Text Exploits
31,341 exploits tracked across all sources.
BlackCat CMS 1.3.6 - XSS
The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php.
by Kamaljeet Kumar
CVSS 4.8
Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
by Christian Vierschilling
Tasks <9.7.3 - Privilege Escalation
"Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.
by Lyhin\'s Lab
CVSS 6.8
Sourcecodester School File Mgmt 1.0 - XSS
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.
by Pintu Solanki
CVSS 5.4
PDF Complete Corporate Edition 4.1.45 - Code Injection
PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be run with elevated LocalSystem privileges.
by Ismael Nava
CVSS 7.8
School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting
by Suresh Kumar
PEEL Shopping 9.3.0 - XSS
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution.
by Anmol K Sachan
CVSS 7.2
b2evolution CMS <6.11.6 - Open Redirect
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.
by Nakul Ratti
CVSS 6.1
b2evolution <6.11.6-stable - XSS
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.
by Nakul Ratti
CVSS 6.1
b2evolution CMS <6.11.6 - XSS
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
by Soham Bakore
CVSS 4.8
AnyTXT Searcher <1.2.394 - Buffer Overflow
An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .
by Mohammed Alshehri
CVSS 7.8
Epson USB Display <1.6.0.0 - Privilege Escalation
Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.
by Hector Gerbacio
CVSS 7.8
Sourcecodester Car Rental Management System 1.0 - XSS
Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.
by Naved Shaikh
CVSS 5.4
Adobe Connect <11.4.5, 12.1.5 - Auth Bypass
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.
by h4shur
CVSS 5.3
YetiShare File Hosting Script 5.1.0 - SSRF
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
by numan türle
CVSS 4.0
MDaemon webmail <19.5.5 - XSS
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.
by Kailash Bohara
CVSS 5.4
MDaemon webmail <19.5.5 - XSS
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.
by Kailash Bohara
CVSS 5.4
Millewin - Incorrect Default Permissions
Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.
by Andrea Intilangelo
CVSS 8.8
AMD Fuel Service - 'Fuel.service' Unquote Service Path
by Hector Gerbacio
WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities
by Erik David Martin
WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities
by Erik David Martin
By Source