Writeup Exploits

43,060 exploits tracked across all sources.

Sort: Newest Stars
CVE-2025-70040 WRITEUP
jimeng-web-mcp 2.1.2 - Info Disclosure
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.
CVE-2025-70040 WRITEUP
jimeng-web-mcp 2.1.2 - Info Disclosure
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.
CVE-2025-70042 WRITEUP
ThermaKube master - SSRF
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.
CVE-2025-70042 WRITEUP
ThermaKube master - SSRF
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.
CVE-2025-70046 WRITEUP
Miazzy oa-front-service master - Code Injection
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.
CVE-2025-70046 WRITEUP
Miazzy oa-front-service master - Code Injection
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.
CVE-2025-70047 WRITEUP
Nexusoft NexusInterface 3.2.0-beta.2 - DoS
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
CVE-2025-70048 WRITEUP
Nexusoft NexusInterface 3.2.0-beta.2 - Info Disclosure
An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
CVE-2025-70048 WRITEUP
Nexusoft NexusInterface 3.2.0-beta.2 - Info Disclosure
An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
CVE-2025-70047 WRITEUP
Nexusoft NexusInterface 3.2.0-beta.2 - DoS
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
CVE-2025-70050 WRITEUP
lesspass v9.6.9 - Info Disclosure
An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information.
CVE-2025-70050 WRITEUP
lesspass v9.6.9 - Info Disclosure
An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information.
CVE-2025-70059 WRITEUP
YMFE yapi 1.12.0 - DoS
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
CVE-2025-70060 WRITEUP
YMFE yapi 1.12.0 - XSS
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.
CVE-2025-70060 WRITEUP
YMFE yapi 1.12.0 - XSS
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.
CVE-2025-70059 WRITEUP
YMFE yapi 1.12.0 - DoS
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
CVE-2025-70238 WRITEUP
D-Link DIR-513 v1.10 - Buffer Overflow
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.
CVE-2025-70243 WRITEUP
D-Link DIR-513 v1.10 - Buffer Overflow
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534.
CVE-2025-70250 WRITEUP
D-Link DIR-513 v1.10 - Buffer Overflow
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup.
CVE-2026-3089 WRITEUP
Actual Sync Server <26.3.0 - Path Traversal
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments (../) can escape the intended directory and write files outside userFiles.This issue affects prior versions of Actual Sync Server 26.3.0.
CVE-2026-3089 WRITEUP
Actual Sync Server <26.3.0 - Path Traversal
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments (../) can escape the intended directory and write files outside userFiles.This issue affects prior versions of Actual Sync Server 26.3.0.
CVE-2026-27638 WRITEUP HIGH
Actual <26.2.1 - Auth Bypass
Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode (OpenID), the sync API endpoints (`/sync/*`) don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budget files by providing their file ID. Version 26.2.1 patches the issue.
CVSS 7.1
CVE-2026-27638 WRITEUP HIGH
Actual <26.2.1 - Auth Bypass
Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode (OpenID), the sync API endpoints (`/sync/*`) don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budget files by providing their file ID. Version 26.2.1 patches the issue.
CVSS 7.1
CVE-2026-27584 WRITEUP HIGH
ActualBudget <26.2.1 - Info Disclosure
Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction information. This vulnerability allows an unauthenticated attacker to read the bank account balance and transaction history of ActualBudget users. This vulnerability impacts all ActualBudget Server users with the SimpleFIN or Pluggy.ai integrations configured. The ActualBudget Server instance must be reachable over the network. Version 26.2.1 patches the issue.
CVSS 7.5
CVE-2026-3815 WRITEUP HIGH
UTT HiPER 810G <=1.7.7-1711 - Buffer Overflow
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 8.8
By Source
All 43,060 Exploitdb 50,196 Writeup 43,060 Nomisec 19,721 Metasploit 3,028 Github 2,086 Vulncheck_xdb 887 Inthewild 518 Gitlab 431 Gitee 415 Patchapalooza 312
By Language
text 31,307 ruby 5,759 python 5,758 c 3,536 perl 2,854 html 2,051 php 1,332 bash 459 java 359 javascript 255 c++ 242 shell 54 go 38 postscript 25 xml 24