Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-11512 EXPLOITDB MEDIUM text
wityCMS 0.6.1 - Authenticated Stored Cross-Site Scripting via Website Name Field
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.
by Nathu Nandwani
CVSS 4.8
EIP-2026-108657 EXPLOITDB text
Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection
by L0RD
CVE-2018-11404 EXPLOITDB MEDIUM text
DomainMod 4.09.03 - Cross-Site Scripting via SSL Provider Account Parameter
DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.
by longer
CVSS 6.1
CVE-2018-11403 EXPLOITDB MEDIUM text
DomainMod 4.09.03 - Cross-Site Scripting via Account Owner OID Parameter
DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.
by longer
CVSS 5.4
EIP-2026-101139 EXPLOITDB javascript
Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)
by qwertyoruiop
EIP-2026-101138 EXPLOITDB
Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader
by Specter
EIP-2026-113596 EXPLOITDB text
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
by AkkuS
EIP-2026-112015 EXPLOITDB html
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting
by Hesam Bazvand
EIP-2026-109664 EXPLOITDB text
My Directory 2.0 - SQL Injection / Cross-Site Scripting
by AkkuS
EIP-2026-109231 EXPLOITDB text
Lyrist - 'id' SQL Injection
by Meisam Monsef
EIP-2026-109170 EXPLOITDB text
Listing Hub CMS 1.0 - SQL Injection
by AkkuS
EIP-2026-107843 EXPLOITDB text
Ingenious School Management System - 'id' SQL Injection
by Meisam Monsef
CVE-2018-11332 EXPLOITDB MEDIUM text
ClipperCMS 1.3.3 - Stored Cross-Site Scripting via Site Name Field
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.
by Nathu Nandwani
CVSS 4.8
EIP-2026-105590 EXPLOITDB text
BookingWizz Booking System 5.5 - 'id' SQL Injection
by AkkuS
EIP-2026-105369 EXPLOITDB text
Baby Names Search Engine 1.0 - 'a' SQL Injection
by AkkuS
CVE-2018-11220 EXPLOITDB HIGH text
Bitmain Antminer D3, L3+, and S9 Firmware - Remote Command Execution via System Restore Function
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.
by CorryL
CVSS 8.8
CVE-2018-11505 EXPLOITDB HIGH text
Werewolf Online 0.8.8 - Exposure of Firebase Token via Logcat Output
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
by ManhNho
CVSS 7.5
CVE-2018-11442 EXPLOITDB HIGH html
EasyService Billing 1.0 - Cross-Site Request Forgery via Quotation Creation
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.
by Divya Jain
CVSS 8.8
EIP-2026-109807 EXPLOITDB text
mySurvey 1.0 - 'id' SQL Injection
by AkkuS
EIP-2026-106865 EXPLOITDB text
Employee Work Schedule 5.9 - 'cal_id' SQL Injection
by AkkuS
CVE-2018-11443 EXPLOITDB MEDIUM text
EasyService Billing 1.0 - Cross-Site Scripting via jobcard-ongoing.php q Parameter
The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.
by Divya Jain
CVSS 6.1
CVE-2018-11445 EXPLOITDB HIGH html
EasyService Billing 1.0 - Cross-Site Request Forgery on User Add Page
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.
by Divya Jain
CVSS 8.8
CVE-2018-11444 EXPLOITDB CRITICAL text
EasyService Billing 1.0 - SQL Injection via jobcard-ongoing.php q Parameter
A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.
by Divya Jain
CVSS 9.8
EIP-2026-106720 EXPLOITDB text
easyLetters 1.0 - 'id' SQL Injection
by AkkuS
EIP-2026-105055 EXPLOITDB text
Ajax Full Featured Calendar 2.0 - 'search' SQL Injection
by AkkuS