Exploitdb Exploits
31,341 exploits tracked across all sources.
Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)
by CraCkEr
POS Codekop v2.0 - Authenticated RCE
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
by yuyudhn
CVSS 8.8
Microsoft 365 Apps - Use After Free
Microsoft Office Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 7.8
Microsoft Excel - RCE
Microsoft Excel Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 7.8
Xenforo 2.2.13 - XSS
Xenforo 2.2.13 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the smilie category title parameter. Attackers can create a smilie category with a malicious script that will execute when the admin panel is loaded, potentially enabling further client-side attacks.
by Furkan Karaarslan
CVSS 4.6
MCL-Net <4.3.5.8788 - Info Disclosure
A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.
by Victor A. Morales
CVSS 5.3
Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing
by nu11secur1ty
Diafan.cms - XSS
Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.
by tmrswrr
CVSS 6.1
Phpgurukul Student Study Center Management System V1.0 - XSS
Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page.
by VIVEK CHOUDHARY
CVSS 4.8
Broadcom Symantec SiteMinder WebAgent - Cross-Site Scripting
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
by Harshit Joshi
CVSS 5.4
Ateme Flamingo XL Firmware - OS Command Injection
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.
by LiquidWorm
CVSS 10.0
Textpattern CMS 4.8.8 - XSS
Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users.
by tmrswrr
CVSS 5.4
projectSend r1605 - XSS
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users load the affected page, enabling persistent script injection.
by Mirabbas Ağalarov
CVSS 4.8
ProjectSend r1605 - Code Injection
ProjectSend r1605 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into user profile names. Attackers can craft payloads like =calc|a!z| in the name field to trigger code execution when administrators export action logs as CSV files.
by Mirabbas Ağalarov
CVSS 8.0
Xoops CMS <2.5.10 - XSS
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.
by tmrswrr
CVSS 9.0
Online Thesis Archiving System v1.0 - Multiple-SQLi
by nu11secur1ty
Anevia Flamingo XS 3.6.5 - Authenticated Root Remote Code Execution
by LiquidWorm
Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution
by LiquidWorm
By Source