Exploitdb Exploits

50,121 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106339 EXPLOITDB text
Daily Expense Manager 1.0 - 'term' SQLi
by Stefan Hesselman
EIP-2026-105454 EXPLOITDB text
Best Student Result Management System v1.0 - Multiple SQLi
by nu11secur1ty
EIP-2026-101412 EXPLOITDB python
Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass
by LiquidWorm
CVE-2024-0353 EXPLOITDB HIGH text
Eset Endpoint Antivirus < 8.1.2062.0 - Improper Privilege Management
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
by Milad karimi
CVSS 7.8
EIP-2026-113554 EXPLOITDB text
Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)
by Erdemstar
EIP-2026-106115 EXPLOITDB text
Computer Laboratory Management System v1.0 - Multiple-SQLi
by nu11secur1ty
CVE-2024-58341 EXPLOITDB HIGH text
OpenCart Core 4.0.2.3 SQL Injection via search Parameter
OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitive database information using boolean-based blind or time-based blind SQL injection techniques.
by Saud Alenazi
CVSS 8.2
CVE-2024-58303 EXPLOITDB HIGH text
FoF Pretty Mail 1.1.2 - Code Injection
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
by Chokri Hammedi
CVE-2024-58302 EXPLOITDB MEDIUM text
FoF Pretty Mail 1.1.2 - Local File Inclusion
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.
by Chokri Hammedi
CVE-2024-25415 EXPLOITDB HIGH python
CE Phoenix <1.0.8.20 - RCE
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
by tmrswrr
CVSS 7.2
CVE-2024-24520 EXPLOITDB HIGH text
Lepton CMS <7.0.0 - RCE
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
by tmrswrr
CVSS 7.8
CVE-2024-24399 EXPLOITDB HIGH text
Lepton-cms Leptoncms - Unrestricted File Upload
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
by tmrswrr
CVSS 7.2
EIP-2026-117831 EXPLOITDB text
Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path
by Saud Alenazi
EIP-2026-117564 EXPLOITDB text
Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G
by hyp3rlinx
CVE-2024-21338 EXPLOITDB HIGH ruby
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
by E1 Coders
CVSS 7.8
EIP-2026-116820 EXPLOITDB text
ASUS Control Center Express 01.06.15 - Unquoted Service Path
by Alaa Kachouh
CVE-2022-4395 EXPLOITDB CRITICAL text
Membership For WooCommerce <2.1.7 - Unauthenticated RCE
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
by Milad karimi
CVSS 9.8
EIP-2026-112233 EXPLOITDB text
Smart School 6.4.1 - SQL Injection
by CraCkEr
EIP-2026-112064 EXPLOITDB text
Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal
by Ven3xy
CVE-2024-29410 EXPLOITDB text
Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)
by Sandeep Vishwakarma
EIP-2026-110112 EXPLOITDB python
Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)
by Gian Paris C. Agsam
EIP-2026-107622 EXPLOITDB text
Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
by Sandeep Vishwakarma
CVE-2024-24724 EXPLOITDB CRITICAL text
Gibbon <26.0.00 - SSRF/RCE
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.
by Ali Maharramli_Fikrat Guliev_Islam Rzayev
CVSS 9.8
CVE-2024-24497 EXPLOITDB
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1009. Reason: This candidate is a duplicate of CVE-2024-1009. Notes: All CVE users should reference CVE-2024-1009 instead of this candidate.
by Yevhenii Butenko
CVE-2024-24499 EXPLOITDB
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1007. Reason: This candidate is a duplicate of CVE-2024-1007. Notes: All CVE users should reference CVE-2024-1007 instead of this candidate.
by Yevhenii Butenko
By Source
All 50,121 Exploitdb 50,121 Writeup 46,831 Nomisec 21,202 Metasploit 3,189 Github 2,265 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,745 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24