Inthewild Exploits
518 exploits tracked across all sources.
Apache Druid < 0.22.0 - Incorrect Authorization
In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
CVSS 6.5
Microsoft DWM Core Library - Privilege Escalation
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVSS 8.4
Microsoft DWM Core Library - Privilege Escalation
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVSS 8.4
Dahua - Auth Bypass
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
CVSS 9.8
Gerapy <0.9.9 - Command Injection
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.
CVSS 8.8
Microsoft Windows 10 1809 < 10.0.17763.1999 - Information Disclosure
Windows Kernel Information Disclosure Vulnerability
CVSS 5.5
Microsoft Windows 10 1809 < 10.0.17763.1999 - Information Disclosure
Windows Kernel Information Disclosure Vulnerability
CVSS 5.5
Google Chrome <93.0.4577.82 - Heap Corruption
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS 8.8
Google Chrome <93.0.4577.82 - Heap Corruption
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS 8.8
Apache OFBiz <17.12.07 - Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
CVSS 9.8
Alibaba Nacos < 1.4.1 - Missing Authentication
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)
CVSS 8.6
Apache Ofbiz < 17.12.07 - Insecure Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
CVSS 9.8
Microsoft Windows 10 - Remote Code Execution
Windows Hyper-V Remote Code Execution Vulnerability
CVSS 9.9
MariaDB <10.2.37, 10.3.28, 10.4.18, 10.5.9 - RCE
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
CVSS 7.2
Microsoft Windows Remote Access API - Elevation of Privilege
Remote Access API Elevation of Privilege Vulnerability
CVSS 7.8
Afterlogic Aurora < 7.7.9 - Path Traversal
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password).
CVSS 7.5
Smarty <3.1.39 - Code Injection
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.
CVSS 7.5
SaltStack Salt <3002.5 - RCE
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
CVSS 9.8
Microsoft Windows 10 - Symlink Following
Windows Mobile Device Management Information Disclosure Vulnerability
CVSS 5.5
Pulse Connect Secure >=9.0R3/9.1R1 - Auth Bypass
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild.
CVSS 10.0
Gitlab < 13.10.5 - SSRF
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited
CVSS 6.8
Dell Emc Networker < 19.4.0.4 - Path Traversal
Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.
CVSS 6.8
Jellyfin < 10.7.1 - Path Traversal
Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. As a workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem, however, it is recommended to update as soon as possible.
CVSS 7.7
Google Chrome <90.0.4430.85 - RCE
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS 8.8
Google Chrome <89.0.4389.128 - Heap Corruption
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS 8.8
By Source