Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101680 EXPLOITDB text
ECOA Building Automation System - Configuration Download Information Disclosure
by Neurogenesia
EIP-2026-101679 EXPLOITDB text
ECOA Building Automation System - Arbitrary File Deletion
by Neurogenesia
EIP-2026-101678 EXPLOITDB text
ECOA Building Automation System - 'multiple' Cross-Site Request Forgery (CSRF)
by Neurogenesia
EIP-2026-101261 EXPLOITDB text
ECOA Building Automation System - Hard-coded Credentials SSH Access
by Neurogenesia
EIP-2026-101123 EXPLOITDB text
ECOA Building Automation System - Missing Encryption Of Sensitive Information
by Neurogenesia
EIP-2026-105652 EXPLOITDB text VERIFIED
Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)
by Emre Aslan
EIP-2026-114106 EXPLOITDB text
WordPress Plugin TablePress 1.14 - CSV Injection
by Nikhil Kapoor
EIP-2026-114233 EXPLOITDB text
WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting (XSS)
by Nikhil Kapoor
CVE-2022-29008 EXPLOITDB MEDIUM text VERIFIED
Bus Pass Management System v1.0 - Info Disclosure
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.
by sudoninja
CVSS 6.5
CVE-2021-40903 EXPLOITDB CRITICAL text
Antminer Monitor 0.50.0 - Backdoor
A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static.
by Vulnz
CVSS 9.8
EIP-2026-116810 EXPLOITDB text
Argus Surveillance DVR 4.0 - Unquoted Service Path
by Salman Asad
CVE-2021-40352 EXPLOITDB MEDIUM text
OpenEMR 6.0.0 - Info Disclosure
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.
by Allen Enosh Upputori
CVSS 6.5
CVE-2021-47792 EXPLOITDB HIGH text
Remote Mouse 4.002 - Privilege Escalation
Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the RemoteMouseService to inject malicious executables and gain administrative access.
by Salman Asad
CVSS 7.8
CVE-2021-40651 EXPLOITDB MEDIUM text
OS4Ed OpenSIS Community 8.0 - Info Disclosure
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
by Eric Salario
CVSS 6.5
CVE-2022-43138 EXPLOITDB CRITICAL text
Dolibarr Open Source ERP & CRM <14.0.1 - Privilege Escalation
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
by Vishwaraj Bhattrai
CVSS 9.8
CVE-2021-40309 EXPLOITDB HIGH text
OpenSIS 8.0 - SQL Injection
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.
by Eric Salario
CVSS 8.8
EIP-2026-113694 EXPLOITDB text VERIFIED
WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting (XSS)
by Nikhil Kapoor
EIP-2026-104505 EXPLOITDB text
WPanel 4.3.1 - Remote Code Execution (RCE) (Authenticated)
by Sentinal920
CVE-2021-40379 EXPLOITDB HIGH text
Compro - Info Disclosure
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.
by icekam
CVSS 7.5
CVE-2021-40380 EXPLOITDB HIGH text
Compro - Info Disclosure
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials.
by icekam
CVSS 7.5
CVE-2021-40378 EXPLOITDB HIGH text
Compro - Info Disclosure
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.
by icekam
CVSS 8.1
CVE-2021-40382 EXPLOITDB HIGH text
Compro IP70/IP570/TN540 <2.08 - Info Disclosure
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access.
by icekam
CVSS 7.5
CVE-2021-40381 EXPLOITDB HIGH text
Compro IP70/IP570/IP60/TN540 <2.08 - Info Disclosure
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access.
by icekam
CVSS 7.5
EIP-2026-113948 EXPLOITDB text VERIFIED
WordPress Plugin Payments Plugin | GetPaid 2.4.6 - HTML Injection
by Niraj Mahajan
CVE-2025-3146 EXPLOITDB HIGH text VERIFIED
Phpgurukul Bus Pass Management System - Injection
A vulnerability, which was classified as critical, was found in PHPGurukul Bus Pass Management System 1.0. This affects an unknown part of the file /view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by Aryan Chehreghani
CVSS 7.3
By Source
All 31,341 Exploitdb 50,121 Writeup 46,751 Nomisec 21,199 Metasploit 3,189 Github 2,250 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24