Text Exploits
31,386 exploits tracked across all sources.
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation
by LiquidWorm
Ever Gauzy 0.281.9 - JWT Authentication Bypass via Weak HMAC Secret
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.
by nu11secur1ty
CVSS 9.8
Microsoft Edge Chromium < 111.0.1661.41 - Authentication Bypass by Spoofing via Webview2
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
by nu11secur1ty
CVSS 8.2
ESET Endpoint Antivirus < 8.1.2062.0 - Local Privilege Escalation via File Deletion
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
by Milad karimi
CVSS 7.8
ActFax 10.10 - Privilege Escalation
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.
by Birkan ALHAN
CVSS 6.2
WebsiteBaker 2.13.3 - Authenticated Stored Cross-Site Scripting via Page Title
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users.
by Mirabbas Ağalarov
CVSS 5.4
Dotclear 2.25.3 - Authenticated Remote Code Execution via PHAR File Upload
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed, enabling arbitrary code execution on the server.
by Mirabbas Ağalarov
CVSS 8.8
Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation
by TOUHAMI Kasbaoui
RSA NetWitness <12.2 - Privilege Escalation
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
by hyp3rlinx
CVSS 6.7
X2CRM 6.6-6.9 - Stored Cross-Site Scripting via Create Action Function
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.
by Betul Denizler
CVSS 5.4
X2CRM 6.6-6.9 - Reflected Cross-Site Scripting via Import Records Model Parameter
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.
by Betul Denizler
CVSS 5.4
Restaurant Management System 1.0 - SQL Injection
by calfcrusher
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
by nu11secur1ty
Online Appointment System V1.0 - Cross-Site Scripting (XSS)
by Sanjay Singh
Symantec Messaging Gateway < 10.8 - Authenticated Stored Cross-Site Scripting in Admin Group Policy Page
An authenticated user can embed malicious content with XSS into the admin group policy page.
by omurugur
CVSS 5.4
Suprema BioStar 2 <2.8.16 - SQL Injection
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
by Yuriy (Vander) Tsarenko
CVSS 6.5
Cortex XSOAR 6.1.0 and < 6.2.0 build 1958888 - Authenticated Stored Cross-Site Scripting
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888.
by omurugur
CVSS 6.8
Adobe Connect <11.4.5, 12.1.5 - Auth Bypass
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.
by h4shur
CVSS 5.3
Microsoft Excel - Remote Code Execution via Out-of-bounds Read
Microsoft Excel Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 7.8
Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu)
by Rafay Baloch and Muhammad Samak
By Source