Exploitdb Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36909 EXPLOITDB MEDIUM text
SnapGear Management Console SG560 3.1.5 - Privilege Escalation
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.
by LiquidWorm
CVSS 6.5
CVE-2020-36908 EXPLOITDB MEDIUM text
SnapGear Management Console SG560 3.1.5 - CSRF
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page.
by LiquidWorm
CVSS 5.3
EIP-2026-117345 EXPLOITDB text
IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path
by Gobinathan
EIP-2026-110343 EXPLOITDB text
Oriol Espinal CMS 1.0 - 'id' SQL Injection
by TSAR
EIP-2026-109842 EXPLOITDB text
Navigate CMS 2.8.7 - Authenticated Directory Traversal
by Gus Ralph
EIP-2026-105922 EXPLOITDB text
Clinic Management System 1.0 - Unauthenticated Remote Code Execution
by BKpatron
EIP-2026-105919 EXPLOITDB text
Clinic Management System 1.0 - Authenticated Arbitrary File Upload
by BKpatron
EIP-2026-104194 EXPLOITDB text
Cayin Digital Signage System xPost 2.5 - Remote Command Injection
by LiquidWorm
EIP-2026-104193 EXPLOITDB text
Cayin Content Management Server 11.0 - Remote Command Injection (root)
by LiquidWorm
CVE-2019-17525 EXPLOITDB HIGH text
Dlink Dir-615 Firmware - Brute Force
The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks.
by huzaifa hussain
CVSS 8.8
CVE-2020-10596 EXPLOITDB MEDIUM text
OpenCart 3.0.3.2 - XSS
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
by Kailash Bohara
CVSS 5.4
EIP-2026-105920 EXPLOITDB text
Clinic Management System 1.0 - Authentication Bypass
by BKpatron
CVE-2020-3952 EXPLOITDB CRITICAL text
VMware vCenter Server vmdir Information Disclosure
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
by Photubias
CVSS 9.8
CVE-2020-13426 EXPLOITDB MEDIUM text
WordPress Multi-Scheduler <1.0.0 - CSRF
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
by UnD3sc0n0c1d0
CVSS 6.5
CVE-2020-37057 EXPLOITDB HIGH text
Online-Exam-System 2015 - SQL Injection
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.
by Berk Dusunur
CVSS 8.2
CVE-2021-41487 EXPLOITDB CRITICAL text
Nokia Vitalsuite - SQL Injection
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
by Berk Dusunur
CVSS 9.8
CVE-2020-28146 EXPLOITDB MEDIUM text
Eyoucms < 1.4.7 - XSS
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
by China Banking and Insurance Information Technology Management Co.
CVSS 6.1
CVE-2020-26052 EXPLOITDB MEDIUM text
Phpgurukul Online Marriage Registration System - XSS
Online Marriage Registration System 1.0 is affected by stored cross-site scripting (XSS) vulnerabilities in multiple parameters.
by that faceless coder
CVSS 5.4
CVE-2020-23466 EXPLOITDB MEDIUM text
phpgurukul Online Marriage Registration System 1.0 - XSS
Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.
by that faceless coder
CVSS 5.4
CVE-2019-25260 EXPLOITDB HIGH text
OXID eShop <6.3.4 - SQL Injection
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute arbitrary code through crafted URLs.
by VulnSpy
CVSS 8.2
EIP-2026-110403 EXPLOITDB text
osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting
by Matthew Aberegg
EIP-2026-110402 EXPLOITDB text
osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting
by Matthew Aberegg
EIP-2026-109142 EXPLOITDB text
LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting
by Matthew Aberegg
EIP-2026-109052 EXPLOITDB text
Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting
by China Banking and Insurance Information Technology Management Co.
EIP-2026-113692 EXPLOITDB text
WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution
by Austin Martin
By Source
All 31,346 Exploitdb 50,130 Writeup 46,953 Nomisec 21,249 Metasploit 3,221 Github 2,386 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,952 python 5,798 c 3,565 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 85 go 45 postscript 25 xml 24