Exploitdb Exploits

50,135 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112102 EXPLOITDB text
Simple Issue Tracker System 1.0 - SQLi Authentication Bypass
by Bekir Bugra TURKOGLU
EIP-2026-110575 EXPLOITDB html
Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)
by Murat DEMİRCİ
EIP-2026-110135 EXPLOITDB text
Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass
by Blackhan
EIP-2026-106098 EXPLOITDB text
Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated)
by Yash Mahajan
EIP-2026-104310 EXPLOITDB text
Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)
by Mert Daş
CVE-2021-42013 EXPLOITDB CRITICAL bash VERIFIED
Apache HTTP Server < 9.2.6.0 - Path Traversal
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
by Lucas Souza
CVSS 9.8
CVE-2020-10770 EXPLOITDB MEDIUM python
Keycloak <13.0.0 - SSRF
A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
by Mayank Deshmukh
CVSS 5.3
CVE-2021-20031 EXPLOITDB MEDIUM text
Sonicwall Sonicos < 7.0.1-r1262 - Open Redirect
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
by Ramikan
CVSS 6.1
CVE-2025-34077 EXPLOITDB CRITICAL text
WordPress Pie Register <3.7.1.4 - Auth Bypass
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
by Lotfi13-DZ
CVE-2021-42224 EXPLOITDB CRITICAL text
Phpgurukul Ifsc Code Finder - SQL Injection
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
by Yash Mahajan
CVSS 9.8
CVE-2021-47781 EXPLOITDB CRITICAL text
Cmder Console Emulator 1.3.18 - DoS
Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console emulator's buffer and crash the application.
by Aryan Chehreghani
CVSS 9.8
CVE-2021-42053 EXPLOITDB MEDIUM text
Unicorn < 0.35.3 - XSS
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
by Raven Security Associates
CVSS 5.4
EIP-2026-112120 EXPLOITDB text
Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation
by Amine ismail
EIP-2026-112118 EXPLOITDB text
Simple Online College Entrance Exam System 1.0 - Account Takeover
by Amine ismail
EIP-2026-112117 EXPLOITDB text
Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection
by Amine ismail
EIP-2026-110197 EXPLOITDB text
Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)
by snup
EIP-2026-110094 EXPLOITDB text
Online Enrollment Management System 1.0 - Authentication Bypass
by Amine ismail
EIP-2026-110093 EXPLOITDB text
Online Employees Work From Home Attendance System 1.0 - SQLi Authentication Bypass
by Merve Oral
CVE-2021-32172 EXPLOITDB CRITICAL python
Maianscriptworld Maian Cart - Missing Authorization
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.
by DreyAnd
CVSS 9.8
EIP-2026-109196 EXPLOITDB text
Loan Management System 1.0 - SQLi Authentication Bypass
by Merve Oral
CVE-2021-42223 EXPLOITDB MEDIUM text
Phpgurukul Online DJ Booking Management System - XSS
Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.
by Yash Mahajan
CVSS 6.1
EIP-2026-112119 EXPLOITDB text
Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass
by Mevlüt Yılmaz
EIP-2026-110196 EXPLOITDB text
Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated)
by snup
EIP-2026-110195 EXPLOITDB text
Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated)
by snup
EIP-2026-110194 EXPLOITDB text
Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)
by snup
By Source
All 50,135 Exploitdb 50,135 Writeup 48,129 Nomisec 21,326 Metasploit 3,228 Github 2,557 Vulncheck_xdb 901 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,901 c 3,575 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 249 shell 95 go 52 postscript 25 xml 24