Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112369 EXPLOITDB text
SpawCMS Editor - Arbitrary File Upload
by j4ck
EIP-2026-112271 EXPLOITDB text VERIFIED
Sniggabo CMS 2.21 - 'search.php' Cross-Site Scripting
by Sora
EIP-2026-111801 EXPLOITDB text VERIFIED
Roundcube Webmail 0.2 - Cross-Site Scripting
by j4ck & Globus
EIP-2026-111799 EXPLOITDB text
Roundcube Webmail - Multiple Vulnerabilities
by j4ck & Globus
EIP-2026-111038 EXPLOITDB text VERIFIED
PHPDug 2.0.0 - Cross-Site Scripting
by indoushka
EIP-2026-111033 EXPLOITDB text VERIFIED
PHPDirector Game Edition 0.1 - Local File Inclusion / SQL Injection / Cross-Site Scripting
by Zer0 Thunder
EIP-2026-109811 EXPLOITDB text
Myuploader - Arbitrary File Upload
by S2K9
EIP-2026-109534 EXPLOITDB text
MobPartner Counter - Arbitrary File Upload
by wlhaan hacker
EIP-2026-109472 EXPLOITDB text VERIFIED
Milonic News - 'viewnews' SQL Injection
by Err0R
EIP-2026-109057 EXPLOITDB text VERIFIED
L2Web LineWeb 1.0.5 - Multiple Input Validation Vulnerabilities
by Ignacio Garrido
EIP-2026-109048 EXPLOITDB text VERIFIED
KubeLabs PHPDug 2.0 - 'upcoming.php' Cross-Site Scripting
by indoushka
CVE-2010-0694 EXPLOITDB text
PerchaGallery <1.5b - SQL Injection
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php.
by FL0RiX
EIP-2026-108424 EXPLOITDB text VERIFIED
Joomla! Component com_kk - Blind SQL Injection
by Pyske
EIP-2026-108423 EXPLOITDB text VERIFIED
Joomla! Component com_king - Blind SQL Injection
by Pyske
EIP-2026-107979 EXPLOITDB text VERIFIED
ITaco Group ITaco.biz - 'view_news' SQL Injection
by Err0R
EIP-2026-106485 EXPLOITDB text VERIFIED
Docebo 3.6.0.2 (stable) - Local File Inclusion
by Zer0 Thunder
CVE-2010-1066 EXPLOITDB text VERIFIED
AR Web Content Manager (AWCM) 2.1 - Info Disclosure
AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.
by alnjm33
EIP-2026-103773 EXPLOITDB text
DirectAdmin 1.33.6 - Symlink Security Bypass
by alnjm33
EIP-2026-102609 EXPLOITDB text VERIFIED
Gnome Panel 2.28.0 - Denial of Service (PoC)
by Pietro Oliva
CVE-2010-0936 EXPLOITDB text
D-LINK DKVM-IP8 - Firmware 2282_dlinkA4_p8_20071213 - XSS
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
by POPCORN
CVE-2010-0936 EXPLOITDB text VERIFIED
D-LINK DKVM-IP8 - Firmware 2282_dlinkA4_p8_20071213 - XSS
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
by POPCORN
EIP-2026-101097 EXPLOITDB text
Total MultiMedia Features - Sony Ericsson Phones Denial of Service (PoC)
by Aodrulez
EIP-2026-100607 EXPLOITDB text VERIFIED
VP-ASP Shopping Cart 7.0 - Database Disclosure
by indoushka
EIP-2026-100454 EXPLOITDB text VERIFIED
Net Gitar Shop 1.0 - Database Disclosure
by indoushka
CVE-2010-1065 EXPLOITDB text VERIFIED
Lebisoft Ziyaretci Defteri 7.4-7.5 - Info Disclosure
Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb.
by indoushka
By Source
All 31,346 Writeup 60,502 Exploitdb 50,014 Nomisec 21,946 Metasploit 3,232 Github 2,965 Vulncheck_xdb 909 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,346 python 6,217 ruby 5,922 c 3,592 perl 2,849 html 2,056 php 1,327 bash 460 java 364 c++ 252 javascript 220 shell 100 go 64 postscript 25 xml 24