Lucene search
K
ExploitdbMost viewed

47904 matches found

Exploit DB
Exploit DB
added 2024/06/26 12:0 a.m.335 views

Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution RCE Date: 24-06-2024 CVE: N/A Awaiting ID to be assigned Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/28 12:0 a.m.335 views

WinRAR version 6.22 - Remote Code Execution via ZIP archive

Exploit Title : EXPLOIT WinRAR version 6.22 Vulnerability CVE-2023-38831 Author : E1.Coders Contact : E1.Coders at Mail dot RU Security Risk : High Description : All target's GOV & Military websites Expl0iTs: include include include include "zip.h" define PDFFILE "document.pdf" define FOLDERNAME...

7.8CVSS8.2AI score0.97798EPSS
Exploits49
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.335 views

Bang Resto v1.0 - 'Multiple' SQL Injection

Exploit Title: Bang Resto v1.0 - 'Multiple' SQL Injection Date: 2023-04-02 Exploit Author: Rahad Chowdhury Vendor Homepage: https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Software Link: https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip Version: 1.0...

8.8CVSS8.9AI score0.03165EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/02/08 12:0 a.m.335 views

Hotel Reservation System 1.0 - SQLi (Unauthenticated)

Exploit Title: Hotel Reservation System 1.0 - SQLi Unauthenticated Google Dork: None Date: 01/29/2022 Exploit Author: Nefrit ID Author Website: https://manadocoder.com Vendor Homepage: https://github.com/dhruvmullick Software Link: https://github.com/dhruvmullick/hotel-reservation-system Tested o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/04/08 12:0 a.m.335 views

Composr 10.0.36 - Remote Code Execution

Exploit Title: Composr 10.0.36 - Remote Code Execution Date: 04/06/2021 Exploit Author: Orion Hridoy Vendor Homepage: https://compo.sr/ Software Link: https://compo.sr/download.htm Version: 10.0.36 Tested on: Windows/Linux CVE : CVE-2021-30149 A RCE on Composr CMS has been discovered by BugsBD...

9.8CVSS9.7AI score0.10064EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/10/26 12:0 a.m.335 views

InoERP 0.7.2 - Remote Code Execution (Unauthenticated)

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: InoERP 0.7.2 Unauthenticated Remote Code Execution Date: March 14, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/03/14/inoerp-ab-rce/ Software Link: https://github.com/inoerp/inoERP Version: 0.7....

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/12/06 12:0 a.m.335 views

Verot 2.0.3 - Remote Code Execution

Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85"; $baseurl = "http://lorempixel.com"; echo "-=Imagejpeg...

9.8CVSS9.8AI score0.26184EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/09/09 12:0 a.m.335 views

Enigma NMS 65.0.0 - OS Command Injection

!/usr/bin/python -------------------------------------------------------------------- Exploit Title: Enigma NMS OS Command Injection NETSAS Pty Ltd Enigma NMS Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software...

10CVSS9.8AI score0.25279EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/14 12:0 a.m.335 views

ManageEngine opManager 12.3.150 - Authenticated Code Execution

!/usr/bin/env python3 Exploit Title: ManageEngine opManager Authenticated Code Execution Google Dork: N/A Date: 08/13/2019 Exploit Author: @kindredsec Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/network-monitoring/download.html Version: 12.3.150 Test...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/08/05 12:0 a.m.335 views

Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_guestbook.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2025/08/18 12:0 a.m.334 views

Tenda AC20 16.03.08.12 - Command Injection

/ Exploit Title : Tenda AC20 16.03.08.12 - Command Injection Author : Byte Reaper CVE : CVE-2025-9090 Description: A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. target endpoint :...

9.8CVSS7.4AI score0.14105EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.334 views

Microsoft Windows Server 2016 - Win32k Elevation of Privilege

Exploit Title: Microsoft Windows Server 2016 - Win32k Elevation of Privilege Date: 2025-05-19 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Country: United Kingdom CVE : CVE-2023-29336 include include include define...

7.8CVSS7.2AI score0.40919EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.334 views

ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy

ABB Cylon Aspect 3.07.02 userManagement.php - Weak Password Policy Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management...

9.8CVSS7AI score0.01834EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/04/12 12:0 a.m.334 views

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS8.7AI score0.7463EPSS
Exploits15
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.334 views

Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Hospital Management System v1.0 - Stored Cross Site Scripting XSS Google Dork: NA Date: 28-03-2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://code-projects.org Software Link:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/28 12:0 a.m.334 views

Broken Access Control - on NodeBB v3.6.7

Exploit Title: Broken Access Control - on NodeBB v3.6.7 Date: 22/2/2024 Exploit Author: Vibhor Sharma Vendor Homepage: https://nodebb.org/ Version: 3.6.7 Description: I identified a broken access control vulnerability in nodeBB v3.6.7, enabling attackers to access restricted information intended...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/03/14 12:0 a.m.334 views

KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow

Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤...

7.8CVSS7.7AI score0.01777EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/02/09 12:0 a.m.334 views

Wordpress Augmented-Reality - Remote Code Execution Unauthenticated

Exploit Title: Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Date: 2023-09-20 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import requests as req import json import sys import random import uuid import urllib.parse import urllib3 from...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/06/22 12:0 a.m.334 views

Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)

Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure Unauthenticated Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office" Date: 09/Dec/2022 Exploit Author: Tejas Nitin Pingulkar https://cvewalkthrough.com/ Vendor Homepage: https://smartofficepayroll.com/ Software...

7.5CVSS7.6AI score0.59407EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/05/02 12:0 a.m.334 views

FS-S3900-24T4S - Privilege Escalation

Exploit Title: FS-S3900-24T4S Privilege Escalation Date: 29/04/2023 Exploit Author: Daniele Linguaglossa & Alberto Bruscino Vendor Homepage: https://www.fs.com/ Software Link: not available Version: latest Tested on: latest CVE : CVE-2023-30350 import sys import telnetlib def exploitargs: printar...

8.8CVSS9.1AI score0.05343EPSS
Exploits4
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.334 views

Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Piwigo 13.6.0 - Stored Cross-Site Scripting XSS Application: Piwigo Version: 13.6.0 Bugs: Stored XSS Technology: PHP Vendor URL: https://piwigo.org/ Software Link: https://piwigo.org/get-piwigo Date of found: 18.04.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Detail...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/05/11 12:0 a.m.334 views

Bitrix24 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Bitrix24 - Remote Code Execution RCE Authenticated Date: 4/22/2022 Exploit Author: picaroo Vendor Homepage: https://www.bitrix24.com/apps/desktop.php Tested on: Linux os /usr/bin/env python Created by heinjame import requests import re from bs4 import BeautifulSoup import...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/19 12:0 a.m.334 views

uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting (XSS)

Exploit Title: uDoctorAppointment v2.1.1 - 'Multiple' Cross Site Scripting XSS Exploit Author: Vulnerability-Lab Date: 15/12/2021 Document Title: =============== uDoctorAppointment v2.1.1 - Multiple XSS Vulnerabilities References Source: ====================...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/20 12:0 a.m.334 views

phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Date: 18/12/2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/12/16 12:0 a.m.334 views

Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration

Exploit Title: Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration Date: 13/12/2021 Exploit Author: Daniel Morales, IT Security Team - ARHS Spikeseed Vendor Homepage: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version: vulnerable v3.0 Tested on:...

5.3CVSS5.8AI score0.23141EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/12/10 12:0 a.m.334 views

Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: fuzzyap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/17 12:0 a.m.334 views

Content Management System 1.0 - 'email' SQL Injection

Exploit Title: Content Management System 1.0 - 'email' SQL Injection Exploit Author: Zhayi Zeo Date: 2020-12-14 Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/05/26 12:0 a.m.334 views

OpenEMR 5.0.1 - Remote Code Execution (1)

Title: OpenEMR 5.0.1 - Remote Code Execution 1 Exploit Author: Musyoka Ian Date: 2020-05-25 Title: OpenEMR 5.0.1 - Remote Code Execution Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/04/06 12:0 a.m.334 views

LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...

5.4CVSS5.9AI score0.70841EPSS
Exploits4
Exploit DB
Exploit DB
added 2015/08/12 12:0 a.m.334 views

Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070)

/ Exploit Title: Windows 2k3 SP2 TCP/IP IOCTL Privilege Escalation MS14-070 Date: 2015-08-10 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows 2003 SP2 x86 Windows 2003 SP2 x86-64 Windows 2003 SP2 IA-64 Supported vulnerable software: Windows 2003 SP2 x86 Tested on: Windows 2003 SP2 x...

7.2CVSS8.7AI score0.22666EPSS
Exploits12
Exploit DB
Exploit DB
added 2024/05/04 12:0 a.m.333 views

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Affected version: 1.0.0 Revision 7304 1.0.0 Revision 7284 1.0.0 Revision 6505 1.0.0 Revision 6332 1.0.0 Revision 6258 XS2DAB v1.50 rev 6267 Summary: Cleber offers a...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/28 12:0 a.m.333 views

zomplog 3.9 - Remote Code Execution (RCE)

Exploit Title: zomplog 3.9 - Remote Code Execution RCE Application: zomplog Version: v3.9 Bugs: RCE Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux impor...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/07/28 12:0 a.m.333 views

Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)

Exploit Title: Availability Booking Calendar v1.0 - Multiple Cross-site scripting XSS Date: 07/2023 Exploit Author: Andrey Stoykov Tested on: Ubuntu 20.04 Blog: http://msecureltd.blogspot.com XSS 1: Steps to Reproduce: 1. Browse to Bookings 2. Select All Bookings 3. Edit booking and select Promo...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2023/06/19 12:0 a.m.333 views

Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting XSS Google Dork: N/A Date: 18-06-2023 Exploit Author: Harshit Joshi Vendor Homepage: https://community.broadcom.com/home Software Link: https://www.broadcom.com/products/identity/siteminder Version: 12.52 Tested on: Linux,...

6.1CVSS5.6AI score0.03083EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.333 views

Serendipity 2.4.0 - Cross-Site Scripting (XSS)

Exploit Title: Serendipity 2.4.0 - Cross-Site Scripting XSS Author: Mirabbas Ağalarov Application: Serendipity Version: 2.4.0 Bugs: Stored XSS Technology: PHP Vendor URL: https://docs.s9y.org/ Software Link: https://docs.s9y.org/downloads.html Date of found: 13.04.2023 Tested on: Linux 2. Technic...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/11/03 12:0 a.m.333 views

Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)

Exploit Title: Ultimate POS 4.4 - 'name' Cross-Site Scripting XSS Date: 2021-10-26 Exploit Author: Vulnerability Lab Vendor Homepage: https://ultimatefosters.com/docs/ultimatepos/ Version: 4.4 Document Title: =============== Ultimate POS v4.4 - Products Persistent XSS Vulnerability References...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/04 12:0 a.m.333 views

WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Date: 2021-08-03 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/16 12:0 a.m.334 views

Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path

Exploit Title: Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path Discovery by: BRushiran Date: 15-06-2021 Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksortersrvsetupv13.6.12x64.exe Tested Version: 13.6.12 Vulnerability...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2020/12/17 12:0 a.m.333 views

PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)

Exploit Title: PHPJabbers Appointment Scheduler 2.3 - Reflected XSS Cross-Site Scripting Date: 2020-12-14 Exploit Author: Andrea Intilangelo Vendor Homepage: https://www.phpjabbers.com Software Link: https://www.phpjabbers.com/appointment-scheduler Version: 2.3 Tested on: Latest Version of Deskto...

6.1CVSS6.3AI score0.02678EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/10/16 12:0 a.m.333 views

Employee Management System 1.0 - Authentication Bypass

Exploit Title: Employee Management System 1.0 - Authentication Bypass Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2020/01/23 12:0 a.m.333 views

Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS rdsatomicfreeop NULL pointer dereference Privilege Escalation', 'Description' = %q This module attempts to gain roo...

5.5CVSS7.4AI score0.07679EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/11/01 12:0 a.m.333 views

TheJshen contentManagementSystem 1.04 - 'id' SQL Injection

Exploit Title: TheJshen contentManagementSystem 1.04 - 'id' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Version: 1.04 Software Link: https://github.com/thejshen/contentManagementSystem.git Tested on: CentOS7 GET paramet...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/07/29 12:0 a.m.333 views

WordPress Plugin Simple Membership 3.8.4 - Cross-Site Request Forgery

Exploit Title: Cross Site Request Forgery in Wordpress Simple Membership plugin Date: 2019-07-27 Exploit Author: rubyman Vendor Homepage: https://wordpress.org/plugins/simple-membership/ wpvulndb : https://wpvulndb.com/vulnerabilities/9482 Version: 3.8.4 Tested on: Windows 8.1 CVE : CVE-2019-1432...

8.8CVSS9AI score0.0315EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/07/12 12:0 a.m.333 views

Sahi Pro 8.0.0 - Remote Command Execution

Exploit Title: Sahi Pro V8.0.0 - Unauthenticated Remote Command Execution Date: 2019-07-12 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sahipro.com Software Link: https://sahipro.com/static/builds/pro/installsahiprov80020181031.jar Reference:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/01/20 12:0 a.m.333 views

Joomla! < 3.6.4 - Admin Takeover

!/usr/bin/python3 CVE-2016-9838: Joomla! = 3.6.4 Admin TakeOver cf Source: https://www.ambionics.io/blog/cve-2016-9838-joomla-account-takeover-and-remote-code-execution import bs4 import requests import random ADMINID = 384 url = 'http://vmweb.lan/Joomla-3.6.4/' formurl = url +...

7.5CVSS7AI score0.14099EPSS
Exploits6
Exploit DB
Exploit DB
added 2025/06/20 12:0 a.m.332 views

FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse

!/usr/bin/env python3 """ Exploit Title: FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse Date: 2025-06-15 Exploit Author: Shahid Parvez Hakim BugB Technologies Vendor Homepage: https://www.fortinet.com Software Link: https://www.fortinet.com/products/secure-sd-wan/fortigate...

4.8CVSS7.4AI score0.01076EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/06/15 12:0 a.m.333 views

PHP CGI Module 8.3.4 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: PHP CGI Module 8.3.4 - Remote Code Execution RCE Date: 2025-06-13 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/yigitsql old account banned Vendor Homepage: https://www.php.net/ Software Link: https://www.php.net/downloads Version: PH...

9.8CVSS9.6AI score0.99987EPSS
Exploits64
Exploit DB
Exploit DB
added 2025/05/09 12:0 a.m.332 views

WordPress Depicter Plugin 3.6.1 - SQL Injection

Exploit Title: WordPress Depicter Plugin 3.6.1 - SQL Injection Google Dork: inurl:/wp-content/plugins/depicter/ Date: 2025-05-06 Exploit Author: Andrew Long datagoboom Vendor Homepage: https://wordpress.org/plugins/depicter/ Software Link: https://downloads.wordpress.org/plugin/depicter.3.6.1.zip...

7.5CVSS7.1AI score0.46435EPSS
Exploits6
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.332 views

ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure

ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy management and...

8.7CVSS7AI score0.01497EPSS
Exploits3
Exploit DB
Exploit DB
added 2024/04/02 12:0 a.m.332 views

Daily Habit Tracker 1.0 - SQL Injection

Exploit Title: Daily Habit Tracker 1.0 - SQL Injection Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian...

9.8CVSS9.7AI score0.0133EPSS
Exploits4
Total number of security vulnerabilities5000