Exploitdb Exploits

50,186 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104424 EXPLOITDB text
Seacms 11.1 - 'ip and weburl' Remote Command Execution
by j5s
EIP-2026-104423 EXPLOITDB text
Seacms 11.1 - 'file' Local File Inclusion
by j5s
CVE-2020-2231 EXPLOITDB MEDIUM text
Jenkins <2.251-<2.235.3 - XSS
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
by gx1
CVSS 5.4
EIP-2026-101840 EXPLOITDB python
Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
by Maximilian Barz
CVE-2020-35202 EXPLOITDB MEDIUM text
Igniterealtime Openfire - XSS
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
by j5s
CVSS 5.4
CVE-2020-35201 EXPLOITDB MEDIUM text
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
by j5s
CVSS 5.4
CVE-2020-35199 EXPLOITDB MEDIUM text
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
by j5s
CVSS 5.4
CVE-2020-35329 EXPLOITDB MEDIUM text
Courier Management System - SQL Injection
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
by Zhaiyi
CVSS 6.5
CVE-2020-35328 EXPLOITDB MEDIUM text
Courier Management System - XSS
Courier Management System 1.0 - 'First Name' Stored XSS
by Zhaiyi
CVSS 5.4
CVE-2020-35327 EXPLOITDB MEDIUM text
Courier Management System - SQL Injection
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
by Zhaiyi
CVSS 6.5
EIP-2026-112493 EXPLOITDB text
Supply Chain Management System - Auth Bypass SQL Injection
by Piyush Malviya
CVE-2020-11819 EXPLOITDB CRITICAL bash
Rukovoditel - Path Traversal
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
by coiffeur
CVSS 9.8
EIP-2026-109391 EXPLOITDB text
Medical Center Portal Management System 1.0 - Multiple Stored XSS
by Saeed Bala Ahmed
EIP-2026-106514 EXPLOITDB python
Dolibarr 12.0.3 - SQLi to RCE
by coiffeur
CVE-2020-2229 EXPLOITDB MEDIUM text
Jenkins <2.251-2.235.3 - XSS
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
by gx1
CVSS 5.4
CVE-2020-2230 EXPLOITDB MEDIUM text
Jenkins <2.251-<2.235.3 - XSS
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
by gx1
CVSS 5.4
CVE-2020-36957 EXPLOITDB HIGH text
PDF Complete <3.5.310.2002 - Code Injection
PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
by Zaira Alquicira
CVSS 7.8
CVE-2020-36956 EXPLOITDB MEDIUM text
Openfire 4.6.0 - XSS
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page.
by j5s
CVSS 6.4
CVE-2020-35396 EXPLOITDB MEDIUM text
Egavilanmedia Barcodes Generator - XSS
EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.
by Nikhil Kumar
CVSS 6.1
CVE-2020-28838 EXPLOITDB LOW text
Opencart - CSRF
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
by Mahendra Purbia
CVSS 3.5
EIP-2026-113974 EXPLOITDB text
WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
by Ilca Lucian Florin
EIP-2026-109110 EXPLOITDB text
Library Management System 2.0 - Auth Bypass SQL Injection
by Manish Solanki
CVE-2020-36948 EXPLOITDB CRITICAL text
VestaCP 0.9.8-26 - Auth Bypass
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
by Vulnerability-Lab
CVSS 9.8
CVE-2020-29659 EXPLOITDB CRITICAL python
Flexense DupScout Enterprise 10.0.18 - Buffer Overflow
A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymous attacker to execute code as SYSTEM by overflowing the sid parameter via a GET /settings&sid= attack.
by Andrés Roldán
CVSS 9.8
CVE-2019-7214 EXPLOITDB CRITICAL python
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
by 1F98D
CVSS 9.8
By Source
All 50,186 Writeup 53,536 Exploitdb 50,186 Nomisec 21,428 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,948 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24