Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114127 EXPLOITDB text
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
by Mehran Feizi
EIP-2026-113651 EXPLOITDB text
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload
by Mehran Feizi
CVE-2019-18915 EXPLOITDB HIGH text VERIFIED
HP System Event Utility <1.4.33 - RCE
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.
by hyp3rlinx
CVSS 7.8
CVE-2020-37100 EXPLOITDB HIGH text
Sync Breeze Enterprise 12.4.18 - Code Injection
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.
by boku
CVSS 7.8
CVE-2020-37099 EXPLOITDB HIGH text
Disk Savvy Enterprise 12.3.18 - Code Injection
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.
by boku
CVSS 7.8
CVE-2020-37098 EXPLOITDB HIGH text
Disk Sorter Enterprise <12.4.16 - Code Injection
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
by boku
CVSS 7.8
CVE-2017-1000475 EXPLOITDB HIGH text
FreeSSHd <1.3.1 - Privilege Escalation
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
by boku
CVSS 7.8
EIP-2026-117202 EXPLOITDB text
freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path
by boku
CVE-2020-8825 EXPLOITDB MEDIUM text
Vanilla 2.6.3 - Stored Cross-Site Scripting via Branding Settings Page
index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.
by Sayak Naskar
CVSS 5.4
CVE-2020-8839 EXPLOITDB MEDIUM text
CHIYU BF-430 Firmware < 1.16.00 - Stored Cross-Site Scripting via TF_submask Field
Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field.
by Luca.Chiou
CVSS 6.1
CVE-2020-7949 EXPLOITDB HIGH text
Dota 2 < 7.23f - Remote Code Execution via Crafted Map in GetValue Call
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.
by Bogdan Kurinnoy
CVSS 7.8
CVE-2020-7108 EXPLOITDB MEDIUM text
LearnDash 3.0-3.1.2 - Cross-Site Scripting via ld-profile Search Field
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.
by Jinson Varghese Behanan
CVSS 5.4
CVE-2019-6146 EXPLOITDB MEDIUM text
Forcepoint Web Security 8.0.0-8.5.3 - Cross-Site Scripting via Host Header Injection
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
by Prasenjit Kanti Paul
CVSS 6.1
CVE-2020-3837 EXPLOITDB HIGH text VERIFIED
iPadOS < 13.3.1 - Out-of-bounds Write
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with kernel privileges.
by Google Security Research
CVSS 7.8
CVE-2020-37163 EXPLOITDB HIGH text
QuickDate 1.3.2 - SQL Injection via _located Parameter
QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name, and system version.
by Ihsan Sencan
CVSS 8.2
EIP-2026-119674 EXPLOITDB text
ExpertGPS 6.38 - XML External Entity Injection
by Trent Gordon
EIP-2026-113050 EXPLOITDB text
VehicleWorkshop 1.0 - 'bookingid' SQL Injection
by Mehran Feizi
EIP-2026-110442 EXPLOITDB text
PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection
by Amel BOUZIANE-LEBLOND
CVE-2020-8656 EXPLOITDB CRITICAL text
EyesOfNetwork 5.3 - Unauthenticated SQL Injection via Username Field in getApiKey
An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the username field to getApiKey in include/api_functions.php.
by Clément Billac
CVSS 9.8
EIP-2026-104269 EXPLOITDB text
Google Invisible RECAPTCHA 3 - Spoof Bypass
by Matamorphosis
EIP-2026-117120 EXPLOITDB text
ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path
by ZwX
EIP-2026-110130 EXPLOITDB text
Online Job Portal 1.0 - Remote Code Execution
by Ihsan Sencan
EIP-2026-110128 EXPLOITDB text
Online Job Portal 1.0 - Cross Site Request Forgery (Add User)
by Ihsan Sencan
EIP-2026-110127 EXPLOITDB text
Online Job Portal 1.0 - 'user_email' SQL Injection
by Ihsan Sencan
EIP-2026-102758 EXPLOITDB text
VIM 8.2 - Denial of Service (PoC)
by Dhiraj Mishra
By Source
All 31,386 Writeup 62,507 Exploitdb 50,076 Nomisec 22,463 Github 3,685 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,604 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25