Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2025/06/13 12:0 a.m.250 views

Windows File Explorer Windows 10 Pro x64 - TAR Extraction

import os import tarfile def main: filename = input"Enter your file name: " ipaddress = input"Enter IP EX: 192.168.1.162: " librarycontent = f""" \\ipaddress\IT """ libraryfilename = f"filename.library-ms" with openlibraryfilename, "w", encoding="utf-8" as f: f.writelibrarycontent tarname =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/06/13 12:0 a.m.570 views

Roundcube 1.6.10 - Remote Code Execution (RCE)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization', 'Description' = %q Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allo...

9.9CVSS9.7AI score0.94741EPSS
Exploits29
Exploit DB
Exploit DB
added 2025/06/09 12:0 a.m.406 views

Laravel Pulse 1.3.1 - Arbitrary Code Injection

!/usr/bin/env python3 Exploit Title: Laravel Pulse 1.3.1 - Arbitrary Code Injection Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Laravel Pulse v1.2.0 / Ubuntu 22.04 / Apache2 CVE: CVE-2024-55661 Type: Remote Code Execution via...

8.8CVSS8.8AI score0.28571EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/06/09 12:0 a.m.302 views

TightVNC 2.8.83 - Control Pipe Manipulation

Exploit Title: TightVNC 2.8.83 - Control Pipe Manipulation Date: 06/09/2025 Exploit Author: Ionut Zevedei [email protected] Exploit Repository: https://github.com/zeved/CVE-2024-42049-PoC Vendor Homepage: https://www.tightvnc.com/ Software Link: https://www.tightvnc.com/download.php Version: 2.8.83...

9.1CVSS9.4AI score0.02147EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/06/09 12:0 a.m.491 views

Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege

!/usr/bin/env python3 Exploit Title: Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Windows 11 Version 24H2 for x64-based Systems...

7.3CVSS7.9AI score0.03035EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/06/09 12:0 a.m.289 views

ProSSHD 1.2 20090726 - Denial of Service (DoS)

Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Google Dork: N/A Date: 13 january 2024 Exploit Author: Fernando Mengali Vendor Homepage: https://prosshd.com/ Software Link: N/A Version: 1.2 20090726 Tested on: Windows XP CVE: CVE-2024-0725 $sis="$^O"; if $sis eq "windows" $cmd="cls";...

7.5CVSS7.6AI score0.03649EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.269 views

Apache Tomcat 10.1.39 - Denial of Service (DoS)

Exploit Title: Apache Tomcat 10.1.39 - Denial of Service DOS Author: Abdualhadi khalifa CVE: CVE-2025-31650 import httpx import asyncio import random import urllib.parse import sys import socket from colorama import init, Fore, Style init class TomcatKiller: def initself: self.successcount = 0...

7.5CVSS7.4AI score0.66933EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.409 views

macOS LaunchDaemon iOS 17.2 - Privilege Escalation

!/usr/bin/env python3 Exploit Title: macOS LaunchDaemon iOS 17.2 - Privilege Escalation Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 Tested on: macOS Sonoma 14.x ARM64 / x8664 CVE: CVE-2025-24085 Type: Local Privilege Escalation Platform...

10CVSS7.4AI score0.18668EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.337 views

Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution RCE Exploit Author: Mohammed Idrees Banyamer Instagram: @@banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 CVE: CVE-2025-30397 Vendor: Microsoft Affected Versions: Windo...

7.5CVSS7.4AI score0.21562EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.393 views

Grandstream GSD3710 1.0.11.13 - Stack Overflow

!/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Overflow Date: 2025-05-29 Exploit Author: Pepelux Vendor Homepage: https://www.grandstream.com/ Version: Grandstream GSD3710 - firmware:1.0.11.13 and lower Tested on: Linux and MacOS CVE: CVE-2022-2025 """ Author: Jose Lui...

9.8CVSS7.4AI score0.04122EPSS
Exploits1
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.236 views

ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)

ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution RCE Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.04 Summary: ASPECT is an award-winning scalable building energy management...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.349 views

CloudClassroom PHP Project 1.0 - SQL Injection

Exploit Title: CloudClassroom PHP Project 1.0 - SQL Injection Google Dork: inurl:CloudClassroom-PHP-Project-master Date: 2025-05-30 Exploit Author: Sanjay Singh Vendor Homepage: https://github.com/mathurvishal/CloudClassroom-PHP-Project Software Link:...

7.3CVSS7.4AI score0.00995EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.506 views

WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing

Exploit Title: WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing Google Dork: inurl:/wp-content/plugins/digits/ Date: 2025-04-30 Exploit Author: Saleh Tarawneh Vendor Homepage: https://digits.unitedover.com/ Version: 8.4.6.1 CVE : CVE-2025-4094 """ The Digits plugin for...

9.8CVSS7AI score0.16444EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.356 views

SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal

Exploit Title: SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal Date: 2025-05-28 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.solarwinds.com/serv-u-managed-file-transfer-server Software Link:...

8.6CVSS7.3AI score0.99614EPSS
Exploits8
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.327 views

Campcodes Online Hospital Management System 1.0 - SQL Injection

Exploit Title: Campcodes Online Hospital Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: Carine Constantino Vendor Homepage: https://www.campcodes.com Software Link: https://www.campcodes.com/projects/online-hospital-management-system-using-php-and-mysql/ Version: 1.0 Teste...

9.8CVSS7.1AI score0.00758EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.428 views

Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure

!/usr/bin/env python3 Exploit Title: Windows File Explorer Windows 11 23H2 - NTLM Hash Disclosure Exploit Author: Mohammed Idrees Banyamer Twitter/GitHub:https://github.com/mbanyamer Date: 2025-05-27 CVE: CVE-2025-24071 Vendor: Microsoft Affected Versions: Windows 10/11 All supporting .library-ms...

6.5CVSS7.3AI score0.25068EPSS
Exploits21
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.464 views

Automic Agent 24.3.0 HF4 - Privilege Escalation

Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation Date: 26.05.2025 Exploit Author: Flora Schäfer Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation Version: /tmp/sh.so 2. Run the ucxjlx6 executable as follows $ ./ucxjlx6 ini=echo -e...

8.5CVSS7.1AI score0.00516EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/05/29 12:0 a.m.374 views

Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass Date: 2025-05-25 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.fortra.com/products/secure-file-transfer/goanywhere-mft...

9.8CVSS7AI score0.95086EPSS
Exploits8
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.333 views

Microsoft Windows Server 2016 - Win32k Elevation of Privilege

Exploit Title: Microsoft Windows Server 2016 - Win32k Elevation of Privilege Date: 2025-05-19 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Country: United Kingdom CVE : CVE-2023-29336 include include include define...

7.8CVSS7.2AI score0.40919EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.326 views

Java-springboot-codebase 1.1 - Arbitrary File Read

Exploit Title: Java-springboot-codebase 1.1 - Arbitrary File Read Google Dork: Date: 23/May/2025 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link: https://github.com/OsamaTaher/Java-springboot-codebase Version: app version 1.1 Tested on:...

8.7CVSS7AI score0.03847EPSS
Exploits14
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.404 views

WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass

!/usr/bin/env python3 Exploit Title: WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass Date: 2025-05-22 Exploit Author: Mohammed Idrees Banyamer Vendor Homepage: https://wordpress.org/plugins/user-registration/ Software Link:...

8.1CVSS7AI score0.0719EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.273 views

ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation

!/usr/bin/env python Exploit Title: ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalabl...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.285 views

Windows 2024.15 - Unauthenticated Desktop Screenshot Capture

Exploit Title: Windows 2024.15 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Version: 2024.15 Tested on: Windows 10/11 with Remote for Windows helper ''' Description: -...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.469 views

Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow

!/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow Google Dork: if applicable Date: 2025-05-23 Exploit Author: Pepelux user in ExploitDB Vendor Homepage: https://www.grandstream.com/ Software Link: download link if available Version: Grandstream GSD3710 -...

9.8CVSS9.2AI score0.04418EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/05/25 12:0 a.m.312 views

ABB Cylon Aspect Studio 3.08.03 - Binary Planting

Exploit Title: ABB Cylon Aspect Studio 3.08.03 - Binary Planting Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: type project P R O J E C T .| | | |'| . | | |. |' .---"| .-' '-. | | .--'| || | | | .-'| .| | || '- | | | || | |' | |. | || | | | | || | | '-' ' "" '-' '-.'...

7.1CVSS7.1AI score0.00977EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/21 12:0 a.m.246 views

Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)

Exploit Title: Remote Keyboard Desktop 1.0.1 - Remote Code Execution RCE Date: 05/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://remotecontrolio.web.app/ Software Link: https://apps.microsoft.com/detail/9n0jw8v5sc9m?hl=neutral&gl=US&ocid=pdpshare Version: 1.0.1 Tested on: Windows...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/18 12:0 a.m.380 views

Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation

Exploit Title: Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation Date: 2025-04-23 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.zyxel.com/ Version: Zyxel uOS V1.31 see https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-= =3D...

7.8CVSS7AI score0.0093EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/05/18 12:0 a.m.290 views

Invision Community 5.0.6 - Remote Code Execution (RCE)

\n"; print "\nExample....: php $argv0 http://localhost/invision/"; print "\nExample....: php $argv0 https://invisioncommunity.com/\n\n"; die; $ch = curlinit; $params = "app" = "core", "module" = "syst...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/18 12:0 a.m.302 views

CrushFTP 11.3.1 - Authentication Bypass

Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.crushftp.com Software Link: https://www.crushftp.com/download.html Version: =2.28.1 , colorama=0.4.6 ,...

9.8CVSS7.4AI score0.99947EPSS
Exploits18
Exploit DB
Exploit DB
added 2025/05/13 12:0 a.m.372 views

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork: inurl:/wp-content/plugins/frontend-login-and-registration-blocks/ Date: 2025-05-12 Exploit Author: Md Shoriful Islam RootHarpy Vendor Homepage:...

9.8CVSS7.1AI score0.06441EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/05/13 12:0 a.m.337 views

TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow

/ Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - DHCP Stack Buffer Overflow Date: 10/20/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-11237 Category: Remote Technical...

9.8CVSS7.1AI score0.05198EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/13 12:0 a.m.434 views

Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)

Exploit Title: Kentico Xperience 13.0.178 - Cross Site Scripting XSS Date: 2025-05-09 Version: Kentico Xperience before 13.0.178 Exploit Author: Alex Messham Contact: [email protected] Source: https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC/ CVE: CVE-2025-32370 import...

9.8CVSS9.6AI score0.59066EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/13 12:0 a.m.290 views

RDPGuard 9.9.9 - Privilege Escalation

Exploit Title: RDPGuard 9.9.9 - Privilege Escalation Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version: 9.9.9 latest Tested on: Windows 10 32bit Steps to Reproduce 1. Prepare a .bat...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/09 12:0 a.m.331 views

WordPress Depicter Plugin 3.6.1 - SQL Injection

Exploit Title: WordPress Depicter Plugin 3.6.1 - SQL Injection Google Dork: inurl:/wp-content/plugins/depicter/ Date: 2025-05-06 Exploit Author: Andrew Long datagoboom Vendor Homepage: https://wordpress.org/plugins/depicter/ Software Link: https://downloads.wordpress.org/plugin/depicter.3.6.1.zip...

7.5CVSS7.1AI score0.46435EPSS
Exploits6
Exploit DB
Exploit DB
added 2025/05/09 12:0 a.m.354 views

Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation

Exploit Title: Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation Date: 2025-05-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64 CVE : CVE-2024-38193 pragma once...

7.8CVSS7.2AI score0.27561EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/05/09 12:0 a.m.305 views

Apache ActiveMQ 6.1.6 - Denial of Service (DOS)

Exploit Title: Apache ActiveMQ 6.1.6 - Denial of Service DOS Date: 2025-05-9 Exploit Author: Abdualhadi khalifa https://x.com/absholi7ly/ Github: https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ CVE: CVE-2025-27533 import socket import struct import time import datetime...

7.5CVSS7AI score0.08453EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/05/09 12:0 a.m.510 views

VirtualBox 7.0.16 - Privilege Escalation

Exploit Title: VirtualBox 7.0.16 - Privilege Escalation Date: 2025-05-06 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64 CVE : CVE-2024-21111 include include include include include include include inclu...

7.8CVSS7AI score0.0178EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/09 12:0 a.m.329 views

SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation

Exploit Title: SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation Date: 2025-05-7 Exploit Author: Abdualhadi khalifa https://x.com/absholi7ly/ Affected: Versions All versions of OttoKit SureTriggers ≤ 1.0.82. Conditions for Exploitation The vulnerability can be exploited under the followin...

9.8CVSS7.1AI score0.5088EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/06 12:0 a.m.357 views

Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)

Exploit Title: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2025-05-02 Exploit Author: Sn1p3r-H4ck3r Siripong Jintung Vendor Homepage: https://snipeitapp.com Software Link: https://github.com/grokability/snipe-it Version: /printassigned endpoint. This...

5CVSS7AI score0.01189EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/05/06 12:0 a.m.407 views

ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)

Exploit Title: ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery CSRF Google Dork: inurl:"/api/method/frappe" Date: 2025-04-29 Exploit Author: Ahmed Thaiban Thvt0ne Vendor Homepage: https://erpnext.com Software Link: https://github.com/frappe/erpnext Version: Delete User Click Her...

8.1CVSS7.1AI score0.00759EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/05/06 12:0 a.m.285 views

Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 1.901.0 Date: 03/07/2024 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v1.901.0.zip Tested on: Windows CVE : N/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/01 12:0 a.m.497 views

ZTE ZXV10 H201L - RCE via authentication bypass

Exploit Title: ZTE ZXV10 H201L - RCE via authentication bypass Exploit Author: l34n tasos meletlidis https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client, requests, os, argparse, struct, zlib from io import BytesIO from os import stat from Crypto.Cipher import AES def...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/01 12:0 a.m.275 views

Daikin Security Gateway 14 - Remote Password Reset

Daikin Security Gateway 214 - Remote Password Reset Vendor: Daikin Industries, Ltd. Product web page: https://www.daikin.com https://www.daikin.eu/enus/products/product.html/DRGATEWAYAA.html Affected version: App: 100, Frm: 214 Summary: The Security gateway allows the iTM and LC8 controllers to...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/05/01 12:0 a.m.399 views

Microsoft - NTLM Hash Disclosure Spoofing (library-ms)

Exploit title: Microsoft - NTLM Hash Disclosure Spoofing library-ms Exploit Author: John Page aka hyp3rlinx x.com/hyp3rlinx ISR: ApparitionSec Back in 2018, I reported a ".library-ms" File NTLM information disclosure vulnerability to MSRC and was told "it was not severe enough", that being said I...

6.5CVSS7.2AI score0.58974EPSS
Exploits20
Exploit DB
Exploit DB
added 2025/05/01 12:0 a.m.320 views

Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing

Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: https://hyp3rlinx.altervista.org/advisories/MicrosoftWindowsxrm-msFileNTLM-HashDisclosure.txt x.com/hyp3rlinx ISR: ApparitionSec Vendor www.microsoft.com Product .xrm-ms File Type Vulnerability Type NTLM Hash...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/30 12:0 a.m.307 views

unzip-stream 0.3.1 - Arbitrary File Write

Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write Date: 18th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mhr3/unzip-stream Version: unzip-stream 0.3.1 Tested on: Ubuntu CVE: CVE-2024-42471 NB: Python's built-in zipfile module has limitations on t...

7.5CVSS7.4AI score0.03037EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.317 views

WonderCMS 3.4.2 - Remote Code Execution (RCE)

Exploit Title: WonderCMS 3.4.2 - Remote Code Execution RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ CVE: CVE-2023-41425 import requests import...

6.1CVSS7.4AI score0.54305EPSS
Exploits16
Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.302 views

WordPress Core 6.2 - Directory Traversal

Exploit Title: WordPress Core 6.2 - Directory Traversal Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Version: = 6.2 Tested on: Win, Ubuntu CVE : CVE-2023-2745 import requests from colorama import init,...

6.1CVSS7.4AI score0.79527EPSS
Exploits7
Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.241 views

Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution

Exploit Title: Firefox ESR 115.11 - Arbitrary JavaScript execution in PDF.js Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Vendor Homepage:...

8.8CVSS7.4AI score0.72648EPSS
Exploits15
Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.254 views

OpenSSH server (sshd) 9.8p1 - Race Condition

Exploit Title : OpenSSH server sshd 9.8p1 - Race Condition Author : Milad Karimi Ex3ptionaL Date : 2025-04-16 Description: Targets a signal handler race condition in OpenSSH's server sshd on glibc-based Linux systems. It exploits a vulnerability where the SIGALRM handler calls async-signal-unsafe...

7AI score
Exploits0
Total number of security vulnerabilities47904