Html Exploits

2,053 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103494 EXPLOITDB html VERIFIED
Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability
by Google Security Research
EIP-2026-101586 EXPLOITDB html
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
by Alperen Soydan
CVE-2019-14328 EXPLOITDB HIGH html
WordPress Simple Membership <3.8.5 - CSRF
The Simple Membership plugin before 3.8.5 for WordPress has CSRF affecting the Bulk Operation section.
by rubyman
CVSS 8.8
EIP-2026-103468 EXPLOITDB html
Firefox 67.0.4 - Denial of Service
by Tejas Ajay Naik
EIP-2026-104218 EXPLOITDB html
CyberPanel 1.8.4 - Cross-Site Request Forgery
by Bilgi Birikim Sistemleri
EIP-2026-101747 EXPLOITDB html
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
by XORcat
EIP-2026-103491 EXPLOITDB html VERIFIED
Google Chrome 73.0.3683.103 - 'WasmMemoryObject::Grow' Use-After-Free
by Google Security Research
CVE-2019-5678 EXPLOITDB HIGH html
Nvidia Geforce Experience < 3.19 - Improper Input Validation
NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure.
by Rhino Security Labs
CVSS 7.8
CVE-2019-0752 EXPLOITDB HIGH html
Internet Explorer - Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
by Simon Zuckerbraun
CVSS 7.5
EIP-2026-103501 EXPLOITDB html VERIFIED
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write
by Google Security Research
CVE-2019-17600 EXPLOITDB CRITICAL html
Intelbras Iwr 1000n Firmware - CSRF
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
by Social Engineering Neo
CVSS 9.8
CVE-2019-11416 EXPLOITDB HIGH html
Intelbras IWR 3000N 1.5.0 - CSRF
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
by Social Engineering Neo
CVSS 8.8
CVE-2019-11375 EXPLOITDB MEDIUM html
Msvod v10 - CSRF
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
by ax8
CVSS 6.5
CVE-2019-11374 EXPLOITDB HIGH html
74CMS v5.0.1 - CSRF
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
by ax8
CVSS 8.8
EIP-2026-103492 EXPLOITDB html
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)
by Bogdan Kurinnoy
CVE-2019-10874 EXPLOITDB HIGH html
Bolt < 3.6.7 - CSRF
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
by FelipeGaspar
CVSS 8.8
EIP-2026-113647 EXPLOITDB html
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery
by Peyman Forouzan
EIP-2026-103913 EXPLOITDB html VERIFIED
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion
by Google Security Research
EIP-2026-103715 EXPLOITDB html VERIFIED
WebKitGTK+ - 'ThreadedCompositor' Race Condition
by Google Security Research
EIP-2026-103493 EXPLOITDB html VERIFIED
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion
by Google Security Research
CVE-2019-7440 EXPLOITDB MEDIUM html
JioFi 4G M2S 1.0.2 - CSRF
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
by Vikas Chaudhary
CVSS 6.5
CVE-2019-9810 EXPLOITDB HIGH html
Firefox < 66.0.1 - Buffer Overflow
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
by xuechiyaobai
CVSS 8.8
CVE-2019-0667 EXPLOITDB HIGH html VERIFIED
Windows VBScript Engine - RCE
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.
by Google Security Research
CVSS 7.5
CVE-2019-0768 EXPLOITDB MEDIUM html VERIFIED
IE - Auth Bypass
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.
by Google Security Research
CVSS 4.3
EIP-2026-107878 EXPLOITDB html
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
by LiquidWorm
By Source
All 2,053 Exploitdb 50,123 Writeup 46,586 Nomisec 21,108 Metasploit 3,189 Github 2,216 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,725 c 3,550 perl 2,854 html 2,053 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24