Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-0674 EXPLOITDB HIGH text
Microsoft Internet Explorer - Use After Free
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
by maxpl0it
CVSS 7.5
EIP-2026-117406 EXPLOITDB text
LCD_Service 1.0.1.0 - 'LCD_Service' Unquote Service Path
by Gerardo González
EIP-2026-113609 EXPLOITDB text
WordPress Plugin Buddypress 6.2.0 - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-112472 EXPLOITDB text
SugarCRM 6.5.18 - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-108130 EXPLOITDB text
Joomla Plugin Simple Image Gallery Extended (SIGE) 3.5.3 - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2020-36979 EXPLOITDB HIGH text
Atheros Coex Service App 8.0.0.255 - Privilege Escalation
Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the service path to gain elevated system privileges during service startup.
by Isabel Lopez
CVSS 7.8
CVE-2020-36970 EXPLOITDB HIGH text
PMB 5.6 - Info Disclosure
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/passwd by sending crafted requests to the getgif.php endpoint.
by 41-trk
CVSS 8.4
CVE-2020-25952 EXPLOITDB CRITICAL text
Phpgurukul User Registration & Login ... - SQL Injection
SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
by Mayur Parmar
CVSS 9.8
CVE-2020-29287 EXPLOITDB CRITICAL text
Car Rental Management System <1.0 - SQL Injection
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
by Mehmet Kelepçe
CVSS 9.8
EIP-2026-117423 EXPLOITDB text
Logitech Solar Keyboard Service - 'L4301_Solar' Unquoted Service Path
by Jair Amezcua
EIP-2026-117385 EXPLOITDB text
KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path
by IRVIN GIL
EIP-2026-116740 EXPLOITDB text
Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path
by Jair Amezcua
EIP-2026-113182 EXPLOITDB text
Water Billing System 1.0 - 'id' SQL Injection (Authenticated)
by Mehmet Kelepçe
EIP-2026-110460 EXPLOITDB text
Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated)
by Matthew Aberegg
EIP-2026-105716 EXPLOITDB text
Car Rental Management System 1.0 - Remote Code Execution (Authenticated)
by Mehmet Kelepçe
CVE-2020-36980 EXPLOITDB HIGH text
SAntivirus IC <10.0.21.61 - Code Injection
SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted executable path to inject malicious files in the service binary path, enabling privilege escalation to system-level permissions.
by Mara Ramirez
CVSS 7.8
EIP-2026-117312 EXPLOITDB text
IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path
by Isabel Lopez
EIP-2026-117044 EXPLOITDB text
DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path
by Teresa Q
CVE-2020-15478 EXPLOITDB HIGH text
Journal < 3.1.0 - Error Information Exposure
The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
by Jinson Varghese Behanan
CVSS 7.5
CVE-2020-26218 EXPLOITDB HIGH text
Touchbase.ai < 2.0 - Basic XSS
touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.
by Simran Sankhala
CVSS 8.0
CVE-2020-28183 EXPLOITDB CRITICAL text
Water Billing System - SQL Injection
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.
by Sarang Tumne
CVSS 9.8
EIP-2026-113793 EXPLOITDB text
Wordpress Plugin Good LMS 2.1.4 - 'id' Unauthenticated SQL Injection
by Abdulazeez Alaseeri
EIP-2026-106294 EXPLOITDB text
Customer Support System 1.0 - Cross-Site Request Forgery
by Ahmed Abbas
EIP-2026-106293 EXPLOITDB text
Customer Support System 1.0 - 'username' Authentication Bypass
by Ahmed Abbas
EIP-2026-106290 EXPLOITDB text
Customer Support System 1.0 - 'description' Stored XSS in The Admin Panel
by Ahmed Abbas
By Source
All 31,346 Exploitdb 50,130 Writeup 46,870 Nomisec 21,221 Metasploit 3,189 Github 2,316 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,920 python 5,770 c 3,560 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 74 go 43 postscript 25 xml 24