Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114182 EXPLOITDB text
WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)
by Renos Nikolaou
EIP-2026-109113 EXPLOITDB text
Library System 1.0 - 'student_id' SQL injection (Authenticated)
by Vinay Bhuria
EIP-2026-101203 EXPLOITDB python
Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers
by Michael Alamoot
CVE-2020-36926 EXPLOITDB HIGH text
SmarterTrack 7922 - Info Disclosure
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.
by Andrei Manole
CVSS 7.5
EIP-2026-117561 EXPLOITDB text
Microsoft Windows cmd.exe - Stack Buffer Overflow
by hyp3rlinx
EIP-2026-110577 EXPLOITDB text
Pharmacy Point of Sale System 1.0 - SQLi Authentication BYpass
by Janik Wehrli
CVE-2021-47786 EXPLOITDB HIGH python
Redragon Gaming Mouse - Denial of Service via Malformed IOCTL Request
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver.
by Quadron Research Lab
CVSS 7.5
CVE-2021-45268 EXPLOITDB HIGH html
Backdrop CMS 1.20 - Cross-Site Request Forgery to Remote Code Execution via Malicious Add-on Upload
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
by V1n1v131r4
CVSS 8.8
CVE-2021-24272 EXPLOITDB MEDIUM html
fitness_calculators < 1.9.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting
The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
by 0xB9
CVSS 4.3
CVE-2021-24169 EXPLOITDB MEDIUM text
Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting via Admin Panel Tab Parameter
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
by 0xB9
CVSS 6.1
EIP-2026-113516 EXPLOITDB python
Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload
by spacehen
EIP-2026-111394 EXPLOITDB text
Police Crime Record Management Project 1.0 - Time Based SQLi
by ()t/\\/\\1
EIP-2026-105638 EXPLOITDB text
Budget and Expense Tracker System 1.0 - Arbitrary File Upload
by ()t/\\/\\1
CVE-2021-40875 EXPLOITDB HIGH bash
Gurock TestRail <7.2.0.3014 - Info Disclosure
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data.
by Sick Codes
CVSS 7.5
CVE-2021-47937 EXPLOITDB HIGH python
e107 CMS 2.3.0 Authenticated Remote Code Execution via Theme Upload
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to the e107_themes directory, then execute system commands via the payload.php script.
by Halit AKAYDIN
CVSS 8.8
CVE-2021-47935 EXPLOITDB HIGH python
Sentry 8.2.0 Remote Code Execution via Pickle Deserialization
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with application privileges.
by Mohin Paramasivam
CVSS 8.8
CVE-2021-47787 EXPLOITDB HIGH text
TotalAV <5.15.69 - Privilege Escalation
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
by Andrea Intilangelo
CVSS 7.8
CVE-2021-41646 EXPLOITDB CRITICAL python
Online Reviewer System 1.0 - Remote Code Execution via Malicious PHP File Upload
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..
by Abdullah Khawaja
CVSS 9.8
EIP-2026-112063 EXPLOITDB text
Simple Attendance System 1.0 - Unauthenticated Blind SQLi
by ()t/\\/\\1
CVE-2019-13358 EXPLOITDB HIGH python
OpenCats < 0.9.4-3 - XML External Entity Injection via DOCX/ODT File Upload
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.
by Jake Ruston
CVSS 7.5
EIP-2026-107094 EXPLOITDB python
Filerun 2021.03.26 - Remote Code Execution (RCE) (Authenticated)
by syntegris information solutions GmbH
CVE-2021-40868 EXPLOITDB MEDIUM text
Cloudron 6.2 - Reflected Cross-Site Scripting via Login Page returnTo Parameter
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
by Akıner Kısa
CVSS 6.1
CVE-2021-47789 EXPLOITDB HIGH python
Yenkee YMS 3029 Firmware - Denial of Service via GM312Fltr.sys DeviceIoControl Buffer Overrun
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.
by Quadron Research Lab
CVSS 7.5
CVE-2021-47788 EXPLOITDB HIGH python
WebsiteBaker 2.13.0 - Authenticated Remote Code Execution via Language Installation Endpoint
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language installation parameters to achieve remote code execution on the server.
by Halit AKAYDIN
CVSS 8.8
CVE-2021-41645 EXPLOITDB HIGH text
Sourcecodester Budget and Expense Tracker System 1.0 - Remote Code Execution via Image Upload
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .
by Abdullah Khawaja
CVSS 8.8
By Source
All 50,076 Writeup 62,600 Exploitdb 50,076 Nomisec 22,502 Github 3,754 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,637 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 140 go 74 postscript 25 typescript 25