Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110454 EXPLOITDB text VERIFIED
Pandora FMS 3.x - 'index.php' Cross-Site Scripting
by mehdi boukazoula
EIP-2026-106605 EXPLOITDB text VERIFIED
DV Cart Shopping Cart software - SQL Injection
by Eyup CELIK
EIP-2026-106120 EXPLOITDB text VERIFIED
Concrete 5.4.1 1 - 'rcID' Cross-Site Scripting
by Aung Khant
EIP-2026-105584 EXPLOITDB text VERIFIED
Bonza Digital Cart Script - SQL Injection
by Eyup CELIK
EIP-2026-100524 EXPLOITDB text VERIFIED
Redlab CMS - Multiple SQL Injections
by tempe_mendoan
EIP-2026-110044 EXPLOITDB text VERIFIED
OneFileCMS 1.1.1 - 'onefilecms.php' Cross-Site Scripting
by mr.pr0n
EIP-2026-106738 EXPLOITDB text
EasySiteEdit - Remote File Inclusion
by koskesh jakesh
EIP-2026-114147 EXPLOITDB text VERIFIED
WordPress Plugin UnGallery 1.5.8 - Local File Disclosure
by Miroslav Stampar
EIP-2026-105339 EXPLOITDB text
Axis Commerce (E-Commerce System) - Persistent Cross-Site Scripting
by Eyup CELIK
EIP-2026-111167 EXPLOITDB text VERIFIED
PHPMyRealty 1.0.7 - SQL Injection
by H4T$A
EIP-2026-109896 EXPLOITDB text
network tracker .95 - Persistent Cross-Site Scripting
by G13
CVE-2011-3182 EXPLOITDB text VERIFIED
PHP < 5.3.7 - Denial of Service via Malloc Return Value Mismanagement
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.
by Maksymilian Arciemowicz
EIP-2026-113890 EXPLOITDB text VERIFIED
WordPress Plugin Menu Creator 1.1.7 - SQL Injection
by Miroslav Stampar
EIP-2026-113789 EXPLOITDB text VERIFIED
WordPress Plugin Global Content Blocks 1.2 - SQL Injection
by Miroslav Stampar
EIP-2026-113765 EXPLOITDB text VERIFIED
WordPress Plugin Forum 1.7.8 - SQL Injection
by Miroslav Stampar
EIP-2026-113693 EXPLOITDB text VERIFIED
WordPress Plugin DS FAQ 1.3.2 - SQL Injection
by Miroslav Stampar
EIP-2026-113559 EXPLOITDB text VERIFIED
WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection
by Miroslav Stampar
EIP-2026-113547 EXPLOITDB text VERIFIED
WordPress Plugin Ajax Gallery 3.0 - SQL Injection
by Miroslav Stampar
CVE-2011-2938 EXPLOITDB text VERIFIED
MantisBT < 1.2.7 - Cross-Site Scripting via Project ID Parameter
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
by Net.Edit0r
EIP-2026-106832 EXPLOITDB text VERIFIED
Elgg 1.7.10 - Multiple Vulnerabilities
by Aung Khant
EIP-2026-100694 EXPLOITDB text VERIFIED
Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting
by G.R0b1n
EIP-2026-114268 EXPLOITDB text VERIFIED
WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-114105 EXPLOITDB text VERIFIED
WordPress Plugin Symposium 0.64 - SQL Injection
by Miroslav Stampar
EIP-2026-113935 EXPLOITDB text VERIFIED
WordPress Plugin OdiHost NewsLetter 1.0 - SQL Injection
by Miroslav Stampar
EIP-2026-113744 EXPLOITDB text VERIFIED
WordPress Plugin File Groups 1.1.2 - SQL Injection
by Miroslav Stampar
By Source
All 31,386 Writeup 62,482 Exploitdb 50,076 Nomisec 22,450 Github 3,674 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,597 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25