Exploitdb Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114539 EXPLOITDB text
Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass
by Jordan Glover
EIP-2026-114538 EXPLOITDB text
Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)
by Jordan Glover
CVE-2021-41381 EXPLOITDB HIGH text
Payara Micro Community < 5.2021.6 - Path Traversal
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
by Yasser Khan
CVSS 7.5
CVE-2022-29007 EXPLOITDB CRITICAL text
Dairy Farm Shop Management System v1.0 - SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
by Sanjay Singh
CVSS 9.8
CVE-2022-29006 EXPLOITDB CRITICAL text
Directory Management System v1.0 - SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
by Sanjay Singh
CVSS 9.8
CVE-2021-47783 EXPLOITDB MEDIUM text
Phpwcms - Unrestricted File Upload
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
by Okan Kurtulus
CVSS 5.4
EIP-2026-106950 EXPLOITDB text
Exam Form Submission System 1.0 - SQL Injection Authentication Bypass
by Nitin Sharma
EIP-2026-106596 EXPLOITDB text
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation
by Cristian \'void\' Giustini
EIP-2026-105533 EXPLOITDB text
Blood Bank System 1.0 - Authentication Bypass
by Nitin Sharma
CVE-2021-41318 EXPLOITDB MEDIUM text
Progress Whatsupgold < 21.1.0 - XSS
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
by Andreas Finstad
CVSS 6.1
CVE-2022-29009 EXPLOITDB CRITICAL text
Cyber Cafe Management System Project v1.0 - SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
by Sanjay Singh
CVSS 9.8
EIP-2026-110576 EXPLOITDB text
Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi)
by Murat
CVE-2021-24287 EXPLOITDB MEDIUM text
Mooveagency Select All Categories And... - XSS
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
by 0xB9
CVSS 6.1
CVE-2021-24286 EXPLOITDB MEDIUM text
Mooveagency Redirect 404 TO Parent < 1.3.1 - XSS
The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
by 0xB9
CVSS 6.1
EIP-2026-110319 EXPLOITDB text
OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS)
by Eric Salario
CVE-2021-42165 EXPLOITDB HIGH text
Mitrastar Gpt-2541gnac-n1 Firmware - OS Command Injection
MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path".
by Leonardo Nicolas Servalli
CVSS 8.8
CVE-2021-24274 EXPLOITDB MEDIUM text
Supsystic Ultimate Maps < 1.2.5 - XSS
The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
by 0xB9
CVSS 6.1
CVE-2021-24610 EXPLOITDB MEDIUM text
Cozmoslabs Translatepress < 2.0.9 - XSS
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues.
by Nosa Shandy
CVSS 4.8
CVE-2021-24275 EXPLOITDB MEDIUM text
Supsystic Popup < 1.10.5 - XSS
The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
by 0xB9
CVSS 6.1
CVE-2021-24276 EXPLOITDB MEDIUM text
Supsystic Contact Form < 1.7.15 - XSS
The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
by 0xB9
CVSS 6.1
EIP-2026-101728 EXPLOITDB text
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)
by LiquidWorm
EIP-2026-101727 EXPLOITDB text
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)
by LiquidWorm
EIP-2026-101726 EXPLOITDB text
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
by LiquidWorm
EIP-2026-101725 EXPLOITDB text
FatPipe Networks WARP 10.2.2 - Authorization Bypass
by LiquidWorm
EIP-2026-114182 EXPLOITDB text
WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)
by Renos Nikolaou
By Source
All 31,341 Exploitdb 50,121 Writeup 46,751 Nomisec 21,199 Metasploit 3,189 Github 2,250 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24