Html Exploits

2,074 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-8631 EXPLOITDB HIGH html VERIFIED
Internet Explorer < - Memory Corruption
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
EIP-2026-103489 EXPLOITDB html
Google Chrome 70 - SQLite Magellan Crash (PoC)
by zhuowei
EIP-2026-107023 EXPLOITDB html
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
by Veyselxan
CVE-2018-4438 EXPLOITDB HIGH html VERIFIED
Safari < 12.0.2 - Memory Corruption via Logic Issue
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
by Google Security Research
CVSS 8.8
CVE-2018-8552 EXPLOITDB HIGH html VERIFIED
Internet Explorer <11 - Info Disclosure
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
CVE-2018-8544 EXPLOITDB HIGH html VERIFIED
Windows VBScript Engine - Remote Code Execution via Use-After-Free
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 8.8
CVE-2018-18865 EXPLOITDB HIGH html
Royal TS < 4.3.60728 and TSX < 3.3.1 - Credentials Disclosure
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
by Jakub Palaczynski
CVSS 8.1
EIP-2026-113799 EXPLOITDB html
WordPress Plugin GoURL.io < 1.4.14 - File Upload
by Pouya Darabi
CVE-2018-4315 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4318 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4314 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4197 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4323 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4317 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4306 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4328 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4312 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-15877 GITHUB HIGH html
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by qq431169079
CVSS 8.8
CVE-2018-15876 GITHUB MEDIUM html
ajax-bootmodal-login 1.4.3 - CAPTCHA Bypass via Session Reuse
An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this is required only once per user session, and therefore one could send as many requests as one wished by automation.
by qq431169079
CVSS 5.3
CVE-2018-8353 EXPLOITDB HIGH html VERIFIED
Internet Explorer <11 - Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
by Google Security Research
CVSS 7.5
CVE-2018-15877 EXPLOITDB HIGH html VERIFIED
Plainview Activity Monitor < 20180826 - OS Command Injection via IP Parameter
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by Lydéric Lefebvre
CVSS 8.8
EIP-2026-110037 EXPLOITDB html
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
by r3m0t3nu11
CVE-2018-14029 EXPLOITDB HIGH html
wityCMS 0.6.2 - Cross-Site Request Forgery in Admin User Edit
CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.
by Porhai Eung
CVSS 8.8
EIP-2026-103485 EXPLOITDB html VERIFIED
Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak
by Google Security Research
EIP-2026-103484 EXPLOITDB html VERIFIED
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
by Google Security Research
By Source
All 2,074 Writeup 62,188 Exploitdb 50,076 Nomisec 22,383 Github 3,590 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,552 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25