Exploitdb Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-29014 EXPLOITDB HIGH text
Razer Sila Gaming Router <2.0.441_api-2.0.418 - Info Disclosure
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.
by Kevin Randall
CVSS 7.5
CVE-2022-29013 EXPLOITDB CRITICAL text
Razer Sila Gaming Router <v2.0.441_api-2.0.418 - Command Injection
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
by Kevin Randall
CVSS 9.8
CVE-2021-46417 EXPLOITDB HIGH text
Franklinfueling Colibri Firmware - Path Traversal
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.
by Momen Eldawakhly
CVSS 7.5
CVE-2021-46419 EXPLOITDB CRITICAL text
Telesquare TLR-2855KS6 - Info Disclosure
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
by Momen Eldawakhly
CVSS 9.1
CVE-2021-46418 EXPLOITDB HIGH text
Telesquare TLR-2855KS6 - Info Disclosure
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
by Momen Eldawakhly
CVSS 7.5
CVE-2021-46416 EXPLOITDB HIGH text
SUNNY TRIPOWER 5.0 - Info Disclosure
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.
by Momen Eldawakhly
CVSS 8.1
CVE-2022-23909 EXPLOITDB HIGH text
Sherpa Connector Service <2020.2.20328.2050 - Privilege Escalation
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.
by Manthan Chhabra
CVSS 7.8
CVE-2022-26180 EXPLOITDB HIGH text
qdPM 9.2 - CSRF
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
by Chetanya Sharma
CVSS 8.8
CVE-2022-1163 EXPLOITDB MEDIUM text
Minewebcms < 1.15.2 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next.
by Chetanya Sharma
CVSS 4.8
EIP-2026-109021 EXPLOITDB text
KLiK Social Media Website 1.0 - 'Multiple' SQLi
by corpse
EIP-2026-107729 EXPLOITDB text
ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion
by Devansh Bordia
CVE-2021-43009 EXPLOITDB MEDIUM text
OpServices OpMon <9.11 - XSS
A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL.
by Marlon Petry
CVSS 6.1
CVE-2021-43149 EXPLOITDB text
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
by Marlon Petry
EIP-2026-114171 EXPLOITDB text
WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion
by Hassan Khan Yusufzai
CVE-2021-24405 EXPLOITDB MEDIUM text
Izsoft Easy Cookies Policy < 1.6.2 - Incorrect Authorization
The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue.
by 0xB9
CVSS 6.5
EIP-2026-113673 EXPLOITDB text
WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)
by Hassan Khan Yusufzai
EIP-2026-113616 EXPLOITDB text
WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion
by Hassan Khan Yusufzai
EIP-2026-113538 EXPLOITDB text
WordPress Plugin admin-word-count-column 2.2 - Local File Read
by Hassan Khan Yusufzai
EIP-2026-106588 EXPLOITDB text
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)
by Milad karimi
CVE-2021-43701 EXPLOITDB MEDIUM text
CSZ CMS 1.2.9 - SQL Injection
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
by Rahad Chowdhury
CVSS 6.5
CVE-2022-50917 EXPLOITDB HIGH text
ProtonVPN 1.26.0 - Code Injection
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup.
by gemreda
CVSS 7.8
EIP-2026-113562 EXPLOITDB text
WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated
by Hassan Khan Yusufzai
CVE-2022-27432 EXPLOITDB HIGH text
Pluck - CSRF
A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.
by Devansh Bordia
CVSS 8.8
EIP-2026-117987 EXPLOITDB text
Sysax FTP Automation 6.9.0 - Privilege Escalation
by bzyo
CVE-2021-44529 EXPLOITDB CRITICAL text
Ivanti Endpoint Manager Cloud Services Appliance - Code Injection
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
by d7x
CVSS 9.8
By Source
All 31,341 Exploitdb 50,121 Writeup 46,692 Nomisec 21,135 Metasploit 3,189 Github 2,237 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24