Exploitdb Exploits

50,135 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106862 EXPLOITDB text
Employee Record Management System 1.2 - Stored Cross-Site Scripting (XSS)
by Subhadip Nag
CVE-2021-36621 EXPLOITDB HIGH text
Online Covid Vaccination Scheduler System - SQL Injection
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.
by faisalfs10x
CVSS 8.1
CVE-2018-15877 EXPLOITDB HIGH python
Plainview Activity Monitor < 20180826 - OS Command Injection
The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.
by Beren Kuday GÖRÜN
CVSS 8.8
CVE-2021-22911 EXPLOITDB CRITICAL python VERIFIED
Rocket.Chat <3.14 - SQL Injection
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
by enox
CVSS 9.8
CVE-2021-40303 EXPLOITDB MEDIUM text
perfex crm <1.10 - XSS
perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.
by Alhasan Abbas
CVSS 5.4
CVE-2021-36624 EXPLOITDB CRITICAL text
Phone Shop Sales Management System - SQL Injection
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
by faisalfs10x
CVSS 9.8
CVE-2021-36623 EXPLOITDB CRITICAL text
Sourcecodester Phone Shop Sales Management System 1.0 - RCE
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
by faisalfs10x
CVSS 9.8
CVE-2021-47799 EXPLOITDB MEDIUM text
Visual Tools DVR VX16 <4.2.28 - Privilege Escalation
Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized system-level privileges.
by Andrea D\'Ubaldo
CVSS 6.2
CVE-2019-14322 EXPLOITDB HIGH python
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
by faisalfs10x
CVSS 7.5
EIP-2026-113566 EXPLOITDB python
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal
by TheSmuggler
EIP-2026-106951 EXPLOITDB php
Exam Hall Management System 1.0 - Unrestricted File Upload (Unauthenticated)
by Thamer Almohammadi
EIP-2026-105481 EXPLOITDB python
Billing System Project 1.0 - Remote Code Execution (RCE) (Unauthenticated)
by Talha DEMİRSOY
CVE-2021-42071 EXPLOITDB CRITICAL text
Visual-tools Dvr Vx16 Firmware - OS Command Injection
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.
by Andrea D\'Ubaldo
CVSS 9.8
EIP-2026-101865 EXPLOITDB python
Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated)
by SivertPL
EIP-2026-101568 EXPLOITDB python
Black Box Kvm Extender 3.4.31307 - Local File Inclusion
by Ferhat Çil
CVE-2021-43484 EXPLOITDB CRITICAL python
Simple Client Management System 1.0 - RCE
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.
by Ishan Saha
CVSS 9.8
EIP-2026-114219 EXPLOITDB text
WordPress Plugin WP Learn Manager 1.1.2 - Stored Cross-Site Scripting (XSS)
by Mohammed Adam
CVE-2021-24155 EXPLOITDB HIGH python
Backup-guard Backup Guard < 1.6.0 - Unrestricted File Upload
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
by Ron Jost
CVSS 7.2
EIP-2026-112623 EXPLOITDB python
TextPattern CMS 4.9.0-dev - Remote Command Execution (RCE) (Authenticated)
by Mevlüt Akçam
EIP-2026-110297 EXPLOITDB ruby VERIFIED
OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated) (2)
by Alexandre ZANNI
EIP-2026-110204 EXPLOITDB python
Online Voting System 1.0 - SQLi (Authentication Bypass) + Remote Code Execution (RCE)
by Geiseric
EIP-2026-110059 EXPLOITDB text
Online Birth Certificate System 1.1 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Subhadip Nag
EIP-2026-105844 EXPLOITDB text
Church Management System 1.0 - Arbitrary File Upload (Authenticated)
by Murat DEMİRCİ
EIP-2026-105842 EXPLOITDB text
Church Management System 1.0 - 'password' SQL Injection (Authentication Bypass)
by Murat DEMİRCİ
EIP-2026-105841 EXPLOITDB text
Church Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Murat DEMİRCİ
By Source
All 50,135 Exploitdb 50,135 Writeup 49,930 Nomisec 21,368 Metasploit 3,228 Github 2,568 Vulncheck_xdb 901 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,908 c 3,575 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24