Exploitdb Exploits

50,121 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-38965 EXPLOITDB CRITICAL python
Lost and Found Information System 1.0 - Privilege Escalation
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.
by Or4nG.M4N
CVSS 9.8
EIP-2026-119393 EXPLOITDB python
ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure
by Metin Yunus Kandemir
EIP-2026-104449 EXPLOITDB text
Splunk 9.0.4 - Information Disclosure
by Parsa Rezaie Khiabanloo
EIP-2026-101108 EXPLOITDB text
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service
by LiquidWorm
CVE-2025-5553 EXPLOITDB HIGH text
PHPGurukul Rail Pass Management System 1.0 - SQL Injection
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
by yozgatalperen1
CVSS 7.3
EIP-2026-114299 EXPLOITDB python
Wordpress Seotheme - Remote Code Execution Unauthenticated
by Milad karimi
EIP-2026-113479 EXPLOITDB python
Wordpress Augmented-Reality - Remote Code Execution Unauthenticated
by Milad karimi
EIP-2026-110151 EXPLOITDB text
Online Nurse Hiring System 1.0 - Time-Based SQL Injection
by yozgatalperen1
EIP-2026-104990 EXPLOITDB text
Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
by Furkan ÖZER
EIP-2026-103456 EXPLOITDB text
Elasticsearch - StackOverflow DoS
by TOUHAMI Kasbaoui
EIP-2026-101505 EXPLOITDB text
Zyxel zysh - Format string
by Marco Ivaldi
EIP-2026-109496 EXPLOITDB text
MISP 2.4.171 - Stored XSS
by Mücahit Çeri
EIP-2026-107542 EXPLOITDB text
GYM MS - GYM Management System - Cross Site Scripting (Stored)
by yozgatalperen1
EIP-2026-106278 EXPLOITDB text
Curfew e-Pass Management System 1.0 - FromDate SQL Injection
by Puja Dey
EIP-2026-105925 EXPLOITDB text
Clinic's Patient Management System 1.0 - Unauthenticated RCE
by Oğulcan Hami Gül
EIP-2026-104490 EXPLOITDB text
WhatsUp Gold 2022 (22.1.0 Build 39) - XSS
by Andreas Finstad
EIP-2026-101358 EXPLOITDB python
Milesight Routers UR5X_ UR32L_ UR32_ UR35_ UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
by Bipin Jitiya
CVE-2024-58299 EXPLOITDB CRITICAL python
PCMan FTP Server 2.0 - RCE
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access.
by Waqas Ahmed Faroouqi
CVSS 9.8
EIP-2026-119265 EXPLOITDB text
WebCatalog 48.4 - Arbitrary Protocol Execution
by ItsSixtyN3in
EIP-2026-108936 EXPLOITDB python
Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)
by whiteOwl
EIP-2026-102072 EXPLOITDB text
TP-Link TL-WR740N - UnAuthenticated Directory Transversal
by Syed Affan Ahmed (ZEROXINN)
EIP-2026-102071 EXPLOITDB text
TP-LINK TL-WR740N - Multiple HTML Injection
by Shujaat Amin (ZEROXINN)
EIP-2026-101712 EXPLOITDB python
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal
by LiquidWorm
EIP-2026-101711 EXPLOITDB text
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
by LiquidWorm
EIP-2026-101710 EXPLOITDB text
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure
by LiquidWorm
By Source
All 50,121 Exploitdb 50,121 Writeup 46,832 Nomisec 21,205 Metasploit 3,189 Github 2,268 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,746 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24