Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-17519 EXPLOITDB HIGH ruby VERIFIED
Apache Flink JobManager Traversal
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
by SunCSR Team
CVSS 7.5
CVE-2021-3118 EXPLOITDB CRITICAL text
EVOLUCARE ECSIMAGING < 6.21.5 - SQL Injection via Login and Password Reset Forms
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component runs as root.) NOTE: This vulnerability only affects products that are no longer supported by the maintainer
by shoxxdj
CVSS 9.8
CVE-2020-35131 EXPLOITDB CRITICAL text
Cockpit < 0.6.1 - Remote Code Execution via registerCriteriaFunction
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI.
by Rafael Resende
CVSS 9.8
EIP-2026-106864 EXPLOITDB text
Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
EIP-2026-106765 EXPLOITDB text
ECSIMAGING PACS 6.21.5 - Remote code execution
by shoxxdj
EIP-2026-106279 EXPLOITDB text
Curfew e-Pass Management System 1.0 - Stored XSS
by Arnav Tripathy
EIP-2026-106245 EXPLOITDB text
CRUD Operation 1.0 - Multiple Stored XSS
by Arnav Tripathy
EIP-2026-101794 EXPLOITDB text
iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)
by h4cks1n
CVE-2021-47984 EXPLOITDB MEDIUM text
WordPress Plugin WP24 Domain Check 1.6.2 Stored XSS
WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldnameDomain parameter. Attackers can inject JavaScript payloads through the plugin settings form at options.php that execute in the browsers of administrators viewing the settings page.
by Mehmet Kelepçe
CVSS 6.4
CVE-2021-47901 EXPLOITDB CRITICAL text
dirsearch 0.4.1 - CSV Injection via Redirect Endpoint Path
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report.
by Dolev Farhi
CVSS 9.8
CVE-2020-36952 EXPLOITDB HIGH text
IObit Uninstaller 10 Pro - Privilege Escalation
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-level permissions during service startup.
by Mayur Parmar
CVSS 7.8
CVE-2020-36938 EXPLOITDB HIGH text
WinAVR <20100110 - Privilege Escalation
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.
by Mohammed Alshehri
CVSS 8.8
CVE-2020-25950 EXPLOITDB MEDIUM text
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery via My Additional Contact Page
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that can delete a contact from the My Additional Contact page.
by Rahul Ramakant Singh
CVSS 4.3
CVE-2018-16156 EXPLOITDB HIGH powershell VERIFIED
PaperStream IP (TWAIN) 1.42.0.5685 - Unauthenticated Local Privilege Escalation via Untrusted Search Path
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.
by 1F98D
CVSS 7.8
EIP-2026-113870 EXPLOITDB text
WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting
by Nhat Ha
EIP-2026-111760 EXPLOITDB text
Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)
by Arnav Tripathy
EIP-2026-111746 EXPLOITDB text
Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE
by Kshitiz Raj
EIP-2026-111745 EXPLOITDB text
Responsive E-Learning System 1.0 - Stored Cross Site Scripting
by Kshitiz Raj
EIP-2026-106960 EXPLOITDB text
Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting
by Shivam Verma
CVE-2020-35737 EXPLOITDB HIGH text
Newgen eGov <12.0 - Info Disclosure
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
by ALI AL SINAN
CVSS 7.5
CVE-2021-3018 EXPLOITDB CRITICAL text
ipeak Infosystems ibexwebCMS <3.5 - SQL Injection
ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQL injection via the id parameter on the /cms/print.php page.
by MoeAlBarbari
CVSS 9.8
CVE-2019-11229 EXPLOITDB HIGH python VERIFIED
Gitea < 1.7.6 and 1.8.x < 1.8-RC3 - Remote Code Execution via Mirror Repository URL Mishandling
models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.
by 1F98D
CVSS 8.8
CVE-2020-10199 EXPLOITDB HIGH python VERIFIED
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
by 1F98D
CVSS 8.8
EIP-2026-102335 EXPLOITDB text VERIFIED
H2 Database 1.4.199 - JNI Code Execution
by 1F98D
CVE-2021-47983 EXPLOITDB MEDIUM text
WordPress Plugin Stripe Payments 2.0.39 Stored XSS via currency_code
WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[currency_code] parameter. Attackers can submit POST requests to /wp-admin/options.php with script payloads in the currency_code field to execute arbitrary JavaScript in administrator browsers when settings are viewed.
by Park Won Seok
CVSS 6.4