Exploit for Deserialization of Untrusted Data in Salesagility Suitecrm
CVE-2022-23940 PoC for...
8.8CVSS
0.9AI Score
0.003EPSS
Exploit for Deserialization of Untrusted Data in Microsoft
nse-exchange Nmap NSE scripts to check against exchange...
9.1AI Score
Exploit for Cleartext Transmission of Sensitive Information in Keepass
Keepass-Dumper This is my PoC implementation for...
6.5AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228 Abuse Log4J CVE-2021-44228 to patch...
10CVSS
10AI Score
0.975EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
-- This repository has been archived -- Further development...
9AI Score
Exploit for Out-of-bounds Read in Adobe Bridge
Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...
3.3CVSS
6.2AI Score
0.001EPSS
CVE-2024-20716 Force high-usage of resources by generating unlimited coupons: Adobe Commerce
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application....
4.9CVSS
5.3AI Score
0.001EPSS
Denial of service in langchain-community
Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...
4.2CVSS
4.3AI Score
0.0004EPSS
Mattermost vulnerable to denial of service via large number of emoji reactions
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...
4.3CVSS
4.3AI Score
0.0005EPSS
Use-of-uninitialized-value in icalmemory_strdup
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69527 Crash type: Use-of-uninitialized-value Crash state: icalmemory_strdup icalparameter_new_from_value_string...
7.2AI Score
Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...
5.3CVSS
6.7AI Score
0.0004EPSS
Regular Expression Denial Of Service (ReDoS)
ua-parser/uap-php is vulnerable toRegular Expression Denial Of Service (ReDoS). The vulnerability is due to use of inefficient or poorly constructed regular expressions that can take an exceptionally long time to evaluate against certain input strings, which results in Regular Expression Denial Of....
7AI Score
Denial Of Service Via Account Lockout
org.keycloak, keycloak-services is vulnerable to Denial of Service via account lockout. The vulnerability is due to improper handling of usernames formatted as email addresses, which allows attackers to lock out legitimate users by repeatedly using incorrect...
7AI Score
Denial of service in langchain-community
Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...
4.2CVSS
4.3AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Haxx Libcurl
CVE-2023-38545: Curl Vulnerability Proof of Concept This...
9.8CVSS
9.5AI Score
0.003EPSS
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604 This repository contains an exploit script...
10CVSS
9.8AI Score
0.931EPSS
Regular Expression Denial Of Service (ReDoS)
rack is vulnerable to a Denial Of Service. This vulnerability is due the handling of content type parsing which utilizes a regex pattern with inefficient complexity, which allows attackers to launch DoS...
5.3CVSS
7AI Score
0.0004EPSS
Gitea allowed assignment of private issues
In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue...
6.5CVSS
7AI Score
0.002EPSS
Gitea allowed assignment of private issues
In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue...
6.5CVSS
6.4AI Score
0.002EPSS
Denial of Service in TenderMint
Description Denial of Service Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. (It is a misconfiguration to reuse chainIDs.) Correct.....
6.5CVSS
6.6AI Score
0.001EPSS
Mattermost vulnerable to denial of service via large number of emoji reactions
Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...
4.3CVSS
4.3AI Score
0.0005EPSS
self-suspendingproppant.com Cross Site Scripting vulnerability OBB-3905818
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
7.8CVSS
8AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
🤝 Show your support - give a ⭐️ if you...
10CVSS
9.9AI Score
0.975EPSS
Intel(R) Core(TM) Ultra Processors are vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a Sequence of processor instructions leading to unexpected behavior. This can allow an authenticated user to potentially enable Denial Of Service (DOS) via local...
4.7CVSS
6.7AI Score
0.0004EPSS
Deserialization Of Untrusted Data
joblib is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling of pickle files in the read_array() function within numpy_pickle.py where pickle.load is enabled by default. This allows an attacker to execute arbitrary code by loading a maliciously crafted...
7.6AI Score
EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote...
9.2AI Score
ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password...
6.1CVSS
6AI Score
0.002EPSS
github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to the engines lack of template size limits, which allows an attacker to execute a Denial of Service (DoS) attack by submitting maliciously crafted large...
5.3CVSS
7.2AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Google Chrome
CVE-2023-4863/CVE-2023-41064 A POC for...
8.8CVSS
7.3AI Score
0.65EPSS
Exploit for Out-of-bounds Write in Google Chrome
libwebp CVE-2023-4863 [A Vulnerability...
8.8CVSS
7.3AI Score
0.65EPSS
7.8CVSS
8.4AI Score
0.0005EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 One day for the polkit privilege escalation...
7.8CVSS
8.8AI Score
0.0005EPSS
8.1AI Score
Adobe ColdFusion - Deserialization of Untrusted Data
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user...
9.8CVSS
9.6AI Score
0.969EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation...
7.8CVSS
8.5AI Score
0.0005EPSS
pocketmine/pocketmine-mp is vulnerable to Denial Of Service (DoS). The vulnerability exists in due to the netresearch/jsonmapper dependency due to improper mappings of JSON arrays and objects onto scalar model properties which allows an attacker to send malformed JWT JSON in the LoginPacket...
6.8AI Score
Use-of-uninitialized-value in ihevce_strm_fill_done
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57401 Crash type: Use-of-uninitialized-value Crash state: ihevce_strm_fill_done ihevce_ent_coding_thrd...
6.9AI Score
gvisor.dev/gvisor is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper checks for mounts marked as unmounted before propagating, which could lead to a panic. This allows an attacker running as root and with permission to mount volumes to kill the...
4.8CVSS
6.7AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
CVE-2022-1015 This repository contains a PoC for local...
6.6CVSS
0.7AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...
8.2AI Score
Use-of-uninitialized-value in ihevce_enc_frm_proc_slave_thrd
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57397 Crash type: Use-of-uninitialized-value Crash state: ihevce_enc_frm_proc_slave_thrd osal_func...
6.9AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof...
9.2AI Score
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
Use-of-uninitialized-value in complexity_RC_reset_marking
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57398 Crash type: Use-of-uninitialized-value Crash state: complexity_RC_reset_marking ihevce_pre_enc_process_frame_thrd...
6.9AI Score
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
github.com/stacklok/minder is vulnerable to a Denial of Service (DoS). The vulnerability is due to missing request size limits by the REST ingester when processing responses from remote REST endpoints, which allows an attacker to execute a Denial of Service attack by controlling a remote REST...
5.3CVSS
7AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
Log4Shell-Rex The following RegEx was written in an attempt...
8.8AI Score
.netrc parser out-of-bounds access
curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This does in most cases cause....
6.5CVSS
7.7AI Score
0.002EPSS
libXpm is vulnerable to Out-of-bounds Read. The vulnerability is caused due to a boundary condition that can be exploited to read contents of memory of the system. An attacker can trigger this out-of-bounds read error compromising confidentiality of the...
5.5CVSS
6.8AI Score
0.0004EPSS