Exploitdb Exploits
49,996 exploits tracked across all sources.
Kirby 2.5.12 - CSRF
An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.
by Zaran Shaikh
CVSS 5.4
Splinterware System Scheduler Pro 5.12 - Privilege Escalation
by bzyo
Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)
by bzyo
Microsoft Windows Speech Recognition - Buffer Overflow (PoC)
by Nassim Asrir
Synology DiskStation Manager 4.1 - Directory Traversal
by Berk Dusunur
Mediabridge Medialink MWN-WAPR300N <5.07.50 - CSRF
Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users.
by Nathu Nandwani
CVSS 8.8
Davolink DVW-3200N <1.00.06 - Info Disclosure
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device.
by Ankit Anubhav
CVSS 9.8
Inteno IOPSYS - Privilege Escalation
read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp.
by neonsea
CVSS 7.8
Msvod Cms v10 - SQL Injection
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
by Hzllaga
CVSS 9.8
Touchpad / Trivum WebTouch Setup V9 V2.53 - Auth Bypass
Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization).
by vulnc0d3
CVSS 9.8
TP-Link WR840N - DoS
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
by Aniket Dinda
CVSS 7.5
Techotronic All IN One Favicon < 4.6 - XSS
Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.
by Javier Olmedo
CVSS 4.8
MyBB <1.2 - XSS
The New Threads plugin before 1.2 for MyBB has XSS.
by 0xB9
CVSS 6.1
Google Chrome - Swiftshader Texture Allocation Integer Overflow
by Google Security Research
Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak
by Google Security Research
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
by Google Security Research
Linux BPF Sign Extension Local Privilege Escalation
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
by Metasploit
CVSS 7.8
Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection
by AkkuS
Opmantek Open-audit < 2.2.2 - XSS
Cross-site scripting (XSS) vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute.
by Ranjeet Jaiswal
CVSS 5.4
Microhard Systems IPn4G 1.1.0 - CSRF
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.
by LiquidWorm
CVSS 6.5
By Source