Exploitdb Exploits
50,135 exploits tracked across all sources.
Yodinfo Mini Mouse - Path Traversal
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.
by gosh
CVSS 6.2
Google Chrome versions before 87.0.4280.88 integer overflow during SimplfiedLowering phase
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by r4j0x00
CVSS 6.5
Google Chrome < 83.0.4103.106 - Out-of-Bounds Write
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
by r4j0x00
CVSS 8.8
Simple Food Website - SQL Injection
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.
by Viren Saroha
CVSS 9.8
Basic Shopping Cart - SQL Injection
A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin.
by Viren Saroha
CVSS 9.8
Rockstar Games Launcher <1.0.37.349 - Privilege Escalation
Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system access.
by George Tsimpidas
CVSS 8.8
Yodinfo Mini Mouse - OS Command Injection
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script commands.
by gosh
CVSS 9.8
Yodinfo Mini Mouse - Path Traversal
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating file and path parameters.
by gosh
CVSS 7.5
ZBL EPON ONU Broadband Router V100R001 - Privilege Escalation
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities.
by LiquidWorm
CVSS 7.5
F5 iControl REST Unauthenticated SSRF Token Generation RCE
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
by Al1ex
CVSS 9.8
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)
by Fellipe Oliveira
phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)
by Valerio Severini
ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)
by Fellipe Oliveira
DD-WRT <45723 - Buffer Overflow
DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH packets with oversized UUID payloads to trigger buffer overflow conditions on the target device.
by Enesdex
CVSS 9.8
Openlitespeed 1.7.9 - XSS
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.
by cmOs
CVSS 7.2
GetSimple CMS <3.3.16 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
by boku
CVSS 6.1
Novel-plus 3.5.1 - Path Traversal
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.
by tuyiqiang
CVSS 5.3
VSFTPD 3.0.3 - DoS
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
by xynmaps
CVSS 7.5
Budget Management System - XSS
A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.
by Jitendra Kumar Tripathi
CVSS 5.4
Equipment Inventory System - XSS
Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.
by Jitendra Kumar Tripathi
CVSS 5.4
Flexense Syncbreeze - Memory Corruption
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.
by Filipe Oliveira
CVSS 7.8
By Source