Exploitdb Exploits

2,009 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103502 EXPLOITDB html
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
by Bogdan Kurinnoy
CVE-2019-6441 EXPLOITDB CRITICAL html
Coship RT3050 RT3052 RT7620 WM3300 - Unauthenticated Admin Password Reset via apply.cgi
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
by Adithyan AK
CVSS 9.8
CVE-2019-6249 EXPLOITDB HIGH html
HuCart 5.7.4 - Cross-Site Request Forgery via Admin Account Addition
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
by AllenChen
CVSS 8.8
EIP-2026-103503 EXPLOITDB html
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
by Bogdan Kurinnoy
CVE-2019-25259 EXPLOITDB MEDIUM html
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - CSRF
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.
by LiquidWorm
CVSS 5.3
CVE-2018-25131 EXPLOITDB HIGH html
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - XSS
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed.
by LiquidWorm
CVSS 7.2
EIP-2026-115645 EXPLOITDB html
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
by Bogdan Kurinnoy
CVE-2018-4443 EXPLOITDB HIGH html VERIFIED
Safari < 12.0.2 - Memory Corruption
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
by Google Security Research
CVSS 8.8
CVE-2018-25435 EXPLOITDB MEDIUM html
ZeusCart 4.0 - Cross-Site Request Forgery via regstatus Endpoint
ZeusCart 4.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of victims by crafting malicious requests. Attackers can deactivate customer accounts via the admin interface by tricking users into visiting attacker-controlled pages that submit requests to the regstatus endpoint with action=deny parameters.
by mqt
CVSS 5.3
EIP-2026-115644 EXPLOITDB html
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service
by Bogdan Kurinnoy
CVE-2018-19829 EXPLOITDB MEDIUM html
Artica Integria IMS 5.0.83 - Cross-Site Request Forgery in User List Management
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
by Javier Olmedo
CVSS 6.5
EIP-2026-107650 EXPLOITDB html
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
by Sainadh Jamalpur
CVE-2018-8631 EXPLOITDB HIGH html VERIFIED
Internet Explorer < - Memory Corruption
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
EIP-2026-103489 EXPLOITDB html
Google Chrome 70 - SQLite Magellan Crash (PoC)
by zhuowei
EIP-2026-107023 EXPLOITDB html
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
by Veyselxan
CVE-2018-4438 EXPLOITDB HIGH html VERIFIED
Safari < 12.0.2 - Memory Corruption via Logic Issue
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
by Google Security Research
CVSS 8.8
CVE-2018-8552 EXPLOITDB HIGH html VERIFIED
Internet Explorer <11 - Info Disclosure
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
CVE-2018-8544 EXPLOITDB HIGH html VERIFIED
Windows VBScript Engine - Remote Code Execution via Use-After-Free
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 8.8
CVE-2018-18865 EXPLOITDB HIGH html
Royal TS < 4.3.60728 and TSX < 3.3.1 - Credentials Disclosure
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
by Jakub Palaczynski
CVSS 8.1
EIP-2026-113799 EXPLOITDB html
WordPress Plugin GoURL.io < 1.4.14 - File Upload
by Pouya Darabi
CVE-2018-4315 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4318 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4314 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4197 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Use-After-Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4323 EXPLOITDB HIGH html VERIFIED
Safari < 12 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
By Source
All 2,009 Writeup 61,941 Exploitdb 50,073 Nomisec 22,294 Github 3,475 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,491 ruby 5,984 c 3,619 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 255 javascript 227 shell 126 go 72 postscript 25 typescript 25