Exploitdb Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-7747 EXPLOITDB MEDIUM text
Caldera Forms <1.6.0-rc.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
by Federico Scalco
CVSS 4.8
EIP-2026-111851 EXPLOITDB text VERIFIED
Rvsitebuilder CMS - Database Backup Download
by Hesam Bazvand
EIP-2026-109803 EXPLOITDB text VERIFIED
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
by Keerati T.
EIP-2026-109802 EXPLOITDB text VERIFIED
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
by Keerati T.
CVE-2018-9857 EXPLOITDB MEDIUM text VERIFIED
Match Clone Script - XSS
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).
by ManhNho
CVSS 6.1
EIP-2026-108759 EXPLOITDB text
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
by Sureshbabu Narvaneni
CVE-2018-8831 EXPLOITDB MEDIUM text
Kodi <17.6 - XSS
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
by Manuel García Cárdenas
CVSS 6.1
CVE-2016-10718 EXPLOITDB HIGH text
Brave Browser < 0.13.0 - Improper Input Validation
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.
by Sahil Tikoo
CVSS 7.5
CVE-2017-18256 EXPLOITDB MEDIUM text
Brave Browser < 0.13.0 - Denial of Service
Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled.
by Sahil Tikoo
CVSS 6.5
CVE-2018-10068 EXPLOITDB MEDIUM text
jDownloads <3.2.59 - XSS
The jDownloads extension before 3.2.59 for Joomla! has XSS.
by Sureshbabu Narvaneni
CVSS 6.1
CVE-2018-10110 EXPLOITDB MEDIUM text
D-Link DIR-615 T1 - XSS
D-Link DIR-615 T1 devices allow XSS via the Add User feature.
by Sayan Chatterjee
CVSS 4.8
CVE-2018-0966 EXPLOITDB LOW text VERIFIED
Microsoft Windows 10 - TOCTOU Race Condition
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 3.3
EIP-2026-115641 EXPLOITDB text VERIFIED
Microsoft Edge - 'OpenProcess()' ACG Bypass
by Google Security Research
CVE-2018-8057 EXPLOITDB CRITICAL text
Western Bridge Cobub Razor 0.8.0 - SQL Injection
A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.
by Kyhvedn
CVSS 9.8
CVE-2016-7786 EXPLOITDB HIGH text
Sophos Cyberoam Cr25ing Utm Firmware - Access Control
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
by Frogy
CVSS 8.8
CVE-2018-10070 EXPLOITDB HIGH text
MikroTik Version 6.41.4 - DoS
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21 that begins with many '\0' characters, preventing the affected router from accepting new FTP connections. The router will reboot after 10 minutes, logging a "router was rebooted without proper shutdown" message.
by FarazPajohan
CVSS 7.5
CVE-2018-10063 EXPLOITDB HIGH text
Joomla! <2.0.4 - RCE
The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file.
by Sairam Jetty
CVSS 7.8
CVE-2018-9236 EXPLOITDB MEDIUM text
Iscripts Easycreate - XSS
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
by ManhNho
CVSS 5.4
CVE-2018-9128 EXPLOITDB HIGH text
Dvd-x-player Dvd X Player - Memory Corruption
DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.
by Prasenjit Kanti Paul
CVSS 7.8
EIP-2026-114394 EXPLOITDB text
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
by taoge
CVE-2018-9926 EXPLOITDB HIGH text
Wuzhicms - CSRF
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add.
by taoge
CVSS 8.8
CVE-2018-9844 EXPLOITDB MEDIUM text
Iptanus Wordpress File Upload < 4.3.4 - XSS
The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS.
by ManhNho
CVSS 6.1
CVE-2018-9172 EXPLOITDB MEDIUM text
Iptanus Wordpress File Upload < 4.3.3 - XSS
The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes.
by ManhNho
CVSS 5.4
CVE-2018-8729 EXPLOITDB MEDIUM text
WordPress Activity Log <2.4.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped.
by Stefan Broeder
CVSS 6.1
CVE-2018-9237 EXPLOITDB MEDIUM text
Iscripts Easycreate - XSS
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.
by ManhNho
CVSS 5.4
By Source
All 31,364 Writeup 55,491 Exploitdb 50,186 Nomisec 21,460 Metasploit 3,228 Github 2,591 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,953 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24