nu11secur1ty

118 exploits Active since Dec 2015
CVE-2022-24263 EXPLOITDB CRITICAL text WORKING POC
Hospital Management System v4.0 - SQL Injection
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter.
CVSS 9.8
EIP-2026-107308 EXPLOITDB WRITEUP
Fundraising Script 1.0 - SQLi
EIP-2026-106761 EXPLOITDB text WORKING POC
Ecommerse v1.0 - Cross-Site Scripting (XSS)
EIP-2026-106860 EXPLOITDB text WORKING POC
Employee Performance Evaluation System v1.0 - File Inclusion and RCE
EIP-2026-106580 EXPLOITDB text WORKING POC
Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
EIP-2026-105847 EXPLOITDB text WORKING POC
ChurchCRM v4.5.3-121fcc1 - SQL Injection
EIP-2026-106123 EXPLOITDB text WORKING POC
Concrete5 CME v9.1.3 - Xpath injection
EIP-2026-106115 EXPLOITDB text WORKING POC
Computer Laboratory Management System v1.0 - Multiple-SQLi
EIP-2026-105911 EXPLOITDB text WORKING POC
ClicShopping v3.402 - Cross-Site Scripting (XSS)
CVE-2022-31325 EXPLOITDB HIGH text WORKING POC
ChurchCRM 4.4.5 - SQL Injection via PersonID Parameter
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
CVSS 7.2
EIP-2026-105459 EXPLOITDB text WORKING POC
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)
EIP-2026-105824 EXPLOITDB text WRITEUP
ChiKoi v1.0 - SQL Injection
EIP-2026-105707 EXPLOITDB text WORKING POC
Canteen-Management v1.0 - XSS-Reflected
EIP-2026-105706 EXPLOITDB text WORKING POC
Canteen-Management v1.0 - SQL Injection
EIP-2026-105553 EXPLOITDB text WORKING POC
Bludit 4.0.0-rc-2 - Account takeover
EIP-2026-105454 EXPLOITDB text WRITEUP
Best Student Result Management System v1.0 - Multiple SQLi
EIP-2026-105436 EXPLOITDB text WORKING POC
Beauty-salon v1.0 - Remote Code Execution (RCE)
EIP-2026-105285 EXPLOITDB text SUSPICIOUS
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
EIP-2026-105386 EXPLOITDB text WRITEUP
Bangresto 1.0 - SQL Injection
CVE-2021-28242 EXPLOITDB HIGH python WORKING POC
b2evolution <7.2.2-stable - SQL Injection
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
CVSS 8.8
EIP-2026-105031 EXPLOITDB text WORKING POC
Air Cargo Management System v1.0 - SQLi
EIP-2026-104723 EXPLOITDB WRITEUP
Equipment Rental Script-1.0 - SQLi
EIP-2026-104801 EXPLOITDB text WORKING POC
101 News 1.0 - Multiple-SQLi
CVE-2022-44267 EXPLOITDB MEDIUM text WRITEUP
ImageMagick 7.1.0-49 - Denial of Service via PNG Image Parsing
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
CVSS 6.5
CVE-2021-30637 EXPLOITDB MEDIUM python WORKING POC
htmly 2.8.0 - Stored Cross-Site Scripting via Blog Title Tagline or Description
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
CVSS 5.4