Exploitdb Exploits
50,135 exploits tracked across all sources.
School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting
by Suresh Kumar
PEEL Shopping 9.3.0 - XSS
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution.
by Anmol K Sachan
CVSS 7.2
Litespeedtech Openlitespeed - Improper Privilege Management
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.
by Metin Yunus Kandemir
CVSS 8.8
b2evolution CMS <6.11.6 - Open Redirect
Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php.
by Nakul Ratti
CVSS 6.1
b2evolution <6.11.6-stable - XSS
Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.
by Nakul Ratti
CVSS 6.1
Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)
by Ricardo Ruiz
b2evolution CMS <6.11.6 - XSS
Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.
by Soham Bakore
CVSS 4.8
Node-serialize < 0.0.4 - Insecure Deserialization
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
by UndeadLarva
CVSS 9.8
AnyTXT Searcher <1.2.394 - Buffer Overflow
An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .
by Mohammed Alshehri
CVSS 7.8
Epson USB Display <1.6.0.0 - Privilege Escalation
Epson USB Display 1.6.0.0 contains an unquoted service path vulnerability in the EMP_UDSA service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in intermediate directories to gain elevated system access.
by Hector Gerbacio
CVSS 7.8
Sourcecodester Car Rental Management System 1.0 - XSS
Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.
by Naved Shaikh
CVSS 5.4
Adobe Connect <11.4.5, 12.1.5 - Auth Bypass
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.
by h4shur
CVSS 5.3
YetiShare File Hosting Script 5.1.0 - SSRF
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
by numan türle
CVSS 4.0
MDaemon webmail <19.5.5 - XSS
Stored cross-site scripting (XSS) in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities.
by Kailash Bohara
CVSS 5.4
MDaemon webmail <19.5.5 - XSS
Authenticated stored cross-site scripting (XSS) in the contact name field in the distribution list of MDaemon webmail 19.5.5 allows an attacker to executes code and perform a XSS attack while opening a contact list.
by Kailash Bohara
CVSS 5.4
Millewin - Incorrect Default Permissions
Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation.
by Andrea Intilangelo
CVSS 8.8
Microsoft Internet Explorer 11 32-bit - Use-After-Free
by Forrest Orr
AMD Fuel Service - 'Fuel.service' Unquote Service Path
by Hector Gerbacio
WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities
by Erik David Martin
WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection
by Erik David Martin
WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities
by Erik David Martin
WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities
by Erik David Martin
By Source