Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/06/15 8:1 a.m.11 views

in polonel/trudesk

💥 BUG Stored xss via file upload 💥 IMPACT Stored xss allow to execute arbitary javascript in victim trudesk account External user also can execute xss in admin account here. 💥 STEP TO REPRODUCE 1. First from admin goto http://localhost:8118/teams and create a team called team2.\ Now goto...

Exploits0
Huntr
Huntr
added 2021/06/11 4:38 a.m.11 views

in hascheksolutions/pictshare

BUG ========== sha1 comparision bypass DETAILS ============= There is vulnerable code which can bypass file sha1 hash checking bypass function sha1Exists$sha1 $handle = fopenROOT.DS.'data'.DS.'sha1.csv', "r"; if $handle while $line = fgets$handle !== false ifsubstr$line,0,40==$sha1 return...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/06/03 7:51 p.m.11 views

Classic Buffer Overflow in chatwoot/chatwoot

You can put a very long work email text until you get the last user to put and aries or DoS. Normally emails have 64 to 225 digits. Summary There is no limit to the number of characters in the work email, which allows a DoS attack. The DoS attack affects both server-side and client-side. NOTE: Th...

1.7AI score
Exploits0References1
Huntr
Huntr
added 2021/06/02 5:30 p.m.11 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Reflected XSS in proxies.php when a user asked to add a proxy, resulting in XSS. 🕵️‍♂️ Proof of Concept https://drive.google.com/file/d/14uabBenjADBpzWbbYqiF8a9FU2fzhX/view?usp=sharing payload: ' onmouseover='alert1 💥 Impact This vulnerability is capable of doing Reflected XSS...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/05/24 8:39 a.m.11 views

Improper Access Control in openwhyd/openwhyd

✍️ Description Youtube API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit following link to verify anyone can access the api key:...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/05/18 8:27 p.m.11 views

Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr

✍️ Description The dolibarr is vulnerable to XSS. It is possible to bypass the sanitizer through onpointerdown event. 🕵️‍♂️ Proof of Concept Payload: XSS. 1. With an authenticated user, access http://localhost/product/index.php. 2. Click on New product in the left bar. 3. Put any content in the Ref...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/05/18 8:3 a.m.11 views

Prototype Pollution in jalik/js-deep-extend

✍️ Description Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. An attacker...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/05/15 1:26 p.m.11 views

Cross-site Scripting (XSS) - Stored in utmsigep/member-directory

✍️ Description Donor creation is vulnerable to stored XSS originating from donor creation due to missing sanitization on user input. 🕵️‍♂️ Proof of Concept - Select a member-status/group - Create Member - Enter an XSS payload into the directory notes field, eg. - Hit save. Upon...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/05/15 1:7 p.m.11 views

Cross-site Scripting (XSS) - Generic in utmsigep/member-directory

✍️ Description Administrative functions display success banners after multiple actions that reflect user-input directly without sanitization. 🕵️‍♂️ Proof of Concept Member-status Creation and Update - Directory Admin - Member Statuses - Create New Member Status - Code: Enter a string, Label: Enter...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/05/12 2:16 p.m.11 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL26 you echo a user input without sanitization : html Version: 🕵️‍♂️ Proof of Concept Visit...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/05/01 9:4 a.m.11 views

Cross-site Scripting (XSS) - Reflected in blockonomics/woocommerce-plugin

✍️ Description Reflected javascript injection vulnerabilities exist when web applications take parameters from the URL and display them on a page. Reflection vulnerabilities occur when a website outputs a variable from the webpage URL directly to the page, such as in a PHP application that accepts...

6.8AI score
Exploits0References2
Huntr
Huntr
added 2021/03/23 5:15 p.m.11 views

Open Redirect in forkcms/forkcms

✍️ Description The forkcms is vulnerable to Open Redirect through invalid characters in the URL path. 🕵️‍♂️ Proof of Concept With an authenticated user, access: http://localhost/private/en/authentication?querystring=/%01/effectrenan.com 💥 Impact This vulnerability allows attackers to fool victims...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/03/11 12:0 a.m.11 views

Prototype Pollution in automattic/cli-table

Description Prototype Pollution in cli-table Proof of Concept 1. Create the following PoC file: // poc.js var cliTable = require"cli-table" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; cliTablepayload; console.log"After : " +...

1.9AI score
Exploits0
Huntr
Huntr
added 2021/01/04 12:0 a.m.11 views

Code Injection in uber/petastorm

Description Petastorm is an open source data access library developed at Uber ATG. This library enables single machine or distributed training and evaluation of deep learning models directly from datasets in Apache Parquet format. Petastorm supports popular Python-based machine learning ML...

1.6AI score
Exploits0References1
Huntr
Huntr
added 2021/01/04 12:0 a.m.11 views

Prototype Pollution in ionicabizau/obj-def

Description obj-def is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var objDef = require"obj-def" var obj = console.log"Before : " + .polluted; objDefobj, "proto", .polluted ='Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the...

2.3AI score
Exploits0
Huntr
Huntr
added 2020/12/17 12:0 a.m.11 views

Cross-site Scripting (XSS) - Generic in igniterealtime/openfire-bookmarks-plugin

Description openfire-bookmarks-plugin is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce 1. Download openfire and install https://www.igniterealtime.org/downloads/ 2. Run the server http://localhost:9090/index.jsp 3. Click on "Plugins" http://localhost:9090/plugin-admin.jsp and install...

5.8AI score
Exploits0
Huntr
Huntr
added 2020/12/17 12:0 a.m.11 views

Prototype Pollution in ionicabizau/set-or-get.js

Description set-or-get is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var SetOrGet = require"set-or-get"; var obj = console.log"Before : " + .polluted; SetOrGetobj, "proto", .polluted ='Yes! Its Polluted'; console.log"After : " + .polluted; 2...

2AI score
Exploits0
Huntr
Huntr
added 2020/10/28 12:0 a.m.11 views

Prototype Pollution in generates/generates

Description @generates/merger is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var merger = require"@generates/merger" const paylo...

1.7AI score
Exploits0
Huntr
Huntr
added 2020/10/12 12:0 a.m.11 views

Prototype Pollution in sagold/gson-query

Description gson-query is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var gsonQuery = require"gson-query" var obj =...

1.9AI score
Exploits0
Huntr
Huntr
added 2020/09/01 12:0 a.m.11 views

OS Command Injection in adrieankhisbe/bundle-phobia-cli

Description BundlePhobia is a tool to help you find the cost of adding a npm package to your bundle. It enables you to query package sizes. The npm-utils.js has a unsanitized exec function which leads to Arbitrary code execution Proof-of-concept const util = require'./npm-utils.js'; let a =...

2.1AI score
Exploits0
Huntr
Huntr
added 2020/08/17 12:0 a.m.11 views

Path Traversal in youngerheart/nodeserver

Overview nodeserver is a Achieve node server's domain name resolution and web application's router, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following URL: /../../etc/passwd would result in...

4.3AI score
Exploits0References1
Huntr
Huntr
added 2020/08/06 12:0 a.m.11 views

Command Injection in sh0ji/git-tags-remote

Overview git-tags-remote is a Get remote repository tags, this package is vulnerable to Command Injection. The package fails to sanitize the repository input and passes it directly to an exec call on the get function . This can allow attackers to execute arbitrary code in the system if the...

4.1AI score
Exploits0References1
Huntr
Huntr
added 2020/05/08 12:0 a.m.11 views

Command Injection in forsigner/node-pngdefry

Overview Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks...

6.5AI score
Exploits0References1
Huntr
Huntr
added 2026/03/13 1:22 p.m.10 views

Path Traversal in Keras Archive Extraction via CWD Validation Bypass Leading to Arbitrary File Write

Description Technical Details of the Vulnerability Summary Keras's archive extraction utilities in keras/src/utils/fileutils.py are vulnerable to path traversal. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory...

8.9CVSS7.6AI score0.00593EPSS
Exploits1
Huntr
Huntr
added 2026/03/13 1:57 a.m.10 views

model.weights.h5: h5py.ExternalLink at Group level silently followed during load_model(), bypassing CVE-2025-9905 fix — information disclosure from arbitrary HDF5 files

Keras 3.x introduced a fix for CVE-2025-9905 by checking dataset.external in H5IOStore.verifydataset. This check blocks datasets whose raw bytes are stored in external files via the HDF5 "External Data Storage" mechanism. However, HDF5 supports a second, unrelated external-reference mechanism:...

7.3CVSS7.5AI score0.00205EPSS
Exploits1
Huntr
Huntr
added 2026/03/07 2:36 p.m.10 views

Unsafe cloudpickle deserialization in Prefect task runners and bundle deserialization

This report is not public...

5.4AI score
Exploits0
Huntr
Huntr
added 2026/02/22 12:40 a.m.10 views

Arbitrary File Write via Path Traversal in Orbax Checkpoint Asset Dict Keys

Description When loading a Keras model from an Orbax checkpoint directory, the writenesteddicttodir function uses dict keys from the checkpoint's asset data directly in os.path.join without any path sanitization. A crafted Orbax checkpoint can include absolute paths or path traversal sequences .....

6AI score
Exploits0
Huntr
Huntr
added 2026/02/21 6:25 a.m.10 views

Path traversal via startswith() prefix confusion in is_path_in_dir (bypass of CVE-2025-12638 fix)

Description The ispathindir function in keras/src/utils/fileutils.py line 47-48 is a security-critical path validation function introduced as part of the fix for CVE-2025-12638. It is used by both filtersafezipinfos and filtersafetarinfos to validate that archive entries stay within the intended...

8CVSS7.2AI score0.00592EPSS
Exploits0
Huntr
Huntr
added 2025/12/27 4:17 p.m.10 views

Tracing + Assessments Access

This report is not public...

8.1CVSS7.1AI score0.00331EPSS
Exploits1
Huntr
Huntr
added 2025/12/11 10:6 p.m.10 views

Arbitrary file write via tar traversal

Summary A crafted tar.gz passed to MLflow pyfunc extraction is unpacked with tarfile.extractall without path validation. Archive entries containing .. or absolute paths can escape the destination directory and write arbitrary files on the host. This is reachable when users supply prebuiltenvuri o...

9.1CVSS7.5AI score0.00852EPSS
Exploits1
Huntr
Huntr
added 2025/11/11 9:51 a.m.10 views

Unlimited-memory decompression leads to DoS bypassing `--http-max-input-size`

This report is not public...

5.4AI score
Exploits0
Huntr
Huntr
added 2025/08/27 12:0 a.m.10 views

Account takeover due to missing oauth audience verification in google sign in

Description The web application integrates Google OAuth for user authentication. Upon successful Google sign-in and user consent, the application receives a token from Google. This token is used by the web application to fetch user profile information such as email and name and complete the login...

9.3CVSS6AI score0.00417EPSS
Exploits2
Huntr
Huntr
added 2025/07/16 9:46 p.m.10 views

XPath Injection in search_item_ctrl_f Function - Hugging Face Smolagents v1.20.0

The searchitemctrlf function in the Hugging Face Smolagents library is vulnerable to XPath injection. The function simply concatenates user input into an XPath query without sanitizing or escaping the input. Vulnerable Code Location: File: src/smolagents-1.20.0/smolagents/visionwebbrowser.py...

5.4CVSS6AI score0.00252EPSS
Exploits2
Huntr
Huntr
added 2025/04/05 9:22 a.m.10 views

Regular expression Denial of Service - ReDoS in huggingface/transformers

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's Donut processor. The vulnerability exists in the token2json method of the DonutProcessor class, which processes document tokens into JSON format. The regex pattern...

5.3CVSS5.3AI score0.00431EPSS
Exploits1
Huntr
Huntr
added 2025/02/11 11:22 a.m.10 views

Regular expression Denial of Service - ReDoS

Description The preprocessstring function in the transformers.testingutils module uses a regular expression to process code blocks in docstrings. This regular expression has the following structure: codeblockpattern = r"?:python|py\s\n\s ?:.?\n?.?" The segment ?:.?\n?.? contains nested quantifier...

7.5CVSS7.4AI score0.00507EPSS
Exploits1
Huntr
Huntr
added 2024/12/04 12:5 p.m.10 views

Changing the "ID" parameter in the user cookie allows loading the profile picture of other users

Description A vulnerability has been discovered in AnythingLLM Docker that allows users, even with "Default" permission, to obtain other users' profile pictures. Proof of Concept 1 Create a new user with the default role; 2 Log in to the user account you created; 3 Open the browser inspector and...

4.3CVSS6.7AI score0.00453EPSS
Exploits1
Huntr
Huntr
added 2024/11/12 7:10 p.m.10 views

Denial of service through batched queries in GraphQL

This report is not public...

7.5CVSS7.1AI score0.00517EPSS
Exploits1
Huntr
Huntr
added 2024/11/08 4:25 p.m.10 views

Leakage of Langfuse API keys in team exception handling

This report is not public...

7.5CVSS7.7AI score0.00523EPSS
Exploits1
Huntr
Huntr
added 2024/11/07 11:43 a.m.10 views

RCE via Global State Override

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution RCE. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

9.8CVSS8.5AI score0.77951EPSS
Exploits5
Huntr
Huntr
added 2024/11/06 11:42 a.m.10 views

malicious gguf model can be uploaded and created causing division by zero via network, leading to DoS

This report is not public...

7.5CVSS7.7AI score0.13476EPSS
Exploits1
Huntr
Huntr
added 2024/10/10 5:39 a.m.10 views

Patch bypass (Insufficient Patch) of CVE-2024-8736 leads to DoS

This report is not public...

7.5CVSS7.1AI score0.0059EPSS
Exploits2
Huntr
Huntr
added 2023/09/29 5:31 p.m.10 views

Store XSS when Edit label set

Description Store XSS when Edit label set. I noticed, you have filtered the input when creating the label set. But, perhaps you forgot to filter when editing the label set. Proof of Concept 1 .Create a label set 2 .Edit label set with payload : haidoalertdocument.domain 3 .Click Export multiple...

6.3AI score
Exploits0
Huntr
Huntr
added 2023/08/15 6:29 a.m.10 views

Insufficient Session Expiration

Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This can allow an attacker to hijack the user's session and gain unauthorized access to the application. The web application m...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/06/28 8:28 a.m.10 views

Stored XSS in label function

Description By Injecting the payloads to the fields dataToSend, users who visited "Label sets list" screen maybe compromises Proof of Concept Step 1: Login as a user who has permission to edit the Label. Go to the label function and view a label Step 2: Inject the payload to the Code field as the...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/26 3:32 p.m.10 views

IDOR in notification function

Description By manipulating the notId, a user can view the notification of other users Proof of Concept Step 1: Login as user demo, click on a notification and see that the notification has a notId as 227. Step 2: Open another browser and login as user. Step 3: Access the URL to view the...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/18 6:48 a.m.10 views

Broken Authentication

Description I tested the demo site you provided. I see that there is an Broken Authentication vulnerability in Administration: CPU stats API. The Administration: CPU stats API does not validated user permissions. Proof of Concept link video PoC https://screenpal.com/watch/c01F1bVBmX1 Step 1. In t...

6.8AI score
Exploits0References1
Huntr
Huntr
added 2023/06/14 6:28 p.m.10 views

The user can delete himself

Description Bypassing the conditional check leads to the user can delete himself. Proof of Concept Step 1: The user with id 18834 attempts to delete himself but encounter an error Step 2: By using userid=18834' instead of userid=18834, the user was able to successfully delete himself...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/14 5:7 p.m.10 views

Able to change username that is by default unchangeable

Description The website receives input from the user that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. Proof of Concept Step 1: We have a user with ID 18833 and the...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/05/30 3:24 a.m.10 views

Stored XSS in End page

Description Allows a user who only has the authority to create surveys not the administrator to bypass validation and embed javascript schemes when creating surveys Step to reproduce - Login as administrator 1. Open User management and Create a user with create surveys only permissions. 1. Logout...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/05/25 9:47 a.m.10 views

Partial Local file inclusion

Description An authenticated user can extend the range of the web application's folder context and can dig out to OS level. To reproduce the issue, please authenticate to the web application, and simply open the following URL in the browser:...

6.8AI score
Exploits0
Total number of security vulnerabilities4072