Text Exploits
31,386 exploits tracked across all sources.
AirTies Air 5442 Firmware 1.0.0.18 - Cross-Site Scripting via top.html productboardtype Parameter
AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
AirTies Air 5021 1.0.0.18 - Cross-Site Scripting via top.html productboardtype Parameter
AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
AirTies Air 5750 1.0.0.18 - Cross-Site Scripting via top.html productboardtype Parameter
AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
jimtawl 2.2.7 - SQL Injection via id Parameter
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
by Ihsan Sencan
CVSS 9.8
RICOH MP C307 Firmware - Stored Cross-Site Scripting via entryNameIn Parameter
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
by Ismail Tasdelen
CVSS 6.1
RICOH MP C1803 JPN Firmware - Stored Cross-Site Scripting via entryNameIn Parameter
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
by Ismail Tasdelen
CVSS 6.1
AirTies Air 5453 1.0.0.18 - Cross-Site Scripting via top.html productboardtype Parameter
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
OPAC EasyWeb Five <5.7 - SQL Injection
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
by Dino Barlattani
CVSS 9.8
ADD Clicking MLM Software <1.0 - SQL Injection
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter.
by Ihsan Sencan
CVSS 9.8
Scriptzee Hotel Booking Engine 1.0 - SQL Injection
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.
by Ihsan Sencan
CVSS 9.8
Scriptzee Education Website 1.0 - SQL Injection
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.
by Ihsan Sencan
CVSS 9.8
WUZHI CMS 2.0 - Cross-Site Scripting via index.php v or f Parameter
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.
by Renzi
CVSS 6.1
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
by Ihsan Sencan
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
by Ismail Tasdelen
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
by cakes
PCProtect Anti-Virus <4.8.35 - Privilege Escalation
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
by Hashim Jawad
CVSS 7.8
Microsoft Edge - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.
by Google Security Research
CVSS 7.4
Windows - Elevation of Privilege via Sandbox Escape
An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 4.7
Rausoft ID.prove <2.95 - SQL Injection
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
by Ilya Timchenko
CVSS 9.8
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
by Sureshbabu Narvaneni
Microsoft Edge - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463.
by Google Security Research
CVSS 7.4
By Source