Exploitdb Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116522 EXPLOITDB text VERIFIED
WAP Proof 2008 - Denial of Service
by Orion Einfold
EIP-2026-111281 EXPLOITDB text VERIFIED
Pinterestclones - Security Bypass / HTML Injection
by DaOne
EIP-2026-111280 EXPLOITDB text
Pinterest Clone Script - Multiple Vulnerabilities
by DaOne
EIP-2026-114346 EXPLOITDB text VERIFIED
WordPress Theme Purity - Multiple Cross-Site Scripting Vulnerabilities
by Matan Azugi
CVE-2012-2275 EXPLOITDB text
TestLink < 1.9.3 - Cross-Site Request Forgery via User Management
Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
by High-Tech Bridge SA
EIP-2026-105947 EXPLOITDB text VERIFIED
Clipster Video - Persistent Cross-Site Scripting
by DaOne
EIP-2026-105705 EXPLOITDB text
Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-102004 EXPLOITDB text
Sitecom Home Storage Center - Authentication Bypass
by Mattijs van Ommeren
EIP-2026-113234 EXPLOITDB text VERIFIED
web@all - Local File Inclusion / Multiple Arbitrary File Upload Vulnerabilities
by KedAns-Dz
EIP-2026-110307 EXPLOITDB text VERIFIED
OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
by Brendan Coles
CVE-2012-3233 EXPLOITDB text VERIFIED
Kayako Fusion 4.40.1148 - Cross-Site Scripting via PATH_INFO in PHPExcel Download Script
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by High-Tech Bridge
CVE-2012-4336 EXPLOITDB text VERIFIED
flogr < 2.5.6 - Cross-Site Scripting via PATH_INFO or Arbitrary Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter.
by High-Tech Bridge
EIP-2026-106974 EXPLOITDB text VERIFIED
Extcalendar 2.0 - Multiple SQL Injections / HTML Injection Vulnerabilities
by Ashiyane Digital Security Team
EIP-2026-106903 EXPLOITDB text
ES Job Search Engine 3.0 - SQL Injection
by Vulnerability-Lab
EIP-2026-101936 EXPLOITDB text
QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections
by Andrea Fabrizi
EIP-2026-100303 EXPLOITDB text
Ektron CMS 8.5.0 - Multiple Vulnerabilities
by Sense of Security
EIP-2026-100209 EXPLOITDB text VERIFIED
Cm3 CMS - 'search.asp' Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
EIP-2026-112497 EXPLOITDB text VERIFIED
Support4Arabs Pages 2.0 - SQL Injection
by L0n3ly-H34rT
EIP-2026-111945 EXPLOITDB text VERIFIED
Sciretech (Multiple Products) - Multiple SQL Injections
by AkaStep
EIP-2026-111055 EXPLOITDB text VERIFIED
PHPFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities
by Crim3R
CVE-2012-4240 EXPLOITDB text
Group-Office < 4.0.90 - Authenticated SQL Injection via Calendar Sort Parameter
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
by Chris Cooper
EIP-2026-104448 EXPLOITDB text
Splunk 4.3.3 - Arbitrary File Read
by Marcio Almeida
CVE-2012-1500 EXPLOITDB MEDIUM text
GreenHopper < 5.9.8 - Stored Cross-Site Scripting in UpdateFieldJson.jspa
Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.
by Hoyt LLC Research
CVSS 5.4
EIP-2026-112193 EXPLOITDB text VERIFIED
Sitemax Maestro - SQL Injection / Local File Inclusion
by AkaStep
EIP-2026-102005 EXPLOITDB text
Sitecom Home Storage Center - Directory Traversal
by Mattijs van Ommeren