Text Exploits
31,341 exploits tracked across all sources.
Library System 1.0 - 'student_id' SQL injection (Authenticated)
by Vinay Bhuria
SmarterTrack 7922 - Info Disclosure
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.
by Andrei Manole
CVSS 7.5
Pharmacy Point of Sale System 1.0 - SQLi Authentication BYpass
by Janik Wehrli
Algolplus Advanced Order Export For Woocommerce < 3.1.8 - XSS
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
by 0xB9
CVSS 6.1
Police Crime Record Management Project 1.0 - Time Based SQLi
by ()t/\\/\\1
Budget and Expense Tracker System 1.0 - Arbitrary File Upload
by ()t/\\/\\1
TotalAV <5.15.69 - Privilege Escalation
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
by Andrea Intilangelo
CVSS 7.8
Simple Attendance System 1.0 - Unauthenticated Blind SQLi
by ()t/\\/\\1
Cloudron 6.2 - XSS
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
by Akıner Kısa
CVSS 6.1
Oretnom23 Budget And Expense Tracker System - Unrestricted File Upload
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .
by Abdullah Khawaja
CVSS 8.8
Church Management System 1.0 - 'search' SQL Injection (Unauthenticated)
by Erwin Krazek
Budget and Expense Tracker System 1.0 - Authenticated Bypass
by Prunier Charles-Yves
T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery (CSRF)
by Alperen Ergel
Simple Attendance System 1.0 - Authenticated bypass
by Abdullah Khawaja
Seowonintech 130-slc Firmware < 2021-09-15 - Remote Code Execution
Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter.
by Aryan Chehreghani
CVSS 9.8
Support Board 3.3.3 - 'Multiple' SQL Injection (Unauthenticated)
by John Jefferson Li
Active WebCam 11.5 - Code Injection
Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative access.
by Salman Asad
CVSS 7.8
Men Salon Management System 1.0 - Multiple Vulnerabilities
by Aryan Chehreghani
ECOA Building Automation System - Weak Default Credentials
by Neurogenesia
ECOA Building Automation System - Remote Privilege Escalation
by Neurogenesia
ECOA Building Automation System - Path Traversal Arbitrary File Upload
by Neurogenesia
ECOA Building Automation System - Local File Disclosure
by Neurogenesia
ECOA Building Automation System - Directory Traversal Content Disclosure
by Neurogenesia
ECOA Building Automation System - Cookie Poisoning Authentication Bypass
by Neurogenesia
By Source