Google Security Research

1,215 exploits Active since May 2013
CVE-2015-5557 EXPLOITDB text WORKING POC
Adobe Flash Player <18.0.0.232 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.
CVE-2016-0985 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <18.0.0.329-20.0.0.306 - RCE
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."
CVSS 8.8
CVE-2017-2988 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player < 24.0.0.194 - Memory Corruption via Garbage Collection
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.
CVSS 8.8
CVE-2015-5550 EXPLOITDB text WORKING POC
Adobe Flash Player <18.0.0.232 - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.
CVE-2016-4226 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <22.0.0.209 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
CVSS 8.8
CVE-2016-0984 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <18.0.0.329, 19.x, 20.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.
CVSS 8.8
CVE-2015-8644 EXPLOITDB HIGH text WRITEUP
Adobe Flash Player <18.0.0.324-20.0.0.267 - RCE
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."
CVSS 8.8
CVE-2015-5539 EXPLOITDB text WORKING POC
Adobe Flash Player <18.0.0.232 - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.
CVE-2016-1106 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <=21.0.0.213 SetNative - Use-After-Free
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
CVSS 7.5
CVE-2016-4227 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <22.0.0.209 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
CVSS 8.8
EIP-2026-103392 EXPLOITDB text WORKING POC
Adobe Flash - scale9Grid Use-After-Free
EIP-2026-103391 EXPLOITDB text WORKING POC
Adobe Flash - Processing AVC Causes Stack Corruption
CVE-2018-4936 EXPLOITDB MEDIUM text WORKING POC
Adobe Flash Player < 29.0.0.113 - Heap Overflow
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
CVSS 6.5
CVE-2018-4935 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player < 29.0.0.113 - Out-of-bounds Write
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS 8.8
CVE-2016-1103 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <=21.0.0.213 Raw 565 Texture Processing Overflow
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
CVSS 7.5
CVE-2015-5560 EXPLOITDB text WORKING POC
Adobe Flash Player <18.0.0.232/11.2.202.508 - RCE
Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2017-11281 EXPLOITDB CRITICAL text WORKING POC
Adobe Flash Player < 26.0.0.151 - Memory Corruption in Text Handling
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVSS 9.8
CVE-2016-1096 EXPLOITDB HIGH text WORKING POC
Adobe Flash Player <=21.0.0.213 in IE/Edge - Impact Unknown
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
CVSS 7.5
CVE-2017-2363 EXPLOITDB MEDIUM html WORKING POC
Apple <10.2.1, <10.0.3, <10.1.1, <3.1.3 - CSRF
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
CVSS 6.5
CVE-2017-2361 EXPLOITDB MEDIUM html WORKING POC
macOS < 10.12.3 - Cross-Site Scripting in Help Viewer
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
CVSS 6.1
EIP-2026-103375 EXPLOITDB text WRITEUP
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache
CVE-2018-6084 EXPLOITDB HIGH WORKING POC
Google Chrome < 66.0.3359.117 - Local Arbitrary Code Execution via Updater
Insufficiently sanitized distributed objects in Updater in Google Chrome on macOS prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via an executable file.
CVSS 7.8
CVE-2016-7637 EXPLOITDB HIGH c WORKING POC
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Kernel Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVSS 7.8
CVE-2016-7621 EXPLOITDB HIGH c WORKING POC
watchOS < 3.1.3 - Use-After-Free in Kernel
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors.
CVSS 7.8
CVE-2016-4625 EXPLOITDB HIGH text WRITEUP
macOS < 10.11.6 - Use-After-Free in IOSurface
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
CVSS 7.8