Exploitdb Exploits

49,989 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-4306 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4328 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Memory Corruption
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
CVE-2018-4312 EXPLOITDB HIGH html VERIFIED
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
EIP-2026-101953 EXPLOITDB text
RICOH MP C6503 Plus Printer - Cross-Site Scripting
by Ismail Tasdelen
EIP-2026-101951 EXPLOITDB text
RICOH MP C406Z Printer - Cross-Site Scripting
by Ismail Tasdelen
EIP-2026-101950 EXPLOITDB text
RICOH MP C2003 Printer - Cross-Site Scripting
by Ismail Tasdelen
EIP-2026-101949 EXPLOITDB text
RICOH MP 305+ Printer - Cross-Site Scripting
by Ismail Tasdelen
CVE-2018-25253 EXPLOITDB MEDIUM python VERIFIED
Termite 3.4 Denial of Service via Settings Buffer Overflow
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.
by Abdullah Alıç
CVSS 6.2
CVE-2018-17398 EXPLOITDB CRITICAL perl
AMGallery 1.2.3 - SQL Injection
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-17374 EXPLOITDB CRITICAL text
Auction Factory 4.5.5 - SQL Injection
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-17386 EXPLOITDB CRITICAL text
Micro Deal Factory 2.4.0 - SQL Injection
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
by Ihsan Sencan
CVSS 9.8
EIP-2026-119494 EXPLOITDB python VERIFIED
SoftX FTP Client 3.3 - Denial of Service (PoC)
by Cemal Cihad ÇİFTÇİ
EIP-2026-119461 EXPLOITDB python VERIFIED
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
by Erenay Gencay
CVE-2018-17128 EXPLOITDB MEDIUM text
MyBB <1.8.19 - XSS
A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode.
by Numan OZDEMIR
CVSS 5.4
CVE-2018-14592 EXPLOITDB CRITICAL text
CWJoomla <2.0.7, <1.0.6 - SQL Injection
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
by Haboob Team
CVSS 9.8
EIP-2026-102752 EXPLOITDB text
udisks2 2.8.0 - Denial of Service (PoC)
by Marshall Whittaker
EIP-2026-101952 EXPLOITDB text
RICOH MP C6003 Printer - Cross-Site Scripting
by Ismail Tasdelen
EIP-2026-101946 EXPLOITDB text
RICOH Aficio MP 301 Printer - Cross-Site Scripting
by Ismail Tasdelen
CVE-2018-17173 EXPLOITDB CRITICAL python
LG SuperSign CMS - RCE
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
by Alejandro Fanjul
CVSS 9.8
CVE-2018-16071 EXPLOITDB HIGH text VERIFIED
Google Chrome < 69.0.3497.81 - Out-of-Bounds Write
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
by Google Security Research
CVSS 8.8
CVE-2018-16083 EXPLOITDB HIGH text VERIFIED
Google Chrome < 69.0.3497.81 - Out-of-Bounds Read
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
by Google Security Research
CVSS 8.8
EIP-2026-101595 EXPLOITDB text
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
by Simon Brannstrom
CVE-2018-25254 EXPLOITDB CRITICAL python VERIFIED
NICO-FTP 3.0.1.19 Buffer Overflow SEH
NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode.
by Abdullah Alıç
CVSS 9.8
CVE-2018-8410 EXPLOITDB HIGH text VERIFIED
Windows Kernel API - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
CVE-2018-8449 EXPLOITDB LOW text VERIFIED
Windows - Privilege Escalation
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 3.3
By Source
All 49,989 Writeup 59,960 Exploitdb 49,989 Nomisec 21,574 Metasploit 3,218 Github 2,551 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,933 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24