Exploit Database

147,538 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-46364 NOMISEC CRITICAL
Apache CXF < 3.4.10 - Server-Side Request Forgery via MTOM XOP:Include href Attribute
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 
by cybermaksxx
CVSS 9.8
CVE-2025-61190 WRITEUP MEDIUM
DSpace JSPUI 6.5 - Reflected Cross-Site Scripting via Search Filter Parameter
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.
CVSS 6.1
CVE-2025-69986 WRITEUP HIGH
LSC Indoor Camera V7.6.32 - Buffer Overflow
A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an attacker can overflow the stack buffer, overwriting the return instruction pointer (RIP). This vulnerability allows for Denial of Service (DoS) via device crash or Remote Code Execution (RCE) in the context of the ONVIF service.
CVSS 7.2
CVE-2025-69988 WRITEUP MEDIUM
BS Producten Petcam 33.1.0.0818 - Auth Bypass
BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including the live video and audio stream, without providing credentials.
CVSS 6.5
CVE-2026-1496 WRITEUP CRITICAL
Coverity CLI Authentication Bypass
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a specially crafted HTTP request to bypass authentication. Successful exploitation allows the malicious actor to assume all roles and privileges granted to the valid user’s Coverity Connect account.
CVE-2026-29871 WRITEUP HIGH
awesome-llm-apps e46690f - Path Traversal
A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast_router.py, in function stream_audio. The stream-audio endpoint accepts a user-controlled path parameter that is concatenated into a filesystem path without proper validation or restriction. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary files from the server filesystem, potentially disclosing sensitive information such as configuration files and credentials.
CVSS 7.5
CVE-2026-30527 WRITEUP MEDIUM
SourceCodester Online Food Ordering System 1.0 - XSS
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser.
CVSS 5.4
CVE-2026-30529 WRITEUP HIGH
SourceCodester Online Food Ordering System 1.0 - SQL Injection
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious SQL commands.
CVSS 8.8
CVE-2026-30530 WRITEUP CRITICAL
SourceCodester Online Food Ordering System 1.0 - SQL Injection
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL commands.
CVSS 9.8
CVE-2026-30531 WRITEUP HIGH
SourceCodester Online Food Ordering System 1.0 - SQL Injection
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious SQL commands.
CVSS 8.8
CVE-2026-30532 WRITEUP CRITICAL
SourceCodester Online Food Ordering System 1.0 - SQL Injection
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter.
CVSS 9.8
CVE-2026-30533 WRITEUP CRITICAL
SourceCodester Online Food Ordering System 1.0 - SQL Injection
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter.
CVSS 9.8
CVE-2026-30534 WRITEUP HIGH
SourceCodester Online Food Ordering System 1.0 - SQL Injection
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter.
CVSS 8.3
CVE-2026-30567 WRITEUP MEDIUM
SourceCodester Inventory System 1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS 6.1
CVE-2026-30568 WRITEUP MEDIUM
SourceCodester Inventory System 1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the view_purchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS 4.8
CVE-2026-30569 WRITEUP MEDIUM
SourceCodester Inventory System 1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS 6.1
CVE-2026-30570 WRITEUP MEDIUM
SourceCodester Inventory System 1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL
CVSS 6.1
CVE-2026-30571 WRITEUP MEDIUM
SourceCodester Inventory System 1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS 6.1
CVE-2026-30574 WRITEUP HIGH
SourceCodester Pharmacy Product Management System 1.0 - Business Logic
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is significantly higher than the actual available stock.
CVSS 7.5
CVE-2026-30575 WRITEUP HIGH
SourceCodester Pharmacy Product Management System 1.0 - DoS
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level instead of increasing it, leading to inventory corruption and potential Denial of Service by depleting stock records.
CVSS 7.5
CVE-2026-30576 WRITEUP HIGH
SourceCodester Pharmacy Product Management System 1.0 - Business Logic
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption of financial records, allowing attackers to manipulate inventory asset values and procurement costs.
CVSS 7.5
CVE-2026-30637 WRITEUP HIGH
OTCMS <=7.66 AnnounContent - Unauthenticated Server-Side Request Forgery
Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server
CVSS 7.5
CVE-2026-30689 WRITEUP MEDIUM
blog.admin <= 8.0 - Sensitive Data Exposure via getinfobytoken API
In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service.
CVSS 4.3
CVE-2026-30689 WRITEUP MEDIUM
blog.admin <= 8.0 - Sensitive Data Exposure via getinfobytoken API
In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service.
CVSS 4.3
CVE-2026-32859 WRITEUP MEDIUM
ByteDance DeerFlow Stored XSS via Inline Artifact Rendering
ByteDance DeerFlow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the browser context when users view artifacts, leading to session compromise, credential theft, and arbitrary script execution.
CVSS 5.4