nu11secur1ty

103 exploits Active since Dec 2015
CVE-2025-47165 EXPLOITDB HIGH python WORKING POC
Microsoft 365 Apps < 16.0.10417.20018 - Use After Free
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS 7.8
CVE-2025-49741 EXPLOITDB HIGH text WORKING POC
Microsoft Edge Chromium < 135.0.3179.98 - Information Disclosure
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVSS 7.4
CVE-2023-21752 EXPLOITDB HIGH text WRITEUP
Windows Backup Service - Privilege Escalation
Windows Backup Service Elevation of Privilege Vulnerability
CVSS 7.1
CVE-2025-49730 EXPLOITDB HIGH text SCANNER
Microsoft Windows 10 1507 < 10.0.10240.21073 - Heap Buffer Overflow
Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
CVSS 7.8
EIP-2026-117542 EXPLOITDB c++ WORKING POC
Microsoft Windows - Win32k Elevation of Privilege
CVE-2020-0683 EXPLOITDB HIGH text WRITEUP
Microsoft Windows 10 1507 - Symlink Following
An elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0686.
CVSS 7.8
CVE-2025-47957 EXPLOITDB HIGH python SUSPICIOUS
Microsoft 365 Apps - Use After Free
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVSS 8.4
CVE-2025-27751 EXPLOITDB HIGH text SUSPICIOUS
Microsoft 365 Apps - Use After Free
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVSS 7.8
CVE-2025-49677 EXPLOITDB HIGH text WORKING POC
Microsoft Windows 11 22h2 < 10.0.22621.5624 - Use After Free
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVSS 7.0
CVE-2025-49744 EXPLOITDB HIGH text SCANNER
Microsoft Windows 10 1507 < 10.0.10240.21073 - Race Condition
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVSS 7.0
CVE-2025-49683 EXPLOITDB HIGH text WORKING POC
Microsoft Windows 10 1507 < 10.0.10240.21073 - Integer Overflow
Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.
CVSS 7.8
EIP-2026-114650 EXPLOITDB text WORKING POC
zstore 6.6.0 - Cross-Site Scripting (XSS)
EIP-2026-114179 EXPLOITDB text WORKING POC
WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi
EIP-2026-112946 EXPLOITDB text WORKING POC
Vaidya-Mitra 1.0 - Multiple SQLi
EIP-2026-112216 EXPLOITDB text WORKING POC
SLIMSV 9.5.2 - Cross-Site Scripting (XSS)
EIP-2026-112425 EXPLOITDB text WORKING POC
Statamic 4.7.0 - File-Inclusion
EIP-2026-112038 EXPLOITDB text WRITEUP
Shuttle-Booking-Software v1.0 - Multiple-SQLi
EIP-2026-111998 EXPLOITDB text WORKING POC
Serendipity 2.4.0 - File Inclusion RCE
CVE-2021-28419 EXPLOITDB HIGH python WORKING POC
SEO Panel 4.8.0 - SQL Injection
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
CVSS 7.2
EIP-2026-111816 EXPLOITDB text WRITEUP
rukovoditel 3.2.1 - Cross-Site Scripting (XSS)
EIP-2026-111958 EXPLOITDB text WRITEUP
SCRMS 2023-05-27 1.0 - Multiple SQL Injection
CVE-2021-30044 EXPLOITDB MEDIUM python WORKING POC
Remote Clinic v2.0 - XSS
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
CVSS 5.4
EIP-2026-111977 EXPLOITDB text WORKING POC
Senayan Library Management System v9.5.0 - SQL Injection
EIP-2026-111594 EXPLOITDB text WORKING POC
Purchase Order Management-1.0 - Local File Inclusion
EIP-2026-111275 EXPLOITDB text WORKING POC
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute