Exploitdb Exploits

3,149 exploits tracked across all sources.

Sort: Activity Stars
CVE-2025-8191 EXPLOITDB LOW c
Macrozheng Mall < 1.0.3 - Code Injection
A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor deleted the GitHub issue for this vulnerability without any explanation. Afterwards the vendor was contacted early about this disclosure via email but did not respond in any way.
by Byte Reaper
CVSS 3.5
CVE-2025-32429 EXPLOITDB CRITICAL c
XWiki Platform - SQL Injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.
by Byte Reaper
CVSS 9.8
CVE-2025-7795 EXPLOITDB HIGH c
Tenda FH451 1.0.0.9 - Buffer Overflow
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by Byte Reaper
CVSS 8.8
CVE-2024-42049 EXPLOITDB CRITICAL c
TightVNC <2.8.84 - RCE
TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection.
by Ionut Zevedei
CVSS 9.1
CVE-2023-29336 EXPLOITDB HIGH c
Win32k - Privilege Escalation
Win32k Elevation of Privilege Vulnerability
by Milad karimi
CVSS 7.8
CVE-2024-11237 EXPLOITDB HIGH c
Tp-link Vn020-f3v(t) Firmware - Out-of-Bounds Write
A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by Mohamed Maatallah
CVSS 7.5
CVE-2024-49138 EXPLOITDB HIGH c
Microsoft Windows 10 1507 < 10.0.10240.20857 - Heap Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
by Milad karimi
CVSS 7.8
CVE-2024-21338 EXPLOITDB HIGH c
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
by Milad karimi
CVSS 7.8
CVE-2024-6387 EXPLOITDB HIGH c
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
by Milad karimi
CVSS 8.1
CVE-2024-12344 EXPLOITDB MEDIUM c
Tp-link Vn020 F3v Firmware - Out-of-Bounds Write
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by Mohamed Maatallah
CVSS 6.3
EIP-2026-119285 EXPLOITDB c
WinRAR version 6.22 - Remote Code Execution via ZIP archive
by E1 Coders
EIP-2026-103155 EXPLOITDB c
LBT-T300-mini1 - Remote Buffer Overflow
by Amirhossein Bahramizadeh
EIP-2026-103821 EXPLOITDB c
vm2 - sandbox escape
by Calil Khalil
EIP-2026-101484 EXPLOITDB c
TPC-110W - Missing Authentication for Critical Function
by Amirhossein Bahramizadeh
CVE-2024-58311 EXPLOITDB CRITICAL c
Dormakaba Saflok System 6000 - Info Disclosure
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation of the card's unique identifier.
by planthopper3301
CVSS 9.8
EIP-2026-102769 EXPLOITDB c
(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]
by Alexys (0x177git)
CVE-2023-28293 EXPLOITDB HIGH c
Microsoft Windows 10 1607 < 10.0.14393.5850 - Integer Underflow
Windows Kernel Elevation of Privilege Vulnerability
by Amirhossein Bahramizadeh
CVSS 7.8
CVE-2023-28288 EXPLOITDB HIGH c
Microsoft Sharepoint Foundation - SSRF
Microsoft SharePoint Server Spoofing Vulnerability
by Amirhossein Bahramizadeh
CVSS 8.1
CVE-2023-25187 EXPLOITDB MEDIUM c
Nokia Asika Airscale Firmware - Hard-coded Credentials
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.
by Amirhossein Bahramizadeh
CVSS 6.3
EIP-2026-114729 EXPLOITDB c
Solaris 10 libXm - Buffer overflow Local privilege escalation
by Marco Ivaldi
EIP-2026-117683 EXPLOITDB c
NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit
by Neil Kettle
EIP-2026-116434 EXPLOITDB c
Tunnel Interface Driver - Denial of Service
by ExAllocatePool2
CVE-2022-0847 EXPLOITDB HIGH c
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
by Lance Biggerstaff
CVSS 7.8
CVE-2019-13272 EXPLOITDB HIGH c
Linux Polkit pkexec helper PTRACE_TRACEME local root exploit
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments.
by Ujas Dhami
CVSS 7.8
EIP-2026-103824 EXPLOITDB c
zlog 1.2.15 - Buffer Overflow
by LIWEI
By Source
All 3,149 Exploitdb 50,123 Writeup 46,583 Nomisec 21,108 Metasploit 3,189 Github 2,211 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,723 c 3,550 perl 2,854 html 2,053 php 1,332 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24