Text Exploits

31,330 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-7039 EXPLOITDB text
Apple Tvos < 9.0 - Memory Corruption
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
by Maksymilian Arciemowicz
EIP-2026-102120 EXPLOITDB text
WIMAX MT711x - Multiple Vulnerabilities
by alimp5
EIP-2026-102119 EXPLOITDB text
WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities
by alimp5
CVE-2025-46001 EXPLOITDB CRITICAL text VERIFIED
Simogeo Filemanager < 1.1 - Unrestricted File Upload
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
by HaHwul
CVSS 9.8
EIP-2026-119681 EXPLOITDB text
OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-119680 EXPLOITDB text
OpenMRS 2.3 (1.11.4) - Local File Disclosure
by LiquidWorm
EIP-2026-119679 EXPLOITDB text
OpenMRS 2.3 (1.11.4) - Expression Language Injection
by LiquidWorm
EIP-2026-117319 EXPLOITDB text
iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions
by LiquidWorm
EIP-2026-117318 EXPLOITDB text
iniNet SpiderControl PLC Editor Simatic 6.30.04 - Insecure File Permissions
by LiquidWorm
EIP-2026-113971 EXPLOITDB text
WordPress Plugin Polls Widget 1.0.7 - SQL Injection
by WICS
EIP-2026-110781 EXPLOITDB text VERIFIED
PHP Utility Belt - Remote Code Execution
by WICS
EIP-2026-106549 EXPLOITDB text
dotCMS 3.2.4 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-117014 EXPLOITDB text VERIFIED
Cyclope Employee Surveillance 8.6.1 - Insecure File Permissions
by loneferret
EIP-2026-116546 EXPLOITDB text
WinAsm Studio 5.1.8.8 - Buffer Overflow Crash (PoC)
by Un_N0n
EIP-2026-114113 EXPLOITDB text
WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities
by KedAns-Dz
EIP-2026-114027 EXPLOITDB text
WordPress Plugin Sell Download 1.0.16 - Local File Disclosure
by KedAns-Dz
EIP-2026-113542 EXPLOITDB text
WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities
by KedAns-Dz
EIP-2026-115584 EXPLOITDB text
Malwarebytes AntiVirus 2.2.0 - Denial of Service (PoC)
by Francis Provencher
EIP-2026-114164 EXPLOITDB text
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting
by Panagiotis Vagenas
EIP-2026-114163 EXPLOITDB text
WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection
by Panagiotis Vagenas
CVE-2015-8351 EXPLOITDB CRITICAL text
Gwolle Guestbook <1.5.4 - RCE
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
by High-Tech Bridge SA
CVSS 9.0
EIP-2026-114609 EXPLOITDB text
ZenPhoto 1.4.10 - Local File Inclusion
by hyp3rlinx
EIP-2026-107919 EXPLOITDB text
Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting
by Mehdi Alouache
CVE-2015-8368 EXPLOITDB text
ntopng <2.2 - Privilege Escalation
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
by Dolev Farhi
EIP-2026-103290 EXPLOITDB text VERIFIED
Kodi 15 - Web Interface Arbitrary File Access
by Machiel Pronk
By Source
All 31,330 Writeup 59,922 Exploitdb 49,989 Nomisec 21,551 Metasploit 3,218 Github 2,550 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,932 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24