Exploitdb Exploits
50,095 exploits tracked across all sources.
wityCMS 0.6.1 - Authenticated Stored Cross-Site Scripting via Website Name Field
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.
by Nathu Nandwani
CVSS 4.8
Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection
by L0RD
DomainMod 4.09.03 - Cross-Site Scripting via SSL Provider Account Parameter
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
by longer
CVSS 6.1
DomainMod 4.09.03 - Cross-Site Scripting via Account Owner OID Parameter
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
by longer
CVSS 5.4
EIP-2026-101138
EXPLOITDB
Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader
by Specter
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
by AkkuS
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting
by Hesam Bazvand
Ingenious School Management System - 'id' SQL Injection
by Meisam Monsef
ClipperCMS 1.3.3 - Stored Cross-Site Scripting via Site Name Field
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
by Nathu Nandwani
CVSS 4.8
Bitmain Antminer D3, L3+, and S9 Firmware - Remote Command Execution via System Restore Function
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.
by CorryL
CVSS 8.8
Werewolf Online 0.8.8 - Exposure of Firebase Token via Logcat Output
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
by ManhNho
CVSS 7.5
EasyService Billing 1.0 - Cross-Site Request Forgery via Quotation Creation
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.
by Divya Jain
CVSS 8.8
EasyService Billing 1.0 - Cross-Site Scripting via jobcard-ongoing.php q Parameter
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.
by Divya Jain
CVSS 6.1
EasyService Billing 1.0 - Cross-Site Request Forgery on User Add Page
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.
by Divya Jain
CVSS 8.8
EasyService Billing 1.0 - SQL Injection via jobcard-ongoing.php q Parameter
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.
by Divya Jain
CVSS 9.8
By Source