Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-27620 EXPLOITDB HIGH text
Ladder 0.0.1-0.0.21 - Server-Side Request Forgery
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.
by @_chebuya
CVSS 7.5
CVE-2023-46453 EXPLOITDB CRITICAL python
GL.iNet 4.x - Authentication Bypass via SQL Injection
Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S GL-MT2500 GL-AXT1800 GL-X3000 and GL-SFT1200.
by Daniele Linguaglossa
CVSS 9.8
EIP-2026-109211 EXPLOITDB text
Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution
by Elijah Mandila Syoyi
EIP-2026-109210 EXPLOITDB text
Lot Reservation Management System - Unauthenticated File Disclosure
by Elijah Mandila Syoyi
EIP-2026-106830 EXPLOITDB text
elFinder Web file manager Version - 2.1.53 Remote Command Execution
by tmrswrr
CVE-2023-50071 EXPLOITDB HIGH text
Sourcecodester Customer Support System 1.0 - SQL Injection via Department ID or Name Parameter
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.
by Geraldo Alcantara
CVSS 8.8
EIP-2026-106265 EXPLOITDB python
CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution
by tmrswrr
EIP-2026-109858 EXPLOITDB text
Neontext Wordpress Plugin - Stored XSS
by Eren Car
EIP-2026-109017 EXPLOITDB text
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
by Mohammad Reza Omrani
EIP-2026-102014 EXPLOITDB text
Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS
by Vincent McRae_ Mesut Cetin
CVE-2024-58277 EXPLOITDB HIGH text
R Radio Network FM Transmitter 1.07 - Info Disclosure
R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.
by LiquidWorm
CVE-2024-58276 EXPLOITDB HIGH text
Obi08 Enrollment System 1.0 - SQL Injection
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames and passwords.
by Gnanaraj Mauviel
CVE-2024-58275 EXPLOITDB HIGH python
Easywall 0.3.1 - Authenticated Remote Command Execution via Ports-Save Endpoint
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.
by Melvin Mejia
EIP-2026-119655 EXPLOITDB text
Windows PowerShell - Event Log Bypass Single Quote Code Execution
by hyp3rlinx
EIP-2026-105602 EXPLOITDB python
Boss Mini 1.4.0 - local file inclusion
by nltt0
EIP-2026-104774 EXPLOITDB text
Simple Student Attendance System v1.0 - Time Based Blind SQL Injection
by Gnanaraj Mauviel
EIP-2026-104773 EXPLOITDB text
Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection
by Gnanaraj Mauviel
EIP-2026-104769 EXPLOITDB text
Real Estate Management System v1.0 - Remote Code Execution via File Upload
by Diyar Saadi
CVE-2024-27747 EXPLOITDB CRITICAL text
Petrol Pump Mangement Software <1.0 - RCE
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
by Shubham Pandey
CVSS 9.8
CVE-2024-27743 EXPLOITDB MEDIUM text
Petrol Pump MGMT Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component.
by Shubham Pandey
CVSS 6.1
CVE-2024-27744 EXPLOITDB MEDIUM text
Petrol Pump Mangement Software v.1.0 - XSS
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
by Shubham Pandey
CVSS 6.1
CVE-2024-27746 EXPLOITDB CRITICAL text
Petrol Pump Mangement Software <1.0 - SQL Injection
SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component.
by Shubham Pandey
CVSS 9.8
EIP-2026-104707 EXPLOITDB text
AC Repair and Services System v1.0 - Multiple SQL Injection
by Gnanaraj Mauviel
EIP-2026-104315 EXPLOITDB text
Magento ver. 2.4.6 - XSLT Server Side Injection
by tmrswrr
EIP-2026-103761 EXPLOITDB python
A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc
by George Washington
By Source
All 50,076 Writeup 62,507 Exploitdb 50,076 Nomisec 22,465 Github 3,690 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,604 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25