Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25288 EXPLOITDB HIGH text
Wacom WTabletService 6.6.7-3 - Code Injection
Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots.
by Marcos Antonio León
CVSS 7.8
CVE-2019-25235 EXPLOITDB CRITICAL text
Smartwares HOME easy <1.0.9 - Auth Bypass
Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system information.
by LiquidWorm
CVSS 9.8
EIP-2026-117805 EXPLOITDB text
QNAP NetBak Replicator 4.5.6.0607 - 'QVssService' Unquoted Service Path
by Ivan Marmolejo
CVE-2019-25359 EXPLOITDB HIGH text
SD.NET RIM <4.7.3c - SQL Injection
SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enabling unauthorized database manipulation and potential information disclosure.
by Fabian Mosch_ Nick Theisinger
CVSS 8.2
CVE-2019-25301 EXPLOITDB MEDIUM text
Millhouse-Project 1.414 - XSS
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add_comment_sql.php to execute arbitrary scripts in victim browsers.
by cakes
CVSS 6.4
CVE-2019-25300 EXPLOITDB HIGH text
Globitek CMS 1.4 - SQL Injection
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information.
by cakes
CVSS 7.1
CVE-2019-25299 EXPLOITDB HIGH text
RimbaLinux AhadPOS 1.11 - SQL Injection
RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or potentially interact with the underlying database.
by cakes
CVSS 7.1
CVE-2019-25298 EXPLOITDB CRITICAL text
html5_snmp 1.11 - SQL Injection
html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by sending crafted payloads.
by cakes
CVSS 9.1
CVE-2019-25294 EXPLOITDB MEDIUM text
html5_snmp 1.11 - XSS
html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victim browsers when the page is loaded.
by cakes
CVSS 6.1
CVE-2019-25293 EXPLOITDB HIGH text
BlueStacks App Player 2.4.44.62.57 - Local Privilege Escalation
BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject malicious executables and escalate privileges.
by Diego Armando Buztamante Rico
CVSS 7.8
EIP-2026-117688 EXPLOITDB text
Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path
by Samuel DiazL
EIP-2026-103707 EXPLOITDB text VERIFIED
WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive
by Google Security Research
CVE-2019-8820 EXPLOITDB HIGH text VERIFIED
Apple Icloud < 7.15 - Out-of-Bounds Write
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
EIP-2026-103367 EXPLOITDB text VERIFIED
macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()
by Google Security Research
CVE-2019-25302 EXPLOITDB HIGH text
Acer Launch Manager 6.1.7600.16385 - Privilege Escalation
Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup.
by Gustavo Briseño
CVSS 7.8
EIP-2026-117723 EXPLOITDB text
OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path
by Luis Martínez
EIP-2026-119630 EXPLOITDB text
DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'
by Mumbai
CVE-2019-25303 EXPLOITDB HIGH text
TheJshen ContentManagementSystem 1.04 - SQL Injection
TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information by crafting malicious query payloads.
by cakes
CVSS 7.1
EIP-2026-117724 EXPLOITDB text
OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path
by Sainadh Jamalpur
EIP-2026-103307 EXPLOITDB text
ownCloud 10.3.0 stable - Cross-Site Request Forgery
by Ozer Goker
EIP-2026-113797 EXPLOITDB text
WordPress Plugin Google Review Slider 6.1 - 'tid' SQL Injection
by Princy Edward
EIP-2026-119671 EXPLOITDB text
Citrix StoreFront Server 7.15 - XML External Entity Injection
by Vahagn Vardanyan
CVE-2019-8765 EXPLOITDB HIGH text VERIFIED
Apple Watchos < 6.1 - Out-of-Bounds Write
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2019-25304 EXPLOITDB HIGH text
SecurOS Enterprise 10.2 - Privilege Escalation
SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute with system-level permissions during service startup.
by Alberto Vargas
CVSS 7.8
EIP-2026-113506 EXPLOITDB text
WordPress Core 5.2.4 - Cross-Origin Resource Sharing
by Milad Khoshdel
By Source
All 31,346 Exploitdb 50,135 Writeup 46,974 Nomisec 21,281 Metasploit 3,228 Github 2,465 Vulncheck_xdb 900 Inthewild 518 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,840 c 3,571 perl 2,854 html 2,055 php 1,334 bash 459 java 361 javascript 260 c++ 247 shell 89 go 48 postscript 25 xml 24