Text Exploits
31,386 exploits tracked across all sources.
Online Student's Management System 1.0 - Remote Code Execution (Authenticated)
by Akıner Kısa
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
by Matthew Aberegg
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
by Matthew Aberegg
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting
by Matthew Aberegg
PHPGurukul hostel-management-system 2.1 - Stored XSS via Guardian Name/Relation/Contact/Address/City
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.
by Kokn3t
CVSS 5.4
Jenkins Pipeline: Groovy Plugin <2.63 - RCE
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
by Daniel Morris
CVSS 9.9
SourceCodester Employee Management System 1.0 - XSS
A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.
by Ankita Pal
CVSS 5.4
SourceCodester Alumni Management System 1.0 - SQL Injection
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.
by Ankita Pal
CVSS 9.8
aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)
by Ünsal Furkan Harani
Seat Reservation System 1.0 - SQL Injection via admin_class.php Login Parameters
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
by Rahul Ramkumar
CVSS 9.1
Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated)
by b1nary
Company Visitor Management System (CVMS) 1.0 - Authentication Bypass
by Oğuz Türkgenç
Simple Grocery Store Sales and Inventory System - Authentication Bypass and SQL Injection via Login
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.
by Saurav Shukla
CVSS 9.8
Vehicle Parking Management System 1.0 - Authentication Bypass
by BKpatron
berliCRM 1.0.24 - SQL Injection via src_record Parameter
berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information.
by Ahmet Ümit BAYRAM
CVSS 8.2
Battle.Net 1.27.1.12428 - Insecure File Permissions
by George Tsimpidas
Liman 0.7 - Cross-Site Request Forgery
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting unauthorized requests.
by George Tsimpidas
CVSS 5.3
By Source