Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114055 EXPLOITDB text
WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)
by Vikas Srivastava
EIP-2026-106260 EXPLOITDB text
CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion
by faisalfs10x
EIP-2026-101820 EXPLOITDB text
KevinLAB BEMS 1.0 - File Path Traversal Information Disclosure (Authenticated)
by LiquidWorm
EIP-2026-101819 EXPLOITDB text
KevinLAB BEMS 1.0 - Authentication Bypass
by LiquidWorm
EIP-2026-101337 EXPLOITDB text
KevinLAB BEMS 1.0 - Undocumented Backdoor Account
by LiquidWorm
EIP-2026-113855 EXPLOITDB text
WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)
by Aakash Choudhary
EIP-2026-113892 EXPLOITDB text
WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)
by Vikas Srivastava
EIP-2026-113865 EXPLOITDB text
WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation
by nhattruong
CVE-2020-6010 EXPLOITDB HIGH text
LearnPress <3.2.6.7 - SQL Injection
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
by nhattruong
CVSS 8.8
CVE-2021-37593 EXPLOITDB CRITICAL text
Peel Shopping - SQL Injection
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
by faisalfs10x
CVSS 9.1
EIP-2026-113672 EXPLOITDB text
WordPress Plugin Current Book 1.0.1 - 'Book Title' Persistent Cross-Site Scripting
by Vikas Srivastava
EIP-2026-114276 EXPLOITDB text
WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting (XSS)
by Swapnil Subhash Bodekar
EIP-2026-107941 EXPLOITDB text
Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Subhadip Nag
CVE-2018-11784 EXPLOITDB MEDIUM text
Apache Tomcat < 7.0.90 - Open Redirect
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
by Central InfoSec
CVSS 4.3
CVE-2019-0221 EXPLOITDB MEDIUM text
Apache Tomcat < 7.0.93 - XSS
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
by Central InfoSec
CVSS 6.1
EIP-2026-114644 EXPLOITDB text
Zoo Management System 1.0 - 'Multiple' Persistent Cross-Site-Scripting (XSS)
by Subhadip Nag
CVE-2021-33353 EXPLOITDB CRITICAL text
Wyomind Help Desk Magento 2 <1.3.7 - Path Traversal
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.
by Patrik Lantz
CVSS 9.8
CVE-2021-33352 EXPLOITDB CRITICAL text
Wyomind Help Desk Magento 2 <1.3.7 - RCE
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.
by Patrik Lantz
CVSS 9.8
CVE-2021-33351 EXPLOITDB CRITICAL text
Wyomind Help Desk Magento 2 <1.3.7 - XSS
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
by Patrik Lantz
CVSS 9.0
EIP-2026-106862 EXPLOITDB text
Employee Record Management System 1.2 - Stored Cross-Site Scripting (XSS)
by Subhadip Nag
CVE-2021-36621 EXPLOITDB HIGH text
Online Covid Vaccination Scheduler System - SQL Injection
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.
by faisalfs10x
CVSS 8.1
CVE-2021-40303 EXPLOITDB MEDIUM text
perfex crm <1.10 - XSS
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
by Alhasan Abbas
CVSS 5.4
CVE-2021-36624 EXPLOITDB CRITICAL text
Phone Shop Sales Management System - SQL Injection
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
by faisalfs10x
CVSS 9.8
CVE-2021-36623 EXPLOITDB CRITICAL text
Sourcecodester Phone Shop Sales Management System 1.0 - RCE
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
by faisalfs10x
CVSS 9.8
CVE-2021-47799 EXPLOITDB MEDIUM text
Visual Tools DVR VX16 <4.2.28 - Privilege Escalation
Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized system-level privileges.
by Andrea D\'Ubaldo
CVSS 6.2
By Source
All 31,341 Exploitdb 50,121 Writeup 46,758 Nomisec 21,200 Metasploit 3,189 Github 2,253 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,740 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24