Exploitdb Exploits
50,186 exploits tracked across all sources.
Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting
by Parshwa Bhavsar
CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated)
by Eshan Singh
Canto - SSRF
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
by Pankaj Verma
CVSS 5.3
Google Chrome <84.0.4147.89 - Auth Bypass
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
by Gal Weizman
CVSS 6.5
Sony BRAVIA Digital Signage 1.7.8 - RCE
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
by LiquidWorm
CVSS 6.1
Sony BRAVIA Digital Signage <1.7.8 - Info Disclosure
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
by LiquidWorm
CVSS 7.5
Coastercms - XSS
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.
by Hardik Solanki
CVSS 5.4
PHPGurukul User Registration & Login and User Management System Wit...
A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1.
by Dipak Panchal
CVSS 8.8
EGavilan Media EGM Address Book 1.0 - SQL Injection
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
by Mayur Parmar
CVSS 9.8
Online Matrimonial Project 1.0 - Authenticated Remote Code Execution
by Valerio Alessandroni
mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting
by Sagar Banwa
Invision Community 4.5.4 - XSS
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 4.8
Ksix Zigbee Smart Home Kit <1.0.3 <1.0.7 - Replay Attack via Frame Counter
A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attacker within wireless range can resend captured packets with a higher sequence number, which the devices incorrectly accept as legitimate messages. This allows spoofed commands to be injected without authentication, triggering false alerts and misleading the user through notifications in the mobile application used to monitor the network.
by Alejandro Vazquez Vazquez
CVSS 9.1
Realtek Andrea RT Filters 1.0.64.7 - Code Injection
Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that would execute during service startup or system reboot.
by Manuel Alvarez
CVSS 7.8
WebDamn User Registration Login System - SQL Injection
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '<email>' OR '1'='1' in both username and password fields to gain unauthorized access to the user panel.
by Aakash Madaan
CVSS 8.2
ILIAS Learning Management System <4.3 - SSRF
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.
by Dot
CVSS 4.0
aSc TimeTables 2021.6.2 - DoS
aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application instability and potential crash.
by Ismael Nava
CVSS 7.5
Phpgurukul Employee Record Management System - SQL Injection
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
by Anurag Kumar
CVSS 9.8
Egavilanmedia Expense Management System - XSS
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field
by Nikhil Kumar
CVSS 6.1
Bakeshop Online Ordering System - XSS
Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories".
by Parshwa Bhavsar
CVSS 4.8
Dotcms - XSS
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
by Hardik Solanki
CVSS 4.8
Egavilanmedia User Registration & Login System With Admin Panel - CSRF
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.
by Hardik Solanki
CVSS 8.0
Student Result Management System - SQL Injection
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.
by Ritesh Gohil
CVSS 9.1
Egavilanmedia User Registration And L... - XSS
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
by Soushikta Chowdhury
CVSS 6.1
By Source