Exploitdb Exploits
50,123 exploits tracked across all sources.
Netlify CMS <2.10.192 - XSS
A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.
by tmrswrr
CVSS 5.4
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
by Idan Malihi
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
by Idan Malihi
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
by Idan Malihi
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
by Idan Malihi
Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)
by Sander Ferdinand
IP-DOT BuildaGate <v.BuildaGate5 - XSS
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL.
by Idan Malihi
CVSS 6.1
Vmware Spring Cloud Function < 3.1.6 - Remote Code Execution
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
by GatoGamer1155
CVSS 9.8
HTTP Protocol Stack - RCE
HTTP Protocol Stack Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 9.8
Faculty Evaluation System v1.0 - SQL Injection
by Andrey Stoykov
Microsoft Outlook - RCE
Microsoft Outlook Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 8.8
Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)
by Okan Kurtulus
Lost and Found Information System v1.0 - SQL Injection
Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.
by Amirhossein Bahramizadeh
CVSS 9.8
Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)
by Omer Shaik
Microsoft Edge < - Info Disclosure
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
by nu11secur1ty
CVSS 6.5
Alkacon Opencms - XSS
An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
by tmrswrr
CVSS 6.1
WebsiteBaker 2.13.3 - XSS
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting attacks.
by Mirabbas Ağalarov
CVSS 5.4
WebsiteBaker 2.13.3 - Path Traversal
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory traversal sequences to delete files outside the intended directory.
by Mirabbas Ağalarov
CVSS 6.5
WBCE CMS 1.6.1 - XSS
WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests.
by Mirabbas Ağalarov
CVSS 5.4
Spip 4.1.10 - XSS
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering.
by nu11secur1ty
CVSS 8.8
PodcastGenerator 3.2.9 - SSRF
PodcastGenerator 3.2.9 contains a blind server-side request forgery vulnerability that allows attackers to inject XML in the episode upload form. Attackers can manipulate the 'shortdesc' parameter to trigger external HTTP requests to arbitrary endpoints during podcast episode creation.
by Mirabbas Ağalarov
CVSS 9.8
Rukovoditel 3.4.1 - XSS
Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers.
by Mirabbas Ağalarov
CVSS 5.4
Rukovoditel 3.4.1 - XSS
Rukovoditel 3.4.1 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert XSS payloads in project task comments to execute arbitrary JavaScript in victim browsers.
by Mirabbas Ağalarov
CVSS 5.4
By Source