Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-7190 EXPLOITDB HIGH html VERIFIED
Microsoft Edge - Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7194.
by Google Security Research
CVSS 7.5
CVE-2016-7189 EXPLOITDB HIGH html VERIFIED
Microsoft Edge < 1.2.1 - Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.5
CVE-2013-4863 EXPLOITDB HIGH html
MiCasaVerde VeraLite <1.5.408 - RCE
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
by Jacob Baines
CVSS 8.8
EIP-2026-106040 EXPLOITDB html
CNDSOFT 2.3 - Cross-Site Request Forgery / Arbitrary File Upload
by Besim
EIP-2026-110734 EXPLOITDB html
PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin)
by Meryem AKDOĞAN
EIP-2026-114551 EXPLOITDB html
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by Arbin Godar
EIP-2026-112096 EXPLOITDB html
Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)
by Ehsan Hosseini
EIP-2026-105204 EXPLOITDB html
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)
by Besim
EIP-2026-111042 EXPLOITDB html
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)
by Besim
EIP-2026-105484 EXPLOITDB html
BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)
by Besim
EIP-2026-105202 EXPLOITDB html
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
by Besim
EIP-2026-112365 EXPLOITDB html VERIFIED
Spacemarc News - Cross-Site Request Forgery (Add New Post)
by Besim
EIP-2026-109264 EXPLOITDB html
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
by Besim
EIP-2026-105186 EXPLOITDB html
AnoBBS 1.0.1 - Remote File Inclusion
by bd0rk
EIP-2026-115685 EXPLOITDB html
Microsoft Internet Explorer 11.0.9600.18482 - Use After Free
by Marcin Ressel
CVE-2016-20032 EXPLOITDB HIGH html
ZKTeco ZKAccess Security System 5.3.1 Stored XSS
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.
by LiquidWorm
CVSS 7.2
CVE-2016-20028 EXPLOITDB MEDIUM html
ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling unauthorized administrative access when authenticated users visit attacker-controlled pages.
by LiquidWorm
CVSS 4.3
EIP-2026-111809 EXPLOITDB html
RSS News AutoPilot Script 1.0.1/3.0.3 - Cross-Site Request Forgery
by Arbin Godar
CVE-2016-3288 EXPLOITDB HIGH html VERIFIED
Microsoft Internet Explorer - Memory Corruption
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
by Google Security Research
CVSS 7.5
CVE-2016-7454 EXPLOITDB HIGH html
Technicolor Xfinity Gateway Router Dpc3941t Firmware - CSRF
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.
by Ayushman Dutta
CVSS 8.0
EIP-2026-109998 EXPLOITDB html
NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)
by LiquidWorm
EIP-2026-103705 EXPLOITDB html VERIFIED
WebKit - TypedArray.fill Memory Corruption
by Google Security Research
EIP-2026-103704 EXPLOITDB html VERIFIED
WebKit - TypedArray.copyWithin Memory Corruption
by Google Security Research
CVE-2016-20035 EXPLOITDB MEDIUM html
Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.
by LiquidWorm
CVSS 5.3
CVE-2016-20034 EXPLOITDB HIGH html
Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.
by LiquidWorm
CVSS 8.8
By Source
All 2,012 Exploitdb 50,123 Writeup 46,593 Nomisec 21,119 Metasploit 3,189 Github 2,225 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,728 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 68 go 41 postscript 25 xml 24