Exploitdb Exploits
31,364 exploits tracked across all sources.
iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
by AkkuS
Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting
by L0RD
Siemens Simatic S7 Cpu 1200 Firmware - XSS
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by t4rkd3vilz
Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read
by Paul Taylor
Frappe Erpnext - XSS
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
by Veerababu Penugonda
CVSS 6.1
Makemytrip - Cleartext Storage
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
by Divya Jain
CVSS 6.5
Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hijack user sessions and gain unauthorized access to the PACS system.
by Safak Aslan
CVSS 5.3
Teradek VidiU Pro 3.0.3 - SSRF
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
by LiquidWorm
CVSS 6.5
Schneider Electric - CSRF
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
by t4rkd3vilz
Zenar Content Management System - Cross-Site Scripting
by Berk Dusunur
Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities
by L0RD
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities
by L0RD
Siemens SIMATIC S7-1200 <4.1.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
by t4rkd3vilz
Zohocorp Manageengine Recovery Manager Plus < 5.3 - XSS
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
by Ahmet Gurel
CVSS 5.4
Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection
by Sina Kheirkhah
D-Link DSL-3782 - Auth Bypass
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.
by Giulio Comi
CVSS 9.8
By Source