Exploit Database

146,950 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-60709 NOMISEC HIGH
Windows Common Log File System Driver - Privilege Escalation
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
by KONDORDEVSECURITYCORP
CVSS 7.8
CVE-2025-34077 NOMISEC CRITICAL
WordPress Pie Register <3.7.1.4 - Auth Bypass
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
by salimelh94
CVE-2026-39912 NOMISEC CRITICAL
v2board / Xboard Authentication Token Exposure via loginWithMailLink
V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges.
by Chocapikk
CVSS 9.1
CVE-2025-14325 NOMISEC HIGH
Firefox < 146.0 and 140.6-140.* - Type Confusion in JIT JavaScript Engine
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.
by WostGit
CVSS 7.3
CVE-2024-3094 NOMISEC CRITICAL
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
by h3raklez
CVSS 10.0
CVE-2025-45806 WRITEUP MEDIUM
rrweb-snapshot <2.0.0-alpha.18 - XSS
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 6.1
CVE-2025-45806 WRITEUP MEDIUM
rrweb-snapshot <2.0.0-alpha.18 - XSS
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 6.1
CVE-2025-45806 WRITEUP MEDIUM
rrweb-snapshot <2.0.0-alpha.18 - XSS
A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 6.1
CVE-2023-33187 WRITEUP MEDIUM
highlight < 6.0.0 - Cleartext Transmission of Sensitive Information via Password Input Type Switch
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `type="password"` inputs. A customer may assume that switching to `type="text"` would also not record this input; hence, they would not add additional `highlight-mask` css-class obfuscation to this part of the DOM, resulting in unintentional recording of a password value when a `Show Password` button is used. This issue was patched in version 6.0.0. This patch tracks changes to the `type` attribute of an input to ensure an input that used to be a `type="password"` continues to be obfuscated.
CVSS 5.4
CVE-2024-34255 WRITEUP MEDIUM
jizhicms v2.5.1 - Cross-Site Scripting in Message Function
jizhicms v2.5.1 contains a Cross-Site Scripting(XSS) vulnerability in the message function.
CVSS 6.1
CVE-2024-33338 WRITEUP HIGH
jizhicms 2.5.4 - Cross-Site Scripting via Article Publication Request
Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request.
CVSS 7.3
CVE-2023-50692 WRITEUP HIGH
jizhicms 2.5 - Remote Code Execution via File Upload in Download URL Parameter
File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory.
CVSS 8.8
CVE-2025-50228 WRITEUP CRITICAL
JizhiCMS 2.5.4 - Server-Side Request Forgery
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.
CVSS 9.1
CVE-2025-50228 WRITEUP CRITICAL
JizhiCMS 2.5.4 - Server-Side Request Forgery
Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules.
CVSS 9.1
CVE-2023-31862 WRITEUP MEDIUM
jizhicms 2.4.6 - Stored Cross-Site Scripting via Article Content
jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.
CVSS 5.4
CVE-2023-27235 WRITEUP HIGH
Jizhicms 2.4.5 - Arbitrary File Upload and Remote Code Execution via PHTML File
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.
CVSS 7.2
CVE-2023-27234 WRITEUP MEDIUM
jizhicms 2.4.5 - Cross-Site Request Forgery in /Sys/index.html
A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.
CVSS 6.5
CVE-2022-45278 WRITEUP HIGH
jizhicms 2.3.3 - SQL Injection via /index.php/admins/Fields/get_fields.html
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component.
CVSS 8.8
CVE-2022-44140 WRITEUP HIGH
jizhicms 2.3.3 - SQL Injection via Member Edit Component
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
CVSS 8.8
CVE-2022-36578 WRITEUP CRITICAL
jizhicms v2.3.1 - SQL Injection
jizhicms v2.3.1 has SQL injection in the background.
CVSS 9.8
CVE-2022-36577 WRITEUP HIGH
jizhicms v2.3.1 - Cross-Site Request Forgery
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin.
CVSS 8.8
CVE-2022-31393 WRITEUP CRITICAL
jizhicms v2.2.5 - Server-Side Request Forgery via Index Function in PluginsController
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.
CVSS 9.1
CVE-2022-31390 WRITEUP CRITICAL
jizhicms 2.2.5 - Server-Side Request Forgery via Update Function in TemplateController
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.
CVSS 9.1
CVE-2022-27429 WRITEUP CRITICAL
JizhiCMS 1.9.5 - Server-Side Request Forgery via Plugins update Endpoint
Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.
CVSS 9.8
CVE-2020-23644 WRITEUP MEDIUM
jizhicms 1.7.1 - Cross-Site Scripting via Error Controller
XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Home/c/ErrorController.php.
CVSS 6.1