Exploitdb Exploits
50,076 exploits tracked across all sources.
ESET Endpoint Antivirus < 8.1.2062.0 - Local Privilege Escalation via File Deletion
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
by Milad karimi
CVSS 7.8
Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)
by Erdemstar
Computer Laboratory Management System v1.0 - Multiple-SQLi
by nu11secur1ty
OpenCart Core 4.0.2.3 SQL Injection via search Parameter
OpenCart Core 4.0.2.3 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'search' parameter. Attackers can send GET requests to the product search endpoint with malicious 'search' values to extract sensitive database information using boolean-based blind or time-based blind SQL injection techniques.
by Saud Alenazi
CVSS 8.2
FoF Pretty Mail 1.1.2 - Code Injection
FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generation.
by Chokri Hammedi
FoF Pretty Mail 1.1.2 - Local File Inclusion
FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation.
by Chokri Hammedi
CE Phoenix 1.0.8.20 - Remote Code Execution via define_language.php
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
by tmrswrr
CVSS 7.2
Lepton CMS 7.0.0 - Remote Code Execution via Upgrade.php Language Parameter
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
by tmrswrr
CVSS 7.8
Lepton CMS 7.0.0 - Authenticated Arbitrary File Upload via Backend Languages Index
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
by tmrswrr
CVSS 7.2
Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path
by Saud Alenazi
Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G
by hyp3rlinx
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
by E1 Coders
CVSS 7.8
ASUS Control Center Express 01.06.15 - Unquoted Service Path
by Alaa Kachouh
Membership For WooCommerce <2.1.7 - Unauthenticated RCE
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
by Milad karimi
CVSS 9.8
Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal
by Ven3xy
Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)
by Sandeep Vishwakarma
Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)
by Gian Paris C. Agsam
Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
by Sandeep Vishwakarma
Gibbon < 26.0.00 - Server-Side Template Injection via Messenger Settings
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization.
by Ali Maharramli_Fikrat Guliev_Islam Rzayev
CVSS 9.8
E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)
by Sandeep Vishwakarma
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting via add-tracker.php and update-tracker.php Parameters
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
by Yevhenii Butenko
CVSS 6.1
Daily Habit Tracker 1.0 - SQL Injection
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
by Yevhenii Butenko
CVSS 9.8
Daily Habit Tracker 1.0 - Unauthenticated Tracker Manipulation via Home and Tracker Management Endpoints
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
by Yevhenii Butenko
CVSS 9.8
By Source