nu11secur1ty

118 exploits Active since Dec 2015
CVE-2025-47957 EXPLOITDB HIGH python SUSPICIOUS
Microsoft 365 Apps and Office Long Term Servicing Channel - Use-After-Free
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVSS 8.4
EIP-2026-114650 EXPLOITDB text WORKING POC
zstore 6.6.0 - Cross-Site Scripting (XSS)
EIP-2026-114179 EXPLOITDB text WORKING POC
WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi
EIP-2026-112946 EXPLOITDB text WORKING POC
Vaidya-Mitra 1.0 - Multiple SQLi
EIP-2026-112216 EXPLOITDB text WORKING POC
SLIMSV 9.5.2 - Cross-Site Scripting (XSS)
EIP-2026-112425 EXPLOITDB text WORKING POC
Statamic 4.7.0 - File-Inclusion
CVE-2021-28419 EXPLOITDB HIGH python WORKING POC
SEO Panel 4.8.0 - SQL Injection via order_col Parameter
The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases.
CVSS 7.2
CVE-2021-30044 EXPLOITDB MEDIUM python WORKING POC
Remote Clinic 2.0 - Stored Cross-Site Scripting via Staff Registration First or Last Name Field
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php.
CVSS 5.4
EIP-2026-111816 EXPLOITDB text WRITEUP
rukovoditel 3.2.1 - Cross-Site Scripting (XSS)
EIP-2026-111958 EXPLOITDB text WRITEUP
SCRMS 2023-05-27 1.0 - Multiple SQL Injection
EIP-2026-111977 EXPLOITDB text WORKING POC
Senayan Library Management System v9.5.0 - SQL Injection
EIP-2026-111998 EXPLOITDB text WORKING POC
Serendipity 2.4.0 - File Inclusion RCE
EIP-2026-112038 EXPLOITDB text WRITEUP
Shuttle-Booking-Software v1.0 - Multiple-SQLi
EIP-2026-111275 EXPLOITDB text WORKING POC
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute
EIP-2026-111594 EXPLOITDB text WORKING POC
Purchase Order Management-1.0 - Local File Inclusion
CVE-2021-27973 EXPLOITDB HIGH python WORKING POC
Piwigo < 11.4.0 - SQL Injection via Language Parameter
SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.
CVSS 7.2
EIP-2026-110763 EXPLOITDB WRITEUP
PHP Shopping Cart 4.2 - Multiple-SQLi
EIP-2026-110120 EXPLOITDB text WORKING POC
Online ID Generator 1.0 - Remote Code Execution (RCE)
EIP-2026-110207 EXPLOITDB text WRITEUP
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
EIP-2026-110191 EXPLOITDB text WORKING POC
Online Thesis Archiving System v1.0 - Multiple-SQLi
EIP-2026-109076 EXPLOITDB text WORKING POC
Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal
EIP-2026-109149 EXPLOITDB text WRITEUP
Limo Booking Software v1.0 - CORS
EIP-2026-109034 EXPLOITDB text WORKING POC
KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)
CVE-2022-23366 EXPLOITDB CRITICAL text WORKING POC
HMS v1.0 - SQL Injection via patientlogin.php
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
CVSS 9.8
EIP-2026-107677 EXPLOITDB text WORKING POC
Human Resource Management System v1.0 - Multiple SQLi