Exploitdb Exploits

31,330 exploits tracked across all sources.

Sort: Activity Stars

CVE-2016-4309 EXPLOITDB HIGH text

Symphony CMS 2.6.7 - Info Disclosure

Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.

by hyp3rlinx

CVSS 7.5

View

EIP-2026-112267 EXPLOITDB text

sNews CMS 1.7.1 - Multiple Vulnerabilities

by hyp3rlinx

View

EIP-2026-108290 EXPLOITDB text VERIFIED

Joomla! Component com_bt_media 1.0 - SQL Injection

by Persian Hack Team

View

EIP-2026-113072 EXPLOITDB text

Vicidial 2.11 - Scripts Persistent Cross-Site Scripting

by David Silveiro

View

EIP-2026-110922 EXPLOITDB text

phpATM 1.32 - Multiple Vulnerabilities

by Paolo Massenio

View

CVE-2025-34113 EXPLOITDB HIGH text VERIFIED

Tiki Wiki CMS <14.1-6.14 - Command Injection

An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execute arbitrary PHP code. Successful exploitation leads to remote code execution in the context of the web server user.

by Dany Ouellet

View

EIP-2026-119373 EXPLOITDB text

Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal

by LiquidWorm

View

EIP-2026-114990 EXPLOITDB text VERIFIED

Blat 3.2.14 - Stack Overflow

by Vishnu

View

EIP-2026-111804 EXPLOITDB text

Roxy Fileman 1.4.4 - Arbitrary File Upload

by Tyrell Sassen

View

CVE-2016-3643 EXPLOITDB HIGH text

SolarWinds Virtualization Manager <6.3.1 - Privilege Escalation

SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."

by Nate Kettlewell

CVSS 7.8

View

EIP-2026-101534 EXPLOITDB text

ATCOM PBX IP01 / IP08 / IP4 / IP2G4A - Authentication Bypass

by i-Hmx

View

EIP-2026-116729 EXPLOITDB text

AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation

by Cyril Vallicari

View

CVE-2016-0173 EXPLOITDB HIGH text VERIFIED

Microsoft Windows 10 - Access Control

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196.

by Nils Sommer

CVSS 7.8

View

CVE-2016-0171 EXPLOITDB HIGH text VERIFIED

Microsoft Windows 10 - Access Control

by Nils Sommer

CVSS 7.8

View

EIP-2026-113170 EXPLOITDB text

w2wiki - Multiple Cross-Site Scripting Vulnerabilities

by HaHwul

View

EIP-2026-112892 EXPLOITDB text

Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting

by HaHwul

View

EIP-2026-108337 EXPLOITDB text VERIFIED

Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection

by Hamed Izadi

View

EIP-2026-108067 EXPLOITDB text

jbFileManager - Directory Traversal

by HaHwul

View

EIP-2026-106507 EXPLOITDB text

Dokeos 2.2.1 - Blind SQL Injection

by Mormoroth

View

EIP-2026-105591 EXPLOITDB text

BookingWizz Booking System < 5.5 - Multiple Vulnerabilities

by Mehmet Ince

View

EIP-2026-102617 EXPLOITDB text VERIFIED

Google Chrome - GPU Process MailboxManagerImpl Double-Read

by Google Security Research

View

EIP-2026-101791 EXPLOITDB text

Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities

by LiquidWorm

View

EIP-2026-108474 EXPLOITDB text VERIFIED

Joomla! Component com_payplans 3.3.6 - SQL Injection

by Persian Hack Team

View

EIP-2026-107502 EXPLOITDB text

Grid Gallery 1.0 - Admin Panel Authentication Bypass

by Ali BawazeEer

View

EIP-2026-107269 EXPLOITDB text VERIFIED

FRticket Ticket System - Persistent Cross-Site Scripting

by Hamit Abis

View

By Source

Exploitdb 49,989

By Language

text 31,330