Exploitdb Exploits
50,130 exploits tracked across all sources.
Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
by LiquidWorm
Sielco Analog FM Transmitter 2.12 - Remote Privilege Escalation
by LiquidWorm
Ever Gauzy <0.281.9 - Auth Bypass
Ever Gauzy v0.281.9 contains a JWT authentication vulnerability that allows attackers to exploit weak HMAC secret key implementation. Attackers can leverage the exposed JWT token to authenticate and gain unauthorized access with administrative permissions.
by nu11secur1ty
CVSS 9.8
BrainyCP 1.0 - Authenticated RCE
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port.
by Ahmet Ümit BAYRAM
CVSS 8.8
SourceCodester Online Computer and Laptop Store 1.0 - Unrestricted ...
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.
by Matisse Beckandt
CVSS 6.3
Microsoft Edge <Webview2 - SSRF
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
by nu11secur1ty
CVSS 8.2
Paradox Security Systems IPR512 - DoS
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.
by Giorgi Dograshvili
CVSS 7.5
Eset Endpoint Antivirus < 8.1.2062.0 - Improper Privilege Management
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
by Milad karimi
CVSS 7.8
ActFax 10.10 - Privilege Escalation
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to gain elevated system access when the service restarts.
by Birkan ALHAN
CVSS 6.2
WebsiteBaker 2.13.3 - XSS
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when the page is viewed by other users.
by Mirabbas Ağalarov
CVSS 5.4
Dotclear 2.25.3 - RCE
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed, enabling arbitrary code execution on the server.
by Mirabbas Ağalarov
CVSS 8.8
Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation
by TOUHAMI Kasbaoui
RSA NetWitness <12.2 - Privilege Escalation
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
by hyp3rlinx
CVSS 6.7
X2engine X2crm - XSS
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.
by Betul Denizler
CVSS 5.4
X2engine X2crm - XSS
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.
by Betul Denizler
CVSS 5.4
Restaurant Management System 1.0 - SQL Injection
by calfcrusher
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
by nu11secur1ty
Online Appointment System V1.0 - Cross-Site Scripting (XSS)
by Sanjay Singh
By Source