Exploitdb Exploits

EIP-2026-105639 EXPLOITDB text

Budget and Expense Tracker System 1.0 - Authenticated Bypass

by Prunier Charles-Yves

View

EIP-2026-104461 EXPLOITDB text

T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery (CSRF)

by Alperen Ergel

View

CVE-2021-34646 EXPLOITDB CRITICAL python

Booster For Woocommerce < 5.4.3 - Authentication Bypass

Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.

by 0xB455

CVSS 9.8

View

EIP-2026-112062 EXPLOITDB text

Simple Attendance System 1.0 - Authenticated bypass

by Abdullah Khawaja

View

EIP-2026-109109 EXPLOITDB python

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)

by boku

View

EIP-2026-107810 EXPLOITDB python

ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated)

by Halit AKAYDIN

View

CVE-2021-42230 EXPLOITDB CRITICAL text

Seowonintech 130-slc Firmware < 2021-09-15 - Remote Code Execution

Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the queriesCnt parameter.

by Aryan Chehreghani

CVSS 9.8

View

EIP-2026-112494 EXPLOITDB text

Support Board 3.3.3 - 'Multiple' SQL Injection (Unauthenticated)

by John Jefferson Li

View

EIP-2026-106946 EXPLOITDB python

Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)

by Halit AKAYDIN

View

EIP-2026-105120 EXPLOITDB python

AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)

by Ricardo Ruiz

View

EIP-2026-111593 EXPLOITDB python VERIFIED

Purchase Order Management System 1.0 - Remote File Upload

by Aryan Chehreghani

View

CVE-2021-38833 EXPLOITDB CRITICAL python

PHPGurukul AVMS <1.0 - SQL Injection

SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows attackers to execute arbitrary SQL statements and to gain RCE.

by mari0x00

CVSS 9.8

View

CVE-2021-47790 EXPLOITDB HIGH text VERIFIED

Active WebCam 11.5 - Code Injection

Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured service path by placing malicious executables in specific directory locations to gain administrative access.

by Salman Asad

CVSS 7.8

View

CVE-2021-24040 EXPLOITDB CRITICAL python

Facebook Parlai < 1.1.0 - Insecure Deserialization

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.

by Abhiram V

CVSS 9.8

View

EIP-2026-113687 EXPLOITDB python

Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload

by spacehen

View

EIP-2026-109415 EXPLOITDB text

Men Salon Management System 1.0 - Multiple Vulnerabilities

by Aryan Chehreghani

View

EIP-2026-101686 EXPLOITDB text

ECOA Building Automation System - Weak Default Credentials

by Neurogenesia

View

EIP-2026-101685 EXPLOITDB text

ECOA Building Automation System - Remote Privilege Escalation

by Neurogenesia

View

EIP-2026-101684 EXPLOITDB text

ECOA Building Automation System - Path Traversal Arbitrary File Upload

by Neurogenesia

View

EIP-2026-101683 EXPLOITDB text

ECOA Building Automation System - Local File Disclosure

by Neurogenesia

View

EIP-2026-101682 EXPLOITDB text

ECOA Building Automation System - Directory Traversal Content Disclosure

by Neurogenesia

View

EIP-2026-101681 EXPLOITDB text

ECOA Building Automation System - Cookie Poisoning Authentication Bypass

by Neurogenesia

View

EIP-2026-101680 EXPLOITDB text

ECOA Building Automation System - Configuration Download Information Disclosure

by Neurogenesia

View

EIP-2026-101679 EXPLOITDB text

ECOA Building Automation System - Arbitrary File Deletion

by Neurogenesia

View

EIP-2026-101678 EXPLOITDB text

ECOA Building Automation System - 'multiple' Cross-Site Request Forgery (CSRF)

by Neurogenesia

View