Text Exploits
31,346 exploits tracked across all sources.
Ricoh MP C4504ex Firmware - CSRF
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
by Ismail Tasdelen
CVSS 8.8
Codemenschen Gift Vouchers < 2.0.1 - SQL Injection
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
by Renos Nikolaou
CVSS 9.8
Zohocorp Manageengine Admanager Plus - XSS
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
by Ismail Tasdelen
CVSS 6.1
UltimatePOS 2.5 - RCE
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
by Renos Nikolaou
CVSS 8.8
Manageengine Admanager Plus - XSS
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
by Ismail Tasdelen
CVSS 6.1
Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
by cakes
Epiphany Web Browser 3.28.1 - Denial of Service (PoC)
by Dhiraj Mishra
Microsoft Windows and Visual Studio <2016 - Elevation of Privilege
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
by Atredis Partners
CVSS 7.8
Ghostscript - Multiple Vulnerabilities
by Google Security Research
Ghostscript - Multiple Vulnerabilities
by Google Security Research
Geutebrueck RE Porter 16 Firmware - Information Disclosure
Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.
by Kamil Suska
CVSS 9.8
Geutebrueck RE Porter 16 Firmware < 7.8.974.20 - XSS
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.
by Kamil Suska
CVSS 6.1
Project64 2.3.2 Denial of Service via Plugin Directory
Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options > Settings > Directories interface to trigger an application crash when settings are reopened.
by Gionathan Reale
CVSS 6.2
Ninja Forms <3.3.14.1 - Code Injection
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
by Mostafa Gharzi
CVSS 8.6
Tagregator - XSS
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
by ManhNho
CVSS 4.8
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
by Çlirim Emini
Moderator Log Notes - CSRF
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF.
by 0xB9
CVSS 6.5
WordPress <1.1.1 - Code Injection
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.
by Javier Olmedo
CVSS 8.6
Pimcore <5.3.0 - SQL Injection
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
by SEC Consult
CVSS 6.5
By Source