Exploitdb Exploits

2,009 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101251 EXPLOITDB html
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF)
by LiquidWorm
CVE-2022-50925 EXPLOITDB CRITICAL html
Prowise Reflect <1.0.9 - Code Injection
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.
by Rik Lutz
CVSS 9.8
CVE-2021-47754 EXPLOITDB MEDIUM html
Arunna 1.0.0 - Cross-Site Request Forgery via Profile Settings Form
Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.
by =(L_L)=
CVSS 6.5
CVE-2021-43137 EXPLOITDB HIGH html
Hostel Management System 2.1 - XSS, CSRF
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
by Anubhav Singh
CVSS 8.8
EIP-2026-110575 EXPLOITDB html
Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)
by Murat DEMİRCİ
CVE-2021-45268 EXPLOITDB HIGH html
Backdrop CMS 1.20 - Cross-Site Request Forgery to Remote Code Execution via Malicious Add-on Upload
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
by V1n1v131r4
CVSS 8.8
CVE-2021-24272 EXPLOITDB MEDIUM html
fitness_calculators < 1.9.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting
The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
by 0xB9
CVSS 4.3
EIP-2026-112082 EXPLOITDB html
Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)
by Riadh Benlamine
CVE-2021-24174 EXPLOITDB HIGH html
Database Backups WordPress Plugin <= 1.2.2.6 - Cross-Site Request Forgery
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
by 0xB9
CVSS 8.1
CVE-2021-47953 EXPLOITDB MEDIUM html
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/password
OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick authenticated users into submitting hidden forms with new password values in the 'password' and 'confirm' parameters to hijack accounts.
by Mert Daş
CVSS 4.3
CVE-2021-32403 EXPLOITDB HIGH html
Intelbras RF 301K Firmware 1.1.2 - Cross-Site Request Forgery
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
by Rodolfo Mariano
CVSS 8.8
CVE-2021-47820 EXPLOITDB MEDIUM html
Ubee EVW327 - Cross-Site Request Forgery to Enable Remote Access
Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submits a form to change router remote access settings to port 8080 without the user's consent.
by lated
CVSS 5.3
EIP-2026-102003 EXPLOITDB html
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
by LiquidWorm
EIP-2026-102002 EXPLOITDB html
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
by LiquidWorm
CVE-2021-31152 EXPLOITDB HIGH html
Multilaser Router AC1200 V02.03.01.45_pt - CSRF
Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.
by Rodolfo Mariano
CVSS 8.8
CVE-2021-30147 EXPLOITDB HIGH html
DMA Softlab Radius Manager 4.4.0 - CSRF
DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as adding new manager accounts via admin.php.
by Issac Briones
CVSS 8.8
CVE-2021-47860 EXPLOITDB MEDIUM html
GetSimple CMS Custom JS Plugin 0.1 - CSRF leading to XSS and RCE
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
by Abhishek Joshi
CVSS 5.3
EIP-2026-102025 EXPLOITDB html
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
by LiquidWorm
CVE-2021-28379 EXPLOITDB HIGH html
Vesta Control Panel <0.9.8-27 - Open Redirect
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin.
by Fady Mohammed Osman
CVSS 8.8
EIP-2026-117501 EXPLOITDB html
Microsoft Internet Explorer 11 32-bit - Use-After-Free
by Forrest Orr
CVE-2020-23522 EXPLOITDB MEDIUM html
Pixelimity 1.0 - Cross-Site Request Forgery via Admin Setting Password Parameter
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
by Noth
CVSS 6.8
CVE-2020-37241 EXPLOITDB MEDIUM html
bloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent.
by LiPeiYi
CVSS 5.3
EIP-2026-103527 EXPLOITDB html
jQuery UI 1.12.1 - Denial of Service (DoS)
by Rafael Cintra Lopes
CVE-2021-47723 EXPLOITDB HIGH html
STVS ProVision 5.9.10 - Cross-Site Request Forgery
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
by LiquidWorm
CVSS 8.8
CVE-2021-47730 EXPLOITDB HIGH html
Selea Targa IP OCR-ANPR Camera - CSRF
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
by LiquidWorm
CVSS 8.8
By Source
All 2,009 Writeup 61,941 Exploitdb 50,073 Nomisec 22,289 Github 3,462 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,481 ruby 5,984 c 3,619 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 255 javascript 227 shell 125 go 72 postscript 25 typescript 24