Text Exploits
31,346 exploits tracked across all sources.
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
by Jinson Varghese Behanan
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
by J3rryBl4nks
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
by J3rryBl4nks
Avaya Aura Communication Manager 5.2 - Remote Code Execution
by Sarang Tumne
SprintWork 2.3.1 - Privilege Escalation
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
by boku
CVSS 6.2
phpMyChat Plus 1.98 - SQL Injection
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.
by J3rryBl4nks
CVSS 8.2
EPSON EasyMP Network Projection 2.81 - Code Injection
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
by Roberto Piña
CVSS 7.8
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
by Mehran Feizi
WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion
by Mehran Feizi
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
by Mehran Feizi
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload
by Mehran Feizi
HP System Event Utility <1.4.33 - RCE
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.
by hyp3rlinx
CVSS 7.8
Sync Breeze Enterprise 12.4.18 - Code Injection
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.
by boku
CVSS 7.8
Disk Savvy Enterprise 12.3.18 - Code Injection
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.
by boku
CVSS 7.8
Disk Sorter Enterprise <12.4.16 - Code Injection
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
by boku
CVSS 7.8
FreeSSHd <1.3.1 - Privilege Escalation
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
by boku
CVSS 7.8
Vanilla 2.6.3 - XSS
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
by Sayak Naskar
CVSS 5.4
CHIYU BF-430 - Stored XSS
Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field.
by Luca.Chiou
CVSS 6.1
Valve Dota 2 <7.23f - RCE/DoS
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.
by Bogdan Kurinnoy
CVSS 7.8
By Source