Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/05/29 4:2 p.m.10 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, there is a command injection vulnerability in https://github.com/FalconChristmas/fpp/blob/40a636c6e38442e3674db0b85fdfc5ed8a79b823/www/changebranch.phpL23 php &1"; echo "Command: $command\n"; echo...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/05/29 3:46 a.m.10 views

in mcfriend99/bird

✍️ Description Heap-based 1-byte write violation. Certain programs can cause the parser/syntax-checker to write out of bounds. The below program writes a single byte out of bounds. 🕵️‍♂️ Proof of Concept Program: var a = 'outer' def test var a = 'inner' echo 'It works! $a' echo a echo test test def...

7.3AI score
Exploits0
Huntr
Huntr
added 2021/05/28 4:48 p.m.10 views

in hstm/dotfiles

✍️ Description Owner of this Github repo has inadvertently committed their .pgpass file which contains login information for a localhost PostgreSQL server. We suggest the owner of this Github repo deletes the file from the repo, adds .pgpass to their .gitignore and changes their localhost...

0.2AI score
Exploits0References1
Huntr
Huntr
added 2021/05/24 3:33 a.m.10 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can add personal email to another user. 💥 IMPACT user who dont have any access in "users and groups" can update users personal email. 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B...

0.5AI score
Exploits0
Huntr
Huntr
added 2021/05/21 12:32 p.m.10 views

Improper Access Control in codingtrain/website

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit this link to verify that you can use the service by visiting...

0.5AI score
Exploits0References1
Huntr
Huntr
added 2021/05/21 12:26 p.m.10 views

Improper Access Control in kenzo-404/lynx-userbot

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit this link to verify that you can use the service by visiting...

1.4AI score
Exploits0References1
Huntr
Huntr
added 2021/05/19 7:59 p.m.10 views

SQL Injection in akshayp282/quizx

✍️ Description Course deletion on the teacher portal is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely erase, export or change all information in the database - potentially rendering the entire platform unusable. 🕵️‍♂️ Proof of Concept - Log in to...

1.8AI score
Exploits0
Huntr
Huntr
added 2021/05/19 10:34 a.m.10 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can edit/share linked file of a project . 💥 VIDEO https://drive.google.com/file/d/1YaiG0vjFTuqZRck7dMLqkhT7HSZqaEdu/view?usp=sharing 💥 STEP TO REPRODUCE 1. From admin account add user B as normal user .\ now give user B bellow permission for project module.\ ----Read...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/05/12 2:33 p.m.10 views

OS Command Injection in falconchristmas/fpp

✍️ Description In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/runEventScript.phpL32 a command is built using unsanitized user input : php \n"; echo "\n"; system$SUDO . " $fppDir/scripts/eventScript $scriptDirectory/$script $args"; // scripts and args ar...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/05/06 5:27 p.m.10 views

Improper Privilege Management in chatwoot/chatwoot

✍️ Description Privilege escalation bug to add slack integration by a agent 🕵️‍♂️ Proof of Concept 1. First goto https://app.chatwoot.com/app/accounts/4534/settings/agents/list from admin account and add a user B as agent . Now here user B cant add slack integration 2. Finally from user B account...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/03/26 11:57 a.m.10 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-end" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-end p1-end & p2-end end XSS...

2AI score
Exploits0
Huntr
Huntr
added 2021/03/23 10:10 p.m.10 views

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter 🕵️‍♂️ Proof of Concept Vulnerable parameter: publishondate XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/03/23 6:9 p.m.10 views

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter 🕵️‍♂️ Proof of Concept XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2- Goto Modules=Formbuilder 3- Turn on Burp...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/03/23 6:9 p.m.10 views

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter 🕵️‍♂️ Proof of Concept XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2- Goto Modules=Formbuilder 3- Turn on Burp...

1.3AI score
Exploits0
Huntr
Huntr
added 2021/03/22 5:22 p.m.10 views

Open Redirect in forkcms/forkcms

✍️ Description Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs. When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that...

0.3AI score
Exploits0
Huntr
Huntr
added 2021/03/10 4:11 p.m.10 views

Code Injection in antoinestudio/dok

✍️ Description Dok is a documentation tool/system that converts an architecture of folders and files into a static website that anyone can explore. It can be seen as a personal assistant, it invites you to write, organize and then publish your personal knowledge online. , which is vulnerable to...

2.7AI score
Exploits0References1
Huntr
Huntr
added 2021/02/22 12:0 a.m.10 views

Code Injection in vitessio/arewefastyet

:book: Description arewefastyet Nightly Benchmarks Project, this package is vulnerable for arbitaryCodeexecution https://github.com/cmason3/jinjafx :recycle: Steps To Reproduce-: 0 git clone http://github.com/vitessio/arewefastyet 1 run as in poc.png :telescope: POC 💥 Impact Arbitary code executi...

0.7AI score
Exploits0
Huntr
Huntr
added 2021/01/27 12:0 a.m.10 views

Prototype Pollution in fedeghe/objwun

Description objwun is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const set = require'objwun' console.log'Before: ' + .polluted set, 'proto.polluted', true console.log'After: ' + .polluted 2. Execute the following commands in the...

2AI score
Exploits0
Huntr
Huntr
added 2021/01/10 12:0 a.m.10 views

Prototype Pollution in xiaoyifan6/json-glat

Description json-glat is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var jsonGlat = require"json-glat" console.log"Before : " + .polluted; jsonGlat.parse'proto.polluted': 'Yes! Its Polluted'; console.log"After : " + .polluted; 2. Execute the...

2AI score
Exploits0
Huntr
Huntr
added 2020/12/21 12:0 a.m.10 views

Prototype Pollution in rodrigocmoreira/sgt-fields

Description sgt-fields is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var sgtFields = require"sgt-fields" var obj = console.log"Before : " + .polluted; sgtFields.setobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2...

1.9AI score
Exploits0
Huntr
Huntr
added 2020/12/21 12:0 a.m.10 views

Code Injection in svaarala/duktape

Description Arbitrary Code Excecution in svaarala/duktape/tools/genconfig.py. Duktape - embeddable Javascript engine with a focus on portability and compact footprint. Genconfig is a Process Duktape option metadata and produce various useful outputs. Technical Description This package was...

1AI score
Exploits0References1
Huntr
Huntr
added 2020/10/20 12:0 a.m.10 views

Cross-site Scripting (XSS) - Generic in alibaba/bizcharts

Description bizcharts is vulnerable to Cross-Site Scripting XSS. Steps To Reproduce-: 1. Open NPM repo https://www.npmjs.com/package/bizcharts 2. Open the demo https://bizcharts.net/product/BizCharts4/gallery 3. Select any chartI used pie chart Ex: https://bizcharts.net/product/BizCharts4/demo/37...

Exploits0
Huntr
Huntr
added 2020/09/13 12:0 a.m.10 views

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

Description ForkCMS is an easy to use open source CMS using Symfony Components this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/forkcms/forkcms Steps To Reproduce-: 1 install https://github.com/forkcms/forkcms locally or https://demo.fork-cms.com/private/ use demo...

6.4AI score
Exploits0References1
Huntr
Huntr
added 2026/03/09 12:11 a.m.9 views

Arbitrary File Write via Path Traversal in Malicious NLTK Downloader Index (nltk.downloader.Package.fromxml)

NLTK relies on the nltk.downloader.Downloader class to securely fetch corpora and models. It fetches an index.xml file to map package ids to payload URLs. A critical Arbitrary File Write vulnerability exists in nltk.downloader.Package.fromxml due to a lack of sanitization on the id field. When...

6.4AI score
Exploits0
Huntr
Huntr
added 2026/03/05 7:17 a.m.9 views

AI Gateway secret API accepts `$ENV_VAR` references and can be remotely abused to exfiltrate server-side environment credentials to an attacker-controlled upstream endpoint. And the leaked credentials can be further leveraged to break security boundaries.

Analyzed project versions: Current target branch: master Current HEAD: dc8ef3cbbefccf7384f4e3023492aae635c5d5d0 Fix 403 Forbidden for artifact list via query param when defaultpermission=NOPERMISSIONS 21220, commit date: 2026-03-04 The vulnerability is that AI Gateway secrets allow...

9.1CVSS6.1AI score0.00435EPSS
Exploits1
Huntr
Huntr
added 2026/02/26 12:32 p.m.9 views

`trust_remote_code=False` Bypass in LightGlue Nested Config Resolution (Transformers 5.2.0) Leading to Remote Code Execution During Normal `from_pretrained()` Loading

Description Transformers contains a trust-boundary flaw in the LightGlue loading path. When loading a LightGlue model, LightGlueConfig reads trustremotecode from untrusted model config.json and reuses it for nested AutoConfig.frompretrained... resolution. This allows an attacker-controlled model...

9.6CVSS7.9AI score0.00519EPSS
Exploits1
Huntr
Huntr
added 2026/02/25 7:28 a.m.9 views

Authentication Bypass via endswith() Health Check Exemption Allows Unauthenticated Access to Variables/Secrets in prefecthq/prefect

Description When PREFECTSERVERAPIAUTHSTRING is configured, Prefect Server's authentication middleware exempts any URL path ending with "health" or "ready" to allow health check probes. However, multiple API endpoints accept user-controlled string names as URL path parameters e.g.,...

7.5CVSS7.1AI score0.00476EPSS
Exploits1
Huntr
Huntr
added 2025/12/09 7:18 p.m.9 views

Arbitrary File Read via Absolute Path Input in nltk.util.filestring() enabling Local & Remote File Disclosure

This report is not public...

8.6CVSS5.8AI score0.00428EPSS
Exploits1
Huntr
Huntr
added 2025/06/29 4:34 p.m.9 views

Insecure Temporary File Handling Vulnerability in llama-index-core

Description The getcachedir function in llama-index-core uses a predictable, hardcoded directory path /tmp/llamaindex on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct...

7.3CVSS7.1AI score0.00134EPSS
Exploits0
Huntr
Huntr
added 2025/06/25 9:54 a.m.9 views

Incorrect Access Control check results in authorization bypass

Description When setting the access control for users, an incorrect access check allows for the bypass of authorization, due to the incorrect use of .some Proof of Concept 1. This is for a scenario, where I admin have created a custom agent and want everyone on the platform to use it, without bei...

5.3CVSS6.1AI score0.00256EPSS
Exploits0
Huntr
Huntr
added 2025/06/22 8:34 a.m.9 views

Improper Access Control in Socket.IO Event Handlers Allows Unauthenticated Execution of Sensitive Actions

1. Summary Vulnerability: Unauthenticated Access to Sensitive Socket.IO Events Affected Component: lollmsgenerationevents.py in the lollms server Root Cause: Sensitive actions exposed via Socket.IO events lack authentication and authorization checks, and the application relies on insecure global...

8.2CVSS7.3AI score0.00436EPSS
Exploits0
Huntr
Huntr
added 2025/06/18 1:55 p.m.9 views

Regular Expression Denial of Service (ReDoS) in AdamWeightDecay Optimizer

The AdamWeightDecay optimizer is vulnerable to Regular Expression Denial of Service ReDoS. If an attacker can control the patterns in the includeinweightdecay or excludefromweightdecay lists, they can provide a malicious regular expression that causes catastrophic backtracking. When the optimizer...

7.5CVSS6.3AI score0.00467EPSS
Exploits1
Huntr
Huntr
added 2025/06/09 5:2 p.m.9 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's CLVP number normalizer. The vulnerability exists in the normalizenumbers method of the EnglishNormalizer class, which converts numeric strings to their English wor...

5.3CVSS6.2AI score0.00349EPSS
Exploits1
Huntr
Huntr
added 2025/06/03 5:9 a.m.9 views

Mysql Jdbc Attck about CVE-2024-45758 and CVE-2024-10553 Bypass

Summary Attackers can exploit this vulnerability to read any system file and even execute arbitrary code through deserialization Details https://github.com/h2oai/h2o-3/commit/ac1d642b4d86f10a02d75974055baf2a4b2025ac Affected Version: The latest master branch Build project version: 3.47.0.99999...

9.8CVSS7.5AI score0.12993EPSS
Exploits2
Huntr
Huntr
added 2025/04/01 12:20 p.m.9 views

Arbitary file read through path traversal

Description: The code in genericutils.py has a path traversal vulnerability, which allows an attacker to control the file path provided to the ImageDocument class. This can lead to the reading of arbitrary files on the server, including sensitive system files, through base64 encoding and decoding...

7.5CVSS7.2AI score0.00545EPSS
Exploits1
Huntr
Huntr
added 2025/03/24 2:50 p.m.9 views

Using Mermaid to cause JS memory overflow and service downtime

Description Librechat has many means of limiting the rate, which can be found at https://www.librechat.ai/docs/configuration/librechatyaml/objectstructure/configratelimits. However, it can be found that the Fork Function in /api/convos/fork is not restricted, which allows attackers to fork...

5.7CVSS7AI score0.00279EPSS
Exploits0
Huntr
Huntr
added 2025/03/23 5:21 p.m.9 views

Timing attacks to guess password in lollms_authentication.py

Description The authenticateuser function in /server/endpoints/lollmsauthentication.py is vulnerable to timing attacks that can be exploited to: Enumerate valid usernames. Guess passwords incrementally by analyzing response time differences. Explanation of the vulnerability def...

7.5CVSS6.9AI score0.00371EPSS
Exploits0
Huntr
Huntr
added 2025/03/11 10:51 p.m.9 views

Uncontrolled Memory Consumption in `SimpleDirectoryReader` Due to Post-Limit File Processing

Description Summary: The SimpleDirectoryReader component in llamaindex.core contains a resource management flaw where user-specified file limits numfileslimit are applied after fully enumerating and loading all discovered files into memory. This design causes uncontrolled memory consumption and...

5.3CVSS7.5AI score0.0037EPSS
Exploits0
Huntr
Huntr
added 2024/11/14 4:44 p.m.9 views

Logging into webui as view only internal user provides overly privileged bearer key

Description When an user with the role "internaluserviewer" logs into the application they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the application. The following steps are taken: An admin creates an Internal User with the role...

8.1CVSS8.7AI score0.00315EPSS
Exploits0
Huntr
Huntr
added 2024/11/07 11:43 a.m.9 views

RCE via Global State Override

This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution RCE. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the...

9.8CVSS8.5AI score0.77951EPSS
Exploits5
Huntr
Huntr
added 2024/11/06 1:20 p.m.9 views

A malicious gguf model can lead to DoS due to unchecked array bound access via network

This report is not public...

7.1AI score
Exploits0
Huntr
Huntr
added 2024/10/31 1:49 p.m.9 views

CSRF ON SIGNUP PAGE

CSRF ON CREATING A NEW USER in mlflow/mlflow Reported on Oct 31st 2024 The Signup feature of Mlflow is vulnerable to CSRF attack that allow attacker to create a new account. This may be used to perform unauthorised actions on behalf of the malcious user . Proof of Concept : An attacker can use CS...

7.1CVSS5.7AI score0.00202EPSS
Exploits1
Huntr
Huntr
added 2024/10/23 4:53 p.m.9 views

XSS by uploading pdf file

This report is not public...

5.4CVSS7.1AI score0.00359EPSS
Exploits1
Huntr
Huntr
added 2023/10/11 4:58 p.m.9 views

2 FPE in MP4Box

Description 2 FPE in MP4Box Version $ ./MP4Box -version MP4Box - GPAC version 2.3-DEV-rev566-g50c2ab06f-master Platform $ uname -a Linux user-GE40-2PC-Dragon-Eyes 6.2.0-33-generic 3322.04.1-Ubuntu SMP PREEMPTDYNAMIC Thu Sep 7 10:33:52 UTC 2 x8664 x8664 x8664 GNU/Linux Reproduce ./MP4Box -dash 100...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/09/26 5:46 p.m.9 views

Add arbitrary users to the user group

Description Add arbitrary users to the user group Proof of Concept 1 .Administrator user haido456 creates a user group name : group456 2 .User hai123 has general user rights but has the right to add arbitrary users to the user group: group456 3 .This includes users that the admin does not want...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/09/03 6:50 a.m.9 views

Store DOM XSS when create survey

Description I noticed, your website is very secure. But you overlooked a flaw Store DOM XSS . Proof of Concept Detail: 1 .Login vs admin demo account 2 .Create new survey , insert payload in to Survey title: test" onclick = "alertdocument.domain" 3 . Click create == detect Store DOM XSS Video Poc...

6.1AI score
Exploits0
Huntr
Huntr
added 2023/08/22 6:50 a.m.9 views

BrowserView Allows Popups, which leads to Remote Code Execution

Description The Application has a functionality that allows users to add URLs for custom Webservices. If a user adds a URL containing malicious code, then it can be used to open a new Browser Window, which will lead to Remote Code Execution on the victims computer. Proof of Concept ATTACKER SETUP...

7.6AI score
Exploits0
Huntr
Huntr
added 2023/08/08 10:47 a.m.9 views

Self XSS in "Content Types / Add Content Type"

Description Add payload to field System name: Proof of Concept https://drive.google.com/file/d/1xJ24a3HveP4dpKXF5zmtsNIa2-wweoA/view?usp=sharing...

6.9AI score
Exploits0References1
Huntr
Huntr
added 2023/08/07 10:40 a.m.9 views

stored XSS Bypass in the TAGS Section and other places in the application

Hello, I was able to bypass the XSS Protection and get a stored XSS using the XSS Payload in the Video and Screenshots. Thank you for your time and effort. Best regards Ahmed Hassan...

6.2AI score
Exploits0References4
Huntr
Huntr
added 2023/07/15 8:36 p.m.9 views

Potential XSS injection in stuff and say attributes

Description The stuff and say attributes are not sanitized before being used in innerHTML. Because of this, they could be used to inject arbitrary JS in the page. Proof of Concept html obfumatic XSS "Fallback text...

6.9AI score
Exploits0
Total number of security vulnerabilities4072