Exploitdb Exploits
2,012 exploits tracked across all sources.
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting
by Edwin Molenaar
Netgear Dgn2200 Firmware < 10.0.0.50 - CSRF
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.
by SivertPL
CVSS 8.8
Netgear Dgn2200 Series Firmware < 10.0.0.50 - OS Command Injection
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
by SivertPL
CVSS 8.8
Microsoft Edge - Type Confusion
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
by Google Security Research
CVSS 8.1
Apple <10.2.1 - XSS
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "WebKit" component, which allows remote attackers to launch popups via a crafted web site.
by Google Security Research
CVSS 6.5
Apple <10.2.1, <10.0.3, <10.1.1 - SSRF
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
Apple <10.2.1, <10.0.3, <10.1.1, <3.1.3 - CSRF
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
by Google Security Research
CVSS 6.5
Apple <10.12.3 - XSS
An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
by Google Security Research
CVSS 6.1
Google Chrome - 'layout' Out-of-Bounds Read
by Google Security Research
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery
by Indrajith.A.N
Microsoft Edge - Memory Corruption
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297.
by Google Security Research
CVSS 7.5
SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)
by LiquidWorm
Alstrasoft FMyLife Pro 1.02 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
Alstrasoft Flippa Clone MarketPlace Script 4.10 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
Apple <10.2.1, <10.0.3, <10.1.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Google Chrome - 'HTMLKeygenElement::shadowSelect()' Type Confusion
by Google Security Research
Apple <10.2.1, <10.0.3, <10.1.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Apple <10.2.1, <10.0.3, <10.1.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Cisco WebEx - 'nativeMessaging' Remote Command Execution
by Google Security Research
MC Hosting Coupons Script - Cross-Site Request Forgery
by Ihsan Sencan
Debian Linux < 52.1.0 - Use After Free
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
by Marcin Ressel
CVSS 9.8
FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing
by Aaditya Purani
By Source