Exploitdb Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-33469 EXPLOITDB MEDIUM text
COVID19 Testing Management System 1.0 - XSS
COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter.
by Rohit Burke
CVSS 4.8
CVE-2021-24245 EXPLOITDB MEDIUM text
Trumani Stop Spammers < 2021.9 - XSS
The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.
by Hosein Vita
CVSS 6.1
CVE-2021-27828 EXPLOITDB CRITICAL text
In4Suite ERP <3.2.74.1370 - SQL Injection
SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
by Gulab Mondal
CVSS 9.1
EIP-2026-106795 EXPLOITDB text
EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection
by Dimitrios Mitakos
CVE-2021-45411 EXPLOITDB CRITICAL text
Printable Staff ID Card Creator System - Unrestricted File Upload
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.
by bwnz
CVSS 9.8
EIP-2026-112069 EXPLOITDB text
Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting
by Vani K G
EIP-2026-106420 EXPLOITDB text
Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)
by Reza Afsahi
EIP-2026-106418 EXPLOITDB text
Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated)
by Reza Afsahi
EIP-2026-106287 EXPLOITDB text
Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting
by Vani K G
EIP-2026-105480 EXPLOITDB text
Billing Management System 2.0 - Union based SQL injection (Authenticated)
by Mohammad Koochaki
EIP-2026-104980 EXPLOITDB text
Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)
by Abdulkadir AYDOGAN
CVE-2021-33371 EXPLOITDB MEDIUM text
Student Management System v1.0 - XSS
A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box.
by mohsen khashei
CVSS 5.4
EIP-2026-111383 EXPLOITDB text
Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)
by Ayşenur KARAASLAN
EIP-2026-106419 EXPLOITDB text
Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (SQLi)
by Mesut Cetin
EIP-2026-106417 EXPLOITDB text
Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection (Authenticated)
by Mesut Cetin
CVE-2021-31721 EXPLOITDB MEDIUM text
Chevereto < 3.17.1 - XSS
Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.
by Akıner Kısa
CVSS 6.1
EIP-2026-117716 EXPLOITDB text
Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path
by 1F98D
CVE-2021-47829 EXPLOITDB HIGH text
DHCP Broadband 4.1.0.1503 - Code Injection
DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files\DHCP Broadband 4\dhcpt.exe' to inject malicious code that will execute during service startup with LocalSystem permissions.
by Erick Galindo
CVSS 7.8
CVE-2021-47828 EXPLOITDB HIGH text
BOOTP Turbo <2.0.0.1253 - Code Injection
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot.
by Erick Galindo
CVSS 7.8
EIP-2026-118003 EXPLOITDB text
TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
by Erick Galindo
EIP-2026-110771 EXPLOITDB text
PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
by Tyler Butler
EIP-2026-107673 EXPLOITDB text
Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)
by Reza Afsahi
CVE-2021-47833 EXPLOITDB HIGH text
WifiHotSpot 1.0.0.0 - Code Injection
WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.
by Erick Galindo
CVSS 7.8
CVE-2021-47739 EXPLOITDB HIGH text
Epic Games Easy Anti-Cheat 4.0 - Code Injection
Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute with LocalSystem privileges during application startup.
by LiquidWorm
CVSS 8.4
EIP-2026-117890 EXPLOITDB text
Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
by Erick Galindo
By Source
All 31,341 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24