Text Exploits
31,386 exploits tracked across all sources.
Gleez CMS 1.2.0 - Cross-Site Request Forgery via Admin User Addition
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
by GunEggWang
CVSS 8.8
Electron 1.7.15, 1.8.7, 2.0.7, 3.0.0-beta.6 - Remote Code Execution via WebPreferences Misconfiguration
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
by Matt Austin
CVSS 8.1
Adobe Flash Player <30.0.0.134 - Info Disclosure
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 7.5
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
by Yorick Koster
RICOH MP C4504ex Firmware - HTML Injection via entryNameIn Parameter
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
by Ismail Tasdelen
CVSS 8.8
Gift Vouchers < 2.0.1 - SQL Injection via template_id Parameter
The Gift Vouchers plugin through 2.0.1 for WordPress allows SQL Injection via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request.
by Renos Nikolaou
CVSS 9.8
ManageEngine ADManager Plus 6.5.7 - Stored Cross-Site Scripting in Workflow Delegation Requester Roles
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
by Ismail Tasdelen
CVSS 6.1
UltimatePOS 2.5 - Unauthenticated Remote Code Execution via Arbitrary File Upload
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
by Renos Nikolaou
CVSS 8.8
ManageEngine ADManager Plus 6.5.7 - HTML Injection in AD Delegation Help Desk Technicians Screen
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
by Ismail Tasdelen
CVSS 6.1
Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
by cakes
PCViewer vt1000 Directory Traversal via GET Request
PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.
by Berk Dusunur
CVSS 7.5
Twitter-Clone 1 SQL Injection via search.php
Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including usernames, credentials, and system data using error-based and union-based SQL injection techniques.
by L0RD
CVSS 8.2
Epiphany Web Browser 3.28.1 - Denial of Service (PoC)
by Dhiraj Mishra
Microsoft Windows and Visual Studio <2016 - Elevation of Privilege
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
by Atredis Partners
CVSS 7.8
Ghostscript - Multiple Vulnerabilities
by Google Security Research
Ghostscript - Multiple Vulnerabilities
by Google Security Research
Geutebrueck re_porter 16 < 7.8.974.20 - Unauthenticated Exposure of Sensitive Information via /statistics/gscsetup.xml
Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003.
by Kamil Suska
CVSS 9.8
Geutebrueck re_porter 16 < 7.8.974.20 - Reflected Cross-Site Scripting via Query String
A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005.
by Kamil Suska
CVSS 6.1
Twitter-Clone 1 Cross-Site Request Forgery via tweetdel.php
Twitter-Clone 1 contains a cross-site request forgery vulnerability that allows remote attackers to force victims to delete posts by crafting malicious HTML forms. Attackers can create hidden forms targeting tweetdel.php with tweet IDs and automatically submit them to delete arbitrary posts from authenticated user sessions.
by L0RD
CVSS 4.3
Twitter-Clone 1 SQL Injection via follow.php
Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information including usernames, passwords, and database credentials.
by L0RD
CVSS 8.2
Project64 2.3.2 Denial of Service via Plugin Directory
Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options > Settings > Directories interface to trigger an application crash when settings are reopened.
by Gionathan Reale
CVSS 6.2
Ninja Forms <3.3.14.1 - Code Injection
The Ninja Forms plugin before 3.3.14.1 for WordPress allows CSV injection.
by Mostafa Gharzi
CVSS 8.6
Tagregator 0.6 - Stored Cross-Site Scripting via Title Field
The Tagregator plugin 0.6 for WordPress has stored XSS via the title field in an Add New action.
by ManhNho
CVSS 4.8
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
by Çlirim Emini
By Source