Exploitdb Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111395 EXPLOITDB text
Police Crime Record Management System 1.0 - 'casedetails' SQL Injection
by Ömer Hasan Durmuş
EIP-2026-104848 EXPLOITDB text
4images 1.8 - 'limitnumber' SQL Injection (Authenticated)
by Andrey Stoykov
EIP-2026-111681 EXPLOITDB text
RATES SYSTEM 1.0 - 'Multiple' SQL Injections
by Halit AKAYDIN
EIP-2026-106199 EXPLOITDB text
COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection
by Ashish Upsham
CVE-2021-37425 EXPLOITDB CRITICAL text
Altova Mobiletogether Server < 7.3 - XXE
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key.
by RedTeam Pentesting GmbH
CVSS 9.1
CVE-2021-35312 EXPLOITDB HIGH text
CIR 2000 / Gestionale Amica Prodigy v1.7 - Privilege Escalation
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.
by Andrea Intilangelo
CVSS 7.8
EIP-2026-113963 EXPLOITDB text
WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting (XSS)
by Aryan Chehreghani
EIP-2026-112103 EXPLOITDB text
Simple Library Management System 1.0 - 'rollno' SQL Injection
by Halit AKAYDIN
CVE-2018-20523 EXPLOITDB MEDIUM text
MI Stock Browser - Command Injection
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
by Vishwaraj Bhattrai
CVSS 5.3
CVE-2021-36654 EXPLOITDB MEDIUM text
Cmsuno - XSS
CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme.
by splint3rsec
CVSS 5.4
EIP-2026-114210 EXPLOITDB text
WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting (XSS)
by Aryan Chehreghani
EIP-2026-111616 EXPLOITDB text
qdPM 9.2 - Password Exposure (Unauthenticated)
by Leon Trappett
EIP-2026-105915 EXPLOITDB text
Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)
by Mohammad Koochaki
EIP-2026-110116 EXPLOITDB text
Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)
by Mohammad Koochaki
EIP-2026-109416 EXPLOITDB text
Men Salon Management System 1.0 - SQL Injection Authentication Bypass
by Akshay Khanna
EIP-2026-101910 EXPLOITDB text
Panasonic Sanyo CCTV Network Camera 2.03-0x - Cross-Site Request Forgery (Change Password)
by LiquidWorm
CVE-2021-4469 EXPLOITDB HIGH text
Denver SHO-110 - Info Disclosure
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by directly requesting the 'snapshot' endpoint. An attacker can repeatedly collect snapshots and reconstruct the camera stream, compromising the confidentiality of the monitored environment.
by Ivan Nikolsky
CVE-2021-4463 EXPLOITDB HIGH text
Longjing Technology BEMS API <=1.21 - Info Disclosure
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
by LiquidWorm
CVE-2021-47717 EXPLOITDB MEDIUM text
IntelliChoice eFORCE Software Suite 2.5.9 - Info Disclosure
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
by LiquidWorm
CVE-2021-36351 EXPLOITDB CRITICAL text
Care2x Hospital Information Management System < 2.7 - SQL Injection
SQL Injection Vulnerability in Care2x Open Source Hospital Information Management 2.7 Alpha via the (1) pday, (2) pmonth, and (3) pyear parameters in GET requests sent to /modules/nursing/nursing-station.php.
by securityforeveryone.com
CVSS 9.8
EIP-2026-104377 EXPLOITDB text
Oracle Fatwire 6.3 - Multiple Vulnerabilities
by J. Francisco Bolivar
CVE-2021-47796 EXPLOITDB CRITICAL text
Denver SHC-150 Smart Wifi Camera - RCE
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system.
by Ivan Nikolsky
CVSS 9.8
EIP-2026-119447 EXPLOITDB text
TripSpark VEO Transportation - Blind SQL Injection
by Sedric Louissaint
CVE-2021-43130 EXPLOITDB CRITICAL text
Sourcecodester CRM 1.0 - SQL Injection
An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM) 1.0 via the username parameter in customer/login.php.
by Shafique_Wasta
CVSS 9.8
EIP-2026-114481 EXPLOITDB text
XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)
by faisalfs10x
By Source
All 31,341 Exploitdb 50,121 Writeup 46,758 Nomisec 21,200 Metasploit 3,189 Github 2,253 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,740 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24