Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-37094 EXPLOITDB CRITICAL text
EspoCRM 5.8.5 - Authentication Bypass via Authorization Header Manipulation
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access to administrative user information and privileges.
by Besim
CVSS 9.8
CVE-2020-37059 EXPLOITDB HIGH text
Popcorn Time 6.2.1.14 - Privilege Escalation
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level permissions during service startup.
by Uriel Yochpaz
CVSS 7.8
EIP-2026-102368 EXPLOITDB text
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution
by LiquidWorm
EIP-2026-112925 EXPLOITDB text
User Management System 2.0 - Persistent Cross-Site Scripting
by Besim
EIP-2026-112924 EXPLOITDB text
User Management System 2.0 - Authentication Bypass
by Besim
EIP-2026-109108 EXPLOITDB text
Library CMS Powerful Book Management System 2.2.0 - Session Fixation
by Ismail Tasdelen
EIP-2026-106110 EXPLOITDB text
Complaint Management System 4.2 - Persistent Cross-Site Scripting
by Besim
EIP-2026-106109 EXPLOITDB text
Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User)
by Besim
EIP-2026-106108 EXPLOITDB text
Complaint Management System 4.2 - Authentication Bypass
by Besim
EIP-2026-102295 EXPLOITDB text
Sky File 2.1.0 iOS - Directory Traversal
by Vulnerability-Lab
EIP-2026-100944 EXPLOITDB ruby
Zen Load Balancer 3.10.1 - Directory Traversal (Metasploit)
by Dhiraj Mishra
CVE-2020-37097 EXPLOITDB HIGH text
Edimax EW-7438RPn <1.13 - Info Disclosure
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and plaintext password stored in device configuration variables.
by Besim
CVSS 7.5
CVE-2020-37096 EXPLOITDB MEDIUM text
Edimax EW-7438RPn 1.13 - Cross-Site Request Forgery in MAC Filtering Configuration
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without their consent.
by Besim
CVSS 5.3
EIP-2026-117873 EXPLOITDB python
RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow (SEH)
by Felipe Winsnes
EIP-2026-103295 EXPLOITDB text
Mahara 19.10.2 CMS - Persistent Cross-Site Scripting
by Vulnerability-Lab
CVE-2025-34079 EXPLOITDB HIGH text
NSClient++ <0.5.2.35 - Authenticated RCE
An authenticated remote code execution vulnerability exists in NSClient++ version 0.5.2.35 when the web interface and ExternalScripts module are enabled. A remote attacker with the administrator password can authenticate to the web interface (default port 8443), inject arbitrary commands as external scripts via the /settings/query.json API, save the configuration, and trigger the script via the /query/{name} endpoint. The injected commands are executed with SYSTEM privileges, enabling full remote compromise. This capability is an intended feature, but the lack of safeguards or privilege separation makes it risky when exposed to untrusted actors.
by kindredsec
CVSS 7.8
CVE-2025-34078 EXPLOITDB HIGH text
NSClient++ <0.5.2.35 - Privilege Escalation
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API. This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
by kindredsec
CVSS 7.8
CVE-2020-37148 EXPLOITDB LOW text
P5 FNIP-8x16A/FNIP-4xSH <1.0.20, 1.0.11 - XSS
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
by LiquidWorm
CVSS 3.5
CVE-2020-37118 EXPLOITDB LOW text
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.
by LiquidWorm
CVSS 3.5
CVE-2020-37117 EXPLOITDB HIGH text
jizhicms 1.6.7 - Authenticated Arbitrary File Download via Admin Plugins Update Endpoint
jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and download_url parameters to trigger unauthorized file downloads.
by jizhicms
CVSS 8.8
CVE-2020-37105 EXPLOITDB HIGH text
PMB 5.6 - Authenticated SQL Injection via logid Parameter
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php endpoint with manipulated logid values to interact with the database.
by 41-trk
CVSS 7.1
CVE-2021-47738 EXPLOITDB MEDIUM text
CSZ CMS 1.2.7 - Stored Cross-Site Scripting via Private Message User-Agent Header
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.
by Metin Yunus Kandemir
CVSS 5.4
CVE-2021-47737 EXPLOITDB MEDIUM text
CSZ CMS 1.2.7 - Authenticated HTML Injection via Member Messaging System
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.
by Metin Yunus Kandemir
CVSS 5.4
CVE-2020-36906 EXPLOITDB MEDIUM text
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.
by LiquidWorm
CVSS 4.3
CVE-2020-6857 EXPLOITDB MEDIUM python
CarbonFTP 1.4 - Use of a Broken or Risky Cryptographic Algorithm
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary.
by hyp3rlinx
CVSS 5.5