Html Exploits

2,053 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114624 EXPLOITDB html
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
by mqt
CVE-2018-19829 EXPLOITDB MEDIUM html
Artica Integria IMS 5.0.83 - CSRF
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
by Javier Olmedo
CVSS 6.5
EIP-2026-107650 EXPLOITDB html
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
by Sainadh Jamalpur
CVE-2018-8631 EXPLOITDB HIGH html VERIFIED
Internet Explorer < - Memory Corruption
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
EIP-2026-103489 EXPLOITDB html
Google Chrome 70 - SQLite Magellan Crash (PoC)
by zhuowei
EIP-2026-107023 EXPLOITDB html
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
by Veyselxan
CVE-2018-4438 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12.0.2 - Memory Corruption
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
by Google Security Research
CVSS 8.8
CVE-2018-8552 EXPLOITDB HIGH html VERIFIED
Internet Explorer <11 - Info Disclosure
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
CVE-2018-8544 EXPLOITDB HIGH html VERIFIED
Windows VBScript Engine - RCE
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 8.8
CVE-2018-18865 EXPLOITDB HIGH html
Royalapplications Royal TS < 4.3.60728 - Information Disclosure
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
by Jakub Palaczynski
CVSS 8.1
EIP-2026-113799 EXPLOITDB html
WordPress Plugin GoURL.io < 1.4.14 - File Upload
by Pouya Darabi
CVE-2018-4315 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4318 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4314 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4197 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4323 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4317 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4306 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4328 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4312 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-15877 GITHUB HIGH html
Plainview Activity Monitor < 20180826 - OS Command Injection
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by qq431169079
CVSS 8.8
CVE-2018-15876 GITHUB MEDIUM html
Ajax Bootmodal Login - Improper Input Validation
An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.
by qq431169079
CVSS 5.3
CVE-2018-8353 EXPLOITDB HIGH html VERIFIED
Internet Explorer <11 - Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
by Google Security Research
CVSS 7.5
CVE-2018-15877 EXPLOITDB HIGH html VERIFIED
Plainview Activity Monitor < 20180826 - OS Command Injection
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by Lydéric Lefebvre
CVSS 8.8
EIP-2026-110037 EXPLOITDB html
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
by r3m0t3nu11
By Source
All 2,053 Exploitdb 50,123 Writeup 46,586 Nomisec 21,108 Metasploit 3,189 Github 2,216 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,725 c 3,550 perl 2,854 html 2,053 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24