Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/07/09 3:4 p.m.7 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

✍️ Description pimcore is a Open Source Data & Experience Management Platform PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce this package is vulnerable for Stored XSS thru gender tag 🕵️‍♂️ Proof of Concept 💥 Impact This vulnerability is capable of stored xss 📍 Location Gender.phpL21...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/07/05 5:39 p.m.7 views

Cross-site Scripting (XSS) - Stored in sylius/sylius

✍️ Description Open Source eCommerce Platform on Symfony this package vulnerable for stored xss thru svg files 🕵️‍♂️ Proof of Concept https://i.imgur.com/UNqIg8l.mp4 💥 Impact This vulnerability is capable of XSS...

0.2AI score0.00239EPSS
Exploits0
Huntr
Huntr
added 2021/07/05 6:23 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description I found a stored XSS in your project which is lead by adding Units description. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Create a Unit. 2. Enter " in the description. 3. Save and you will see XSS. 💥 Impact This vulnerability is capable of stored XSS...

1.2AI score
Exploits0
Huntr
Huntr
added 2021/07/04 5:20 p.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG Stored xss via signup page 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageSettings.php and click on Sign Up tab . Here allow signup.\ now put bellow xss...

2.6AI score
Exploits0
Huntr
Huntr
added 2021/07/04 6:11 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS on the user profile edit page which occurs due to improper sanitization of the Address field as tested on the latest release. 🕵️‍♂️ Proof of Concept Step to reproduce: Go to /admin/pageSettings.php?search-settings=smtp and the payload: ""@x.y in the "Senders...

5.9AI score
Exploits0
Huntr
Huntr
added 2021/07/03 12:24 p.m.7 views

Cross-Site Request Forgery (CSRF) in bigprof-software/online-rental-property-manager

✍️ Description The app/admin/pageDeleteMember.php?memberID= does not have a CSRF protection. This could be used by attackers to trick the admin to delete a member from their system. 🕵️‍♂️ Proof of Concept For this attack to work, a logged in admin, should visit the POC page...

2.6AI score
Exploits0References1
Huntr
Huntr
added 2021/07/03 9:25 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss via employmentandincomehistoryview 🕵️‍♂️ Proof of Concept plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1wmBmdvdHTLORNc9det4HYj1Dtfd97Y/view?usp=sharing...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/07/03 3:47 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored xss in pageTransferOwnership.php where sourceMemberID parameter leads to xss which gets stored in pageViewRecords.php 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Go to admin account 2. Visit URL /app/admin/pageTransferOwnership.php?sourceGroupID=2&sourceMemberID="alert1 💥...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/07/03 2:33 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description There is a stored xss in member profile in the full name 🕵️‍♂️ Proof of Concept Steps to Reproduce: 1. Create a member account. 2. Login into the member account. 3. Enter the s"' payload in the Full Name field. 4. Update the profile and You will see an alert. 💥 Impact Stored XSS...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/06/30 8:58 a.m.7 views

Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system

✍️ Description There is a Stored XSS in the online invoicing system which could be exploited by any user who has permission to add the invoice. when a comment is added during the creation of invoices by any user then due to improper sanitization XSS payload gets triggered. 🕵️‍♂️ Proof of Concept...

0.4AI score
Exploits0
Huntr
Huntr
added 2021/06/27 3:42 a.m.7 views

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description Unsanitized user input leads to command injection. 🕵️‍♂️ Proof of Concept // PoC whatweb CI https://drive.google.com/file/d/1mrYiu7oTaAm2qjLDKz23VMUkiujafTh/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/06/25 10:53 a.m.7 views

in hascheksolutions/opentrashmail

✍️ Description Attackers can control the filesystem path argument to readfile at api.php line 35 for ?email= parameter, which allows them to access or modify otherwise protected files. Analysis Trace: 1. application take unsensitized input at: $email = strtolower$REQUEST'email'; 2. Assigning user...

2.5AI score
Exploits0References1
Huntr
Huntr
added 2021/06/23 7:41 a.m.7 views

Heap-based Buffer Overflow in rup0rt/pcapfix

Description A heap over flow was found in pcapfix in function fixpcapng in pcapng.c at line 1571 Test version : 1.1.6 2fe168e Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept CFLAGS="-fsanitize=address" make ./pcapfix poc poc is attatched in reference link c ==618350==ERROR:...

7.1AI score
Exploits0References1
Huntr
Huntr
added 2021/06/20 5:16 p.m.7 views

Server-Side Request Forgery (SSRF) in kalcaddle/kodexplorer

✍️ Description SSRF via SVG due to improper processing of SVG files. 🕵️‍♂️ Proof of Concept Payload: https://drive.google.com/file/d/1q-GHJ01p8Ssok1GWN-QxSznBy1JGvY8x/view?usp=sharing Download and upload it on the server and run the server on port 8000 and then view the file. 💥 Impact This...

1AI score
Exploits0
Huntr
Huntr
added 2021/06/20 9:50 a.m.7 views

None in babybuddy/babybuddy

✍️ Description Improper restriction at login portal which lets an attacker brute force user's accounts. 🕵️‍♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1udzAGroSqDbEqPRYlUzv7bHgHq7oMNuk/view?usp=sharing You will get 200 for incorrect as it opens the same page for login and 302...

1AI score
Exploits0
Huntr
Huntr
added 2021/06/08 4:24 p.m.7 views

in kestasjk/webdiplomacy

✍️ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The file https://github.com/kestasjk/webDiplomacy/blob/07de41f21192b0b611af343bc0d880c1de78d194/header.php does not set the response header X-Frame-Options: DENY. This issue can be found from...

0.9AI score
Exploits0References2
Huntr
Huntr
added 2021/06/02 5:36 p.m.7 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Reflected XSS in shutdownRemoteFPP.php when a user asked to provide an IP in URL, resulting in XSS 🕵️‍♂️ Proof of Concept https://drive.google.com/file/d/1RXF4AO1j7OFfr7RhU1ZM0yPftd0qsxHt/view?usp=sharing payload: alert111 💥 Impact This vulnerability is capable of Reflected XSS...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/05/31 12:36 p.m.7 views

Cross-site Scripting (XSS) - Stored in typecho/typecho

💥 BUG Stored xss against higher level user 💥 IMPACT I see there is no xss protection in post writing ,allow to execute javascript command .\ There is many type of role like admin,contributor etc .\ So, here contributor user can write a post with xss payload and when admin open this post then xss ...

Exploits0
Huntr
Huntr
added 2021/05/30 5:12 p.m.7 views

Classic Buffer Overflow in falconchristmas/fpp

✍️ Description Hi, There are multiple .bss buffer overflows in https://github.com/FalconChristmas/fpp/blob/f4a1621c8be15a41305269830b700a2b5443aa0f/src/fpp.cL64 : c char command8192; char response256; // int main int argc, char argv memsetcommand, 0, sizeofcommand; SetupDomainSocket; ifargc1 //...

0.9AI score
Exploits0
Huntr
Huntr
added 2021/05/29 8:43 p.m.7 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, In https://github.com/FalconChristmas/fpp/blob/123cdf2eb11062766da333a7a4d85bc0bf620e47/www/virtualdisplay.phpL14 you create a variable canvasWidth that will be used and reflected multiple times without sanitizing user input : php Later in the script : another PHP file will be...

Exploits0
Huntr
Huntr
added 2021/05/29 3:23 a.m.7 views

Heap-based Buffer Overflow in mcfriend99/bird

✍️ Description Heap-based Write Violation. Certain input programs can result in write access violations by the syntax checker component of the interpreter. One such program writes 23 bytes onto the heap outside of bounds and may result in arbitrary code execution and memory leaks. 🕵️‍♂️ Proof of...

Exploits0
Huntr
Huntr
added 2021/05/22 6:10 p.m.7 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can download file of a agenda 💥 IMPACT user dont have access to specific agenda but still can download file uploaded to this agenda . 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/05/21 10:58 p.m.7 views

Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr

✍️ Description dolibarr is vulnerable to XSS. It is possible to upload SVG files containing JavaScript code. 🕵️‍♂️ Proof of Concept SVG file content: html alertdocument.domain; 1. With an authenticated user, access http://localhost/societe/card.php?action=create&leftmenu=. 2. Write any content in...

Exploits0
Huntr
Huntr
added 2021/05/21 9:15 p.m.7 views

Heap-based Buffer Overflow in croatiacontrolltd/asterix

✍️ Description Whilst experimenting with asterix, built from commit f44cfea, compiled with Clang 10 + ASan on Ubuntu 20.04.2 LTS, we are able to induce a heap-buffer-overflow in DataItemBits::getBits asterix/src/asterix/DataItemBits.cpp:125. Since there is no bounds checking, when the software...

0.4AI score
Exploits0References1
Huntr
Huntr
added 2021/05/20 9:53 p.m.7 views

in koel/koel

✍️ Description Koel is lacking any form of rate limiting in the login form, thus allowing an attacker to brute force their way in. 🕵️‍♂️ Proof of Concept - Spin up an instance of Koel. - Open up burpsuite and capture a login request, send it to intruder, set your options and run. - 401 is shown...

2.2AI score
Exploits0
Huntr
Huntr
added 2021/05/17 7:59 p.m.7 views

Cross-site Scripting (XSS) - Stored in knadh/listmonk

✍️ Description Hello, I found stored xss on Logs while creating new campaign works with other stuff not only campaign 🕵️‍♂️ Proof of Concept https://drive.google.com/file/d/1Y5CMQdfzzdWwcCsQ8y85GgWPOilJVOgo/view?usp=sharing sorry for bad quality Payload: asdf" 💥 Impact xss...

Exploits0References2
Huntr
Huntr
added 2021/05/12 1:56 p.m.7 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description FalconChristmas/fpp suffer from a XSS vulnerability. In https://github.com/FalconChristmas/fpp/blob/master/www/playlists.phpL15 we see : php var initialPlaylist = ""; XSS is possible because the playlist variable isn't sanitized before reflection in the webpage. 🕵️‍♂️ Proof of...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/05/06 12:25 a.m.7 views

Cross-site Scripting (XSS) - Reflected in coppermine-gallery/cpg1.6.x

✍️ Description Coppermine is vulnerable to XSS attacks on /plugins/uploadh5a/help.php because it doesnt sanitize user supplied parameters as shown below. Vulnerable variable: t Method: GET The $styles variable is constructed using the user supplied data, and then is echo in the response. $styles =...

0.6AI score
Exploits0References2
Huntr
Huntr
added 2021/03/26 11:46 a.m.7 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/01/10 12:0 a.m.7 views

Prototype Pollution in indlekofer/object_set

Description Prototype Pollution in @indlekofer/objectset Proof of Concept 1. Create the following PoC file: // poc.js var objectSet = require"@indlekofer/objectset" var obj = console.log"Before : " + .polluted; objectSet.defaultobj,"proto","polluted","Yes! Its Polluted"; console.log"After : " +...

2AI score
Exploits0
Huntr
Huntr
added 2021/01/07 12:0 a.m.7 views

Code Injection in facebookresearch/parlai

Description ParlAI pronounced “par-lay” is a python framework for sharing, training and testing dialogue models, from open-domain chitchat to VQA Visual Question Answering. Vulnerability description Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Run exploit.p...

2.1AI score
Exploits0References1
Huntr
Huntr
added 2026/04/04 8:35 p.m.6 views

Lambda Layer `safe_mode=None` Guard Bypass — Arbitrary Code Execution via `from_config()`

This report is not public...

9.8CVSS7.2AI score0.00397EPSS
Exploits1
Huntr
Huntr
added 2026/03/28 9:40 a.m.6 views

XSS via unsanitized `text/vnd.mermaid` output in nbconvert HTML export

This report is not public...

5.4CVSS6AI score0.00134EPSS
Exploits0
Huntr
Huntr
added 2026/03/19 7:12 a.m.6 views

Unauthenticated remote shutdown in nltk.app.wordnet_app

This report is not public...

7.5CVSS7.3AI score0.00325EPSS
Exploits0
Huntr
Huntr
added 2026/02/11 9:16 a.m.6 views

Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution

Description Analyzed project version: MLflow 3.9.0 /version, commit 6e61043b0ff5d845bea479d7e7ea24dcd4b2c629. In MLflow 3.9.0, a new feature called MLflow Assistant was introduced, intended only for local development and designed to integrate with Claude Code accepting requests only from loopback...

9.6CVSS7.9AI score0.00371EPSS
Exploits1
Huntr
Huntr
added 2026/01/12 2:22 a.m.6 views

XSS in Chat Message Leads to Account Tackover

Description The vulnerability resides in the data persistence layer of the application. The fromdict method in the AppLollmsMessage class acts as a "sink" for raw data. It retrieves the content value from an input dictionary and assigns it directly to the object without any form of sanitization o...

8.2CVSS6AI score0.00258EPSS
Exploits1
Huntr
Huntr
added 2026/01/10 6:22 a.m.6 views

Stored XSS in Home Feed via Post Content Lead to Account Takeover

Description A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of the application. The backend fails to sanitize user-provided content in the post creation endpoint. This allows an attacker to inject and store malicious JavaScript, which is then executed in the...

9.6CVSS7.5AI score0.00405EPSS
Exploits1
Huntr
Huntr
added 2026/01/07 6:18 a.m.6 views

Improper Access Control via Weak JWT Token Leads to Admin Takeover and Privilege Escalation

Description The application's session management is vulnerable to Authorization Bypass and Vertical Privilege Escalation. During dynamic analysis of the application's authentication flow, I discovered that the JSON Web Tokens JWT are signed with a weak secret key. This allowed me to perform an...

9.8CVSS5.9AI score0.0054EPSS
Exploits1
Huntr
Huntr
added 2026/01/06 2:55 p.m.6 views

TFSMLayer bypasses `safe_mode=True`, allowing attacker-controlled code execution during model inference

Summary TFSMLayer allows loading attacker-controlled TensorFlow SavedModels when deserializing a .keras model, even when safemode=True the default. While TensorFlow does not execute SavedModel functions during load, the attacker-controlled graph is registered during deserialization and executes...

8.8CVSS7.8AI score0.00354EPSS
Exploits1
Huntr
Huntr
added 2025/12/29 5:53 p.m.6 views

Unauthenticated File Upload in LollMS

Executive Summary A critical security vulnerability has been identified in LollMS that allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint lacks authentication requirements, contradicting the application's documented "Secure...

9.8CVSS5.8AI score0.0043EPSS
Exploits1
Huntr
Huntr
added 2025/12/29 5:51 p.m.6 views

Server-Side Request Forgery (SSRF) in LollMS Export Content

Executive Summary A security vulnerability has been identified in LollMS that allows Server-Side Request Forgery SSRF attacks through the /api/files/export-content endpoint. The downloadimagetotemp function downloads images from arbitrary user-controlled URLs without validation, allowing attacker...

7.5CVSS6AI score0.01765EPSS
Exploits1
Huntr
Huntr
added 2025/12/29 5:49 p.m.6 views

Insecure Direct Object Reference (IDOR) in LollMS Friend Request Response

Executive Summary A critical security vulnerability has been identified in LollMS that allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function lacks authorization checks, enabling Insecure Direct Object Reference IDOR attacks. Affect...

8.3CVSS5.8AI score0.00268EPSS
Exploits1
Huntr
Huntr
added 2025/12/20 9:56 p.m.6 views

Apache Arrow IPC cached prebuffer path triggers signed integer overflow UB in read-range coalescing

Description Apache Arrow C++ commit d89c14b5d5203bc403fb62060fdf1ef2c0a49339 contains a signed integer overflow undefined behavior in the IO range coalescing logic, specifically in arrow/cpp/src/arrow/io/interfaces.cc:475 arrow::io::internal::CoalesceReadRanges. The overflow is reachable from...

6AI score
Exploits0
Huntr
Huntr
added 2025/12/04 4:26 p.m.6 views

Arbitrary File Read via FileSystemPathPointer + PlaintextCorpusReader (bypass even if nltk.data.find() is patched

This report is not public...

5.3AI score
Exploits0
Huntr
Huntr
added 2025/07/21 5:38 a.m.6 views

SQLite Operator-Based SQL Injection Vulnerability in LangGraph

This report is not public...

7.3CVSS6.9AI score0.00162EPSS
Exploits0
Huntr
Huntr
added 2025/06/13 3:14 p.m.6 views

Brotli decompression bomb DoS

Description urllib3 can not stream brotli-encoded responses properly unlike the way it handles gzip responses. It always loads entire decompressed response body into memory when reading brotli-encoded response, which allows malicious servers to perform DoS attack by responding with decompression...

8.9CVSS6.8AI score0.00633EPSS
Exploits0
Huntr
Huntr
added 2025/06/04 11:14 a.m.6 views

H2O-3 MySQL JDBC Driver Deserialization Vulnerability_Key-Value Bypass Parameter Inspection

Creator: zack H2O-3 Version: 3.46.0.7、3.47.0.6928 MySQL JDBC Driver Version: 8.0.19 JDK Version: 8u112 Description There is a JDBC deserialization vulnerability in the H2O-3 REST API(POST /99/ImportSQLTable) that does not require authentication. This vulnerability can lead to Remote Code Executio...

9.8CVSS7.4AI score0.0064EPSS
Exploits0
Huntr
Huntr
added 2025/05/25 6:55 a.m.6 views

Environment Variable XSS in Analytics Component

Description A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This allows...

9.6CVSS7.5AI score0.00458EPSS
Exploits1
Huntr
Huntr
added 2025/05/01 11:53 a.m.6 views

Regular expression Denial of Service - ReDoS

Description A regular expression denial of service ReDoS vulnerability has been identified in the Hugging Face Transformers library's weight conversion utility. The vulnerability exists in the converttfweightnametoptweightname function, which converts TensorFlow weight names to PyTorch format. Th...

5.3CVSS5.2AI score0.00391EPSS
Exploits1
Huntr
Huntr
added 2025/04/23 9:46 a.m.6 views

Divide By Zero lead to DOS

This report is not public...

7.1AI score
Exploits0
Total number of security vulnerabilities4072