Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101226 EXPLOITDB text
D-Link DIR-601 - Command Injection
by Samuel Huntley
EIP-2026-101223 EXPLOITDB text
D-Link DGL5500 - HNAP Buffer Overflow
by Samuel Huntley
EIP-2026-105365 EXPLOITDB text
b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection
by hyp3rlinx
EIP-2026-116206 EXPLOITDB python VERIFIED
Sam Spade 1.14 - S-Lang Command Field Overflow (SEH)
by Nipun Jaswal
EIP-2026-111657 EXPLOITDB text
R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-102745 EXPLOITDB python VERIFIED
TACK 1.07 - Local Stack Buffer Overflow
by Juan Sacco
CVE-2015-9316 EXPLOITDB CRITICAL text
WP Fastest Cache < 0.8.4.9 - SQL Injection via poll_id Parameter
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
by Kacper Szurek
CVSS 9.8
EIP-2026-102580 EXPLOITDB python VERIFIED
FBZX 2.10 - Local Stack Buffer Overflow
by Juan Sacco
EIP-2026-114527 EXPLOITDB text VERIFIED
YesWiki 0.2 - 'template' Directory Traversal
by HaHwul
EIP-2026-102385 EXPLOITDB python
Jenkins 1.633 - Credential Recovery
by The Repo
EIP-2026-101311 EXPLOITDB text
Huawei HG630a / HG630a-50 - Default SSH Admin Password on ADSL Modems
by Murat Sahin
EIP-2026-116079 EXPLOITDB python VERIFIED
POP Peeper 4.0.1 - Overwrite (SEH)
by Un_N0n
EIP-2026-112607 EXPLOITDB text
TestLink 1.9.14 - Cross-Site Request Forgery
by Aravind C Ajayan_ Balagopal N
EIP-2026-104787 EXPLOITDB ruby VERIFIED
WordPress Plugin Ajax Load More 2.8.1.1 - PHP Upload (Metasploit)
by Metasploit
EIP-2026-103473 EXPLOITDB text VERIFIED
FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Out-of-Bounds Read
by Google Security Research
CVE-2017-16836 EXPLOITDB MEDIUM html
Arris TG1682G - Unauthenticated XSS
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
by Nu11By73
CVSS 6.1
EIP-2026-116116 EXPLOITDB python VERIFIED
QNap QVR Client 5.1.0.11290 - Crash (PoC)
by Luis Martínez
EIP-2026-107460 EXPLOITDB text
Google AdWords API PHP client library 6.2.0 - Arbitrary PHP Code Execution
by Dawid Golunski
EIP-2026-107459 EXPLOITDB text
Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection
by Dawid Golunski
EIP-2026-106744 EXPLOITDB text
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution / Denial of Service)
by Dawid Golunski
EIP-2026-119159 EXPLOITDB text
SolarWinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution
by Chris Graham
EIP-2026-113913 EXPLOITDB text VERIFIED
WordPress Plugin My Calendar 2.4.10 - Multiple Vulnerabilities
by Mysticism
EIP-2026-102514 EXPLOITDB text
NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities
by hyp3rlinx
EIP-2026-102513 EXPLOITDB text
NXFilter 3.0.3 - Cross-Site Request Forgery
by hyp3rlinx
CVE-2015-7808 EXPLOITDB text VERIFIED
vBulletin 5 Connect <5.1.9 - Code Injection
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
by hhjj