Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-47733 EXPLOITDB MEDIUM text
CMSimple 5.4 - Stored Cross-Site Scripting via HTML Unicode Encoding Bypass
CMSimple 5.4 contains a cross-site scripting vulnerability that allows attackers to bypass input filtering by using HTML to Unicode encoding. Attackers can inject malicious scripts by encoding payloads like ')-alert(1)// and execute arbitrary JavaScript when victims interact with delete buttons.
by heinjame
CVSS 6.1
CVE-2021-46368 EXPLOITDB HIGH text
TRIGONE Remote System Monitor <3.61 - Privilege Escalation
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
by Yehia Elghaly
CVSS 7.8
CVE-2021-46367 EXPLOITDB HIGH text
ritecms < 3.1.0 - Authenticated Remote Code Execution via PHP File Upload
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.
by faisalfs10x
CVSS 7.2
CVE-2021-35380 EXPLOITDB HIGH text
Solari di Udine TTServer 3.24.0.2 - Path Traversal
A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, which lets an unauthenticated malicious user gain access to the files on the remote system by gaining access to the relative path of the file they want to download (http://url:port/file?valore).
by Fabiano Golluscio
CVSS 7.5
CVE-2021-43326 EXPLOITDB HIGH powershell
Automox Agent <32 - Privilege Escalation
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
by Greg Foss
CVSS 7.8
CVE-2021-43857 EXPLOITDB CRITICAL python
Gerapy < 0.9.8 - Remote Code Execution
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
by Jeremiasz Pluta
CVSS 9.8
CVE-2021-24750 EXPLOITDB HIGH python
WP Visitor Statistics <4.8 - SQL Injection
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
by Ron Jost
CVSS 8.8
CVE-2021-39312 EXPLOITDB HIGH python
True Ranker <= 2.2.2 - Unauthenticated Arbitrary File Read via src Parameter
The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file.
by Liad Levy
CVSS 7.5
EIP-2026-113645 EXPLOITDB text
WordPress Plugin Contact Form Entries 1.1.6 - Cross Site Scripting (XSS) (Unauthenticated)
by Gaetano Perrone
EIP-2026-113109 EXPLOITDB text
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
by Milad karimi
EIP-2026-112602 EXPLOITDB python
Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated)
by n0tme
CVE-2021-45425 EXPLOITDB MEDIUM text
SAFARI Montage 8.3 and 8.5 - Reflected Cross-Site Scripting
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.
by Momen Eldawakhly
CVSS 6.1
EIP-2026-111546 EXPLOITDB text
Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
by Oscar Gil Gutierrez
EIP-2026-110321 EXPLOITDB text
openSIS Student Information System 8.0 - 'multiple' SQL Injection
by securityforeveryone.com
CVE-2021-45814 EXPLOITDB CRITICAL text
Nettmp NNT 5.1 - SQL Injection
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
by Momen Eldawakhly
CVSS 9.8
EIP-2026-109597 EXPLOITDB python
Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)
by Tagoletta
EIP-2026-109596 EXPLOITDB python
Movie Rating System 1.0 - Broken Access Control (Admin Account Creation) (Unauthenticated)
by Tagoletta
EIP-2026-109115 EXPLOITDB text
Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
by Akash Patil
EIP-2026-107628 EXPLOITDB text
Hospitals Patient Records Management System 1.0 - Account TakeOver
by twseptian
EIP-2026-107625 EXPLOITDB text
Hospitals Patient Records Management System 1.0 - 'id' SQL Injection (Authenticated)
by twseptian
EIP-2026-104186 EXPLOITDB text
BeyondTrust Remote Support 6.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
by Malcrove
CVE-2019-16516 EXPLOITDB MEDIUM python
ConnectWise Control <19.3.25270.7185 - Info Disclosure
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.
by Luca Cuzzolin
CVSS 5.3
EIP-2026-101254 EXPLOITDB text
Dixell XWEB 500 - Arbitrary File Write
by Roberto Palamaro
EIP-2026-101148 EXPLOITDB python
Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS)
by Yehia Elghaly
EIP-2026-101080 EXPLOITDB python
Siemens S7 Layer 2 - Denial of Service (DoS)
by RoseSecurity
By Source
All 50,076 Writeup 62,594 Exploitdb 50,076 Nomisec 22,498 Github 3,743 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,633 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 138 go 73 postscript 25 typescript 25