Keycloak: Leak of configured LDAP bind credentials
A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection...
2.7CVSS
6.6AI Score
0.0004EPSS
Symfony is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper hostname validation via a regular expression within Request::getHost(), which results in...
6.5AI Score
EPSS
Exploit for Out-of-bounds Write in Samba
CVE-2021-44142 Vulnerability Checker A tool to check if a...
8.8CVSS
9AI Score
0.18EPSS
Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms
CVE-2023-38836 Exploit File Upload vulnerability in BoidCMS...
8.8CVSS
8.6AI Score
0.668EPSS
Out of bounds read in json-smart
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service (DOS) via a crafted web...
7.5CVSS
4AI Score
0.011EPSS
Regular Expression Denial Of Service (ReDoS)
rack is vulnerable to a Denial Of Service. This vulnerability is due the handling of content type parsing which utilizes a regex pattern with inefficient complexity, which allows attackers to launch DoS...
5.3CVSS
7AI Score
0.0004EPSS
Gitea allowed assignment of private issues
In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue...
6.5CVSS
7AI Score
0.001EPSS
Gitea allowed assignment of private issues
In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue...
6.5CVSS
6.4AI Score
0.001EPSS
Exploit for Improper Control of Interaction Frequency in Asus Gt-Axe11000 Firmware
easy-exploits The current repository contains exploits of...
7AI Score
Exploit for Release of Invalid Pointer or Reference in Linux Linux Kernel
Linux_LPE_io_uring_CVE-2021-41073 LPE exploit for...
7.8CVSS
7.8AI Score
0.0004EPSS
aimeos/aimeos-core is vulnerable to Denial Of Service. The vulnerability is due to a lack of checks performed while saving and retrieving locale...
7AI Score
Temporal Server Denial of Service
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...
4.4CVSS
6.6AI Score
0.0004EPSS
Task hijacking of apps that set allowTaskReparenting="true"
In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
Deserialization Of Untrusted Data
symbiote/silverstripe-multivaluefield is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to inadequate validation of user input, as well as object injection caused by support for handling PHP objects as values, which allows an attacker to inject malicious...
7.4AI Score
6.5CVSS
6.7AI Score
0.001EPSS
Reactor Netty HTTP Server denial of service vulnerability
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in....
7.5CVSS
6.9AI Score
0.0004EPSS
A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to.....
8.1CVSS
8.3AI Score
0.005EPSS
Moodle CSRF risks due to misuse of confirm_sesskey
Incorrect CSRF token checks resulted in multiple CSRF...
7AI Score
0.0004EPSS
Mattermost denial of service through long emoji value
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the...
4.3CVSS
7.1AI Score
0.0004EPSS
Talkback reads notifications of non-current Android user
In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
Use Of A Key Past Its Expiration Date
moodle/moodle is vulnerable to Use of a Key Past its Expiration Date. The vulnerability is caused due to improper key generation, as the same key is used interchangeably for a user's QR login key and their auto-login key. This allows an attacker to exploit the same key used interchangeably for a...
6.8AI Score
0.0004EPSS
Exploit for Allocation of Resources Without Limits or Throttling in Discourse
CVE-2023-38408 PoC for the recent critical vuln affecting...
6.5CVSS
7.3AI Score
0.001EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432...
7.5CVSS
7.9AI Score
0.865EPSS
Exploit for Improper Restriction of Excessive Authentication Attempts in Lexmark B2236 Firmware
PoC for CVE-2023-22960...
7.5CVSS
7.5AI Score
0.001EPSS
Exploit for Cleartext Transmission of Sensitive Information in Keepass
Keepass-Dumper This is my PoC implementation for...
6.5AI Score
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228 Abuse Log4J CVE-2021-44228 to patch...
10CVSS
10AI Score
0.976EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
-- This repository has been archived -- Further development...
9AI Score
Reactor Netty HTTP Server denial of service vulnerability
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in....
7.5CVSS
6.9AI Score
0.0004EPSS
vyper performs double eval of raw_args in create_from_blueprint
Summary Using the create_from_blueprint builtin can result in a double eval vulnerability when raw_args=True and the args argument has side-effects. A contract search was performed and no vulnerable contracts were found in production. In particular, the raw_args variant of create_from_blueprint...
5.3CVSS
5.3AI Score
0.0004EPSS
.NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2023-21538: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to.....
7.5CVSS
1.5AI Score
0.002EPSS
.NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2023-21538: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to.....
7.5CVSS
7.6AI Score
0.002EPSS
.NET Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2024-21409 | .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 ,and .NET 8.0. This advisory also provides guidance on what developers can do to....
7.3CVSS
6.5AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Salesagility Suitecrm
CVE-2022-23940 PoC for...
8.8CVSS
0.9AI Score
0.003EPSS
.NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to.....
7.5CVSS
6.7AI Score
0.001EPSS
.NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2023-38178: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to.....
7.5CVSS
6.7AI Score
0.001EPSS
Moodle CSRF risks due to misuse of confirm_sesskey
Incorrect CSRF token checks resulted in multiple CSRF...
7AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site...
6.1CVSS
6AI Score
0.001EPSS
YARP Denial of Service Vulnerability
Impact A denial of service vulnerability exists in YARP. Patches If you're using YARP 1.x, you should update to NuGet package version 1.1.2. If you're using YARP 2.0.0, you should update to NuGet package version 2.0.1. You can do so by updating the PackageReference in your .csproj file diff...
7.5CVSS
6.6AI Score
0.001EPSS
.NET Denial of Service vulnerability
Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...
7.5CVSS
6.5AI Score
0.001EPSS
github.com/stacklok/minder is vulnerable to a Denial Of Service (DoS). The vulnerability is due to the sigstore verifier reading an untrusted response entirely into memory without enforcing a limit on the response body. The vulnerability allows an attacker to crash the Minder server and deny other....
5.3CVSS
6.7AI Score
0.0004EPSS
Deserialization Of Untrusted Data
org.apache.activemq is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to org.jolokia.http.HttpRequestHandler#handlePostRequest creating a JmxRequest through a JSONObject and calls to org.jolokia.http.HttpRequestHandler#executeRequest. This issue can be exploited by an...
8.8CVSS
7.6AI Score
0.002EPSS
Adobe ColdFusion - Deserialization of Untrusted Data
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user...
9.8CVSS
9.6AI Score
0.969EPSS
Exploit for Out-of-bounds Write in Haxx Libcurl
CVE-2023-38545: Curl Vulnerability Proof of Concept This...
9.8CVSS
9.5AI Score
0.003EPSS
Exploit for Out-of-bounds Read in Adobe Bridge
Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...
3.3CVSS
6.2AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604 This repository contains an exploit script...
10CVSS
9.8AI Score
0.964EPSS
.NET Denial of Service vulnerability
Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...
7.5CVSS
6.5AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer
CVE-2023-0669 This Repo contain the pcakages and...
7.2CVSS
7.3AI Score
0.971EPSS
Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer
CVE-2023-0669 This Repo contain the pcakages and...
7.2CVSS
7.3AI Score
0.971EPSS
7.8CVSS
7.9AI Score
0.001EPSS