Text Exploits
31,386 exploits tracked across all sources.
LayerBB 1.1.1 - Stored Cross-Site Scripting via Conversation Title
LayerBB 1.1.1 allows XSS via the titles of conversations (PMs).
by 0xB9
CVSS 6.1
Embed Video Scripts - Persistent Cross-Site Scripting
by Deyaa Muhammad
ChinaMobile PLC Wireless Router - XSS
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.
by Kumar Saurav
CVSS 6.1
Microsoft Windows - Windows Error Reporting Local Privilege Escalation
by SandboxEscaper
WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
by Kaimi
Frog CMS 0.9.5 - Stored Cross-Site Scripting via Database Name Field
Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI.
by WangDudu
CVSS 5.4
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the upload handler, which moves files without validation to the plugin upload directory, enabling remote code execution.
by Kaimi
CVSS 9.8
Craft CMS 3.0.25 - Stored Cross-Site Scripting via Entry Title Field
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
by Raif Berkay Dincel
CVSS 4.8
Bludit 3.0.0 - Unrestricted Upload of File with Dangerous Type in Pages Editor
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.
by BouSalman
CVSS 8.8
FrontAccounting 2.4.5 - SQL Injection
FrontAccounting 2.4.5 contains a Time Based Blind SQL Injection vulnerability in the parameter "filterType" in /attachments.php that can allow the attacker to grab the entire database of the application.
by Sainadh Jamalpur
CVSS 7.5
Adobe Flash Player < 31.0.0.153 - Use-After-Free
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
by smgorelik
CVSS 7.8
WSTMart 2.0.7 - Cross-Site Request Forgery via Admin Staff Add URI
WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI.
by linfeng
CVSS 8.8
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read
by evil_polar_bear
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
by SandboxEscaper
Internet Explorer 9, 10, 11 - Remote Code Execution via VBScript Engine Use-After-Free
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
Internet Explorer 9-11 - Remote Code Execution via VBScript Execution Policy Bypass
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
Yeswiki Cercopitheque < 2018-06-19-1 - SQL Injection via Bazar Page ID Parameter
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.
by Mickael BROUTY
CVSS 9.8
Artica Integria IMS 5.0.83 - Cross-Site Scripting via search_string Parameter
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
by Javier Olmedo
CVSS 6.1
Bolt CMS < 3.6.2 - Stored Cross-Site Scripting via Title Field Preview
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
by Raif Berkay Dincel
CVSS 6.1
IBM Operational Decision Manager 8.6.0.0-8.6.0.2 - XML External Entity Injection
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.
by Mohamed M.Fouad
CVSS 7.1
minishare < 1.4.1 - Remote Code Execution via Long HTTP HEAD Request
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.
by Rafael Pedrero
CVSS 9.8
SDL Web Content Manager 8.5.0 - XML External Entity Injection via SaveUserSettings Service
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
by Ahmed Elhady Mohamed
CVSS 6.5
minishare < 1.4.1 - Remote Code Execution via Long HTTP POST Request
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.
by Rafael Pedrero
CVSS 9.8
By Source