Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117501 EXPLOITDB html
Microsoft Internet Explorer 11 32-bit - Use-After-Free
by Forrest Orr
EIP-2026-116778 EXPLOITDB text
AMD Fuel Service - 'Fuel.service' Unquote Service Path
by Hector Gerbacio
EIP-2026-114188 EXPLOITDB text
WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection
by Erik David Martin
EIP-2026-114100 EXPLOITDB text
WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection
by Erik David Martin
EIP-2026-114097 EXPLOITDB text
WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities
by Erik David Martin
EIP-2026-114096 EXPLOITDB text
WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities
by Erik David Martin
EIP-2026-104438 EXPLOITDB text
SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS
by LiquidWorm
CVE-2021-26723 EXPLOITDB MEDIUM text
Jenzabar 9.2.0-9.2.2 - Cross-Site Scripting via Search Query Parameter
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
by y0ung_dst
CVSS 6.1
EIP-2026-103815 EXPLOITDB text VERIFIED
SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution
by LiquidWorm
EIP-2026-103814 EXPLOITDB text VERIFIED
SmartFoxServer 2X 2.17.0 - Credentials Disclosure
by LiquidWorm
CVE-2021-47904 EXPLOITDB HIGH python
PhreeBooks 5.2.3 - Authenticated RCE
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.
by Kr0ff
CVSS 8.8
CVE-2021-47903 EXPLOITDB HIGH text
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection
LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path traversal and bash command injection.
by SunCSR
CVSS 8.8
EIP-2026-111991 EXPLOITDB python
SEO Panel 4.6.0 - Remote Code Execution (2)
by Kr0ff
CVE-2021-26809 EXPLOITDB CRITICAL python
PHPGurukul Car Rental Project 2.0 - Remote Shell Upload via changeimage1.php
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.
by Jannick Tiger
CVSS 9.8
CVE-2020-23522 EXPLOITDB MEDIUM html
Pixelimity 1.0 - Cross-Site Request Forgery via Admin Setting Password Parameter
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
by Noth
CVSS 6.8
CVE-2021-3156 EXPLOITDB HIGH c
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by nu11secur1ty
CVSS 7.8
CVE-2021-3156 EXPLOITDB HIGH python
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
by West Shepherd
CVSS 7.8
CVE-2021-26762 EXPLOITDB HIGH text
PHPGurukul Student Record System 4.0 - SQL Injection via edit-course.php cid Parameter
SQL injection vulnerability in PHPGurukul Student Record System 4.0 allows remote attackers to execute arbitrary SQL statements, via the cid parameter to edit-course.php.
by Jannick Tiger
CVSS 8.8
EIP-2026-114725 EXPLOITDB c
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
EIP-2026-114724 EXPLOITDB c
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
by Marco Ivaldi
EIP-2026-114723 EXPLOITDB c
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (3)
by Marco Ivaldi
EIP-2026-114722 EXPLOITDB c
Solaris 10 (Intel) - 'dtprintinfo' Local Privilege Escalation (2)
by Marco Ivaldi
EIP-2026-114721 EXPLOITDB c
Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3)
by Marco Ivaldi
CVE-2020-37241 EXPLOITDB MEDIUM html
bloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent.
by LiPeiYi
CVSS 5.3
CVE-2021-3380 EXPLOITDB MEDIUM text
ICREM H8 SSRMS - Insecure Direct Object Reference via Print Invoice Functionality
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality.
by Mohammed Farhan
CVSS 6.5