Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116901 EXPLOITDB python
BlazeDVD 7.0.2 - Buffer Overflow (SEH)
by areyou1or0
EIP-2026-114424 EXPLOITDB text
Xeroneit Library Management System 3.0 - 'category' SQL Injection
by Sohel Yousef
EIP-2026-111970 EXPLOITDB text
SeedDMS 5.1.18 - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-109236 EXPLOITDB text
Macs Framework 1.14f CMS - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-106399 EXPLOITDB text
DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting
by Vulnerability Research Laboratory
EIP-2026-102298 EXPLOITDB text
SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-102233 EXPLOITDB text
File Transfer iFamily 2.1 - Directory Traversal
by Vulnerability-Lab
EIP-2026-102213 EXPLOITDB text
AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
CVE-2020-37150 EXPLOITDB HIGH text
Edimax EW-7438RPn-v3 Mini 1.27 - Info Disclosure
Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication.
by Wadeek
CVSS 7.5
CVE-2020-37149 EXPLOITDB HIGH text
Edimax EW-7438RPn-v3 Mini 1.27 - CSRF
Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the /goform/mp endpoint, resulting in arbitrary command execution on the device with the user's privileges.
by Wadeek
CVSS 8.1
CVE-2020-37125 EXPLOITDB CRITICAL text
Edimax EW-7438RPn-v3 Mini 1.27 - RCE
Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download and execute malicious scripts on the device.
by Wadeek
CVSS 9.8
CVE-2020-37124 EXPLOITDB CRITICAL python
B64dec 1.1.2 - Stack-based Buffer Overflow via Crafted Base64 Input
B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code during base64 decoding process.
by Andy Bowden
CVSS 9.8
EIP-2026-102435 EXPLOITDB text
WSO2 3.1.0 - Persistent Cross-Site Scripting
by Raki Ben Hamouda
CVE-2020-2555 EXPLOITDB CRITICAL python
Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
by nu11secur1ty
CVSS 9.8
CVE-2020-37220 EXPLOITDB HIGH text
Huawei HG630 V2 Router Authentication Bypass via Serial Number
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then use the last 8 characters as the default password to log in to the router.
by Eslam Medhat
CVSS 7.5
CVE-2020-37126 EXPLOITDB CRITICAL python
Free Desktop Clock 3.0 - Buffer Overflow
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code.
by boku
CVSS 9.8
CVE-2020-23069 EXPLOITDB MEDIUM text
webTareas 2.0 - Path Traversal via extpath Parameter in general_serv.php
Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files.
by China Banking and Insurance Information Technology Management Co.
CVSS 6.5
EIP-2026-113884 EXPLOITDB text
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
by Daniel Monzón
CVE-2019-16383 EXPLOITDB CRITICAL text
Progress MOVEit Transfer <11.1.1 - SQL Injection
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection.
by Aviv Beniash
CVSS 9.4
EIP-2026-102434 EXPLOITDB text
WSO2 3.1.0 - Arbitrary File Delete
by Raki Ben Hamouda
CVE-2019-20085 EXPLOITDB HIGH python
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
by Mohin Paramasivam
CVSS 7.5
CVE-2020-22809 EXPLOITDB HIGH text
Windscribe <v1.83 Build 20 - Privilege Escalation
In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Service Path that facilitates privilege escalation.
by MgThuraMoeMyint
CVSS 7.8
EIP-2026-114832 EXPLOITDB python
AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC)
by chuyreds
EIP-2026-113808 EXPLOITDB text
WordPress Plugin Helpful 2.4.11 - SQL Injection
by numan türle
EIP-2026-100943 EXPLOITDB python
Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal
by Basim Alabdullah