Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117282 EXPLOITDB text
HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path
by Roberto Piña
EIP-2026-114329 EXPLOITDB text
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
by Ultra Security Team
EIP-2026-114089 EXPLOITDB text
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
by Jinson Varghese Behanan
EIP-2026-112349 EXPLOITDB text
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
by J3rryBl4nks
EIP-2026-112348 EXPLOITDB text
SOPlanning 1.45 - 'users' SQL Injection
by J3rryBl4nks
EIP-2026-112347 EXPLOITDB text
SOPlanning 1.45 - 'by' SQL Injection
by J3rryBl4nks
EIP-2026-107725 EXPLOITDB text
Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
by J3rryBl4nks
EIP-2026-101540 EXPLOITDB text
Avaya Aura Communication Manager 5.2 - Remote Code Execution
by Sarang Tumne
CVE-2020-37160 EXPLOITDB MEDIUM text
SprintWork 2.3.1 - Privilege Escalation
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
by boku
CVSS 6.2
CVE-2020-37151 EXPLOITDB HIGH text
phpMyChat Plus 1.98 - SQL Injection
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.
by J3rryBl4nks
CVSS 8.2
CVE-2020-37064 EXPLOITDB HIGH text
EPSON EasyMP Network Projection 2.81 - Code Injection
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\ to inject malicious code that would execute with LocalSystem privileges.
by Roberto Piña
CVSS 7.8
EIP-2026-117276 EXPLOITDB text
HomeGuard Pro 9.3.1 - Insecure Folder Permissions
by boku
CVE-2020-37169 EXPLOITDB MEDIUM text
WordPress Plugin ultimate-member 2.1.3 Local File Inclusion
WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP files from the packages directory and execute arbitrary code.
by Mehran Feizi
CVSS 5.5
EIP-2026-117722 EXPLOITDB text
OpenTFTP 1.66 - Local Privilege Escalation
by boku
EIP-2026-114198 EXPLOITDB text
WordPress Plugin Wordfence.7.4.5 - Local File Disclosure
by Mehran Feizi
EIP-2026-114128 EXPLOITDB text
WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting
by Mehran Feizi
EIP-2026-114127 EXPLOITDB text
WordPress Plugin Tutor.1.5.3 - Local File Inclusion
by Mehran Feizi
EIP-2026-113651 EXPLOITDB text
WordPress Plugin contact-form-7 5.1.6 - Remote File Upload
by Mehran Feizi
CVE-2020-8947 EXPLOITDB HIGH python
Artica Pandora FMS 7.0 - Authenticated OS Command Injection via Netflow Live View Parameters
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
by Engin Demirbilek
CVSS 7.2
EIP-2026-117666 EXPLOITDB python
MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow
by ZwX
EIP-2026-117665 EXPLOITDB python
MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow
by ZwX
EIP-2026-117664 EXPLOITDB python
MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow
by ZwX
CVE-2019-18915 EXPLOITDB HIGH text VERIFIED
HP System Event Utility <1.4.33 - RCE
A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.
by hyp3rlinx
CVSS 7.8
CVE-2020-37161 EXPLOITDB CRITICAL python
Wedding Slideshow Studio 1.36 - RCE
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote code execution, demonstrating the ability to run system commands like launching the calculator.
by ZwX
CVSS 9.8
CVE-2020-37100 EXPLOITDB HIGH text
Sync Breeze Enterprise 12.4.18 - Code Injection
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.
by boku
CVSS 7.8