Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-14696 EXPLOITDB MEDIUM text
Open-School <3.0-2.3 - XSS
Open-School 3.0, and Community Edition 2.3, allows XSS via the osv/index.php?r=students/guardians/create id parameter.
by Greg.Priest
CVSS 6.1
EIP-2026-108761 EXPLOITDB text
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection
by qw3rTyTy
EIP-2026-108760 EXPLOITDB text
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download
by qw3rTyTy
EIP-2026-106340 EXPLOITDB text
Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)
by Mr Winst0n
CVE-2019-14346 EXPLOITDB HIGH text
Schben Adive 2.0.7 - CSRF
Internal/Views/config.php in Schben Adive 2.0.7 allows admin/config CSRF to change a user password.
by Pablo Santiago
CVSS 8.8
CVE-2019-14312 EXPLOITDB MEDIUM text
Aptana Jaxer 1.0.3.4547 - Info Disclosure
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
by Steph Jensen
CVSS 6.5
CVE-2019-14348 EXPLOITDB CRITICAL text
BearDev JoomSport <3.3 - SQL Injection
The BearDev JoomSport plugin 3.3 for WordPress allows SQL injection to steal, modify, or delete database information via the joomsport_season/new-yorkers/?action=playerlist sid parameter.
by Pablo Santiago
CVSS 9.8
CVE-2019-8661 EXPLOITDB CRITICAL text VERIFIED
Apple Mac OS X < 10.14.6 - Use After Free
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.
by Google Security Research
CVSS 9.8
CVE-2025-34030 EXPLOITDB CRITICAL text
sar2html <3.2.2 - Command Injection
An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to the plot parameter (e.g., ?plot=;id) in a crafted GET request. The output of the command is displayed in the application's interface after interacting with the host selection UI. Successful exploitation leads to arbitrary command execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
by Cemal Cihad ÇİFTÇİ
EIP-2026-111754 EXPLOITDB text
Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection
by n1x_
CVE-2019-14221 EXPLOITDB MEDIUM text
1CRM On-Premise Software 8.5.7 - XSS
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
by Kusol Watchara-Apanukorn
CVSS 5.4
CVE-2019-25440 EXPLOITDB HIGH text
WebIncorp ERP - SQL Injection
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET requests to product_detail.php with malicious prod_id values to extract sensitive database information.
by n1x_
CVSS 8.2
CVE-2019-14427 EXPLOITDB MEDIUM text
WEB STUDIO Ultimate Loan Manager 2.0 - XSS
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.
by Metin Yunus Kandemir
CVSS 6.1
CVE-2019-2861 EXPLOITDB MEDIUM text VERIFIED
Oracle Hyperion Planning - XXE
Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N).
by Lucas Dinucci
CVSS 4.2
CVE-2019-8662 EXPLOITDB CRITICAL text VERIFIED
Apple Iphone OS < 12.4 - Insecure Deserialization
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
by Google Security Research
CVSS 9.8
CVE-2019-8671 EXPLOITDB HIGH text VERIFIED
Apple Icloud < 7.13 - Out-of-Bounds Write
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2019-8672 EXPLOITDB HIGH text VERIFIED
Apple Icloud < 7.13 - Out-of-Bounds Write
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2019-8646 EXPLOITDB HIGH text VERIFIED
Apple Iphone OS < 12.4 - Out-of-Bounds Read
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to leak memory.
by Google Security Research
CVSS 7.5
CVE-2019-8647 EXPLOITDB CRITICAL text VERIFIED
Apple Iphone OS < 12.4 - Use After Free
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.
by Google Security Research
CVSS 9.8
CVE-2019-8660 EXPLOITDB CRITICAL text VERIFIED
Apple Iphone OS < 12.4 - Out-of-Bounds Write
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
by Google Security Research
CVSS 9.8
EIP-2026-114347 EXPLOITDB text
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
by m0ze
EIP-2026-107410 EXPLOITDB text
GigToDo 1.3 - Cross-Site Scripting
by m0ze
CVE-2018-1042 EXPLOITDB MEDIUM text
Moodle < 3.1.9 - SSRF
Moodle 3.x has Server Side Request Forgery in the filepicker.
by Fabian Mosch_ Nick Theisinger
CVSS 6.5
CVE-2019-14267 EXPLOITDB HIGH text VERIFIED
PDFResurrect 0.15 - Buffer Overflow
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.
by j0lama
CVSS 7.8
CVE-2019-10266 EXPLOITDB HIGH text
Ahsay Cloud Backup Suite < 8.1.1.50 - XXE
An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. When sending an out-of-bounds XML document to a URL, it is possible to read the file structure and even the content of files without authentication.
by Wietse Boonstra
CVSS 7.5
By Source
All 31,346 Exploitdb 50,135 Writeup 46,974 Nomisec 21,281 Metasploit 3,228 Github 2,465 Vulncheck_xdb 900 Inthewild 518 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,840 c 3,571 perl 2,854 html 2,055 php 1,334 bash 459 java 361 javascript 260 c++ 247 shell 89 go 48 postscript 25 xml 24