Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-36597 EXPLOITDB HIGH text
Aegon Life v1.0 - SQL Injection
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
by Aslam Anwar Mahimkar
CVSS 8.8
EIP-2026-114380 EXPLOITDB text
WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
by Onur Göğebakan
EIP-2026-105576 EXPLOITDB text
Boelter Blue System Management 1.3 - SQL Injection
by CBKB
CVE-2024-58280 EXPLOITDB HIGH text
CMSimple 5.15 - RCE
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.
by Ahmet Ümit BAYRAM
CVSS 8.8
CVE-2023-27636 EXPLOITDB MEDIUM text
Progress Sitefinity < 15.0.0 - XSS
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
by Aldi Saputra Wahyudi
CVSS 5.4
CVE-2024-58293 EXPLOITDB HIGH text
Akaunting 3.1.8 - Code Injection
Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations.
by tmrswrr
CVE-2024-58295 EXPLOITDB HIGH text
ElkArte Forum 1.1.9 - RCE
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing the uploaded file in the theme directory.
by tmrswrr
CVE-2024-22855 EXPLOITDB MEDIUM text
ITSS iMLog <1.307 - XSS
A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.
by Gabriel Felipe
CVSS 5.4
EIP-2026-105666 EXPLOITDB text
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
by Ivan Spiridonov
CVE-2024-33559 EXPLOITDB CRITICAL text
8theme XStore <9.3.5 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.
by Abdualhadi khalifa
CVSS 9.3
CVE-2024-32113 EXPLOITDB CRITICAL text
Apache OFBiz <18.12.13 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
by Abdualhadi khalifa
CVSS 9.8
CVE-2024-58285 EXPLOITDB MEDIUM text
Chyrp - XSS
Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.
by Ahmet Ümit BAYRAM
CVSS 5.4
CVE-2024-58297 EXPLOITDB MEDIUM text
Pyrocms - XSS
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.
by tmrswrr
CVSS 5.4
CVE-2024-58296 EXPLOITDB MEDIUM text
CE Phoenix v3.0.1 - XSS
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.
by tmrswrr
EIP-2026-117773 EXPLOITDB text
Plantronics Hub 3.25.1 - Arbitrary File Read
by Alaa Kachouh
EIP-2026-111507 EXPLOITDB text
Prison Management System - SQL Injection Authentication Bypass
by Sanjay Singh
EIP-2026-109087 EXPLOITDB text
Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
by Ahmet Ümit BAYRAM
EIP-2026-104279 EXPLOITDB text
iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)
by modrnProph3t
EIP-2026-106818 EXPLOITDB text
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
by LiquidWorm
EIP-2026-101705 EXPLOITDB text
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure
by LiquidWorm
EIP-2026-101704 EXPLOITDB text
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass
by LiquidWorm
EIP-2026-101703 EXPLOITDB text
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure
by LiquidWorm
EIP-2026-101702 EXPLOITDB text
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass
by LiquidWorm
EIP-2026-101699 EXPLOITDB text
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass
by LiquidWorm
CVE-2024-31621 EXPLOITDB HIGH text
Flowise <1.6.2 - RCE
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.
by Maerifat Majeed
CVSS 7.6
By Source
All 31,341 Exploitdb 50,123 Writeup 46,586 Nomisec 21,108 Metasploit 3,189 Github 2,216 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,725 c 3,550 perl 2,854 html 2,053 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24