nu11secur1ty

103 exploits Active since Dec 2015
CVE-2021-27973 EXPLOITDB HIGH python WORKING POC
Piwigo <11.4.0 - SQL Injection
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
CVSS 7.2
EIP-2026-110763 EXPLOITDB WRITEUP
PHP Shopping Cart 4.2 - Multiple-SQLi
EIP-2026-110207 EXPLOITDB text WRITEUP
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
EIP-2026-110191 EXPLOITDB text WORKING POC
Online Thesis Archiving System v1.0 - Multiple-SQLi
EIP-2026-110120 EXPLOITDB text WORKING POC
Online ID Generator 1.0 - Remote Code Execution (RCE)
EIP-2026-109034 EXPLOITDB text WORKING POC
KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)
EIP-2026-109149 EXPLOITDB text WRITEUP
Limo Booking Software v1.0 - CORS
EIP-2026-109076 EXPLOITDB text WORKING POC
Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal
CVE-2022-23366 EXPLOITDB CRITICAL text WORKING POC
Hms - SQL Injection
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
CVSS 9.8
EIP-2026-107677 EXPLOITDB text WORKING POC
Human Resource Management System v1.0 - Multiple SQLi
CVE-2022-24263 EXPLOITDB CRITICAL text WORKING POC
Hospital Management System v4.0 - SQL Injection
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVSS 9.8
EIP-2026-107308 EXPLOITDB WRITEUP
Fundraising Script 1.0 - SQLi
EIP-2026-106761 EXPLOITDB text WORKING POC
Ecommerse v1.0 - Cross-Site Scripting (XSS)
EIP-2026-106860 EXPLOITDB text WORKING POC
Employee Performance Evaluation System v1.0 - File Inclusion and RCE
EIP-2026-106580 EXPLOITDB text WORKING POC
Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
EIP-2026-105847 EXPLOITDB text WORKING POC
ChurchCRM v4.5.3-121fcc1 - SQL Injection
EIP-2026-106123 EXPLOITDB text WORKING POC
Concrete5 CME v9.1.3 - Xpath injection
EIP-2026-106115 EXPLOITDB text WORKING POC
Computer Laboratory Management System v1.0 - Multiple-SQLi
EIP-2026-105911 EXPLOITDB text WORKING POC
ClicShopping v3.402 - Cross-Site Scripting (XSS)
CVE-2022-31325 EXPLOITDB HIGH text WORKING POC
ChurchCRM 4.4.5 - SQL Injection
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
CVSS 7.2
EIP-2026-105824 EXPLOITDB text WRITEUP
ChiKoi v1.0 - SQL Injection
EIP-2026-105707 EXPLOITDB text WORKING POC
Canteen-Management v1.0 - XSS-Reflected
EIP-2026-105706 EXPLOITDB text WORKING POC
Canteen-Management v1.0 - SQL Injection
EIP-2026-105553 EXPLOITDB text WORKING POC
Bludit 4.0.0-rc-2 - Account takeover
EIP-2026-105459 EXPLOITDB text WORKING POC
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)