Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version...
9.8CVSS
9.5AI Score
0.001EPSS
Malicious code in bleeding-edge-css (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (a9158e7fb120bf930c7e6ed6c50765fdc9d7c3d1a40435bf8a4b4d202cfd1dd1) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7.2AI Score
Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server,...
7.5CVSS
6.7AI Score
0.001EPSS
7.1AI Score
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been....
9.3CVSS
6.4AI Score
0.001EPSS
7.1AI Score
7.1AI Score
Exploit for Injection in Vm2 Project Vm2
CVE-2023-30547 PoC Exploit for VM2 Sandbox Escape...
10CVSS
9.6AI Score
0.002EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command....
9.4CVSS
8.1AI Score
0.001EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
9.8CVSS
9.6AI Score
0.967EPSS
Exploit for Incorrect Authorization in Dompdf Project Dompdf
CVE-2023-23924 Dompdf vulnerable to URI validation failure...
10CVSS
9.7AI Score
0.01EPSS
This module simply queries the MySQL instance for a specific user/pass (default is root with...
7.3AI Score
Exploit for Prototype Pollution in Qs Project Qs
CVE-2022-24999 This repository contain exploits samples of...
7.5CVSS
2.2AI Score
0.01EPSS
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs)....
5.3CVSS
5.3AI Score
0.001EPSS
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version...
8.1CVSS
6.7AI Score
0.0005EPSS
Exploit for Code Injection in Exiftool Project Exiftool
CVE-2021-22204 Summary of the CVE Improper sanitization...
7.8CVSS
7.6AI Score
0.89EPSS
In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary...
9.4CVSS
8AI Score
0.0004EPSS
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 ...
5.9CVSS
6.3AI Score
0.001EPSS
7.1AI Score
Exploit for Improper Privilege Management in Sudo Project Sudo
CVE-2023-22809 sudo Privilege escalation Affected sudo...
7.8CVSS
8.2AI Score
0.001EPSS
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this...
7.5CVSS
7.1AI Score
0.0004EPSS
10CVSS
7.3AI Score
0.003EPSS
Art Gallery Management System Project v1.0 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation...
6.1CVSS
5.9AI Score
0.003EPSS
In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return...
6.5CVSS
7AI Score
0.0004EPSS
Exploit for Improper Privilege Management in Sudo Project Sudo
CVE-2023-22809 CVE-2023-22809 is a critical...
7.8CVSS
8.3AI Score
0.001EPSS
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP...
6.5CVSS
6.9AI Score
0.006EPSS
Exploit for Code Injection in Exiftool Project Exiftool
Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code...
7.8CVSS
8.5AI Score
0.89EPSS
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter...
6.1CVSS
5.8AI Score
0.0005EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 One day for the polkit privilege escalation...
7.8CVSS
8.8AI Score
0.0005EPSS
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with.....
7.5CVSS
7.5AI Score
0.013EPSS
Exploit for Injection in Vm2 Project Vm2
CVE-2023-30547 vm2 is a sandbox that can run untrusted code...
10CVSS
6.8AI Score
0.002EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation...
7.8CVSS
8.5AI Score
0.0005EPSS
Malicious code in watch-john-wick-chapter-4-full-movies-at-in-home-stremings_free_4ksdf (npm)
-= Per source details. Do not edit below this...
7.1AI Score
Exploit for Out-of-bounds Write in Polkit Project Polkit
pkexec-exploit Local Privilege Escalation in polkit's pkexec...
8.2AI Score
Exploit for Out-of-bounds Write in Polkit Project Polkit
PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...
8.2AI Score
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database.....
7.2CVSS
7.3AI Score
0.016EPSS
Exploit for Out-of-bounds Write in Polkit Project Polkit
CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local...
7.8CVSS
8.7AI Score
0.0005EPSS
Exploit for Improper Preservation of Permissions in Podman Project Podman
CVE-2022-1227_Exploit A script for exploiting CVE-2022-1227....
8.8CVSS
8.8AI Score
0.003EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
4.9CVSS
6AI Score
0.0004EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
4.9CVSS
6AI Score
0.0004EPSS
7.8CVSS
8.4AI Score
0.0005EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
4.3CVSS
5.3AI Score
0.001EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. ...
4.9CVSS
5.9AI Score
0.0004EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...
4.3CVSS
5.7AI Score
0.001EPSS
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of...
7.5CVSS
7.3AI Score
0.001EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
4.9CVSS
5.9AI Score
0.0004EPSS
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
4.9CVSS
5.9AI Score
0.0004EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577 A Proof of Concept developed by...
9.8CVSS
9.5AI Score
0.967EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577 - PHP CGI Argument Injection Remote Code...
9.8CVSS
10AI Score
0.967EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...
9.8CVSS
10AI Score
0.967EPSS