Exploitdb Exploits

31,343 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-27515 EXPLOITDB MEDIUM text
Savsoft Quiz <5.0 - XSS
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.
by Dipak Panchal
CVSS 6.1
EIP-2026-116153 EXPLOITDB text
RarmaRadio 2.72.5 - Denial of Service (PoC)
by Ismael Nava
EIP-2026-113011 EXPLOITDB text
vBulletin 5.6.3 - 'group' Cross Site Scripting
by Vincent666
CVE-2021-47902 EXPLOITDB HIGH text
Testa Online Test Management System <3.4.7 - SQL Injection
Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user or system data.
by Ultra Security Team
CVSS 8.2
CVE-2020-36960 EXPLOITDB MEDIUM text
Forma LMS 2.3 - XSS
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '<script>alert(document.cookie)</script>' to execute arbitrary JavaScript when the profile is viewed by other users.
by Hemant Patidar
CVSS 6.4
CVE-2020-36959 EXPLOITDB HIGH text
IDT PC Audio 1.0.6499.0 - Privilege Escalation
IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account permissions during service startup.
by Diego Cañada
CVSS 7.8
CVE-2020-36951 EXPLOITDB HIGH text
Phpscript-sgh 0.1.0 - SQL Injection
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to extract sensitive database information through conditional sleep techniques.
by KeopssGroup0day_Inc
CVSS 8.2
CVE-2020-36950 EXPLOITDB MEDIUM text
Laravel Nova 3.7.0 - DoS
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
by iqzer0
CVSS 6.5
CVE-2020-35349 EXPLOITDB MEDIUM text
Techkshetrainfo Savsoft Quiz - XSS
Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).
by Dhruv Patel
CVSS 4.8
EIP-2026-114568 EXPLOITDB text
Zabbix 5.0.0 - Stored XSS via URL Widget Iframe
by Shwetabh Vishnoi
EIP-2026-109485 EXPLOITDB text
MiniCMS 1.10 - 'content box' Stored XSS
by yudp
EIP-2026-106113 EXPLOITDB text
Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting
by Parshwa Bhavsar
EIP-2026-105989 EXPLOITDB text
CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated)
by Eshan Singh
CVE-2020-28976 EXPLOITDB MEDIUM text
Canto - SSRF
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
by Pankaj Verma
CVSS 5.3
CVE-2020-36924 EXPLOITDB MEDIUM text
Sony BRAVIA Digital Signage 1.7.8 - RCE
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
by LiquidWorm
CVSS 6.1
CVE-2020-36922 EXPLOITDB HIGH text
Sony BRAVIA Digital Signage <1.7.8 - Info Disclosure
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
by LiquidWorm
CVSS 7.5
CVE-2020-35275 EXPLOITDB MEDIUM text
Coastercms - XSS
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.
by Hardik Solanki
CVSS 5.4
CVE-2020-26766 EXPLOITDB HIGH text
PHPGurukul User Registration & Login and User Management System Wit...
A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1.
by Dipak Panchal
CVSS 8.8
CVE-2020-29474 EXPLOITDB CRITICAL text
EGavilan Media EGM Address Book 1.0 - SQL Injection
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
by Mayur Parmar
CVSS 9.8
EIP-2026-104343 EXPLOITDB text
mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting
by Sagar Banwa
CVE-2020-29477 EXPLOITDB MEDIUM text
Invision Community 4.5.4 - XSS
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 4.8
CVE-2020-36974 EXPLOITDB HIGH text
Realtek Andrea RT Filters 1.0.64.7 - Code Injection
Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that would execute during service startup or system reboot.
by Manuel Alvarez
CVSS 7.8
CVE-2020-36945 EXPLOITDB HIGH text
WebDamn User Registration Login System - SQL Injection
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '<email>' OR '1'='1' in both username and password fields to gain unauthorized access to the user panel.
by Aakash Madaan
CVSS 8.2
CVE-2020-36944 EXPLOITDB MEDIUM text
ILIAS Learning Management System <4.3 - SSRF
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.
by Dot
CVSS 4.0
CVE-2020-36943 EXPLOITDB HIGH text
aSc TimeTables 2021.6.2 - DoS
aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application instability and potential crash.
by Ismael Nava
CVSS 7.5
By Source
All 31,343 Exploitdb 50,123 Writeup 46,867 Nomisec 21,211 Metasploit 3,189 Github 2,293 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,343 ruby 5,920 python 5,760 c 3,551 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 42 postscript 25 xml 24