Exploitdb Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110164 EXPLOITDB text
Online Railway Reservation System 1.0 - Admin Account Creation (Unauthenticated)
by Zachary Asher
EIP-2026-110163 EXPLOITDB text
Online Railway Reservation System 1.0 - 'Multiple' Stored Cross Site Scripting (XSS) (Unauthenticated)
by Zachary Asher
EIP-2026-110162 EXPLOITDB text
Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated)
by twseptian
EIP-2026-110201 EXPLOITDB text
Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection
by twseptian
CVE-2022-24248 EXPLOITDB MEDIUM text
RiteCMS <3.1.0 - Path Traversal
RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.
by faisalfs10x
CVSS 6.5
CVE-2022-24247 EXPLOITDB MEDIUM text
RiteCMS <3.1.0 - Path Traversal
RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.
by faisalfs10x
CVSS 6.5
CVE-2023-36375 EXPLOITDB MEDIUM text
Hostel Management System v2.1 - XSS
Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.
by Chinmay Divekar
CVSS 5.4
CVE-2021-47733 EXPLOITDB MEDIUM text
Cmsimple - XSS
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like ')-alert(1)// and execute arbitrary JavaScript when victims interact with delete buttons.
by heinjame
CVSS 6.1
CVE-2021-46368 EXPLOITDB HIGH text
TRIGONE Remote System Monitor <3.61 - Privilege Escalation
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
by Yehia Elghaly
CVSS 7.8
CVE-2021-46367 EXPLOITDB HIGH text
RiteCMS <3.1.0 - RCE
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.
by faisalfs10x
CVSS 7.2
CVE-2021-35380 EXPLOITDB HIGH text
Solari di Udine TTServer 3.24.0.2 - Path Traversal
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).
by Fabiano Golluscio
CVSS 7.5
EIP-2026-113645 EXPLOITDB text
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
by Gaetano Perrone
EIP-2026-113520 EXPLOITDB text
WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)
by Andrea Bocchetti
EIP-2026-113109 EXPLOITDB text
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
by Milad karimi
CVE-2021-45425 EXPLOITDB MEDIUM text
Safarimontage Safari Montage - XSS
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.
by Momen Eldawakhly
CVSS 6.1
EIP-2026-111546 EXPLOITDB text
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
by Oscar Gil Gutierrez
EIP-2026-110321 EXPLOITDB text
openSIS Student Information System 8.0 - 'multiple' SQL Injection
by securityforeveryone.com
CVE-2021-45814 EXPLOITDB CRITICAL text
Nettmp NNT 5.1 - SQL Injection
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
by Momen Eldawakhly
CVSS 9.8
EIP-2026-109115 EXPLOITDB text
Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
by Akash Patil
EIP-2026-107628 EXPLOITDB text
Hospitals Patient Records Management System 1.0 - Account TakeOver
by twseptian
EIP-2026-107625 EXPLOITDB text
Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)
by twseptian
EIP-2026-104186 EXPLOITDB text
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
by Malcrove
EIP-2026-101254 EXPLOITDB text
Dixell XWEB 500 - Arbitrary File Write
by Roberto Palamaro
EIP-2026-106969 EXPLOITDB text
Exponent CMS 2.6 - Multiple Vulnerabilities
by heinjame
EIP-2026-106243 EXPLOITDB text
Croogo 3.0.2 - Unrestricted File Upload
by Enes Özeser
By Source
All 31,341 Exploitdb 50,121 Writeup 46,717 Nomisec 21,135 Metasploit 3,189 Github 2,247 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,737 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24