Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110094 EXPLOITDB text
Online Enrollment Management System 1.0 - Authentication Bypass
by Amine ismail
EIP-2026-110093 EXPLOITDB text
Online Employees Work From Home Attendance System 1.0 - SQLi Authentication Bypass
by Merve Oral
EIP-2026-109196 EXPLOITDB text
Loan Management System 1.0 - SQLi Authentication Bypass
by Merve Oral
CVE-2021-42223 EXPLOITDB MEDIUM text
Online DJ Booking Management System 1.0 - Cross-Site Scripting in view-booking-detail.php
Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.
by Yash Mahajan
CVSS 6.1
EIP-2026-112119 EXPLOITDB text
Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass
by Mevlüt Yılmaz
EIP-2026-110196 EXPLOITDB text
Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated)
by snup
EIP-2026-110195 EXPLOITDB text
Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated)
by snup
EIP-2026-110194 EXPLOITDB text
Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)
by snup
CVE-2021-22557 EXPLOITDB MEDIUM text VERIFIED
SLO Generator < 2.0.1 - Remote Code Execution via YAML File Loading
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173
by Kiran Ghimire
CVSS 5.3
CVE-2021-47782 EXPLOITDB HIGH text
Odine Solutions GateKeeper 1.0 - SQL Injection
Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vulnerability by sending crafted payloads to the /rass/api/v1/trafficCycle/ endpoint to manipulate PostgreSQL database queries and potentially extract sensitive information.
by Emel Basayar
CVSS 8.2
CVE-2021-26086 EXPLOITDB MEDIUM text
Atlassian Jira Server/Data Center Path Traversal via /WEB-INF/web.xml
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
by Mayank Deshmukh
CVSS 5.3
EIP-2026-112454 EXPLOITDB text
Student Quarterly Grading System 1.0 - SQLi Authentication Bypass
by Blackhan
CVE-2021-26085 EXPLOITDB MEDIUM text
Atlassian Confluence Server <7.4.10, >7.5.0-7.12.2 - Info Disclosure
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
by Mayank Deshmukh
CVSS 5.3
CVE-2021-41511 EXPLOITDB CRITICAL text
Lodging Reservation Management System 1.0 - SQL Injection via Login Username/Password Fields
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.
by Nitin Sharma
CVSS 9.8
EIP-2026-114539 EXPLOITDB text
Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass
by Jordan Glover
EIP-2026-114538 EXPLOITDB text
Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)
by Jordan Glover
CVE-2021-41381 EXPLOITDB HIGH text
Payara Micro Community < 5.2021.6 - Path Traversal
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
by Yasser Khan
CVSS 7.5
CVE-2022-29007 EXPLOITDB CRITICAL text
Dairy Farm Shop Management System v1.0 - SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
by Sanjay Singh
CVSS 9.8
CVE-2022-29006 EXPLOITDB CRITICAL text
Directory Management System v1.0 - SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
by Sanjay Singh
CVSS 9.8
CVE-2021-47783 EXPLOITDB MEDIUM text
phpwcms 1.9.30 - Authenticated Unrestricted Upload of Dangerous File via SVG File Upload
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
by Okan Kurtulus
CVSS 5.4
EIP-2026-106950 EXPLOITDB text
Exam Form Submission System 1.0 - SQL Injection Authentication Bypass
by Nitin Sharma
EIP-2026-106596 EXPLOITDB text
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation
by Cristian \'void\' Giustini
EIP-2026-105533 EXPLOITDB text
Blood Bank System 1.0 - Authentication Bypass
by Nitin Sharma
CVE-2021-41318 EXPLOITDB MEDIUM text
Progress WhatsUp Gold < 21.1.0 - Unauthenticated Stored Cross-Site Scripting
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
by Andreas Finstad
CVSS 6.1
CVE-2022-29009 EXPLOITDB CRITICAL text
Cyber Cafe Management System Project v1.0 - SQL Injection
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
by Sanjay Singh
CVSS 9.8
By Source
All 31,386 Writeup 62,204 Exploitdb 50,076 Nomisec 22,391 Github 3,608 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,563 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25