Lucene search
K
HuntrMost viewed

4072 matches found

Huntr
Huntr
added 2021/06/20 1:21 a.m.6 views

in polonel/trudesk

✍️ Description trudesk is vulnerable to arbitrary file upload. The app is allowing upload files, such as text/html. Consequently, It is possible to exploit XSS. 🕵️‍♂️ Proof of Concept 1. Create a ticket. 2. Access the ticket created and upload an HTML file which contains . 3. Access the HTML file...

1AI score
Exploits0
Huntr
Huntr
added 2021/06/19 3:6 a.m.6 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

✍️ Description trudesk is vulnerable to XSS via chat. 🕵️‍♂️ Proof of Concept 1. Send a message with the content . PoC video 💥 Impact JavaScript code execution...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/06/02 5:27 p.m.6 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Reflected XSS in playlists.php when a user asked to add a note in Sequence Entry, resulting in XSS. 🕵️‍♂️ Proof of Concept https://drive.google.com/file/d/1uU9IxbH3A45V8BSgtFOBrc5Gwj7S7k56/view?usp=sharing 💥 Impact This vulnerability is capable of doing Reflected XSS...

0.8AI score
Exploits0
Huntr
Huntr
added 2021/05/30 6:5 p.m.6 views

Stack-based Buffer Overflow in falconchristmas/fpp

✍️ Description Hi, there is a stack based buffer overflow in https://github.com/FalconChristmas/fpp/blob/f4a1621c8be15a41305269830b700a2b5443aa0f/src/command.cL131 : When ./fpp is running it can send commands to ./fppd, a daemon that runs a main loop and listen for incoming socket connections : In...

0.6AI score
Exploits0
Huntr
Huntr
added 2021/05/29 8:13 p.m.6 views

Cross-site Scripting (XSS) - Reflected in falconchristmas/fpp

✍️ Description Hi, few days ago I reported this vulnerability : https://huntr.dev/bounties/8-other-FalconChristmas/fpp/ There were 2 XSS vectors in https://github.com/FalconChristmas/fpp/blob/f032d800a67ed280f8d577d95519a71c95114579/www/runEventScript.phpL41 : php \n"; // 1 // else ? ERROR: Unknow...

Exploits0
Huntr
Huntr
added 2021/05/29 5:11 p.m.6 views

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, a command is built without filtering user input in https://github.com/FalconChristmas/fpp/blob/cc026bd238b641ad147a3f8e1df47052e34f16d3/www/copyFilesToRemote.phpL50 php $ip = $GET'ip'; // $command = "rsync -rtDlv --modify-window=1 $compress --stats $fppHome/media/$dir/...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/05/23 4:46 a.m.6 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can attach agenda with leave. 💥 IMPACT user who dont have any access in leave can add agenda to this leave 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user B bellow permission for Agenda...

1.1AI score
Exploits0
Huntr
Huntr
added 2021/05/22 6:30 p.m.6 views

Improper Privilege Management in dolibarr/dolibarr

💥 BUG unprivileged user can see task associated with a project 💥 IMPACT user dont have access to specific project but still can see task attached to this project . 💥 TESTED VERSION dolibarr 14.0.0-beta 💥 STEP TO REPRODUCE 1. First goto admin account and add user B as normal user .\ Now give user ...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/05/17 9:3 a.m.6 views

Cross-site Scripting (XSS) - DOM in apexcharts/apexcharts.js

✍️ Description Last version of Apexcharts.js is vulnerable to Cross-Site Scripting XSS 🕵️‍♂️ Proof of Concept Simply try one of the examples provided in samples/vanilla-js/scatter/scatter-images.html in this way: javascript var options = series: name: 'Messenger', data: 16.4, 5.4, ..... , name:...

2.1AI score
Exploits0
Huntr
Huntr
added 2021/05/15 1:20 p.m.6 views

Cross-site Scripting (XSS) - Generic in utmsigep/member-directory

✍️ Description Non-administrative functions display success banners after multiple actions that reflect user-input directly without sanitization. 🕵️‍♂️ Proof of Concept Donation Creation and Update - Donations - New Donation - Enter XSS payloads into the fields Last Name, First Name and Receipt ID,...

1AI score
Exploits0
Huntr
Huntr
added 2021/05/13 7:20 a.m.6 views

in cythron/tweango

✍️ Description The Django secret key was hard coded in the Github repository which is vulnerable as https://huntr.dev/bounties/1-other-cythron/Tweango/ accordingly. Since the GitHub public API monitor every single git commit that is made, attacker can still find the key from commit lists. = It is...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2021/02/09 12:0 a.m.6 views

Prototype Pollution in borderlesslabs/assign

Description @borderlesslabs/assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var a = require"@borderlesslabs/assign" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted;...

2AI score
Exploits0
Huntr
Huntr
added 2021/02/04 12:0 a.m.6 views

Command Injection in totaljs/framework

Description Command Injection in total.js Proof of Concept 1. Create the following PoC file: // poc.js const total = require'total.js'; let image = Image.load""; let payload = ";touch HACKED;"; image.pipenull,payload; 2. Execute the following commands in terminal: npm i total.js Install affected...

1.2AI score
Exploits0
Huntr
Huntr
added 2020/12/21 12:0 a.m.6 views

Code Injection in mozilla/deepspeech

Description Arbitrary Code Excecution in mozilla/DeepSpeech.DeepSpeech is an open source embedded offline, on-device speech-to-text engine which can run in real time on devices ranging from a Raspberry Pi 4 to high power GPU servers. Technical Description This package was vulnerable to Arbitrary...

0.8AI score
Exploits0References1
Huntr
Huntr
added 2020/07/30 12:0 a.m.6 views

Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Description dolibarr is a modern and easy to use web software to manage your business. The error page is vulnerable to self XSS because of lack of escaping on $SERVER'HTTPUSERAGENT' variable before printing it. The flaw is in the dolprinterror function in the htdocs/core/lib/functions.lib.php fil...

0.5AI score
Exploits0
Huntr
Huntr
added 2026/04/01 12:14 a.m.5 views

Arbitrary File Read via Percent-Encoded Path Traversal in nltk.data.find() / nltk.data.load() - Incomplete Fix of Issue #3504

This report is not public...

7.5CVSS7.1AI score0.0051EPSS
Exploits1
Huntr
Huntr
added 2026/03/28 9:40 a.m.5 views

XSS via unsanitized `text/vnd.mermaid` output in nbconvert HTML export

This report is not public...

5.4CVSS6AI score0.00134EPSS
Exploits0
Huntr
Huntr
added 2026/03/12 3:45 p.m.5 views

Uncontrolled Search Path in HunposTagger Allows Untrusted Local Binary Selection in nltk/nltk

This report is not public...

5.3AI score
Exploits0
Huntr
Huntr
added 2026/01/08 2:20 a.m.5 views

Session is not expiring after password resetting

This report is not public...

4.1CVSS5.9AI score0.0021EPSS
Exploits0
Huntr
Huntr
added 2026/01/07 1:6 p.m.5 views

Path Traversal in Agent Flows via `uuid` (Arbitrary .json File Read/Delete)

Description : Summary I discovered a Path Traversal vulnerability in the AgentFlows component that allows reading and deleting arbitrary .json files on the server. The issue stems from the improper usage of path.join combined with normalizePath. The application resolves the file path using user...

9.1CVSS7.1AI score0.00809EPSS
Exploits1
Huntr
Huntr
added 2025/12/26 3:34 p.m.5 views

Airflow externalLogUrl Permission Bypass

1. Summary The externalLogUrl endpoint in Airflow’s FastAPI enforces only the weaker Task Instance access permission TASKINSTANCE instead of the intended Task Logs permission TASKLOGS. As a result, low-privileged users who are not authorized to view task logs can still obtain external log access...

6.1AI score
Exploits0
Huntr
Huntr
added 2025/12/14 3:18 a.m.5 views

Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator

A High severity Unsafe Deserialization vulnerability exists in the airflow.providers.http package. The HttpOperator uses pickle.loads to deserialize untrusted data received from the Triggerer service via the database in the executecomplete method. This allows an attacker who has gained write acce...

6.4AI score
Exploits0
Huntr
Huntr
added 2025/12/04 4:26 p.m.5 views

Arbitrary File Read via FileSystemPathPointer + PlaintextCorpusReader (bypass even if nltk.data.find() is patched

This report is not public...

5.3AI score
Exploits0
Huntr
Huntr
added 2025/08/21 9:10 p.m.5 views

Authorization Bypass in MLflow Basic Auth (unprotected Flask/GraphQL routes)

This report is not public...

6.9AI score
Exploits0
Huntr
Huntr
added 2025/08/01 7:59 p.m.5 views

Insecure API Design: Able to Disable 2-Factor Authentication Without OTP or Backup Code

Description There is a minor issue in the 2-Factor Authentication 2FA flow. when a user tries to disable 2FA from the dashboard, the system should ask for a valid OTP or backup code and verify it through the following API: POST /api/auth/2fa/verify HTTP/1.1 Host: 127.0.0.1:3080 User-Agent:...

8.8CVSS6.1AI score0.00419EPSS
Exploits1
Huntr
Huntr
added 2025/06/23 8:59 a.m.5 views

Bypass of Mysql Jdbc Attck for CVE-2025-6507

Credits Le1ahttps://github.com/Le1a A1kaidhttps://github.com/for-A1kaid ph0ebushttps://github.com/ph0ebus Description Attackers can exploit this vulnerability to read any system file and even execute arbitrary code through deserialization. The project manager fixed CVE-2025-6507 which I discovere...

9.8CVSS7.5AI score0.12993EPSS
Exploits1
Huntr
Huntr
added 2025/04/03 1:6 a.m.5 views

Denial of Service via `Uncontrolled Recursive` JSON Parsing in `JSONReader`

Description The JSONReader in llamaindex is vulnerable to stack overflow when processing deeply nested JSON, leading to a RecursionError. Attackers can exploit this to trigger Denial of Service DoS by submitting malicious JSON, crashing applications before input validation. This impacts...

6.5CVSS7.8AI score0.00338EPSS
Exploits1
Huntr
Huntr
added 2025/04/01 10:18 p.m.5 views

Hardlink-Based Path Traversal in ObsidianReader

Overview A vulnerability has been identified in the ObsidianReader class from llamaindex.readers.obsidian. This vulnerability allows an attacker to bypass the path restriction mechanism using hardlinks , enabling unauthorized access to sensitive system files such as /etc/passwd. Affected Componen...

6.2CVSS6.8AI score0.0029EPSS
Exploits1
Huntr
Huntr
added 2025/03/31 2:13 p.m.5 views

XSS vulnerability exists in some specific browsers

Description The XSS vulnerability cannot be triggered in Chrome, but it is triggered when using Firefox and the latest version of Firefox. Since Firefox is widely used, when the administrator uses Firefox to view the relevant interface, the XSS vulnerability will be triggered, resulting in the...

8CVSS6AI score0.00341EPSS
Exploits1
Huntr
Huntr
added 2025/03/07 1:35 p.m.5 views

MD5 Hash Collision Causes Overwriting of Papers with the Same Title, Leading to Data Loss

Description The ArxivReader class in LlamaIndex is responsible for searching for papers on ArXiv, downloading them, and processing them for AI model training. The workflow of ArxivReader is as follows: 1. The user searches for a specific topic on ArXiv, retrieving a list of relevant papers. impor...

5.3CVSS6.6AI score0.00281EPSS
Exploits1
Huntr
Huntr
added 2025/02/25 10:4 a.m.5 views

SQL Injection in DuckDBVectorStore via delete can lead to RCE

Description The delete function in DuckDBVectorStore easily attacks SQL when the attack controls the refdocid parameter.This can help attackers read and write arbitrary files on the server and lead to rce. ddbquery = f""" DELETE FROM self.tablename WHERE jsonextractstringmetadata, '$.refdocid' =...

9.8CVSS7.7AI score0.00705EPSS
Exploits1
Huntr
Huntr
added 2024/11/26 7:9 a.m.5 views

Remote Code Execution via Unsafe Torch Load in TransfoXLCorpus

Description This is a new bypass to the patch of my previous report, in which the maintainers only apply the "TRUSTREMOTECODE" to guard the vulnerable code of vocabdict = pickle.loadf, but overlooked another vulnerable code of corpusdict = torch.loadresolvedcorpusfile without setting...

7.6AI score
Exploits0
Huntr
Huntr
added 2024/11/09 10:52 a.m.5 views

Arbitrary file deletion on Windows via the '/v1/agent/hub/update' endpoint.

This report is not public...

8.2CVSS7.1AI score0.00514EPSS
Exploits1
Huntr
Huntr
added 2024/11/08 6:21 a.m.5 views

multer(file upload middleware in express) misused, lead to remote code execution

Description Librechat use multer to handle multi-part file upload. multer library will deal with '../' kind of path traversal, then let the programmer decide the actual filename, then join the path to write the upload the file. this means, if '../' is provided by the user of librechat, multer wil...

8.8CVSS9.2AI score0.01622EPSS
Exploits1
Huntr
Huntr
added 2024/11/07 1:10 p.m.5 views

IDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint Allows Unauthorized Score Updates for Other Users’ Runs

Description An Insecure Direct Object Reference IDOR vulnerability exists in the PATCH /v1/runs/:id/score endpoint. This endpoint allows an attacker to update the score data of any run by manipulating the id parameter in the request URL, which corresponds to the runIdscore in the database. The...

7.5CVSS7.6AI score0.00525EPSS
Exploits1
Huntr
Huntr
added 2024/10/25 6:33 p.m.5 views

Logs Debug Injection In File Download

Description In 2 API: /code/download/:sessionId/:fileId and /download/:userId/:fileid The parameters sessionId, fileId, userId, fileid are not validated or filtered at all but are saved directly to log.debug Proof of Concept Prepare: The logs file on the server is stored at /app/api/debug-.log I...

5.3CVSS5.2AI score0.00458EPSS
Exploits1
Huntr
Huntr
added 2024/10/25 4:34 a.m.5 views

Admin user account takeover due to password reset code not being checked on the backend

This report is not public...

8.1CVSS7.1AI score0.00614EPSS
Exploits1
Huntr
Huntr
added 2024/10/23 8:58 a.m.5 views

Allowing execution user provided regexp, lead to Redos

Description librechat have a functionality of uploading chatgpt chat log. when processing the log, following code is executed: const pattern = new RegExp \u3010$citation.metadata.extra.citedmessageidx\u2020.+?\u3011, 'g', ; const replacement = $citation.metadata.title; messageText =...

7.2AI score
Exploits0
Huntr
Huntr
added 2024/10/22 6:51 p.m.5 views

An user can view any others invite list

This report is not public...

4.3CVSS7.1AI score0.00508EPSS
Exploits1
Huntr
Huntr
added 2024/10/21 5:34 p.m.5 views

SSRF via POST /v1/llm/add_llm and /v1/conversation/tts

This report is not public...

7.5CVSS7.1AI score0.0061EPSS
Exploits1
Huntr
Huntr
added 2024/10/20 5:5 p.m.5 views

Denial of Service

This report is not public...

7.5CVSS7.7AI score0.00664EPSS
Exploits0
Huntr
Huntr
added 2024/10/20 4:11 p.m.5 views

Web server DOS through run metrics

This report is not public...

7.5CVSS7.7AI score0.00727EPSS
Exploits1
Huntr
Huntr
added 2024/10/19 7:59 a.m.5 views

Lack of access control on /users/me/org endpoint

Description The /users/me/org route is not adequately protected by access control mechanisms such as a middleware. This lack of authorization allows unauthorized users to access information about all team members in the current organization, even if the user does not have sufficient privileges. A...

6.5CVSS6.5AI score0.00496EPSS
Exploits1
Huntr
Huntr
added 2024/10/18 8:7 p.m.5 views

XSS through document upload

This report is not public...

5.4CVSS7.1AI score0.00454EPSS
Exploits0
Huntr
Huntr
added 2024/10/18 1:59 p.m.5 views

Denial of service through sshfs-client in tracking server

This report is not public...

5.9CVSS6AI score0.00442EPSS
Exploits1
Huntr
Huntr
added 2024/10/18 9:23 a.m.5 views

Running user provided regular expression, lead to DOS

This report is not public...

6.5CVSS7.1AI score0.00846EPSS
Exploits1
Huntr
Huntr
added 2024/10/17 8:9 a.m.5 views

7z slip lead to remote code execution

This report is not public...

8.8CVSS7.1AI score0.01478EPSS
Exploits1
Huntr
Huntr
added 2024/10/17 7:55 a.m.5 views

rar slip lead to remote code execution

This report is not public...

8.8CVSS7.1AI score0.01478EPSS
Exploits1
Huntr
Huntr
added 2024/10/16 8:6 a.m.5 views

Redos (Regular Expression Denial of Service)

This report is not public...

6.5CVSS7.1AI score0.00671EPSS
Exploits1
Huntr
Huntr
added 2024/10/11 4:4 p.m.5 views

Missing check_access leads to directory deletion

This report is not public...

8.4CVSS7.1AI score0.00297EPSS
Exploits1
Total number of security vulnerabilities4072