Exploitdb Exploits

50,135 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101471 EXPLOITDB text
Tenda HG6 v3.3.0 - Remote Command Injection
by LiquidWorm
CVE-2021-43164 EXPLOITDB HIGH python
Ruijie Networks RG-EW - RCE
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless.
by Minh Khoa
CVSS 8.8
CVE-2021-46379 EXPLOITDB MEDIUM text
DLink DIR850 ET850-1.08TRb03 - Open Redirect
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
by Ahmed Alroky
CVSS 6.1
CVE-2021-46378 EXPLOITDB HIGH text
DLink DIR850 ET850-1.08TRb03 - Info Disclosure
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.
by Ahmed Alroky
CVSS 7.5
CVE-2021-46381 EXPLOITDB HIGH text
D-Link DAP-1620 - Path Traversal
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
by Momen Eldawakhly
CVSS 7.5
CVE-2021-45783 EXPLOITDB MEDIUM text
Bookeen Notea Firmware BK_R_1.0.5_20210608 - Path Traversal
Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information.
by Clement MAILLIOUX
CVSS 4.6
CVE-2022-1175 EXPLOITDB HIGH text
Gitlab < 14.7.7 - XSS
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
by Greenwolf
CVSS 8.7
CVE-2022-1162 EXPLOITDB CRITICAL text
Gitlab < 14.7.7 - Hard-coded Credentials
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
by Greenwolf
CVSS 9.1
CVE-2022-50915 EXPLOITDB HIGH text
PTPublisher 2.3.4 - Code Injection
PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Primera Technology\PTPublisher\UsbFlashDongleService.exe' to inject malicious executables and gain system-level access.
by bios
CVSS 7.8
CVE-2022-50914 EXPLOITDB HIGH text VERIFIED
EaseUS Data Recovery <15.1.0.0 - Code Injection
EaseUS Data Recovery 15.1.0.0 contains an unquoted service path vulnerability in the EaseUS UPDATE SERVICE executable. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
by bios
CVSS 8.4
EIP-2026-118756 EXPLOITDB python
ManageEngine ADSelfService Plus 6.1 - User Enumeration
by Metin Yunus Kandemir
EIP-2026-117489 EXPLOITDB text
Microsoft Exchange Mailbox Assistants 15.0.847.40 - 'Service MSExchangeMailboxAssistants' Unquoted Service Path
by Antonio Cuomo
EIP-2026-117487 EXPLOITDB text
Microsoft Exchange Active Directory Topology 15.0.847.40 - 'Service MSExchangeADTopology' Unquoted Service Path
by Antonio Cuomo
EIP-2026-114172 EXPLOITDB text
WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)
by UnD3sc0n0c1d0
CVE-2022-1104 EXPLOITDB MEDIUM text
Code-atlantic Popup Maker < 1.16.5 - XSS
The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
by Roel van Beurden
CVSS 4.8
EIP-2026-113907 EXPLOITDB text
WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection
by Mohsen Dehghani
EIP-2026-113717 EXPLOITDB python
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
by AkuCyberSec
EIP-2026-111948 EXPLOITDB text
Scriptcase 9.7 - Remote Code Execution (RCE)
by luckyt0mat0
CVE-2021-42136 EXPLOITDB CRITICAL text
Vanderbilt Redcap < 11.4.0 - XSS
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.
by Kendrick Lam
CVSS 9.0
CVE-2022-24181 EXPLOITDB MEDIUM text
PKP Open Journals System >=2.4.8 - XSS
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.
by Hemant Kashyap
CVSS 6.1
EIP-2026-107305 EXPLOITDB text
Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)
by Ali J
CVE-2022-0482 EXPLOITDB CRITICAL ruby
GitHub alextselegidis/easyappointments <1.4.3 - Info Disclosure
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
by Alexandre ZANNI
CVSS 9.1
CVE-2021-4039 EXPLOITDB CRITICAL text
Zyxel NWA-1100-NH - Command Injection
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.
by Ahmed Alroky
CVSS 9.8
EIP-2026-101490 EXPLOITDB text
Verizon 4G LTE Network Extender - Weak Credentials Algorithm
by LiquidWorm
EIP-2026-101252 EXPLOITDB html
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Scripting (XSS)
by LiquidWorm
By Source
All 50,135 Exploitdb 50,135 Writeup 46,968 Nomisec 21,259 Metasploit 3,228 Github 2,444 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,832 c 3,570 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 87 go 47 postscript 25 xml 24