Exploitdb Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-42071 EXPLOITDB CRITICAL text
Visual-tools Dvr Vx16 Firmware - OS Command Injection
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.
by Andrea D\'Ubaldo
CVSS 9.8
EIP-2026-114219 EXPLOITDB text
WordPress Plugin WP Learn Manager 1.1.2 - Stored Cross-Site Scripting (XSS)
by Mohammed Adam
EIP-2026-110059 EXPLOITDB text
Online Birth Certificate System 1.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Subhadip Nag
EIP-2026-105844 EXPLOITDB text
Church Management System 1.0 - Arbitrary File Upload (Authenticated)
by Murat DEMİRCİ
EIP-2026-105842 EXPLOITDB text
Church Management System 1.0 - 'password' SQL Injection (Authentication Bypass)
by Murat DEMİRCİ
EIP-2026-105841 EXPLOITDB text
Church Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Murat DEMİRCİ
CVE-2021-47800 EXPLOITDB MEDIUM text
b2evolution 7.2.2 - CSRF
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpage.
by Alperen Ergel
CVSS 5.3
CVE-2021-34110 EXPLOITDB HIGH text
Nica Winwaste.net - Incorrect Permission Assignment
WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges.
by Andrea Intilangelo
CVSS 7.8
EIP-2026-107346 EXPLOITDB text
Garbage Collection Management System 1.0 - SQL Injection (Unauthenticated)
by ircashem
CVE-2020-7750 EXPLOITDB CRITICAL text
MIT Scratch-svg-renderer - XSS
This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the _transformMeasurements function.
by Stig Magnus Baugstø
CVSS 9.6
CVE-2021-35956 EXPLOITDB MEDIUM text
AKCP sensorProbe <SP480-20210624 - XSS
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
by Tyler Butler
CVSS 5.4
CVE-2021-47801 EXPLOITDB HIGH text
Vianeos OctoPUS 5 - SQL Injection
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to extract information.
by Audencia Business SCHOOL Red Team
CVSS 8.2
EIP-2026-110203 EXPLOITDB text
Online Voting System 1.0 - Remote Code Execution (Authenticated)
by Salman Asad
EIP-2026-110202 EXPLOITDB text
Online Voting System 1.0 - Authentication Bypass (SQLi)
by Salman Asad
EIP-2026-106494 EXPLOITDB text
Doctors Patients Management System 1.0 - SQL Injection (Authentication Bypass)
by Murat DEMİRCİ
EIP-2026-104433 EXPLOITDB text
Simple Traffic Offense System 1.0 - Stored Cross Site Scripting (XSS)
by Barış Yıldızoğlu
EIP-2026-114288 EXPLOITDB text
WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS)
by Toby Jackson
CVE-2021-26078 EXPLOITDB MEDIUM text
Atlassian Data Center < 8.5.14 - XSS
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
by Captain_hook
CVSS 6.1
EIP-2026-117897 EXPLOITDB text
SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path
by Brian Rodriguez
EIP-2026-112073 EXPLOITDB text
Simple Client Management System 1.0 - 'uemail' SQL Injection (Unauthenticated)
by Barış Yıldızoğlu
CVE-2021-24383 EXPLOITDB MEDIUM text
Codecabin WP GO Maps < 8.1.12 - XSS
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
by Mohammed Adam
CVSS 5.4
EIP-2026-113970 EXPLOITDB text
WordPress Plugin Poll_ Survey_ Questionnaire and Voting system 1.5.2 - 'date_answers' Blind SQL Injection
by Toby Jackson
EIP-2026-112083 EXPLOITDB text
Simple CRM 3.0 - 'email' SQL injection (Authentication Bypass)
by Rinku Kumar
EIP-2026-110137 EXPLOITDB text
Online Library Management System 1.0 - 'Search' SQL Injection
by Berk Can Geyikci
CVE-2021-35337 EXPLOITDB MEDIUM text
Phone Shop Sales Management System - IDOR
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
by Pratik Khalane
CVSS 4.3
By Source
All 31,341 Exploitdb 50,121 Writeup 46,758 Nomisec 21,200 Metasploit 3,189 Github 2,253 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,740 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24