Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-2514 EXPLOITDB HIGH html VERIFIED
Apple Iphone OS < 10.3.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
EIP-2026-103574 EXPLOITDB html VERIFIED
Mozilla Firefox 50 < 55 - Stack Overflow Denial of Service
by Geeknik Labs
EIP-2026-107458 EXPLOITDB html
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
by HaHwul
CVE-2017-2491 EXPLOITDB HIGH html VERIFIED
Apple Iphone OS < 10.2.1 - Use After Free
Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.
by saelo & niklasb
CVSS 8.8
EIP-2026-115674 EXPLOITDB html
Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free
by Marcin Ressel
CVE-2017-0202 EXPLOITDB HIGH html VERIFIED
Microsoft Internet Explorer - Memory Corruption
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."
by Google Security Research
CVSS 7.5
CVE-2017-2464 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
EIP-2026-104168 EXPLOITDB html VERIFIED
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting
by Google Security Research
EIP-2026-104167 EXPLOITDB html VERIFIED
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting
by Google Security Research
CVE-2017-5415 EXPLOITDB MEDIUM html
Firefox < 52 - SSRF
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52.
by 649
CVSS 5.3
EIP-2026-104153 EXPLOITDB html
agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting
by SySS GmbH
EIP-2026-104152 EXPLOITDB html
agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery
by SySS GmbH
CVE-2017-2479 EXPLOITDB MEDIUM html VERIFIED
Apple Safari < 10.1 - Improper Input Validation
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
CVE-2017-2480 EXPLOITDB MEDIUM html VERIFIED
Apple Icloud < 6.1.1 - Information Disclosure
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
CVE-2017-2469 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2470 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2468 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
EIP-2026-113755 EXPLOITDB html
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
by dxw
EIP-2026-113754 EXPLOITDB html
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
by dxw
EIP-2026-113657 EXPLOITDB html
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
by Zhiyang Zeng
EIP-2026-106668 EXPLOITDB html
e107 CMS 2.1.4 - Cross-Site Request Forgery
by Zhiyang Zeng
CVE-2017-2364 EXPLOITDB MEDIUM html VERIFIED
Apple <10.2.1, <10.0.3 - CSRF
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
CVE-2017-2457 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2445 EXPLOITDB MEDIUM html VERIFIED
Apple Safari < 10.0.3 - XSS
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.
by Google Security Research
CVSS 6.1
CVE-2017-2367 EXPLOITDB MEDIUM html VERIFIED
Apple <10.3 - SSRF
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
By Source
All 2,012 Exploitdb 50,123 Writeup 46,591 Nomisec 21,116 Metasploit 3,189 Github 2,221 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,726 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24