Exploitdb Exploits
31,341 exploits tracked across all sources.
Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated)
by Yash Mahajan
Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)
by Mert Daş
Sonicwall Sonicos < 7.0.1-r1262 - Open Redirect
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
by Ramikan
CVSS 6.1
WordPress Pie Register <3.7.1.4 - Auth Bypass
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
by Lotfi13-DZ
Phpgurukul Ifsc Code Finder - SQL Injection
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
by Yash Mahajan
CVSS 9.8
Cmder Console Emulator 1.3.18 - DoS
Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console emulator's buffer and crash the application.
by Aryan Chehreghani
CVSS 9.8
Unicorn < 0.35.3 - XSS
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
by Raven Security Associates
CVSS 5.4
Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation
by Amine ismail
Simple Online College Entrance Exam System 1.0 - Account Takeover
by Amine ismail
Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection
by Amine ismail
Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)
by snup
Online Enrollment Management System 1.0 - Authentication Bypass
by Amine ismail
Online Employees Work From Home Attendance System 1.0 - SQLi Authentication Bypass
by Merve Oral
Loan Management System 1.0 - SQLi Authentication Bypass
by Merve Oral
Phpgurukul Online DJ Booking Management System - XSS
Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.
by Yash Mahajan
CVSS 6.1
Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass
by Mevlüt Yılmaz
Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated)
by snup
Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated)
by snup
Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)
by snup
Google Slo Generator < 2.0.1 - Code Injection
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173
by Kiran Ghimire
CVSS 5.3
Odine Solutions GateKeeper 1.0 - SQL Injection
Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate PostgreSQL database queries and potentially extract sensitive information.
by Emel Basayar
CVSS 8.2
Atlassian Jira Data Center < 8.5.14 - Path Traversal
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
by Mayank Deshmukh
CVSS 5.3
Student Quarterly Grading System 1.0 - SQLi Authentication Bypass
by Blackhan
Atlassian Confluence Server <7.4.10, >7.5.0-7.12.2 - Info Disclosure
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
by Mayank Deshmukh
CVSS 5.3
Lodging Reservation Management System - SQL Injection
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.
by Nitin Sharma
CVSS 9.8
By Source