Exploitdb Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106858 EXPLOITDB text
Employee Management System v1 - 'email' SQL Injection
by SoSPiro
CVE-2023-3897 EXPLOITDB MEDIUM text
SureMDM On-premise <6.31 - Info Disclosure
Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below version
by Jonas Benjamin Friedli
CVSS 4.8
EIP-2026-104434 EXPLOITDB text
SISQUALWFM 7.1.319.103 - Host Header Injection
by Omer Shaik
EIP-2026-104449 EXPLOITDB text
Splunk 9.0.4 - Information Disclosure
by Parsa Rezaie Khiabanloo
EIP-2026-101108 EXPLOITDB text
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service
by LiquidWorm
CVE-2025-5553 EXPLOITDB HIGH text
PHPGurukul Rail Pass Management System 1.0 - SQL Injection
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by yozgatalperen1
CVSS 7.3
EIP-2026-110151 EXPLOITDB text
Online Nurse Hiring System 1.0 - Time-Based SQL Injection
by yozgatalperen1
EIP-2026-104990 EXPLOITDB text
Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
by Furkan ÖZER
EIP-2026-103456 EXPLOITDB text
Elasticsearch - StackOverflow DoS
by TOUHAMI Kasbaoui
EIP-2026-101505 EXPLOITDB text
Zyxel zysh - Format string
by Marco Ivaldi
EIP-2026-109496 EXPLOITDB text
MISP 2.4.171 - Stored XSS
by Mücahit Çeri
EIP-2026-107542 EXPLOITDB text
GYM MS - GYM Management System - Cross Site Scripting (Stored)
by yozgatalperen1
EIP-2026-106278 EXPLOITDB text
Curfew e-Pass Management System 1.0 - FromDate SQL Injection
by Puja Dey
EIP-2026-105925 EXPLOITDB text
Clinic's Patient Management System 1.0 - Unauthenticated RCE
by Oğulcan Hami Gül
EIP-2026-104490 EXPLOITDB text
WhatsUp Gold 2022 (22.1.0 Build 39) - XSS
by Andreas Finstad
EIP-2026-119265 EXPLOITDB text
WebCatalog 48.4 - Arbitrary Protocol Execution
by ItsSixtyN3in
EIP-2026-102072 EXPLOITDB text
TP-Link TL-WR740N - UnAuthenticated Directory Transversal
by Syed Affan Ahmed (ZEROXINN)
EIP-2026-102071 EXPLOITDB text
TP-LINK TL-WR740N - Multiple HTML Injection
by Shujaat Amin (ZEROXINN)
EIP-2026-101711 EXPLOITDB text
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
by LiquidWorm
EIP-2026-101710 EXPLOITDB text
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure
by LiquidWorm
EIP-2026-101709 EXPLOITDB text
Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass
by LiquidWorm
EIP-2026-101708 EXPLOITDB text
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
by LiquidWorm
EIP-2026-101015 EXPLOITDB text
Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS
by LiquidWorm
CVE-2023-53155 EXPLOITDB HIGH text
EmbedThis GoAhead 2.5 - Code Injection
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
by Syed Affan Ahmed (ZEROXINN)
CVSS 7.2
EIP-2026-107507 EXPLOITDB text
Grocy <=4.0.2 - CSRF
by Chance Proctor
By Source
All 31,341 Exploitdb 50,123 Writeup 46,591 Nomisec 21,116 Metasploit 3,189 Github 2,221 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,726 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24