Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112472 EXPLOITDB text
SugarCRM 6.5.18 - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-108130 EXPLOITDB text
Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2020-36979 EXPLOITDB HIGH text
Atheros Coex Service App 8.0.0.255 - Privilege Escalation
Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup.
by Isabel Lopez
CVSS 7.8
CVE-2020-36970 EXPLOITDB HIGH text
PMB 5.6 - Info Disclosure
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.
by 41-trk
CVSS 8.4
CVE-2020-25952 EXPLOITDB CRITICAL text
Phpgurukul User Registration & Login ... - SQL Injection
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
by Mayur Parmar
CVSS 9.8
CVE-2020-29287 EXPLOITDB CRITICAL text
Car Rental Management System <1.0 - SQL Injection
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
by Mehmet Kelepçe
CVSS 9.8
EIP-2026-117423 EXPLOITDB text
Logitech Solar Keyboard Service - 'L4301_Solar' Unquoted Service Path
by Jair Amezcua
EIP-2026-117385 EXPLOITDB text
KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path
by IRVIN GIL
EIP-2026-116740 EXPLOITDB text
Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path
by Jair Amezcua
EIP-2026-113182 EXPLOITDB text
Water Billing System 1.0 - 'id' SQL Injection (Authenticated)
by Mehmet Kelepçe
EIP-2026-110460 EXPLOITDB text
Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated)
by Matthew Aberegg
EIP-2026-105716 EXPLOITDB text
Car Rental Management System 1.0 - Remote Code Execution (Authenticated)
by Mehmet Kelepçe
CVE-2020-36980 EXPLOITDB HIGH text
SAntivirus IC <10.0.21.61 - Code Injection
SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling privilege escalation to system-level permissions.
by Mara Ramirez
CVSS 7.8
EIP-2026-117312 EXPLOITDB text
IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path
by Isabel Lopez
EIP-2026-117044 EXPLOITDB text
DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path
by Teresa Q
CVE-2020-15478 EXPLOITDB HIGH text
Journal < 3.1.0 - Error Information Exposure
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
by Jinson Varghese Behanan
CVSS 7.5
CVE-2020-26218 EXPLOITDB HIGH text
Touchbase.ai < 2.0 - Basic XSS
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.
by Simran Sankhala
CVSS 8.0
CVE-2020-28183 EXPLOITDB CRITICAL text
Water Billing System - SQL Injection
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
by Sarang Tumne
CVSS 9.8
EIP-2026-113793 EXPLOITDB text
Wordpress Plugin Good LMS 2.1.4 - 'id' Unauthenticated SQL Injection
by Abdulazeez Alaseeri
EIP-2026-106294 EXPLOITDB text
Customer Support System 1.0 - Cross-Site Request Forgery
by Ahmed Abbas
EIP-2026-106293 EXPLOITDB text
Customer Support System 1.0 - 'username' Authentication Bypass
by Ahmed Abbas
EIP-2026-106290 EXPLOITDB text
Customer Support System 1.0 - 'description' Stored XSS in The Admin Panel
by Ahmed Abbas
EIP-2026-106038 EXPLOITDB text
CMSUno 1.6.2 - 'user' Remote Code Execution (Authenticated)
by Fatih Çelik
CVE-2020-28351 EXPLOITDB MEDIUM text
Mitel Shoretel Firmware - XSS
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
by Joe Helle
CVSS 6.1
CVE-2020-15255 EXPLOITDB HIGH text
Anuko Time Tracker <1.19.23.5325 - Info Disclosure
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version 1.19.23.5325.
by Mufaddal Masalawala
CVSS 8.7
By Source
All 31,341 Exploitdb 50,121 Writeup 46,839 Nomisec 21,209 Metasploit 3,189 Github 2,279 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,750 c 3,551 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24