nu11secur1ty

118 exploits Active since Dec 2015
CVE-2023-53878 EXPLOITDB HIGH text WORKING POC
Member Login Script 3.3 - HTTP Request Smuggling via Content-Length Header Parsing
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request processing controls.
CVE-2023-53877 EXPLOITDB CRITICAL text WORKING POC
Bus Reservation System 1.1 - SQL Injection
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database.
CVSS 9.8
CVE-2023-53871 EXPLOITDB CRITICAL text WORKING POC
Soosyze 2.0.0 - Unrestricted Upload of File with Dangerous Type via Broken Upload Logic
Soosyze 2.0.0 contains a file upload vulnerability that allows attackers to upload arbitrary HTML files with embedded PHP code to the application. Attackers can exploit the broken file upload mechanism to potentially view sensitive file paths and execute malicious PHP scripts on the server.
CVSS 9.8
CVE-2023-53870 EXPLOITDB MEDIUM text WORKING POC
Jorani 1.0.3 - Reflected Cross-Site Scripting via Language Parameter
Jorani 1.0.3 contains a reflected cross-site scripting vulnerability in the language parameter that allows attackers to inject malicious scripts. Attackers can craft XSS payloads in the language parameter to execute arbitrary JavaScript and potentially steal user session information.
CVE-2023-53869 EXPLOITDB HIGH text WORKING POC
WebIGniter 28.7.23 - Authenticated Remote Code Execution via Media File Upload
WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server.
CVE-2023-53734 EXPLOITDB HIGH text WRITEUP
dawa-pharma 1.0-2022 - Unauthenticated SQL Injection via Email Parameter
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.
CVE-2022-50895 EXPLOITDB CRITICAL text WORKING POC
Aero CMS 0.0.1 - SQL Injection
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.
CVSS 9.8
CVE-2023-54333 EXPLOITDB HIGH text WORKING POC
Social-Share-Buttons 2.2.3 - SQL Injection
Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entire database contents.
CVSS 8.2
CVE-2023-54328 EXPLOITDB MEDIUM text WORKING POC
AimOne Video Converter 2.04 Build 103 - Buffer Overflow in Registration Form
AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism.
CVSS 6.5
CVE-2022-50805 EXPLOITDB HIGH text WORKING POC
Senayan Library Management System 9.0.0 - SQL Injection
Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive information.
CVSS 8.2
CVE-2022-21907 EXPLOITDB CRITICAL text WORKING POC
Windows 10, 11, and Server - Remote Code Execution
HTTP Protocol Stack Remote Code Execution Vulnerability
CVSS 9.8
CVE-2025-2783 EXPLOITDB HIGH text WORKING POC
Mojo in Google Chrome <134.0.6998.177 - RCE
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
CVSS 8.3
CVE-2025-47165 EXPLOITDB HIGH python WORKING POC
Microsoft 365 Apps and Excel - Use-After-Free
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS 7.8
CVE-2025-47171 EXPLOITDB MEDIUM text WORKING POC
Microsoft Office Outlook - Authenticated Local Code Execution via Improper Input Validation
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
CVSS 6.7
CVE-2025-47166 EXPLOITDB HIGH text WORKING POC
Microsoft SharePoint Enterprise Server - Remote Code Execution via Untrusted Data Deserialization
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVSS 8.8
CVE-2015-6176 EXPLOITDB text WORKING POC
Microsoft Edge - Cross-Site Scripting Filter Bypass via HTML Attribute Mishandling
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."
CVE-2025-49741 EXPLOITDB HIGH text WORKING POC
Microsoft Edge Chromium < 135.0.3179.98 - Unauthenticated Information Disclosure
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVSS 7.4
CVE-2023-21752 EXPLOITDB HIGH text WRITEUP
Windows Backup Service - Privilege Escalation
Windows Backup Service Elevation of Privilege Vulnerability
CVSS 7.1
CVE-2025-49730 EXPLOITDB HIGH text SCANNER
Windows 10/11, Server 2008 - Privilege Escalation via QoS Scheduler TOCTOU
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
CVSS 7.8
EIP-2026-117542 EXPLOITDB c++ WORKING POC
Microsoft Windows - Win32k Elevation of Privilege
CVE-2020-0683 EXPLOITDB HIGH text WRITEUP
Windows - Elevation of Privilege via MSI Package Symbolic Link Processing
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
CVSS 7.8
CVE-2025-47957 EXPLOITDB HIGH python SUSPICIOUS
Microsoft 365 Apps and Office Long Term Servicing Channel - Use-After-Free
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVSS 8.4
CVE-2025-27751 EXPLOITDB HIGH text SUSPICIOUS
Microsoft 365 Apps and Excel - Use-After-Free
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS 7.8
CVE-2025-49677 EXPLOITDB HIGH text WORKING POC
Windows 11 22H2 < 10.0.22621.5624 - Authenticated Use-After-Free in Brokering File System
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVSS 7.0
CVE-2025-49744 EXPLOITDB HIGH text SCANNER
Windows 10/11, Server 2016-2019 Local Privilege Escalation via Heap Overflow
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVSS 7.0