Text Exploits
31,386 exploits tracked across all sources.
LEPTON 2.2.2 - Remote Code Execution
by Curesec Research Team
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
by Curesec Research Team
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
by Julien Ahrens
EditMe CMS - Cross-Site Request Forgery (Add Admin)
by Vulnerability-Lab
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
by Google Security Research
CVSS 7.8
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
by Google Security Research
CVSS 7.8
Palo Alto Networks PAN-OS <7.1.6 - Buffer Overflow
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.
by Google Security Research
CVSS 9.8
Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.
by Lenon Leite
CVSS 8.2
Microsoft Windows Vista/Server 2008/7 Privilege Escalation via Kernel API Mishandling
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 5.5
BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from the WordPress database including user information and taxonomy terms.
by Lenon Leite
CVSS 8.2
Product Catalog 8 1.2 Plugin WordPress SQL Injection
Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the UpdateCategoryList action to extract sensitive database information from WordPress tables.
by Lenon Leite
CVSS 8.2
Adobe Connect <= 9.5.6 - Cross-Site Scripting in Events Registration Module
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
by Vulnerability-Lab
CVSS 6.1
Microsoft Windows - Authenticated Denial of Service via LSASS Crafted Request
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
by laurent gaffie
CVSS 6.5
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
by Burak Kelebek
WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting
by Alyssa Milburn
Sophos Web Appliance 4.2.1.3 - Remote Code Execution
by KoreLogic
Schoolhos CMS 2.29 - 'kelas' SQL Injection
by Vulnerability-Lab
NodCMS - PHP Code Execution
by Ashiyane Digital Security Team
By Source