Exploitdb Exploits
50,076 exploits tracked across all sources.
Microsoft 365 Apps - Remote Code Execution via Use-After-Free
Microsoft Office Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 7.8
Microsoft Office - Remote Code Execution via Double Free
Microsoft Excel Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 7.8
TP-Link TL-WR940N V4 - Buffer Overflow
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
by Amirhossein Bahramizadeh
CVSS 9.9
Xenforo 2.2.13 - Authenticated Stored Cross-Site Scripting via Smilie Category Title Parameter
Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded, potentially enabling further client-side attacks.
by Furkan Karaarslan
CVSS 4.6
Windows Kernel - Integer Underflow Elevation of Privilege
Windows Kernel Elevation of Privilege Vulnerability
by Amirhossein Bahramizadeh
CVSS 7.8
winbizpayment <= 1.0.2 - Path Traversal via download.php
Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.
by Amirhossein Bahramizadeh
CVSS 7.5
Microsoft SharePoint Server - Server-Side Request Forgery
Microsoft SharePoint Server Spoofing Vulnerability
by Amirhossein Bahramizadeh
CVSS 8.1
Azure HDInsight - Cross-Site Scripting in Apache Ambari
Azure Apache Ambari Spoofing Vulnerability
by Amirhossein Bahramizadeh
CVSS 4.5
Bludit <3.13.1 - Authenticated File Download
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through directory traversal.
by Antonio Cuomo
CVSS 6.5
NCH Express Invoice 7.25 - Insufficiently Protected Credentials via Configuration File
NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.
by Tejas Pingulkar
CVSS 7.8
MCL-Net <4.3.5.8788 - Info Disclosure
A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.
by Victor A. Morales
CVSS 5.3
Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing
by nu11secur1ty
Smart Office Web <20.28 - Info Disclosure
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.
by Tejas Pingulkar
CVSS 7.5
HiSecOS 04.0.01 - Privilege Escalation
HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.
by dreizehnutters
CVSS 8.8
WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Missing Nonce Validation
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
by Amirhossein Bahramizadeh
CVSS 6.1
Social Share, Social Login and Social Comments < 7.13.52 - Reflected Cross-Site Scripting
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
by Amirhossein Bahramizadeh
CVSS 6.1
SPIP < 4.2.1 - Remote Code Execution via Form Value Deserialization
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
by nuts7
CVSS 9.8
Nokia Airscale ASIKA Firmware - Use of Hard-coded SSH Keys
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.
by Amirhossein Bahramizadeh
CVSS 6.3
diafan.cms v6.0 - Reflected Cross-Site Scripting via cat_id Parameter
Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.
by tmrswrr
CVSS 6.1
WordPress <5.4.1 - Info Disclosure
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).
by Amirhossein Bahramizadeh
CVSS 6.1
Phpgurukul Student Study Center Management System V1.0 - XSS
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
by VIVEK CHOUDHARY
CVSS 4.8
Broadcom Symantec SiteMinder WebAgent - Cross-Site Scripting
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
by Harshit Joshi
CVSS 5.4
By Source