Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-50926 EXPLOITDB CRITICAL text
WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.
by Momen Eldawakhly
CVSS 9.8
CVE-2022-50688 EXPLOITDB HIGH text
Cobian Backup Gravity 11.2.0.582 - Code Injection
Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute with LocalSystem privileges during service startup.
by Luis Martínez
CVSS 8.4
CVE-2022-26332 EXPLOITDB MEDIUM text
Cipi 3.1.15 - Stored Cross-Site Scripting via Server Name Field
Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name field.
by Ghuliev
CVSS 5.4
CVE-2022-50690 EXPLOITDB HIGH text
Wondershare MirrorGo 2.0.11.346 - Privilege Escalation
Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges.
by Luis Martínez
CVSS 8.4
CVE-2022-26252 EXPLOITDB MEDIUM text
aaPanel 6.8.21 - Path Traversal
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).
by Ghuliev
CVSS 6.5
EIP-2026-118237 EXPLOITDB text
Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE)
by Amel BOUZIANE-LEBLOND
EIP-2026-113289 EXPLOITDB text
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
by Antonio Cuomo
EIP-2026-112455 EXPLOITDB text
Student Record System 1.0 - 'cid' SQLi (Authenticated)
by Mohd. Anees
EIP-2026-112139 EXPLOITDB text
Simple Real Estate Portal System 1.0 - 'id' SQLi
by Mosaaed
EIP-2026-105031 EXPLOITDB text
Air Cargo Management System v1.0 - SQLi
by nu11secur1ty
CVE-2022-4982 EXPLOITDB HIGH text
DBLTek GoIP-1 <GHSFVT-1.1-67-5 - Local File Inclusion
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path parameter (`content` or `sidebar`) which is not properly validated or canonicalized. An attacker can supply directory-traversal sequences to cause the server to read and return arbitrary filesystem files that the webserver user can access. Other GoIP models and firmware versions are likely affected. Exploitation evidence was observed by the Shadowserver Foundation on 2024-03-21 UTC.
by Valtteri Lehtinen
CVE-2022-26634 EXPLOITDB HIGH text
HMA VPN <5.3.5913.0 - Privilege Escalation
HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
by Saud Alenazi
CVSS 7.8
EIP-2026-117492 EXPLOITDB text
Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
by Johto Robbie
CVE-2022-0557 EXPLOITDB HIGH text
Packagist microweber/microweber <1.2.11 - Command Injection
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
by Chetanya Sharma
CVSS 7.2
CVE-2022-25241 EXPLOITDB HIGH text
FileCloud < 21.3.0.18447 - Cross-Site Request Forgery via CSV User Import
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).
by Masashi Fujiwara
CVSS 8.8
EIP-2026-105674 EXPLOITDB text
Cab Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
by Alperen Ergel
EIP-2026-105673 EXPLOITDB text
Cab Management System 1.0 - 'id' SQLi (Authenticated)
by Alperen Ergel
CVE-2021-45092 EXPLOITDB CRITICAL text
Thinfinity VirtualUI <3.0 - Code Injection
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.
by Daniel Morales
CVSS 9.8
CVE-2021-46354 EXPLOITDB HIGH text
Thinfinity VirtualUI <3.0 - Info Disclosure
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.
by Daniel Morales
CVSS 7.5
CVE-2022-50929 EXPLOITDB HIGH text
Connectify Hotspot 2018 - Code Injection
Connectify Hotspot 2018 contains an unquoted service path vulnerability in its ConnectifyService executable that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Connectify\ConnectifyService.exe' to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 8.4
CVE-2022-50928 EXPLOITDB HIGH text
BlueSoleilCS 5.4.277 - Code Injection
BlueSoleilCS 5.4.277 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path in 'C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe' to inject malicious executables and escalate privileges.
by SamAlucard
CVSS 7.8
CVE-2022-50904 EXPLOITDB HIGH text
Wondershare UBackit 2.0.5 - Code Injection
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
CVE-2022-50903 EXPLOITDB HIGH text
Wondershare MobileTrans 3.5.9 - Privilege Escalation
Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
CVE-2022-50902 EXPLOITDB HIGH text
Wondershare FamiSafe 1.0 - Code Injection
Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious code that would run with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
CVE-2022-50901 EXPLOITDB HIGH text
Wondershare Dr.Fone 11.4.9 - Code Injection
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.
by Luis Martínez
CVSS 8.4
By Source
All 31,386 Writeup 62,188 Exploitdb 50,076 Nomisec 22,383 Github 3,590 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,552 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25