Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109389 EXPLOITDB text
Medical Center Portal Management System 1.0 - 'id' SQL Injection
by Saeed Bala Ahmed
EIP-2026-107897 EXPLOITDB text
Interview Management System 1.0 - Stored XSS in Add New Question
by Saeed Bala Ahmed
EIP-2026-107896 EXPLOITDB text
Interview Management System 1.0 - 'id' SQL Injection
by Saeed Bala Ahmed
EIP-2026-106863 EXPLOITDB text
Employee Record System 1.0 - Multiple Stored XSS
by Saeed Bala Ahmed
EIP-2026-106518 EXPLOITDB python
Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)
by Yilmaz Degirmenci
EIP-2026-106292 EXPLOITDB text
Customer Support System 1.0 - 'id' SQL Injection
by Saeed Bala Ahmed
EIP-2026-106291 EXPLOITDB text
Customer Support System 1.0 - _First Name_ & _Last Name_ Stored XSS
by Saeed Bala Ahmed
EIP-2026-106143 EXPLOITDB text
Content Management System 1.0 - 'id' SQL Injection
by Zhaiyi
EIP-2026-106142 EXPLOITDB text
Content Management System 1.0 - 'First Name' Stored XSS
by Zhaiyi
EIP-2026-106141 EXPLOITDB text
Content Management System 1.0 - 'email' SQL Injection
by Zhaiyi
CVE-2020-35488 EXPLOITDB HIGH text
nxlog < 3.0.2272 - Denial of Service via Crafted Syslog Payload
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)
by Guillaume PETIT
CVSS 7.5
EIP-2026-101834 EXPLOITDB python
Linksys RE6500 1.0.11.001 - Unauthenticated RCE
by RE-Solver
CVE-2020-36955 EXPLOITDB MEDIUM text
Grav CMS 1.6.30 with Admin Plugin 1.9.18 - Authenticated Stored Cross-Site Scripting via Page Title Field
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the page is viewed in the admin panel or on the site.
by Sagar Banwa
CVSS 6.4
CVE-2020-35370 EXPLOITDB HIGH text
raysync < 3.3.3.8 - Unauthenticated Remote Code Execution via Path Traversal
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
by james
CVSS 8.8
EIP-2026-111994 EXPLOITDB text
Seotoaster 3.2.0 - Stored XSS on Edit page properties
by Hardik Solanki
EIP-2026-111502 EXPLOITDB text
PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
by Frederic ADAM
EIP-2026-102024 EXPLOITDB javascript
Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)
by ChendoChap
EIP-2026-100074 EXPLOITDB python
Magic Home Pro 1.5.1 - Authentication Bypass
by Victor Hanna
CVE-2020-37239 EXPLOITDB CRITICAL c
libbabl 0.1.62 Broken Double Free Detection Memory Safety
libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc metadata overwrites babl's signature field upon freeing, enabling potential memory corruption and code execution.
by Carter Yagemann
CVSS 9.8
CVE-2020-14871 EXPLOITDB CRITICAL c
Oracle Solaris 10-11 - Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
by Hacker Fantastic
CVSS 10.0
EIP-2026-112560 EXPLOITDB text
Task Management System 1.0 - 'page' Local File Inclusion
by İsmail BOZKURT
EIP-2026-110140 EXPLOITDB python
Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (2)
by Andrea Bruschi
CVE-2020-3452 EXPLOITDB HIGH python
Cisco ASA 9.6-9.6.4.42 & FTD 6.2.3-6.2.3.16 Unauthenticated Path Traversal
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
by Freakyclown
CVSS 7.5
CVE-2021-43462 EXPLOITDB MEDIUM text
Rumble Mail Server 0.51.3135 - Cross-Site Scripting via Username Parameter
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.
by Mohammed Alshehri
CVSS 5.4
CVE-2021-43461 EXPLOITDB MEDIUM text
Rumble Mail Server 0.51.3135 - Cross-Site Scripting via Servername Parameter
Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.
by Mohammed Alshehri
CVSS 5.4