Text Exploits
31,332 exploits tracked across all sources.
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
by Curesec Research Team
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
by Julien Ahrens
EditMe CMS - Cross-Site Request Forgery (Add Admin)
by Vulnerability-Lab
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
by Google Security Research
CVSS 7.8
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
by Google Security Research
CVSS 7.8
Palo Alto Networks PAN-OS <7.1.6 - Buffer Overflow
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.
by Google Security Research
CVSS 9.8
WordPress Plugin Answer My Question 1.3 - SQL Injection
by Lenon Leite
Microsoft Windows 7 - Information Disclosure
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 5.5
WordPress Plugin Product Catalog 8 1.2.0 - SQL Injection
by Lenon Leite
WordPress Plugin BBS e-Franchise 1.1.1 - SQL Injection
by Lenon Leite
Adobe Connect < 9.5.6 - XSS
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
by Vulnerability-Lab
CVSS 6.1
Microsoft Windows 10 - Improper Access Control
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
by laurent gaffie
CVSS 6.5
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
by Burak Kelebek
WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting
by Alyssa Milburn
Sophos Web Appliance 4.2.1.3 - Remote Code Execution
by KoreLogic
Schoolhos CMS 2.29 - 'kelas' SQL Injection
by Vulnerability-Lab
NodCMS - PHP Code Execution
by Ashiyane Digital Security Team
SweetRice 1.5.1 - Backup Disclosure
by Ashiyane Digital Security Team
By Source