaseTool database_impl.go ExecuteSQL sql injection
A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the component databaseTool. Performing a manipulation results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3