Exploitdb Exploits

50,121 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106828 EXPLOITDB python
Elementor Website Builder < 3.12.2 - Admin+ SQLi
by E1 Coders
EIP-2026-106626 EXPLOITDB text
E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)
by Sandeep Vishwakarma
CVE-2024-24494 EXPLOITDB MEDIUM
Daily Habit Tracker <1.0 - XSS
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
by Yevhenii Butenko
CVSS 6.1
CVE-2024-24495 EXPLOITDB CRITICAL
Daily Habit Tracker 1.0 - SQL Injection
SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request.
by Yevhenii Butenko
CVSS 9.8
CVE-2024-24496 EXPLOITDB CRITICAL
Daily Habit Tracker <1.0 - RCE
An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components.
by Yevhenii Butenko
CVSS 9.8
EIP-2026-105535 EXPLOITDB text
Blood Bank v1.0 - Stored Cross Site Scripting (XSS)
by Ersin Erenler
CVE-2023-48974 EXPLOITDB CRITICAL text
Axigen WebMail <10.3.3.61 - XSS
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.
by Vincent McRae_ Mesut Cetin
CVSS 9.6
CVE-2024-27356 EXPLOITDB HIGH python
GL-iNet devices - Info Disclosure
An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.
by Bandar Alharbi
CVSS 7.5
CVE-2023-34927 EXPLOITDB MEDIUM text
Casbin Casdoor < 1.331.0 - CSRF
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
by Van Lam Nguyen
CVSS 6.5
CVE-2024-58301 EXPLOITDB CRITICAL text
Purei CMS 1.0 - SQL Injection
Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable endpoints like getAllParks.php and events-ajax.php by injecting crafted SQL payloads to potentially extract or modify database information.
by Number 7
CVE-2024-58300 EXPLOITDB HIGH python
Siklu MultiHaul TG <2.0.0 - RCE
Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.
by semaja2
CVE-2024-22638 EXPLOITDB CRITICAL text
liveSite <2019.1 - RCE
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.
by tmrswrr
CVSS 9.8
EIP-2026-119285 EXPLOITDB c
WinRAR version 6.22 - Remote Code Execution via ZIP archive
by E1 Coders
EIP-2026-114367 EXPLOITDB text
Workout Journal App 1.0 - Stored XSS
by MURAT CAGRI ALIS
EIP-2026-104189 EXPLOITDB text
Broken Access Control - on NodeBB v3.6.7
by Vibhor Sharma
EIP-2026-103865 EXPLOITDB python
Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)
by Sean Pesce
EIP-2026-102817 EXPLOITDB bash
Dell Security Management Server <1.9.0 - Local Privilege Escalation
by Amirhossein Bahramizadeh
EIP-2026-101072 EXPLOITDB python
RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service
by ice-wzl
CVE-2024-32256 EXPLOITDB HIGH text
Phpgurukul Tourism Management System - Unrestricted File Upload
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.
by SoSPiro
CVSS 8.1
CVE-2024-58304 EXPLOITDB HIGH text
SPA-CART CMS 1.9.0.3 - XSS
SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary code in administrative users' browsers.
by Eren Sen
CVSS 7.5
CVE-2024-24506 EXPLOITDB MEDIUM text
Lime Survey CE <v.5.3.32+220817 - XSS
Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.
by Subhankar Singh
CVSS 6.1
EIP-2026-113177 EXPLOITDB text
Wallos < 1.11.2 - File Upload RCE
by sml
EIP-2026-109532 EXPLOITDB text
MobileShop master v1.0 - SQL Injection Vuln.
by HAZIM ARBAŞ
EIP-2026-107874 EXPLOITDB text
Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS
by Hakkı TOKLU
EIP-2026-106228 EXPLOITDB python
Craft CMS 4.4.14 - Unauthenticated Remote Code Execution
by Olivier Lasne
By Source
All 50,121 Exploitdb 50,121 Writeup 46,831 Nomisec 21,202 Metasploit 3,189 Github 2,265 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,745 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24