Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114097 EXPLOITDB text
WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities
by Erik David Martin
EIP-2026-114096 EXPLOITDB text
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
by Erik David Martin
EIP-2026-114094 EXPLOITDB text
WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion
by Erik David Martin
EIP-2026-104438 EXPLOITDB text
SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS
by LiquidWorm
CVE-2021-26723 EXPLOITDB MEDIUM text
Jenzabar < 9.2.2 - XSS
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
by y0ung_dst
CVSS 6.1
EIP-2026-103815 EXPLOITDB text VERIFIED
SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution
by LiquidWorm
EIP-2026-103814 EXPLOITDB text VERIFIED
SmartFoxServer 2X 2.17.0 - Credentials Disclosure
by LiquidWorm
CVE-2021-47903 EXPLOITDB HIGH text
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection.
by SunCSR
CVSS 8.8
CVE-2021-26762 EXPLOITDB HIGH text
Phpgurukul Student Record System - SQL Injection
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.
by Jannick Tiger
CVSS 8.8
CVE-2021-3380 EXPLOITDB MEDIUM text
Height8tech H8 Ssrms - IDOR
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.
by Mohammed Farhan
CVSS 6.5
CVE-2021-47905 EXPLOITDB MEDIUM text
MyBB Delete Account Plugin 1.4 - XSS
MyBB Delete Account Plugin 1.4 contains a cross-site scripting vulnerability in the account deletion reason input field. Attackers can inject malicious scripts that will execute in the admin interface when viewing delete account reasons.
by 0xB9
CVSS 6.1
CVE-2018-25132 EXPLOITDB MEDIUM text
MyBB Trending Widget Plugin 1.2 - XSS
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.
by 0xB9
CVSS 6.1
CVE-2018-25116 EXPLOITDB MEDIUM text
MyBB Thread Redirect Plugin 0.2.1 - XSS
MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.
by 0xB9
CVSS 6.1
EIP-2026-114643 EXPLOITDB text
Zoo Management System 1.0 - 'anid' SQL Injection
by Zeyad Azima
EIP-2026-113045 EXPLOITDB text
Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting
by Anmol K Sachan
EIP-2026-112923 EXPLOITDB text
User Management System 1.0 - 'uid' SQL Injection
by Zeyad Azima
EIP-2026-110481 EXPLOITDB text VERIFIED
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
by Zeyad Azima
CVE-2021-47906 EXPLOITDB MEDIUM text
BloofoxCMS 0.5.2.1 - XSS
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users' cookies.
by LiPeiYi
CVSS 6.4
CVE-2021-31650 EXPLOITDB CRITICAL text
Online Grading System - SQL Injection
A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.
by Ruchi Tiwari
CVSS 9.8
EIP-2026-112138 EXPLOITDB text
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
by Richard Jones
EIP-2026-112137 EXPLOITDB text
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
by Richard Jones
CVE-2021-3337 EXPLOITDB HIGH text
Hide Thread Content - Incorrect Authorization
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.
by 0xB9
CVSS 7.5
CVE-2020-36115 EXPLOITDB MEDIUM text
Egavilanmedia Phpcrud - XSS
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.
by Mahendra Purbia
CVSS 5.4
EIP-2026-114092 EXPLOITDB text
WordPress Plugin SuperForms 4.9 - Arbitrary File Upload
by ABDO10
CVE-2021-47724 EXPLOITDB MEDIUM text
Stvs Provision - Path Traversal
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.
by LiquidWorm
CVSS 6.5
By Source
All 31,341 Exploitdb 50,121 Writeup 46,831 Nomisec 21,202 Metasploit 3,189 Github 2,265 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,745 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24