Writeup Exploits

60,429 exploits tracked across all sources.

Sort: Activity Stars
CVE-2026-31151 WRITEUP CRITICAL
Kaleris YMS 7.2.2.1 - Auth Bypass
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
CVSS 9.8
CVE-2026-31153 WRITEUP MEDIUM
Bynder 0.1.394 - Stored XSS
A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS 5.4
CVE-2025-65657 WRITEUP MEDIUM
FeehiCMS 2.1.1 - RCE
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
CVSS 6.5
CVE-2025-63523 WRITEUP MEDIUM
FeehiCMS <2.1.1 - Info Disclosure
FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.
CVSS 6.5
CVE-2025-63522 WRITEUP MEDIUM
FeehiCMS 2.1.1 - CSRF
Reverse Tabnabbing vulnerability in FeehiCMS 2.1.1 in the Comments Management function
CVSS 4.6
CVE-2025-63520 WRITEUP MEDIUM
FeehiCMS 2.1.1 - XSS
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 via the id parameter of the User Update function (?r=user%2Fupdate).
CVSS 6.1
CVE-2026-31354 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored XSS
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.
CVSS 5.4
CVE-2026-31354 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Authenticated Stored XSS
Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters.
CVSS 5.4
CVE-2026-31353 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored XSS
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVSS 5.4
CVE-2026-31353 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored XSS
An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVSS 5.4
CVE-2026-31352 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored XSS
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.
CVSS 5.4
CVE-2026-31352 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored XSS
An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter.
CVSS 5.4
CVE-2026-31351 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored XSS
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS 4.8
CVE-2026-31351 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored XSS
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.
CVSS 4.8
CVE-2026-31350 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored XSS
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVSS 5.4
CVE-2026-31350 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored XSS
An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter.
CVSS 5.4
CVE-2026-31313 WRITEUP MEDIUM
Feehi CMS 2.1.1 - Stored XSS
An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field.
CVSS 5.4
CVE-2022-40373 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Stored Cross-Site Scripting via XML File Upload
Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remote attackers to run arbitrary code via upload of crafted XML file.
CVSS 5.4
CVE-2022-40002 WRITEUP MEDIUM
FeehiCMS-2.1.1 - Cross-Site Scripting via Callback Parameter
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbirtary code via the callback parameter to /cms/notify.
CVSS 5.4
CVE-2022-40001 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Stored Cross-Site Scripting via Article Title Field
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page.
CVSS 5.4
CVE-2022-40000 WRITEUP MEDIUM
FeehiCMS 2.1.1 - Stored Cross-Site Scripting via Admin Login Username Field
Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the username field of the admin log in page.
CVSS 5.4
CVE-2022-34971 WRITEUP HIGH
Feehi Cms - Unrestricted File Upload
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS 8.8
CVE-2022-34140 WRITEUP MEDIUM
Feehi CMS v2.1.1 - XSS
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVSS 5.4
CVE-2022-34140 WRITEUP MEDIUM
Feehi CMS v2.1.1 - XSS
A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field.
CVSS 5.4
CVE-2021-36573 WRITEUP MEDIUM
Feehi CMS <2.1.1 - RCE
File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to run arbitrary code via crafted image upload.
CVSS 5.4
By Source
All 60,429 Writeup 60,429 Exploitdb 50,009 Nomisec 21,918 Metasploit 3,229 Github 2,763 Vulncheck_xdb 907 Inthewild 514 Gitlab 443 Gitee 415 Patchapalooza 312
By Language
text 31,344 python 6,048 ruby 5,918 c 3,579 perl 2,849 html 2,054 php 1,327 bash 460 java 364 c++ 251 javascript 220 shell 98 go 61 postscript 25 xml 24