Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2025/06/15 12:0 a.m.349 views

WebDAV Windows 10 - Remote Code Execution (RCE)

Exploit Title: WebDAV Windows 10 - Remote Code Execution RCE Date: June 2025 Author: Dev Bui Hieu Tested on: Windows 10, Windows 11 Platform: Windows Type: Remote CVE: CVE-2025-33053 Description: This exploit leverages the behavior of Windows .URL files to execute a remote binary over a UNC path...

8.8CVSS8.5AI score0.81558EPSS
Exploits10
Exploit DB
Exploit DB
added 2024/05/19 12:0 a.m.349 views

Apache OFBiz 18.12.12 - Directory Traversal

Exploit Title: Apache OFBiz 18.12.12 - Directory Traversal Google Dork: N/A Date: 2024-05-16 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://ofbiz.apache.org/download.html Version: below example.createBlogPost...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.349 views

Gibbon LMS v26.0.00 - SSTI vulnerability

Exploit Title: Gibbon LMS v26.0.00 - SSTI vulnerability Date: 21.01.2024 Exploit Author: SecondX.io Research TeamIslam Rzayev,Fikrat Guliev, Ali Maharramli Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on: Ubuntu 22.0 CVE :...

9.8CVSS6.8AI score0.26089EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/03/11 12:0 a.m.349 views

Sitecore - Remote Code Execution v8.2

!/usr/bin/env python3 Exploit Title: Sitecore - Remote Code Execution v8.2 Exploit Author: abhishek morla Google Dork: N/A Date: 2024-01-08 Vendor Homepage: https://www.sitecore.com/ Software Link: https://dev.sitecore.net/ Version: 10.3 Tested on: windows64bit / mozila firefox CVE : CVE-2023-358...

9.8CVSS9.6AI score0.86685EPSS
Exploits7
Exploit DB
Exploit DB
added 2024/03/10 12:0 a.m.349 views

Ladder v0.0.21 - Server-side request forgery (SSRF)

Exploit Title: Ladder v0.0.21 - Server-side request forgery SSRF Date: 2024-01-20 Exploit Author: @chebuya Software Link: https://github.com/everywall/ladder Version: v0.0.1 - v0.0.21 Tested on: Ubuntu 20.04.6 LTS on AWS EC2 ami-0fd63e471b04e22d0 CVE: CVE-2024-27620 Description: Ladder fails to...

7.5CVSS7.7AI score0.02325EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/07/28 12:0 a.m.349 views

October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: October CMS v3.4.4 - Stored Cross-Site Scripting XSS Authenticated Date: 29 June 2023 Exploit Author: Okan Kurtulus Vendor Homepage: https://octobercms.com Version: v3.4.4 Tested on: Ubuntu 22.04 CVE : N/A Proof of Concept: 1– Install the system through the website and log in with...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/03/16 12:0 a.m.349 views

Apache APISIX 2.12.1 - Remote Code Execution (RCE)

Exploit Title: Apache APISIX 2.12.1 - Remote Code Execution RCE Date: 2022-03-16 Exploit Author: Ven3xy Vendor Homepage: https://apisix.apache.org/ Version: Apache APISIX 1.3 – 2.12.1 Tested on: CentOS 7 CVE : CVE-2022-24112 import requests import sys class color: HEADER = '\03395m' IMPORTANT =...

9.8CVSS9.6AI score0.96182EPSS
Exploits16
Exploit DB
Exploit DB
added 2021/10/13 12:0 a.m.349 views

Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)

Exploit Title: Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting XSS Shodan Dork: Search Logitech Media Server Date: 12.10.2021 Exploit Author: Mert Das Vendor Homepage: www.logitech.com Version: 8.2.0 Tested on: Windows 10, Linux POC: 1. Go to Settings / Interface tab 2. Add payload to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/02 12:0 a.m.349 views

Scratch Desktop 3.17 - Remote Code Execution

Exploit Title: Scratch Desktop 3.17 - Cross-Site Scripting/Remote Code Execution XSS/RCE Google Dork: 'inurl:"/projects/editor/?tutorial=getStarted" -mit.edu' not foolproof on versioning Date: 2021-06-18 Exploit Author: Stig Magnus Baugstø Vendor Homepage: https://scratch.mit.edu/ Software Link:...

9.6CVSS9.6AI score0.06074EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/01/26 12:0 a.m.349 views

Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)

Exploit Title: Cemetry Mapping and Information System 1.0 - 'useremail' Sql Injection Authentication Bypass Exploit Author: Marco Catalano Date: 2021-01-25 Vendor Homepage: https://www.sourcecodester.com/php/12779/cemetery-mapping-and-information-system-using-phpmysqli.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/06 12:0 a.m.349 views

Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)

Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...

9CVSS8.7AI score0.99064EPSS
Exploits10
Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.349 views

CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated)

Exploit Title: CMSUno 1.6.2 - 'lang' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.09.30 Exploit Author: Fatih Çelik Vendor Homepage: https://github.com/boiteasite/cmsuno/ Software Link: https://github.com/boiteasite/cmsuno/ Blog:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/24 12:0 a.m.349 views

Simple Online Food Ordering System 1.0 - 'id' SQL Injection (Unauthenticated)

Exploit Title: Simple Online Food Ordering System 1.0 - 'id' SQL Injection Unauthenticated Google Dork: N/A Date: 2020-09-22 Exploit Author: Eren 'Aporlorxl23' Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14460/simple-online-food-ordering-system-using-phpmysql.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/09/14 12:0 a.m.349 views

Joomla! paGO Commerce 2.5.9.0 - SQL Injection (Authenticated)

Exploit Title: Joomla! paGO Commerce 2.5.9.0 - SQL Injection Authenticated Date: 2020-08-21 Exploit Author: Mehmet Kelepçe / Gais Cyber Security Author ID: 8763 Vendor Homepage: https://www.corephp.com/ Software Link: https://www.corephp.com/joomla-products/pago-commerce Version: 2.5.9.0 Tested o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/28 12:0 a.m.349 views

EyouCMS 1.4.6 - Persistent Cross-Site Scripting

Exploit Title: EyouCMS 1.4.6 - Persistent Cross-Site Scripting Date: 2020-05-28 Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: https://eyoucms.com Software Link: https://qiniu.eyoucms.com/EyouCMS-V1.4.6-UTF8-SP2.zip Version: EyouCMS V1.4.6...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/20 12:0 a.m.349 views

Fork CMS 5.8.0 - Persistent Cross-Site Scripting

Title: Fork CMS 5.8.0 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.fork-cms.com/download Software Link: https://github.com/forkcms/forkcms/pull/3073 CVE: N/A Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/31 12:0 a.m.349 views

NextVPN v4.10 - Insecure File Permissions

Exploit Title: NextVPN v4.10 - Insecure File Permissions Date: 2019-12-23 Exploit Author: SajjadBnd Contact: [email protected] Vendor Homepage: https://vm3max.site Software Link:http://dl.spacevm.com/NextVPNSetup-v4.10.exe Version: 4.10 Tested on: Win10 Professional x64 Description The NextVPN...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/16 12:0 a.m.349 views

Integria IMS 5.0.86 - Arbitrary File Upload

Exploit Title: Integria IMS 5.0.86 - Arbitrary File Upload Date: 2019-08-16 Exploit Author: Greg.Priest Vendor Homepage: https://integriaims.com/ Software Link: https://sourceforge.net/projects/integria/files/5.0.86/ Version: Integria IMS 5.0.86 Tested on: Windows CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/02/12 12:0 a.m.349 views

BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution

Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link: https://github.com/rxtur/BlogEngine.NET/releases/download/v3.3.6.0/3360.zip Version: = 3.3.6 Tested on: Windows 2016...

9.8CVSS9.3AI score0.31725EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/04/02 12:0 a.m.348 views

ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)

Exploit Title : ABB Cylon Aspect 3.08.01 - Remote Code Execution RCE Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy manageme...

10CVSS9.6AI score0.1901EPSS
Exploits4
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.348 views

AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

Exploit Title: Life Insurance Management System- SQL injection vulnerability. Exploit Author: Aslam Anwar Mahimkar Date: 18-05-2024 Category: Web application Vendor Homepage: https://projectworlds.in/ Software Link: https://projectworlds.in/life-insurance-management-system-in-php/ Version: AEGON...

8.8CVSS6.6AI score0.02338EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.348 views

CE Phoenix v1.0.8.20 - Remote Code Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.348 views

Shuttle-Booking-Software v1.0 - Multiple-SQLi

Title: Shuttle-Booking-Software v1.0 - Multiple-SQLi Author: nu11secur1ty Date: 09/10/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/shuttle-booking-software/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The locationid...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.348 views

Color Prediction Game v1.0 - SQL Injection

Exploit Title: Color Prediction Game v1.0 - SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.348 views

File Thingie 2.5.7 - Remote Code Execution (RCE)

!/usr/bin/python Exploit Title: File Thingie 2.5.7 - Arbitary File Upload to RCE Google Dork: N/A Date: 27th of April, 2023 Exploit Author: Maurice Fielenbach grimlockx - Hexastrike Cybersecurity UG haftungsbeschränkt Software Link: https://github.com/leefish/filethingie Version: 2.5.7 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.349 views

PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)

Exploit Title: PKP Open Journals System 3.3 - Cross-Site Scripting XSS Date: 31/01/2022 Exploit Author: Hemant Kashyap Vendor Homepage: https://github.com/pkp/pkp-lib/issues/7649 Version: PKP Open Journals System 2.4.8 = 3.3 Tested on: All OS CVE : CVE-2022-24181 References:...

6.1CVSS6.3AI score0.0608EPSS
Exploits3
Exploit DB
Exploit DB
added 2021/06/18 12:0 a.m.348 views

Dlink DSL2750U - 'Reboot' Command Injection

Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Date: 17-06-2021 Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/07 12:0 a.m.348 views

Epic Games Rocket League 1.95 - Stack Buffer Overrun

Exploit Title: Epic Games Rocket League 1.95 - Stack Buffer Overrun Date: 25.04.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.epicgames.com https://www.rocketleague.com Epic Games Rocket League 1.95 AK::MemoryMgr::GetPoolName Stack Buffer Overrun Vendor: Epic Games Inc. | Psyonix,...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/11 12:0 a.m.348 views

Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection

Exploit Title: Prestashop 1.7.7.0 - 'idproduct' Time Based Blind SQL Injection Date: 08-01-2021 Exploit Author: Jaimin Gondaliya Vendor Homepage: https://www.prestashop.com Software Link: https://www.prestashop.com/en/download Version: Prestashop CMS - 1.7.7.0 Tested on: Windows 10 Parameter:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/13 12:0 a.m.348 views

Battle.Net 1.27.1.12428 - Insecure File Permissions

Exploit Title: Battle.Net 1.27.1.12428 - Insecure File Permissions Date: 2020-10-09 Exploit Author: George Tsimpidas Software Link : https://www.blizzard.com/en-gb/download/ Battle Net Desktop Version Patch: 1.27.1.12428 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/28 12:0 a.m.348 views

Cisco Adaptive Security Appliance - Path Traversal

''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerable Products This vulnerability affects Cisco ASA...

7.5CVSS7.7AI score0.99903EPSS
Exploits18
Exploit DB
Exploit DB
added 2017/03/15 12:0 a.m.348 views

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts Jakarta Multipart Parser OGNL Injection', 'Description' = %q This module exploits a remote code execution...

10CVSS7.6AI score0.99999EPSS
Exploits44
Exploit DB
Exploit DB
added 2016/11/02 12:0 a.m.348 views

Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Local Privilege Escalation (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "msf/core" class MetasploitModule 'Overlayfs Privilege Escalation', 'Description' = %q This module attempts to exploit two different CVEs related to overlayfs...

7.8CVSS7.1AI score0.37679EPSS
Exploits29
Exploit DB
Exploit DB
added 2015/05/25 12:0 a.m.348 views

Microsoft Windows - Local Privilege Escalation (MS15-010)

// ex.cpp / Windows XP/2K3/VISTA/2K8/7 WMSYSTIMER Kernel EoP CVE-2015-0003 March 2015 Public Release: May 24, 2015 Tested on: x86: Win 7 SP1 | Win 2k3 SP2 | Win XP SP3 x64: Win 2k8 SP1 | Win 2k8 R2 SP1 Author: Skylake - skylake mail com / include "ex.h" ZwAllocateVirtualMemory...

6.9CVSS6.4AI score0.04536EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.347 views

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' DOS Discovered by: Yehia Elghaly Discovered Date: 2023-08-04 Vendor Homepage: https://www.xlightftpd.com/ Software Link : https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.6 Vulnerability Type: Buffer Overflow...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.347 views

Joomla JLex Review 6.0.1 - Reflected XSS

Exploit Title: Joomla JLex Review 6.0.1 - Reflected XSS Exploit Author: CraCkEr Date: 01/08/2023 Vendor: JLexArt Vendor Homepage: https://jlexart.com/ Software Link: https://extensions.joomla.org/extension/jlex-review/ Demo: https://jlexreview.jlexart.com/ Version: 6.0.1 Tested on: Windows 10 Pro...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/13 12:0 a.m.347 views

Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)

Exploit Title: Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting XSS Date: 27-06-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system Version : 2.2...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/05 12:0 a.m.347 views

Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)

Exploit Title: Ulicms-2023.1 sniffing-vicuna - Remote Code Execution RCE Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: RCE Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link: https://www.ulicms.de/content/files/Releases/2023.1/ulicms-2023.1-sniffing-vicuna-full.zip Date o...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/02/16 12:0 a.m.347 views

WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)

Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing Authenticated Date: 09-11-2021 Exploit Author: Ceylan Bozogullarindan Exploit Website: https://bozogullarindan.com Vendor Homepage: https://bestwebsoft.com/ Software Link:...

4.9CVSS5.2AI score0.05188EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/12/03 12:0 a.m.347 views

WordPress Plugin Slider by Soliloquy 2.6.2 - 'title' Stored Cross Site Scripting (XSS) (Authenticated)

Exploit Title: WordPress Plugin Slider by Soliloquy 2.6.2 - 'title' Stored Cross Site Scripting XSS Authenticated Date: 02/12/2021 Exploit Author: Abdurrahman Erkan @erknabd Vendor Homepage: https://soliloquywp.com/ Software Link: https://wordpress.org/plugins/soliloquy-lite/ Version: 2.6.2 Teste...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/01/29 12:0 a.m.347 views

SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)

Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution Unauthenticated Exploit Author: Darren Martyn Vendor Homepage: https://www.home-assistant.io/ Version: SMA 8.0.0.4 Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.347 views

Motorola Device Manager 2.5.4 - 'ForwardDaemon.exe ' Unquoted Service Path

Exploit Title: Motorola Device Manager 2.5.4 - 'ForwardDaemon.exe 'Unquoted Service Path Discovery by: Angel Canseco Discovery Date: 2020-11-07 Vendor Homepage: https://motorola-device-manager.programas-gratis.net/gracias Tested Version: 2.5.4 Vulnerability Type: Unquoted Service Path Tested on O...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/26 12:0 a.m.347 views

ReQuest Serious Play Media Player 3.0 - Directory Traversal File Disclosure

Exploit Title: ReQuest Serious Play Media Player 3.0 - Directory Traversal File Disclosure Vulnerability Exploit Author: LiquidWorm Software Link: http://request.com/ Version: 3.0.0 ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure Vulnerability Vendor: ReQuest Serious Pla...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/01 12:0 a.m.347 views

MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated)

Exploit Title: MonoCMS Blog 1.0 - Arbitrary File Deletion Authenticated Date: 2020-09-20 Exploit Author: Shahrukh Iqbal Mirza @shahrukhiqbal24 Vendor Homepage: https://monocms.com/download Software Link: https://monocms.com/download Version: 1.0 Tested On: Windows 10 XAMPP CVE: N/A Proof of...

7.5CVSS6.9AI score0.01628EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/03/24 12:0 a.m.347 views

UCM6202 1.0.18.13 - Remote Command Injection

Exploit Title: UCM6202 1.0.18.13 - Remote Command Injection Date: 2020-03-23 Exploit Author: Jacob Baines Vendor: http://www.grandstream.com Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series Tested on: UCM6202 1.0.18.13 CVE : CVE-2020-5722 Shodan...

10CVSS9.5AI score0.83926EPSS
Exploits8
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.347 views

WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting

Exploit Title: WordPress Plugin WooCommerce Product Feed = 2.2.18 - Cross-Site Scripting Date: 30 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/ Version: = 2.2.18 Tested on: Ubuntu 18.04.1 CV...

5.4CVSS5.9AI score0.03213EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/26 12:0 a.m.347 views

LSoft ListServ < 16.5-2018a - Cross-Site Scripting

Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501...

6.1CVSS6.5AI score0.08182EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/07/16 12:0 a.m.346 views

Keras 2.15 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Keras 2.15 - Remote Code Execution RCE Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-07-09 Tested on: Ubuntu 22.04 LTS, Python 3.10, TensorFlow/Keras = 2.15 CVE: CVE-2025-1550 Type: Remote Code...

9.8CVSS7.4AI score0.02803EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/03/18 12:0 a.m.346 views

WEBIGniter v28.7.23 - Stored XSS

Title: WEBIGniter v28.7.23 XSS Author: RedTeamer IT Security, Mesut Cetin Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting/stored Description: During the user creation process, the 'yourname...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/12 12:0 a.m.346 views

Client Details System 1.0 - SQL Injection

Exploit Title: CVE-2023-7137ClientDetailsSystem-SQLInjection1 + Date: 2023-26-12 + Exploit Author: Hamdi Sevben + Vendor Homepage: https://code-projects.org/client-details-system-in-php-with-source-code/ + Software Link:...

8.8CVSS8.9AI score0.17026EPSS
Exploits4
Total number of security vulnerabilities5000