Exploitdb Exploits

50,135 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114257 EXPLOITDB text
WordPress Plugin WP-Paginate 2.1.3 - 'preset' Stored XSS
by Park Won Seok
EIP-2026-114088 EXPLOITDB text
WordPress Plugin Stripe Payments 2.0.39 - 'AcceptStripePayments-settings[currency_code]' Stored XSS
by Park Won Seok
EIP-2026-111759 EXPLOITDB text
Resumes Management and Job Application Website 1.0 - Authentication Bypass
by Kshitiz Raj
EIP-2026-111748 EXPLOITDB python
Responsive FileManager 9.13.4 - 'path' Path Traversal
by Sun* Cyber Security Research Team
EIP-2026-110147 EXPLOITDB text
Online Movie Streaming 1.0 - Authentication Bypass
by Kshitiz Raj
EIP-2026-110134 EXPLOITDB python
Online Learning Management System 1.0 - RCE (Authenticated)
by Bedri Sertkaya
CVE-2020-35729 EXPLOITDB CRITICAL python VERIFIED
Klogserver Klog Server - OS Command Injection
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
by B3KC4T
CVSS 9.8
EIP-2026-106261 EXPLOITDB text
CSZ CMS 1.2.9 - Multiple Cross-Site Scripting
by SunCSR
CVE-2020-29597 EXPLOITDB CRITICAL html
IncomCMS 2.0 - File Upload
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server.
by MoeAlBarbari
CVSS 9.8
EIP-2026-104276 EXPLOITDB python
HPE Edgeline Infrastructure Manager 1.0 - Multiple Remote Vulnerabilities
by Jeremy Brown
EIP-2026-104231 EXPLOITDB text
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Persistent Cross-Site Scripting
by Mesut Cetin
EIP-2026-103346 EXPLOITDB python
Zoom Meeting Connector 4.6.239.20200613 - Remote Root Exploit (Authenticated)
by Jeremy Brown
CVE-2020-36931 EXPLOITDB MEDIUM text
Click2Magic 1.1.5 - XSS
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests.
by Shivam Verma
CVSS 6.4
CVE-2020-36953 EXPLOITDB HIGH text
MiniTool ShadowMaker 3.2 - Local Privilege Escalation
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentService.exe' to inject malicious executables and escalate privileges.
by Thalia Nieto
CVSS 7.8
CVE-2020-36941 EXPLOITDB CRITICAL text
Knockpy 4.1.1 - Code Injection
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute when the CSV is opened in spreadsheet applications.
by Dolev Farhi
CVSS 9.8
CVE-2020-36940 EXPLOITDB CRITICAL python
Easy CD & DVD Cover Creator 4.13 - Buffer Overflow
Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an application crash.
by stresser
CVSS 9.8
CVE-2020-35853 EXPLOITDB MEDIUM text
4homepages 4images - XSS
4images Image Gallery Management System 1.7.11 is affected by cross-site scripting (XSS) in the Image URL. This vulnerability can result in an attacker to inject the XSS payload into the IMAGE URL. Each time a user visits that URL, the XSS triggers and the attacker can be able to steal the cookie according to the crafted payload.
by Ritesh Gohil
CVSS 4.8
CVE-2020-36925 EXPLOITDB CRITICAL python
Arteco Web Client DVR/NVR - Auth Bypass
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.
by LiquidWorm
CVSS 9.8
CVE-2019-16223 EXPLOITDB MEDIUM text
WordPress <5.2.3 - XSS
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
by gx1
CVSS 5.4
CVE-2020-35437 EXPLOITDB MEDIUM text
Intelliants Subrion Cms - XSS
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
by icekam
CVSS 6.1
EIP-2026-111895 EXPLOITDB python VERIFIED
sar2html 3.2.1 - 'plot' Remote Code Execution
by Musyoka Ian
CVE-2020-28413 EXPLOITDB MEDIUM python
Mantisbt < 2.24.4 - SQL Injection
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users function through the API SOAP.
by EthicalHCOP
CVSS 5.3
EIP-2026-105988 EXPLOITDB text
CMS Made Simple 2.2.15 - RCE (Authenticated)
by Andrey Stoykov
CVE-2020-35598 EXPLOITDB HIGH text
Advanced Comment System - Path Traversal
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
by Francisco Javier Santiago Vázquez
CVSS 7.5
CVE-2018-19585 EXPLOITDB HIGH python
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
by Norbert Hofmann
CVSS 7.5
By Source
All 50,135 Writeup 52,991 Exploitdb 50,135 Nomisec 21,420 Metasploit 3,228 Github 2,580 Vulncheck_xdb 903 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,917 c 3,577 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24