Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114045 EXPLOITDB php
WordPress Plugin Simple Ads Manager 2.9.4.116 - SQL Injection
by Kacper Szurek
CVE-2015-7556 EXPLOITDB HIGH text
DeleGate 9.9.13 - Privilege Escalation
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.
by Larry W. Cashdollar
CVSS 7.8
CVE-2015-7874 EXPLOITDB CRITICAL python
portapps/kitty_portable < 0.65.0.2p - Remote Code Execution via Long Nickname
Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname.
by Guillaume Kaddouch
CVSS 9.8
EIP-2026-117389 EXPLOITDB python
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10)
by Guillaume Kaddouch
EIP-2026-117388 EXPLOITDB python VERIFIED
KiTTY Portable 0.65.0.2p (Windows 8.1/10) - Local kitty.ini Overflow
by Guillaume Kaddouch
EIP-2026-117387 EXPLOITDB python VERIFIED
KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter)
by Guillaume Kaddouch
CVE-2025-34119 EXPLOITDB HIGH python VERIFIED
EasyCafe Server <2.2.14 - Info Disclosure
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.
by R-73eN
EIP-2026-114839 EXPLOITDB text
AccessDiver 4.301 - Buffer Overflow
by hyp3rlinx
EIP-2026-111776 EXPLOITDB text VERIFIED
Rips Scanner 0.5 - 'code.php' Local File Inclusion
by Ashiyane Digital Security Team
EIP-2026-105441 EXPLOITDB text
Beezfud - Remote Code Execution
by Ashiyane Digital Security Team
EIP-2026-111210 EXPLOITDB text
PhpSocial 2.0.0304_20222226 - Cross-Site Request Forgery
by Curesec Research Team
EIP-2026-107489 EXPLOITDB text
Grawlix 1.0.3 - Cross-Site Request Forgery
by Curesec Research Team
EIP-2026-105475 EXPLOITDB text
Bigware Shop 2.3.01 - Multiple Local File Inclusions
by bd0rk
EIP-2026-105223 EXPLOITDB text
Arastta 1.1.5 - SQL Injection
by Curesec Research Team
CVE-2015-8617 EXPLOITDB CRITICAL text
PHP 7.x < 7.0.1 - Remote Code Execution via Format String Specifiers in Class Name
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
by Andrew Kramer
CVSS 9.8
CVE-2015-8733 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service in Sniffer File Parser
The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record lengths and record header lengths, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
by Google Security Research
CVSS 5.5
CVE-2015-8724 EXPLOITDB MEDIUM text VERIFIED
Wireshark 1.12.x < 1.12.9 and 2.0.x < 2.0.1 - Denial of Service via AirPDcapDecryptWPABroadcastKey Function
The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
by Google Security Research
CVSS 5.5
CVE-2015-8434 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.268, 19.x, 20.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
by Google Security Research
EIP-2026-115955 EXPLOITDB python
Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow
by R-73eN
EIP-2026-114979 EXPLOITDB text
Base64 Decoder 1.1.2 - Overwrite (SEH) (PoC)
by Un_N0n
EIP-2026-110426 EXPLOITDB perl
Ovidentia Widgets 1.0.61 - Remote Command Execution
by bd0rk
EIP-2026-110424 EXPLOITDB text
Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion
by bd0rk
CVE-2015-8562 EXPLOITDB python
Joomla! 1.5.x-3.4.5 - Unauthenticated Remote Code Execution via HTTP User-Agent Header
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
by Andrew McNicol
CVE-2015-0057 EXPLOITDB text VERIFIED
Windows win32k.sys - Local Privilege Escalation via Crafted Application
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
by Jean-Jamil Khalife
CVE-2015-8413 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.268, 19.x, 20.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
by Google Security Research
By Source
All 50,076 Writeup 62,633 Exploitdb 50,076 Nomisec 22,505 Github 3,761 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,641 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,335 bash 462 java 371 c++ 261 javascript 231 shell 140 go 75 postscript 25 typescript 25