Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-16893 EXPLOITDB HIGH text
TP-Link TP-SG105E V4 1.0.0 Build 20181120 - Unauthenticated Device Reboot via reboot.cgi
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.
by PCEumel
CVSS 7.5
CVE-2020-6170 EXPLOITDB CRITICAL text
Genexis Platinum-4410 <2.1 - Auth Bypass
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.
by Husinul Sanub
CVSS 9.8
CVE-2020-37178 EXPLOITDB HIGH text
KeePass Password Safe < 2.44 - Denial of Service via Malicious HTML File in Help System
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
by Mustafa Emre Gül
CVSS 7.5
EIP-2026-117672 EXPLOITDB text
NEOWISE CARBONFTP 1.4 - Weak Password Encryption
by hyp3rlinx
EIP-2026-102405 EXPLOITDB text
ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection
by Ertebat Gostar Co
CVE-2020-7991 EXPLOITDB HIGH text
Adive Framework 2.0.8 - Cross-Site Request Forgery in Admin Config
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
by Sarthak Saini
CVSS 8.8
CVE-2020-7990 EXPLOITDB MEDIUM text
Adive Framework 2.0.8 - Stored Cross-Site Scripting via User Add Function
Adive Framework 2.0.8 has admin/user/add userName XSS.
by Sarthak Saini
CVSS 6.1
CVE-2020-7989 EXPLOITDB MEDIUM text
Adive Framework 2.0.8 - Stored Cross-Site Scripting via userUsername Parameter
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
by Sarthak Saini
CVSS 6.1
CVE-2019-19031 EXPLOITDB HIGH text
Easy XML Editor <1.7.8 - XML External Entity Injection
Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.
by Javier Olmedo
CVSS 8.1
EIP-2026-118026 EXPLOITDB text
Trend Micro Maximum Security 2019 - Privilege Escalation
by hyp3rlinx
EIP-2026-118025 EXPLOITDB text
Trend Micro Maximum Security 2019 - Arbitrary Code Execution
by hyp3rlinx
CVE-2019-20204 EXPLOITDB MEDIUM text
Postie < 1.9.40 - Cross-Site Scripting via SVG Element
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.
by V1n1v131r4
CVSS 5.4
EIP-2026-111824 EXPLOITDB text
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
by Fatih Çelik
EIP-2026-111823 EXPLOITDB text
Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
by Fatih Çelik
EIP-2026-111822 EXPLOITDB text
Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection
by Fatih Çelik
EIP-2026-110062 EXPLOITDB text
Online Book Store 1.0 - Arbitrary File Upload
by Or4nG.M4N
CVE-2019-19781 EXPLOITDB CRITICAL text
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by Dhiraj Mishra
CVSS 9.8
CVE-2020-2096 EXPLOITDB MEDIUM text
Jenkins Gitlab Hook Plugin < 1.4.2 - Reflected Cross-Site Scripting via Build Now Endpoint
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
by Ai Ho
CVSS 6.1
EIP-2026-110060 EXPLOITDB text
Online Book Store 1.0 - 'bookisbn' SQL Injection
by Ertebat Gostar Co
CVE-2020-37182 EXPLOITDB HIGH text
Redir 3.3 - Denial of Service via Stack Overflow in doproxyconnect()
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.
by hieubl
CVSS 7.5
CVE-2020-37101 EXPLOITDB HIGH text VERIFIED
VPN Unlimited 6.1 - Unquoted Service Path Privilege Escalation via Service Binary Path Injection
VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\VPN Unlimited\' to replace the service executable and gain elevated system privileges.
by Amin Rawah
CVSS 7.8
EIP-2026-101798 EXPLOITDB text
IBM RICOH InfoPrint 6500 Printer - HTML Injection
by Ismail Tasdelen
EIP-2026-101796 EXPLOITDB text
IBM RICOH 6400 Printer - HTML Injection
by Ismail Tasdelen
EIP-2026-100048 EXPLOITDB text VERIFIED
WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM
by Google Security Research
CVE-2020-0009 EXPLOITDB MEDIUM text VERIFIED
Android - Incorrect Default Permissions in ashmem.c
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
by Google Security Research
CVSS 5.5
By Source
All 31,386 Writeup 62,507 Exploitdb 50,076 Nomisec 22,463 Github 3,685 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,604 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25