Exploitdb Exploits

49,989 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-0573 EXPLOITDB HIGH text VERIFIED
Windows Data Sharing Service - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574.
by Google Security Research
CVSS 7.8
CVE-2019-0571 EXPLOITDB HIGH text VERIFIED
Windows Data Sharing Service - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574.
by Google Security Research
CVSS 7.8
CVE-2019-0552 EXPLOITDB HIGH text VERIFIED
Windows COM Desktop Broker - Privilege Escalation
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 8.8
CVE-2019-0566 EXPLOITDB HIGH text VERIFIED
Microsoft Edge - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
by Google Security Research
CVSS 8.8
CVE-2018-5410 EXPLOITDB HIGH c VERIFIED
Dokan <1.2.0.1000 - Buffer Overflow
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
by Parvez Anwar
CVSS 7.8
CVE-2018-14665 EXPLOITDB MEDIUM bash
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Marco Ivaldi
CVSS 6.6
EIP-2026-112661 EXPLOITDB text
ThinkPHP 5.X - Remote Command Execution
by vr_system
EIP-2026-111704 EXPLOITDB text VERIFIED
Real Estate Custom Script 2.0 - SQL Injection
by Ihsan Sencan
EIP-2026-109540 EXPLOITDB text VERIFIED
Modern POS 1.3 - SQL Injection
by Ihsan Sencan
EIP-2026-109539 EXPLOITDB text VERIFIED
Modern POS 1.3 - Arbitrary File Download
by Ihsan Sencan
EIP-2026-109179 EXPLOITDB text VERIFIED
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
by Ihsan Sencan
EIP-2026-108102 EXPLOITDB text VERIFIED
Job Portal Platform 1.0 - SQL Injection
by Ihsan Sencan
CVE-2019-6249 EXPLOITDB HIGH html
Hucart - CSRF
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
by AllenChen
CVSS 8.8
EIP-2026-107616 EXPLOITDB python
Horde Imp - 'imap_open' Remote Command Execution
by Paolo Serracino_ Pietro Minniti_ Damiano Proietti
EIP-2026-107101 EXPLOITDB text VERIFIED
Find a Place CMS Directory 1.5 - SQL Injection
by Ihsan Sencan
EIP-2026-106232 EXPLOITDB text VERIFIED
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
by Ihsan Sencan
EIP-2026-105898 EXPLOITDB text
Cleanto 5.0 - SQL Injection
by Ihsan Sencan
EIP-2026-105468 EXPLOITDB text VERIFIED
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-101828 EXPLOITDB python
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
by Nathu Nandwani
CVE-2018-10093 EXPLOITDB HIGH text
AudioCodes IP phone 420HD <2.2.12.126 - RCE
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
by Sysdream
CVSS 8.8
CVE-2019-12181 EXPLOITDB HIGH bash
Serv-U FTP Server prepareinstallation Privilege Escalation
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
by bcoles
CVSS 8.8
CVE-2017-5899 EXPLOITDB HIGH bash
S-nail < 14.8.5 - Race Condition
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
by bcoles
CVSS 7.0
EIP-2026-103764 EXPLOITDB bash
ASAN/SUID - Local Privilege Escalation
by bcoles
CVE-2019-25625 EXPLOITDB MEDIUM python
Blob Studio 2.17 Denial of Service via Malformed Input
Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causing the application to crash or become unresponsive.
by Ihsan Sencan
CVSS 6.2
CVE-2019-25624 EXPLOITDB MEDIUM python
Liquid Studio 2.17 Denial of Service via Malformed Input
Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the application to become unresponsive or terminate abnormally.
by Ihsan Sencan
CVSS 6.2
By Source
All 49,989 Writeup 59,917 Exploitdb 49,989 Nomisec 21,538 Metasploit 3,218 Github 2,548 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,930 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24