Exploitdb Exploits
31,343 exploits tracked across all sources.
Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation
by TOUHAMI Kasbaoui
RSA NetWitness <12.2 - Privilege Escalation
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
by hyp3rlinx
CVSS 6.7
X2engine X2crm - XSS
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.
by Betul Denizler
CVSS 5.4
X2engine X2crm - XSS
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.
by Betul Denizler
CVSS 5.4
Restaurant Management System 1.0 - SQL Injection
by calfcrusher
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
by nu11secur1ty
Online Appointment System V1.0 - Cross-Site Scripting (XSS)
by Sanjay Singh
Symantec Messaging Gateway < 10.8 - XSS
An authenticated user can embed malicious content with XSS into the admin group policy page.
by omurugur
CVSS 5.4
Suprema BioStar 2 <2.8.16 - SQL Injection
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
by Yuriy (Vander) Tsarenko
CVSS 6.5
Paloaltonetworks Cortex Xsoar - XSS
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.
by omurugur
CVSS 6.8
Adobe Connect <11.4.5, 12.1.5 - Auth Bypass
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.
by h4shur
CVSS 5.3
Microsoft 365 Apps - Out-of-Bounds Read
Microsoft Excel Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 7.8
Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu)
by Rafay Baloch and Muhammad Samak
Hitachi Vantara Pentaho <9.4.0.1-9.3.0.2 - SSRF
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
by dwbzn
CVSS 8.6
ZCBS/ZPBS/ZBBS 4.14k - XSS
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).
by Abdulaziz Saad
CVSS 6.1
Entab Erp - Brute Force
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.
by Deb Prasad Banerjee
CVSS 5.3
Wondershare Dr.Fone <12.9.6 - Privilege Escalation
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.
by Thurein Soe
CVSS 7.8
Mercury MAC1200R - Path Traversal
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL.
by Chunlei Shang_ Jiangsu Public Information Co._ Ltd.
CVSS 7.5
Schneider Electric v1.0 - Directory traversal & Broken Authentication
by Parsa Rezaie Khiabanloo
Franklin Fueling Systems TS-550 - Exploit and Default Password
by Parsa Rezaie Khiabanloo
FileZilla Client 3.63.1 - Code Injection
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.
by Bilal Qureshi
CVSS 9.8
LDAP Tool Box Self Service Password 1.5.2 - SSRF
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
by Tahar BENNACEF
CVSS 7.5
By Source