Text Exploits
31,368 exploits tracked across all sources.
Siemens SIMATIC S7-1200 <4.1.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
by t4rkd3vilz
Zohocorp Manageengine Recovery Manager Plus < 5.3 - XSS
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
by Ahmet Gurel
CVSS 5.4
Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection
by Sina Kheirkhah
D-Link DSL-3782 - Auth Bypass
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.
by Giulio Comi
CVSS 9.8
Monstra Cms < 3.0.4 - XSS
Monstra CMS 3.0.4 and earlier has XSS via index.php.
by Berk Dusunur
CVSS 6.1
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
by L0RD
Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure
by Richard Alviarez
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion
by Richard Alviarez
Nanopool Claymore Dual Miner <7.3 - RCE
Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled.
by ReverseBrain
CVSS 7.5
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
by L0RD
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
by L0RD
Schneider Electric - CSRF
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
by t4rkd3vilz
CVSS 8.8
Horse Market Sell & Rent Portal - CSRF
Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely.
by L0RD
CVSS 6.5
Admin Notes - CSRF
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.
by 0xB9
CVSS 6.5
Rockwellautomation Compactlogix 1769-l16er-bb1b Firmware - XSS
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by t4rkd3vilz
CVSS 6.1
Windows - Privilege Escalation
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.0
Virtuemart < 3.2.14 - XSS
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
by Mattia Furlani
CVSS 5.4
Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting
by L0RD
RSA Authentication Manager < 8.3 - XXE
RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application.
by SEC Consult
CVSS 7.1
XATABoost CMS 1.0.0 SQL Injection via news.php
XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database information.
by MgThuraMoeMyint
CVSS 8.2
WUZHI CMS 4.1.0 - XSS
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
by jiguang
CVSS 6.1
By Source