Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101827 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Remote Code Execution
by LiquidWorm
EIP-2026-101826 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Factory Reset (Unauthenticated)
by LiquidWorm
EIP-2026-101825 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)
by LiquidWorm
EIP-2026-101824 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Command Injection (Authenticated)
by LiquidWorm
EIP-2026-101823 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Authentication Bypass
by LiquidWorm
EIP-2026-101340 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Hard coded Credentials Shell Access
by LiquidWorm
EIP-2026-101031 EXPLOITDB text
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Device Reboot (Unauthenticated)
by LiquidWorm
CVE-2021-47874 EXPLOITDB HIGH text
VFS for Git 1.0.21014.1 - Privilege Escalation
VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot.
by Mohammed Alshehri
CVSS 7.8
CVE-2021-47873 EXPLOITDB HIGH text VERIFIED
VestaCP < 0.9.8-25 - Stored Cross-Site Scripting via v_interface Parameter
VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload.
by numan türle
CVSS 7.2
CVE-2021-47872 EXPLOITDB HIGH text
SEO Panel < 4.9.0 - Authenticated Blind SQL Injection via order_col Parameter
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter.
by Piyush Patil
CVSS 7.1
CVE-2021-47871 EXPLOITDB HIGH text
Hestia Control Panel 1.3.2 - File Write
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.
by numan türle
CVSS 8.8
EIP-2026-111695 EXPLOITDB text
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)
by Murat ŞEKER
CVE-2021-26935 EXPLOITDB HIGH text
wowonder < 3.1 - SQL Injection via event_id Parameter
In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.
by securityforeveryone.com
CVSS 7.5
CVE-2021-28940 EXPLOITDB CRITICAL text
MagpieRSS 0.72 - OS Command Injection via RSS URL Parameter
Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpie_debug.php and /scripts/magpie_simple.php page that if you send a specific https url in the RSS URL field, you are able to execute arbitrary commands.
by bl4ckh4ck5
CVSS 9.8
CVE-2021-47880 EXPLOITDB HIGH text
Realtek Wireless LAN Utility 700.1631 - Privilege Escalation
Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot.
by Luis Martínez
CVSS 7.8
CVE-2021-47879 EXPLOITDB HIGH text
eBeam Interactive Suite 3.6 - Privilege Escalation
eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.
by Luis Martínez
CVSS 7.8
CVE-2021-47878 EXPLOITDB HIGH text
eBeam Education Suite 2.5.0.9 - Code Injection
eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup.
by Luis Martínez
CVSS 7.8
EIP-2026-117806 EXPLOITDB text
QNAP QVR Client 5.0.0.13230 - 'QVRService' Unquoted Service Path
by Luis Martínez
CVE-2021-26830 EXPLOITDB CRITICAL text
Zenario < 8.8.53370 - SQL Injection via Plugin Library Delete Module ID Parameter
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
by Balaji Ayyasamy
CVSS 9.1
EIP-2026-111693 EXPLOITDB text
rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)
by Murat ŞEKER
CVE-2021-27695 EXPLOITDB MEDIUM text
openMAINT 2.1-3.3-b - Stored Cross-Site Scripting via Name and Code Parameters
Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters.
by Hosein Vita
CVSS 6.1
CVE-2021-43458 EXPLOITDB HIGH text
Vembu BDR 4.2.0.1 - Unquoted Service Path
An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
by Mohammed Alshehri
CVSS 7.8
EIP-2026-109556 EXPLOITDB text
Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection
by Richard Jones
CVE-2021-47955 EXPLOITDB MEDIUM text
CouchCMS 2.2.1 Cross-Site Scripting via SVG File Upload
CouchCMS 2.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript by uploading malicious SVG files through the file upload functionality. Attackers can upload SVG files containing embedded script tags to the browse.php endpoint, which are then executed in users' browsers when the files are accessed or previewed.
by xxcdd
CVSS 5.4
CVE-2021-47726 EXPLOITDB HIGH text
NuCom 11N Wireless Router 5.07.90 - Privilege Escalation
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to retrieve and decode the admin password in Base64 format.
by LiquidWorm
CVSS 7.5
By Source
All 31,386 Writeup 62,302 Exploitdb 50,076 Nomisec 22,417 Github 3,632 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,573 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25