Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
β€’added 2026/02/25 2:50 a.m.β€’12 views

Gateway API Authorization Bypass: Any Authenticated User Can Enumerate Secrets, Endpoints, and Model Definitions

This report is not public...

6.5CVSS6.6AI score0.00244EPSS
Exploits1
Huntr
Huntr
β€’added 2026/02/23 3:32 a.m.β€’12 views

Git Argument Injection via Reference Field in GitHubRepository Block

This report is not public...

8.5CVSS7.3AI score0.00298EPSS
Exploits0
Huntr
Huntr
β€’added 2026/02/18 8:11 a.m.β€’12 views

Remote Code Execution via Flow Studio Node Definitions

Description LOLLMS Flow Studio contains multiple code execution vulnerabilities via unsafe use of Python's exec function. Two distinct code paths allow arbitrary Python code execution on the server: 1. Direct Code Execution via/api/flows/testcode Admin endpoint File: backend/routers/flowstudio.py...

6.3AI score
Exploits0
Huntr
Huntr
β€’added 2026/02/14 2:13 a.m.β€’12 views

Authentication Bypass on FastAPI Routes (Job API, OTel API) When Basic Auth Enabled

Summary When MLflow is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI, the FastAPI permission middleware only enforces authentication on /gateway/ routes. All other FastAPI routes -- including the Job API /ajax-api/3.0/jobs/ and the OpenTelemetry trace...

8.6CVSS6AI score0.01502EPSS
Exploits1
Huntr
Huntr
β€’added 2026/02/10 4:29 p.m.β€’12 views

SSRF in MLflow via user-controlled webhook URL parameter

Description A Server-Side Request Forgery SSRF vulnerability exists in the webhook creation functionality of MLflow. The createwebhook handler accepts a user-controlled url parameter and stores it without any validation. When webhooks are tested or triggered, the sendwebhookrequest function sends...

7.1CVSS7.3AI score0.0037EPSS
Exploits1
Huntr
Huntr
β€’added 2025/10/03 6:25 p.m.β€’12 views

text-generation-inference: Unbounded external image fetch in validation leads to resource-exhaustion DoS

Description Text Generation Inference Router DoS via pre-validation image fetch in VLM mode. Affected: Router workspace version 3.3.6 the latest repo, when deployed with a vision/VLM model e.g., Idefics/Mllama/Idefics2/Idefics3/Gemma3/Llama4/Paligemma/LlavaNext/Qwen2VL/Qwen25VL. Pure text LLMs do...

7.5CVSS7.2AI score0.22494EPSS
Exploits0
Huntr
Huntr
β€’added 2025/08/30 2:5 p.m.β€’12 views

Path Traversal vulnerability in keras using tar extract

Technical Details of the Vulnerability Summary Keras's keras.utils.getfile function is vulnerable to directory traversal attacks despite implementing filtersafepaths. The vulnerability exists because extractarchive uses Python's tarfile.extractall method without the security-critical filter="data...

8CVSS7.2AI score0.00592EPSS
Exploits0
Huntr
Huntr
β€’added 2025/02/15 8:25 a.m.β€’12 views

A malicious manifests can lead to DoS due to unchecked array bound access via network in ollama/ollama

This report is not public...

7.5CVSS7.7AI score0.00426EPSS
Exploits1
Huntr
Huntr
β€’added 2024/10/17 9:14 p.m.β€’12 views

Unauthenticated Denial of Service (DoS) via Multipart Boundary in recent integration of Gradio UI

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
β€’added 2023/10/11 4:49 p.m.β€’12 views

4 heap-buffer-overflow in MP4Box

Description 4 heap-buffer-overflow in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce...

6.9AI score
Exploits0
Huntr
Huntr
β€’added 2023/08/29 9:32 a.m.β€’12 views

LimeSurvey 5.6.34-230816 has a storage based XSS vulnerability caused by importManifest

Description A regular user with "theme" privileges who maliciously sets the "templatename" during the importManifest process can lead to a stored Cross-Site Scripting XSS vulnerability. Proof of Concept The first step is to create a user with only 'theme' permission. Log in to this user and make ...

5.6AI score
Exploits0
Huntr
Huntr
β€’added 2023/08/18 11:29 a.m.β€’12 views

CSRF Logout

Description Bad actor can send to victim link ie. obfuscated with payload /logout and if victim will use it - can change the state of user logged in/logged out. Proof of Concept As logged in user open in new browser tab this site https://app.vrite.io/session/logout Go back to previous tab, refres...

6.8AI score
Exploits0References2
Huntr
Huntr
β€’added 2023/08/05 2:12 p.m.β€’12 views

Multiple Stored XSS Found

Description Stored XSS Cross-Site Scripting is a type of web security vulnerability caused by improper input validation and inadequate data sanitization in a web application. It occurs when an attacker injects malicious scripts usually in the form of HTML or JavaScript into a website's database o...

4.9CVSS6.3AI score0.00407EPSS
Exploits0
Huntr
Huntr
β€’added 2023/07/26 8:40 p.m.β€’12 views

XSS in function navigateTo

Vunerability The check for external links checks if the protocol is script:, which is not a valid protocol and allows the user to provide a valid javascript payload using javascript: protocol. ts if isExternal && parseURLtoPath.protocol === 'script:' throw new Error'Cannot navigate to an URL with...

6.8AI score
Exploits0
Huntr
Huntr
β€’added 2023/07/08 10:27 a.m.β€’12 views

SQL Injection

Description GLPI 10.0.8 and are affected by an SQL injection on the page ajax/dashboard.php Proof of Concept I can provide you the POC written in python3.5 or higher. Just provide me a way to send it to you. Tested under the following environment: - Ubuntu 20.04 - GLPI 10.0.8 and 10.0.7 - Mysql...

8.1AI score
Exploits0
Huntr
Huntr
β€’added 2023/07/03 1:47 p.m.β€’12 views

Improper Control of Generation of Code

Description Kimai Plugin EasyBackupBundle allows admins to edit mysql commands from the configuration tab, an attacker can append arbitrary commands to achieve code execution. This can be also extended to an arbitrary file read while specifying filenames such as /etc/passwd in backup. Proof of...

7.4AI score
Exploits0
Huntr
Huntr
β€’added 2023/06/29 3:32 a.m.β€’12 views

CSRF in Question Themes function

Description The web application is vulnerable to CSRF in the toggle visibility of question themes. Proof of Concept Step 1: Login as user who has permission to access themes function. Step 2: Host an HTML trap page and send the URL to the victim history.pushState'', '', '/'; document.forms0.submi...

6.8AI score
Exploits0
Huntr
Huntr
β€’added 2023/06/26 3:47 p.m.β€’12 views

CSRF in the delete notification function

Description The web application is vulnerable to CSRF in the delete notification function. Proof of Concept Step 1: See that user demo has some notifications. Step 2: Host an HTML trap page and send the URL to the victim history.pushState'', '', '/' document.forms0.submit; And the malicious URL...

6.9AI score
Exploits0
Huntr
Huntr
β€’added 2023/06/14 1:20 a.m.β€’12 views

Sensitive Cookie Without HttpOnly Flag

Description Access and login to the demo website: https://demo.openitcockpit.io/ Press F12 on your keyboard or right-click on the website to open dev-tool. At Application tab, choose Cookies and there is CookieAuth sensitive cookie without HttpOnly flag. Proof of Concept Link image evidence:...

6.9AI score
Exploits0
Huntr
Huntr
β€’added 2023/04/30 7:18 a.m.β€’12 views

SQL injection in the delete action of the file add_edit_event.php

Description We have discovered that the SQL injection vulnerability can be exploited through the file /interface/main/calendar/addeditevent.php, allowing an attacker to manipulate the query via the eid parameter provided that Support Multi-Provider Events feature must be enabled. Proof of Concept...

8.1AI score
Exploits0References1
Huntr
Huntr
β€’added 2023/04/19 9:22 p.m.β€’12 views

CSRF Leading to reset Boxes

Description Hello everyone, During my testing on LimeSurvey's admin demo, it's found that the Boxes part of the application is vulnerable to CSRF affecting reset boxes functionality meaning that if an admin created some boxes an attacker could trick the admin to reset the boxes by following a lin...

6.8AI score
Exploits0
Huntr
Huntr
β€’added 2023/04/04 1:29 p.m.β€’12 views

Stored XSS in Edit user member profile

Description When making changes to update information, there is a country parameter to insert the xss payload Step 1 : Update user Personal information Proof of Concept // PoC request: // payload: "alertString.fromCharCode88,83 POST /pbboard/index.php?page=usercp&control=1&info=1&start=1 HTTP/1.1...

6AI score
Exploits0
Huntr
Huntr
β€’added 2023/03/27 6:15 a.m.β€’12 views

XSS in Conditions tab of Pricing Rules

Description While testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Conditions tab of Pricing Rules, specifically at From and To fields of Date Range section. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.On the left menu bar, go t...

6AI score0.00356EPSS
Exploits1
Huntr
Huntr
β€’added 2023/02/28 1:53 a.m.β€’12 views

SQL Injection leads to code execution

Description This vulnerability allows the attacker to leverage a SQL injection attack in the database backup functionality to write arbitrary data to an arbitrary file on disk anywhere where the user can write. This includes the webroot in a default installation allowing the attack to place a web...

8.1AI score
Exploits0
Huntr
Huntr
β€’added 2023/02/16 6:53 p.m.β€’12 views

Stored Cross-Site Scripting in survey administrator name

Description The administrator name field in Survey settings has a Stored Cross-Site scripting vulnerability as it does not sanitize the user input administrator name. A user can enter the javascript payload "alertdocument.cookie in the Administrator name field and the XSS executes in the...

5.4AI score
Exploits0
Huntr
Huntr
β€’added 2023/02/02 9:45 a.m.β€’12 views

DynamicPHPCode Filtering Bypass leads to Remote Code Execution

Description The "Websites" module in Dolibarr CRM version 6.0.3 and below has "checkPHPCode" function check to ensure that the page not contains any malicious function. However, this funtion only check by using match word searching, that allows malicious authenticated user can bypass by using...

6.9AI score
Exploits0
Huntr
Huntr
β€’added 2023/01/22 8:32 p.m.β€’12 views

No permission user can increase his role to administrator

Description No permission user can increase his role to administrator Proof of Concept Hey,i am new on this platform : Steps: - login your administrator account, go to people, and create a user with zero permission you can create permission group with zero permission - then login your restricted...

6.8AI score
Exploits0
Huntr
Huntr
β€’added 2023/01/20 9:45 a.m.β€’12 views

Cookie without β€œSecure β€œ and β€œ HttpOnly ” flag attribute

Description HttpOnly and Secure attribute is not set for session cookies in the application. Proof of Concept https://drive.google.com/file/d/1ZAanmAbOn-jSf6ZMS5JIQKUzJ78fUrea/view?usp=sharing...

0.6AI score
Exploits0References2
Huntr
Huntr
β€’added 2023/01/03 6:6 a.m.β€’12 views

Cookie without Secure attribute

Description The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. Proof of Concept http HTTP/1.1 200 OK Content-Type: application/json Content-Length: 107 Vary: Accept-Encoding Set-Cookie:...

5CVSS5.4AI score0.00436EPSS
Exploits1
Huntr
Huntr
β€’added 2022/12/30 12:5 p.m.β€’12 views

HTTP Query String Injection

Description The application does not properly sanitize query string parameters in the cloudflare-kv-http,github and http drivers. In the case of the github and http drivers there is no immediate vulnerability, however a slight risk is presented. When a user controls a key within the...

0.7AI score
Exploits0References2
Huntr
Huntr
β€’added 2022/12/29 1:43 p.m.β€’12 views

RCE in Wordnet Browser

Description A user who visits a malicious link with wordnet browser open will execute code on system Proof of Concept Visit http://localhost:8000/lookupgASVKwAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjBB0b3VjaCAvdG1wL1BXTkVElIWUUpQu The base64 is created from import pickle import sys import base64...

0.3AI score
Exploits0
Huntr
Huntr
β€’added 2022/11/24 11:35 a.m.β€’12 views

No rate limiting on the reset password page will lead to a DOS attack and inbox flooding for any user

Description I can use this attack to take advantage of the reset password confirmation mechanism and send a large number of emails to anyone simply because I know his email address, as well as perform a DoS attack by draining the resources of the SMTP service and the web server. Proof of Concept ...

7.3AI score
Exploits0
Huntr
Huntr
β€’added 2022/11/03 7:50 p.m.β€’12 views

Application-Wide Stored Cross Site Scripting affecting all Users

Description Hi Team, I have found a stored cross-site scripting vulnerability in the reporting dashboard module. What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry points for stored XSS are: message...

5.5AI score
Exploits0
Huntr
Huntr
β€’added 2022/10/30 4:35 a.m.β€’13 views

Reflected XSS on ID parameter

Description Vulnerable code " Proof of Concept https://demo.bumsys.org/xhr/?icheck=false&module=accounts&page=editAccount&id=test"...

0.6AI score
Exploits0
Huntr
Huntr
β€’added 2022/10/27 7:8 p.m.β€’12 views

XSS Stored - Content of tasks are not sanitize

Description If a user inject an XSS payload inside the content of a task. All users that visit the kanban will execute the corresponding XSS payload. Proof of Concept Create XSS in task content XSS is executed...

2.5AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/10/18 3:20 p.m.β€’12 views

Blind SSRF When Inserting a Presentation

Description BigBlueButton was found that it allows for URLs provided by the clients to be directly invoked, without checking the validity of the URL. An attacker will be able to request to services on the local host, and even utilize a FILE URL although an exception happens due to an incorrect ca...

7AI score
Exploits0
Huntr
Huntr
β€’added 2022/09/29 6:15 p.m.β€’12 views

Hyperlink injection leads to redirect victim to malicious website

Description Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation Proof of Concept 1 Go to https://rdiffweb-dev.ikus-soft.com/prefs/general 2 Set your full name as "Your account has been hacked please visit evil.com" 3 Save changes 4 Perform any activi...

5.8CVSS1.1AI score0.00492EPSS
Exploits1References2
Huntr
Huntr
β€’added 2022/09/15 2:24 p.m.β€’12 views

Formula injection via Full Name

πŸ”’οΈ Requirements Privilege: user. πŸ“ Description It is possible for a user to change his name by whatever he wants from /profile/settings. In addition, an administrator can get reports about users from Reports Agents. So, a user could change his full name by a formula and abuse formula injection...

6.6AI score
Exploits0
Huntr
Huntr
β€’added 2022/09/14 10:43 p.m.β€’12 views

CSRF resulting in Account Takeover

Description Hello everyone, Rdiffweb offers a profile section where the admin user can change his informations such as the username, the email etc..., when the admin changes his username and his email; the following POST requests is sent: POST /prefs/general HTTP/1.1 Host:...

6.8AI score
Exploits0
Huntr
Huntr
β€’added 2022/08/22 1:45 p.m.β€’12 views

Reflected XSS via "stuffid" parameter

Description The value for the stuffid parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

0.7AI score
Exploits0
Huntr
Huntr
β€’added 2022/08/21 5:58 p.m.β€’12 views

Prototype pollution

Description submerge is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Sensitive Information Disclosure/Denial of ServiceDoS/Remote Code Execution. Proof ...

1.6AI score
Exploits0
Huntr
Huntr
β€’added 2022/08/07 2:50 p.m.β€’12 views

Unauthenticated book download and view details

Description A unauthenticated user can download, view the details and resources, and retrieve individual pages of any book in the system without any kind of authorization or authentication verification. \ \ Unauthenticated book operations list: 1 - Download any book via the /api/reader/pdf...

1.9AI score
Exploits0
Huntr
Huntr
β€’added 2022/07/21 7:5 p.m.β€’12 views

Cross-Site Request Forgery (CSRF)

Description CSRF is still possible on the Leads module Detailed Video is attached Proof of concept. Tested from: Firefox URL of Demo : https://demo.corebos.com/index.php?module=Leads&action=index&record=&relmodule=Leads Proof of Concept Video Link : https://vimeo.com/732211543 Steps Involved 1...

1AI score
Exploits0References2
Huntr
Huntr
β€’added 2022/07/20 6:11 p.m.β€’12 views

Send message in chat function with any username

Description In chat function, username is not validated. We can change username to any value we want which not match with logged in user. Exploitation steps: 1. Login with Phil1 account Patient account. 2. Send message via Burpsuite proxy 3. Modify username to any value you want I user "n00b" 4. ...

7AI score
Exploits0
Huntr
Huntr
β€’added 2022/07/20 8:35 a.m.β€’12 views

heap-buffer-overflow occurs in function eval_string ./vim/src/typval.c:2226

Description heap-buffer-overflow occurs in evalstring ./vim/src/typval.c:2226, it should be allocated more memory at ./vim/src/typval.c:2126 vim version git log commit 5154a8880034b7bb94186d37bcecc6ee1a96f732 HEAD - master, tag: v9.0.0057, origin/master, origin/HEAD Proof of Concept Poc ./vim -u...

4.4CVSS7.2AI score0.00503EPSS
Exploits1
Huntr
Huntr
β€’added 2022/07/18 8:39 a.m.β€’12 views

Insecure Direct Object References when creating a list

Description Insecure direct object references when creating a list allows one user to create a new list on behalf of another. Proof of Concept POST /list HTTP/2 Host: bookwyrm.social Cookie: djangolanguage=None; csrftoken=I5lj4znBJ9B5HnT3FAsII67G1EISidIKGlsIz5ElN9kmlDwucM2hGKx0Fy4gM8vj;...

7AI score
Exploits0
Huntr
Huntr
β€’added 2022/07/05 8:43 p.m.β€’12 views

Insufficiently complex hash function used in `useFetch` means return data cannot be trusted

Description The useFetch function uses the ohash library to key requests. This hash function outputs a 32 bit number. Finding a collision for this function is easy. In a situation where useFetch is called more than once, any call after the first that contains untrusted input into any argument is...

6.8AI score
Exploits0References1
Huntr
Huntr
β€’added 2022/06/16 3:27 p.m.β€’12 views

Disabling Account Multi Factor Authentication (MFA) Does Not Require Authenticator Token or Credentials

Description The application does not require a valid MFA authenticator token, user credentials, or other mechanism to disable MFA on an account. Proof of Concept 1. In an account with MFA enabled, go to User Settings 2. Click on Remove multifactor 3. Select the response when the window pops up 4...

1.8AI score
Exploits0References2
Huntr
Huntr
β€’added 2022/06/16 6:58 a.m.β€’12 views

Memory leaks in function vim_strsave

Description Memory leaks in function vimstrsave at strings.c:27 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC root@fuzz-vm0-187:/home/fuzz/fuzz/vim/afl/src ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

1.5AI score
Exploits0
Huntr
Huntr
β€’added 2022/06/15 1:11 p.m.β€’12 views

Cross site Scripting By injecting iframe

Description Cross site scripting using iframe Proof of Concept 1.Goto https://demo.inventree.org/company/manufacturers/ 2.Create new Manufracturer 3.In Add notes Section add this payload and save 4.Visit this address https://demo.inventree.org/company/ID POC :- Visit this url...

Exploits0
Total number of security vulnerabilities4072