Exploitdb Exploits

50,135 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101251 EXPLOITDB html
Delta Controls enteliTOUCH 3.40.3935 - Cross-Site Request Forgery (CSRF)
by LiquidWorm
EIP-2026-101250 EXPLOITDB text
Delta Controls enteliTOUCH 3.40.3935 - Cookie User Password Disclosure
by LiquidWorm
CVE-2022-29320 EXPLOITDB HIGH text
MiniTool Partition Wizard v12.0 - Privilege Escalation
MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
by Saud Alenazi
CVSS 7.8
CVE-2022-29014 EXPLOITDB HIGH text
Razer Sila Gaming Router <2.0.441_api-2.0.418 - Info Disclosure
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.
by Kevin Randall
CVSS 7.5
CVE-2022-29013 EXPLOITDB CRITICAL text
Razer Sila Gaming Router <v2.0.441_api-2.0.418 - Command Injection
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
by Kevin Randall
CVSS 9.8
CVE-2021-46417 EXPLOITDB HIGH text
Franklinfueling Colibri Firmware - Path Traversal
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.
by Momen Eldawakhly
CVSS 7.5
CVE-2021-46419 EXPLOITDB CRITICAL text
Telesquare TLR-2855KS6 - Info Disclosure
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
by Momen Eldawakhly
CVSS 9.1
CVE-2021-46418 EXPLOITDB HIGH text
Telesquare TLR-2855KS6 - Info Disclosure
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
by Momen Eldawakhly
CVSS 7.5
CVE-2021-46416 EXPLOITDB HIGH text
SUNNY TRIPOWER 5.0 - Info Disclosure
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.
by Momen Eldawakhly
CVSS 8.1
CVE-2022-23909 EXPLOITDB HIGH text
Sherpa Connector Service <2020.2.20328.2050 - Privilege Escalation
There is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a "C:\Program Files\Sherpa Software\Sherpa.exe" file.
by Manthan Chhabra
CVSS 7.8
CVE-2021-42171 EXPLOITDB HIGH python
Tribalsystems Zenario < 9.0.55143 - Unrestricted File Upload
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
by minhnq22
CVSS 7.2
CVE-2022-26180 EXPLOITDB HIGH text
qdPM 9.2 - CSRF
qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.
by Chetanya Sharma
CVSS 8.8
CVE-2022-1163 EXPLOITDB MEDIUM text
Minewebcms < 1.15.2 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next.
by Chetanya Sharma
CVSS 4.8
EIP-2026-109021 EXPLOITDB text
KLiK Social Media Website 1.0 - 'Multiple' SQLi
by corpse
EIP-2026-107729 EXPLOITDB text
ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion
by Devansh Bordia
CVE-2021-43009 EXPLOITDB MEDIUM text
OpServices OpMon <9.11 - XSS
A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL.
by Marlon Petry
CVSS 6.1
CVE-2021-43149 EXPLOITDB text
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
by Marlon Petry
CVE-2021-36356 EXPLOITDB CRITICAL python
KRAMER VIAware - RCE
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
by sharkmoos
CVSS 9.8
EIP-2026-114171 EXPLOITDB text
WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion
by Hassan Khan Yusufzai
CVE-2021-24405 EXPLOITDB MEDIUM text
Izsoft Easy Cookies Policy < 1.6.2 - Incorrect Authorization
The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue.
by 0xB9
CVSS 6.5
EIP-2026-113673 EXPLOITDB text
WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)
by Hassan Khan Yusufzai
EIP-2026-113616 EXPLOITDB text
WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion
by Hassan Khan Yusufzai
EIP-2026-113538 EXPLOITDB text
WordPress Plugin admin-word-count-column 2.2 - Local File Read
by Hassan Khan Yusufzai
CVE-2021-26599 EXPLOITDB CRITICAL php
Impresscms < 1.4.4 - SQL Injection
ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.
by Egidio Romano
CVSS 9.8
EIP-2026-106588 EXPLOITDB text
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)
by Milad karimi
By Source
All 50,135 Exploitdb 50,135 Writeup 46,968 Nomisec 21,259 Metasploit 3,228 Github 2,444 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,832 c 3,570 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 87 go 47 postscript 25 xml 24