Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-12352 EXPLOITDB MEDIUM c
Linux Kernel 5.4-5.4.71 - Unauthenticated Information Disclosure via BlueZ Access Control
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
by Google Security Research
CVSS 6.5
CVE-2020-5377 EXPLOITDB CRITICAL python
Dell EMC OpenManage Server Administrator < 9.4 - Unauthenticated Path Traversal via Web API Request
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
by Rhino Security Labs
CVSS 9.1
CVE-2021-30150 EXPLOITDB MEDIUM text
Composr 10.0.36 - Cross-Site Scripting in XML Script
Composr 10.0.36 allows XSS in an XML script.
by Orion Hridoy
CVSS 6.1
CVE-2020-14166 EXPLOITDB MEDIUM text
Jira Service Desk < 4.10.0 - Authenticated Stored Cross-Site Scripting via HTML File Upload
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
by Captain_hook
CVSS 4.8
CVE-2021-47849 EXPLOITDB MEDIUM text
Mini Mouse 9.3.0 - Path Traversal via Device Information Endpoint
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.
by gosh
CVSS 6.2
CVE-2020-16040 EXPLOITDB MEDIUM javascript
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by r4j0x00
CVSS 6.5
CVE-2020-6507 EXPLOITDB HIGH javascript
Google Chrome < 83.0.4103.106 - Remote Code Execution via V8 Out of Bounds Write
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by r4j0x00
CVSS 8.8
CVE-2021-34166 EXPLOITDB CRITICAL text
Simple Food Website 1.0 - SQL Injection
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.
by Viren Saroha
CVSS 9.8
CVE-2021-34165 EXPLOITDB CRITICAL text
Basic Shopping Cart 1.0 - SQL Injection
A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin.
by Viren Saroha
CVSS 9.8
CVE-2021-47852 EXPLOITDB HIGH text
Rockstar Games Launcher <1.0.37.349 - Privilege Escalation
Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system access.
by George Tsimpidas
CVSS 8.8
CVE-2021-47851 EXPLOITDB CRITICAL python
Mini Mouse 9.2.0 - Unauthenticated Remote Code Execution via /op=command Endpoint
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script commands.
by gosh
CVSS 9.8
CVE-2021-47850 EXPLOITDB HIGH text
Mini Mouse 9.2.0 - Path Traversal via HTTP Request
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating file and path parameters.
by gosh
CVSS 7.5
EIP-2026-110289 EXPLOITDB python
OpenEMR 4.1.0 - 'u' SQL Injection
by Michael Ikua
CVE-2021-47741 EXPLOITDB HIGH text
ZBL EPON ONU Broadband Router V100R001 - Privilege Escalation
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities.
by LiquidWorm
CVSS 7.5
CVE-2021-22986 EXPLOITDB CRITICAL python
F5 iControl REST Unauthenticated SSRF Token Generation RCE
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
by Al1ex
CVSS 9.8
EIP-2026-119420 EXPLOITDB python
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)
by Fellipe Oliveira
EIP-2026-104396 EXPLOITDB text
phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)
by Valerio Severini
EIP-2026-104303 EXPLOITDB text
Latrix 0.6.0 - 'txtaccesscode' SQL Injection
by cptsticky
EIP-2026-103321 EXPLOITDB python VERIFIED
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)
by Fellipe Oliveira
CVE-2021-47854 EXPLOITDB CRITICAL python
DD-WRT 45723 - Remote Code Execution via UPNP M-SEARCH UUID Buffer Overflow
DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH packets with oversized UUID payloads to trigger buffer overflow conditions on the target device.
by Enesdex
CVSS 9.8
EIP-2026-114565 EXPLOITDB text
Zabbix 3.4.7 - Stored XSS
by Radmil Gazizov
EIP-2026-104209 EXPLOITDB text
CourseMS 2.1 - 'name' Stored XSS
by cptsticky
CVE-2021-47855 EXPLOITDB HIGH text
OpenLiteSpeed 1.7.9 - Stored Cross-Site Scripting in Dashboard Notes Parameter
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.
by cmOs
CVSS 7.2
CVE-2020-23839 EXPLOITDB MEDIUM python
GetSimple CMS 3.3.16 - Reflected Cross-Site Scripting in Login Portal
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
by boku
CVSS 6.1
CVE-2021-30048 EXPLOITDB MEDIUM text
novel_boutique_house-plus 3.5.1 - Path Traversal via File Download filePath Parameter
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.
by tuyiqiang
CVSS 5.3