Html Exploits

2,054 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113470 EXPLOITDB html VERIFIED
WonderCMS 2.1.0 - Cross-Site Request Forgery
by Ehsan Hosseini
CVE-2017-7005 EXPLOITDB HIGH html VERIFIED
Apple <10.3.2, <10.1.1, <10.2.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2547 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-6980 EXPLOITDB HIGH html VERIFIED
Apple <10.3.2, <10.1.1, <10.2.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-6984 EXPLOITDB HIGH html VERIFIED
Apple <10.3.2, <10.1.1, <12.6.1 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2016-9651 EXPLOITDB HIGH html
Google Chrome < 55.0.2883.75 - Code Injection
A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
by Qihoo360
CVSS 8.8
CVE-2017-2528 EXPLOITDB MEDIUM html VERIFIED
Apple Safari < 10.1 - XSS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.
by Google Security Research
CVSS 6.1
EIP-2026-104489 EXPLOITDB html VERIFIED
WebKit - 'Document::prepareForDestruction' / 'CachedFrame' Universal Cross-Site Scripting
by Google Security Research
EIP-2026-104487 EXPLOITDB html VERIFIED
WebKit - 'CachedFrameBase::restore' Universal Cross-Site Scripting
by Google Security Research
EIP-2026-103702 EXPLOITDB html VERIFIED
WebKit - 'Element::setAttributeNodeNS' Use-After-Free
by Google Security Research
CVE-2017-2515 EXPLOITDB HIGH html VERIFIED
Apple Iphone OS < 10.3.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
CVE-2017-2510 EXPLOITDB MEDIUM html VERIFIED
Apple Safari < 10.1 - XSS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events.
by Google Security Research
CVSS 6.1
EIP-2026-104488 EXPLOITDB html VERIFIED
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
by Google Security Research
CVE-2017-2504 EXPLOITDB MEDIUM html VERIFIED
Apple Safari < 10.1.1 - XSS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands.
by Google Security Research
CVSS 6.1
EIP-2026-104166 EXPLOITDB html VERIFIED
Apple Safari 10.0.3(12602.4.8) / WebKit - 'HTMLObjectElement::updateWidget' Universal Cross-Site Scripting
by Google Security Research
CVE-2017-5447 EXPLOITDB CRITICAL html VERIFIED
Debian Linux < 45.9.0 - Use After Free
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
by Google Security Research
CVSS 9.1
CVE-2017-5465 EXPLOITDB CRITICAL html VERIFIED
Debian Linux < 45.9.0 - Out-of-Bounds Read
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
by Google Security Research
CVSS 9.1
CVE-2017-2514 EXPLOITDB HIGH html VERIFIED
Apple Iphone OS < 10.3.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
EIP-2026-103574 EXPLOITDB html VERIFIED
Mozilla Firefox 50 < 55 - Stack Overflow Denial of Service
by Geeknik Labs
EIP-2026-107458 EXPLOITDB html
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
by HaHwul
CVE-2017-2491 EXPLOITDB HIGH html VERIFIED
Apple Iphone OS < 10.2.1 - Use After Free
Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.
by saelo & niklasb
CVSS 8.8
EIP-2026-115674 EXPLOITDB html
Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free
by Marcin Ressel
CVE-2017-0202 EXPLOITDB HIGH html VERIFIED
Microsoft Internet Explorer - Memory Corruption
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability."
by Google Security Research
CVSS 7.5
CVE-2017-2464 EXPLOITDB HIGH html VERIFIED
Apple Safari < 10.0.3 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
EIP-2026-104168 EXPLOITDB html VERIFIED
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting
by Google Security Research
By Source
All 2,054 Exploitdb 50,123 Writeup 46,591 Nomisec 21,116 Metasploit 3,189 Github 2,221 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,726 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24