Exploitdb Exploits
49,996 exploits tracked across all sources.
TP-Link TL-WR840N/TL-WR841N <5 - Info Disclosure
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.
by BlackFog Team
CVSS 9.8
CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)
by Juan Prescotto
Creatiwity Witycms - XSS
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.
by Nathu Nandwani
CVSS 4.8
Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery
by L0RD
Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery
by L0RD
Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection
by L0RD
Domainmod - XSS
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
by longer
CVSS 6.1
Domainmod - XSS
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
by longer
CVSS 5.4
EIP-2026-101138
EXPLOITDB
Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader
by Specter
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
by AkkuS
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting
by Hesam Bazvand
Ingenious School Management System - 'id' SQL Injection
by Meisam Monsef
Clippercms - XSS
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
by Nathu Nandwani
CVSS 4.8
Bitmain Antminer - RCE
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.
by CorryL
CVSS 8.8
Werewolf Online - Information Disclosure
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
by ManhNho
CVSS 7.5
Easyservice Billing - CSRF
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.
by Divya Jain
CVSS 8.8
By Source