nu11secur1ty

103 exploits Active since Dec 2015
EIP-2026-105454 EXPLOITDB text WRITEUP
Best Student Result Management System v1.0 - Multiple SQLi
EIP-2026-105436 EXPLOITDB text WORKING POC
Beauty-salon v1.0 - Remote Code Execution (RCE)
EIP-2026-105285 EXPLOITDB text SUSPICIOUS
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
EIP-2026-105386 EXPLOITDB text WRITEUP
Bangresto 1.0 - SQL Injection
CVE-2021-28242 EXPLOITDB HIGH python WORKING POC
b2evolution <7.2.2-stable - SQL Injection
SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cf_name" parameter when creating a new filter under the "Collections" tab.
CVSS 8.8
EIP-2026-105031 EXPLOITDB text WORKING POC
Air Cargo Management System v1.0 - SQLi
EIP-2026-104723 EXPLOITDB WRITEUP
Equipment Rental Script-1.0 - SQLi
EIP-2026-104801 EXPLOITDB text WORKING POC
101 News 1.0 - Multiple-SQLi
CVE-2022-44267 EXPLOITDB MEDIUM text WRITEUP
ImageMagick 7.1.0-49 - DoS
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.
CVSS 6.5
CVE-2021-30637 EXPLOITDB MEDIUM python WORKING POC
htmly 2.8.0 - XSS
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.
CVSS 5.4
EIP-2026-104452 EXPLOITDB text WORKING POC
Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)
EIP-2026-104320 EXPLOITDB text WORKING POC
ManageEngin AMP 4.3.0 - File-path-traversal
CVE-2021-26929 EXPLOITDB MEDIUM python WORKING POC
Horde Groupware < 5.2.22 - XSS
An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses.
CVSS 6.1
CVE-2023-28285 EXPLOITDB HIGH text SUSPICIOUS
Microsoft 365 Apps - Use After Free
Microsoft Office Remote Code Execution Vulnerability
CVSS 7.8
CVE-2021-3318 EXPLOITDB MEDIUM python WORKING POC
Dzzoffice < 2.02.1 - XSS
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
CVSS 6.1
EIP-2026-104213 EXPLOITDB text WRITEUP
craftercms 4.x.x - CORS
CVE-2023-28311 EXPLOITDB HIGH text SUSPICIOUS
Microsoft 365 Apps - Heap Buffer Overflow
Microsoft Word Remote Code Execution Vulnerability
CVSS 7.8
CVE-2023-33131 EXPLOITDB HIGH text WORKING POC
Microsoft Outlook - RCE
Microsoft Outlook Remote Code Execution Vulnerability
CVSS 8.8
EIP-2026-103985 EXPLOITDB text WORKING POC
Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing
CVE-2023-33148 EXPLOITDB HIGH text WORKING POC
Microsoft Office - Privilege Escalation
Microsoft Office Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2023-23399 EXPLOITDB HIGH text WORKING POC
Microsoft 365 Apps - Out-of-Bounds Read
Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8
CVE-2023-33137 EXPLOITDB HIGH text WORKING POC
Microsoft Excel - RCE
Microsoft Excel Remote Code Execution Vulnerability
CVSS 7.8
CVE-2021-3156 EXPLOITDB HIGH c WORKING POC
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS 7.8
CVE-2023-24892 EXPLOITDB HIGH text WRITEUP
Microsoft Edge <Webview2 - SSRF
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
CVSS 8.2
CVE-2023-33145 EXPLOITDB MEDIUM text WORKING POC
Microsoft Edge < - Info Disclosure
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVSS 6.5