Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-47723 EXPLOITDB HIGH html
STVS ProVision 5.9.10 - CSRF
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
by LiquidWorm
CVSS 8.8
CVE-2021-47730 EXPLOITDB HIGH html
Selea Targa IP OCR-ANPR Camera - CSRF
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
by LiquidWorm
CVSS 8.8
CVE-2020-23342 EXPLOITDB HIGH html
Anchor CMS 0.12.7 - CSRF
A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
by Ninad Mishra
CVSS 8.8
CVE-2020-35687 EXPLOITDB MEDIUM html
Php-fusion Phpfusion - CSRF
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
by Mohamed Oosman
CVSS 4.3
CVE-2020-29597 EXPLOITDB CRITICAL html
IncomCMS 2.0 - File Upload
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
by MoeAlBarbari
CVSS 9.8
EIP-2026-103710 EXPLOITDB html VERIFIED
WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment
by Google Security Research
EIP-2026-103708 EXPLOITDB html VERIFIED
WebKit - Universal XSS in WebCore::command
by Google Security Research
CVE-2019-16531 EXPLOITDB HIGH html
LayerBB <1.1.4 - CSRF
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
by 0xB9
CVSS 8.8
CVE-2019-16068 EXPLOITDB HIGH html
NETSAS ENIGMA NMS <65.0.0 - CSRF
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.
by xerubus
CVSS 8.8
EIP-2026-104494 EXPLOITDB html
Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery
by Bhadresh Patel
EIP-2026-113532 EXPLOITDB html
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
by Princy Edward
EIP-2026-103494 EXPLOITDB html VERIFIED
Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability
by Google Security Research
EIP-2026-101586 EXPLOITDB html
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
by Alperen Soydan
CVE-2019-14328 EXPLOITDB HIGH html
WordPress Simple Membership <3.8.5 - CSRF
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
by rubyman
CVSS 8.8
EIP-2026-103468 EXPLOITDB html
Firefox 67.0.4 - Denial of Service
by Tejas Ajay Naik
EIP-2026-104218 EXPLOITDB html
CyberPanel 1.8.4 - Cross-Site Request Forgery
by Bilgi Birikim Sistemleri
EIP-2026-101747 EXPLOITDB html
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
by XORcat
EIP-2026-103491 EXPLOITDB html VERIFIED
Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
by Google Security Research
CVE-2019-5678 EXPLOITDB HIGH html
Nvidia Geforce Experience < 3.19 - Improper Input Validation
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
by Rhino Security Labs
CVSS 7.8
CVE-2019-0752 EXPLOITDB HIGH html
Internet Explorer - Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
by Simon Zuckerbraun
CVSS 7.5
EIP-2026-103501 EXPLOITDB html VERIFIED
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write
by Google Security Research
CVE-2019-17600 EXPLOITDB CRITICAL html
Intelbras Iwr 1000n Firmware - CSRF
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
by Social Engineering Neo
CVSS 9.8
CVE-2019-11416 EXPLOITDB HIGH html
Intelbras IWR 3000N 1.5.0 - CSRF
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
by Social Engineering Neo
CVSS 8.8
CVE-2019-11375 EXPLOITDB MEDIUM html
Msvod v10 - CSRF
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
by ax8
CVSS 6.5
CVE-2019-11374 EXPLOITDB HIGH html
74CMS v5.0.1 - CSRF
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
by ax8
CVSS 8.8
By Source
All 2,012 Exploitdb 50,123 Writeup 46,583 Nomisec 21,108 Metasploit 3,189 Github 2,211 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,723 c 3,550 perl 2,854 html 2,053 php 1,332 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24