Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.317 views

WonderCMS 3.4.2 - Remote Code Execution (RCE)

Exploit Title: WonderCMS 3.4.2 - Remote Code Execution RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ CVE: CVE-2023-41425 import requests import...

6.1CVSS7.4AI score0.54305EPSS
Exploits16
Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.234 views

code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)

Exploit Title: code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/exam/feedback.php Date: 2025-04-19 Exploit Author: Pruthu Raut Vendor Homepage: https://code-projects.org/ Software Link:...

6.1CVSS7.4AI score0.00779EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.254 views

OpenSSH server (sshd) 9.8p1 - Race Condition

Exploit Title : OpenSSH server sshd 9.8p1 - Race Condition Author : Milad Karimi Ex3ptionaL Date : 2025-04-16 Description: Targets a signal handler race condition in OpenSSH's server sshd on glibc-based Linux systems. It exploits a vulnerability where the SIGALRM handler calls async-signal-unsafe...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/22 12:0 a.m.341 views

Microsoft Windows 11 - Kernel Privilege Escalation

Exploit Title: Microsoft Windows 11 - Kernel Privilege Escalation Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win, Ubuntu CVE : CVE-2024-21338 include "pch.hpp" include "poc.hpp" // This...

7.8CVSS7.4AI score0.51865EPSS
Exploits13
Exploit DB
Exploit DB
added 2025/04/19 12:0 a.m.344 views

Drupal 11.x-dev - Full Path Disclosure

!/usr/bin/env python Exploit Title: Drupal 11.x-dev - Full Path Disclosure Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Version: 11.x-dev CVE:...

5.3CVSS7AI score0.09269EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/19 12:0 a.m.372 views

FoxCMS 1.2.5 - Remote Code Execution (RCE)

Date: 2025-04-17 Exploit Title: Exploit Author: VeryLazyTech Vendor Homepage: https://www.foxcms.org/ Software Link: https://www.foxcms.cn/ Version: FoxCMS v.1.2.5 Tested on: Ubuntu 22.04, Windows Server 2019 CVE: CVE-2025-29306 Website: https://www.verylazytech.com !/bin/bash banner cat " exit 1...

9.8CVSS7AI score0.43655EPSS
Exploits11
Exploit DB
Exploit DB
added 2025/04/18 12:0 a.m.254 views

Langflow 1.3.0 - Remote Code Execution (RCE)

Exploit Title: Langflow 1.3.0 - Remote Code Execution RCE Date: 2025-04-17 Exploit Author: VeryLazyTech Vendor Homepage: http://www.langflow.org/ Software Link: https://github.com/langflow-ai/langflow Version: Langflow 1.3.0 Tested on: Windows Server 2019 CVE: CVE-2025-3248 CVE-2025-3248 - Remote...

9.8CVSS7.4AI score0.9999EPSS
Exploits33
Exploit DB
Exploit DB
added 2025/04/18 12:0 a.m.298 views

Inventio Lite 4 - SQL Injection

Exploit Title: Inventio Lite 4 - SQL Injection Error Based SQLi in "username" parameter on "/?action=processlogin." Date: 08/21/2024 Exploit Author: pointedsec Vendor Homepage: http://evilnapsis.com Software Link: https://github.com/evilnapsis/inventio-lite Version: ' or email LIKE '' and passwor...

9.8CVSS7.4AI score0.02576EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/18 12:0 a.m.245 views

KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection

Exploit Title: KiviCare Clinic & Patient Management System EHR 3.6.4 - Unauthenticated SQL Injection SQL Injection Google Dork: inurl:"/wp-content/plugins/kivicare-clinic-management-system/ Date: 11/12/2024 Exploit Author: Samet "samogod" Gözet Vendor Homepage: wordpress.org Software Link:...

7.5CVSS7.4AI score0.13515EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/18 12:0 a.m.320 views

UJCMS 9.6.3 - User Enumeration via IDOR

Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link: https://github.com/dromara/ujcms Version: UJCMS 9.6.3 Tested on: Linux CVE: CVE-2024-12483 Advisory:...

6.3CVSS7.4AI score0.03507EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/18 12:0 a.m.319 views

Tatsu 3.3.11 - Unauthenticated RCE

Exploit Title:Tatsu 3.3.11 - Unauthenticated RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Product: Tatsu wordpress plugin = 3.3.11 CVE:...

8.1CVSS7.4AI score0.83232EPSS
Exploits9
Exploit DB
Exploit DB
added 2025/04/18 12:0 a.m.225 views

Apache Commons Text 1.10.0 - Remote Code Execution

Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Software Link:https://repo1.maven.org/maven2/org/apache/commons/commons-text/ Version: Apache...

9.8CVSS7.4AI score0.99931EPSS
Exploits41
Exploit DB
Exploit DB
added 2025/04/18 12:0 a.m.270 views

Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation

Exploit Title: Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation Date: 16 December, 2024 Exploit Author: Jun Takemura Author's GitHub: https://github.com/JunTakemura Author's Blog: juntakemura.dev Vendor Homepage: https://themehunk.com Software Link:...

9.8CVSS7.4AI score0.54754EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.202 views

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal

Exploit Title: ABB Cylon Aspect 3.08.02 ethernetUpdate.php - Authenticated Path Traversal Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.355 views

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload...

9.8CVSS7AI score0.43683EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.253 views

ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution

Exploit Title: ABB Cylon Aspect 3.08.02 deployStart.php Unauthenticated Command Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable...

10CVSS7AI score0.02073EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.281 views

Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation

Exploit Title: Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation Google Dork: N/A Date: 2024-12-26 Exploit Author: Kwangyun Keum Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/blood-bank-donor-management-system/ Version: 2.4 Tested on: Windo...

6.9CVSS7.1AI score0.00778EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.305 views

compop.ca 3.5.3 - Arbitrary code Execution

Exploit Title: compop.ca 3.5.3 - Arbitrary code Execution Google Dork: Terms of Use inurl:compop.vip Date: 22/12/2024 Exploit Author: dmlino Vendor Homepage: https://www.compop.ca/ Version: 3.5.3 CVE : CVE-2024-48445 The restaurant management system implements authentication using a Unix timestam...

9.8CVSS7.1AI score0.01958EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.325 views

Usermin 2.100 - Username Enumeration

Exploit Title: Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100 Tested on: Kali Linux CVE: CVE-2024-44762...

5.3CVSS7.1AI score0.02621EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.275 views

TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Denial Of Service DOS Date: 10/22/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-12342 Description: Two critical...

7.1CVSS7.1AI score0.08886EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.276 views

AnyDesk 9.0.1 - Unquoted Service Path

Exploit Title: AnyDesk 9.0.1 - Unquoted Service Path Date: 2024-12-11 Exploit Author: Parastou Razi Contact: [email protected] Vendor Homepage: http://anydesk.com Software Link: http://anydesk.com/download Version: Software Version 9.0.1 Tested on: Windows 11 x64 1. Description: The Anydesk...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.355 views

TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption

Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Buffer Overflow Memory Corruption Date: 11/24/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-12344 Category: Remote...

9.8CVSS7.1AI score0.01842EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.310 views

Smart Manager 8.27.0 - Post-Authenticated SQL Injection

Exploit Title: Smart Manager 8.27.0 - Post-Authenticated SQL Injection Date: 2024-01-18 Exploit Author: Ivan Spiridonov - xbz0n Vendor Homepage: https://www.storeapps.org/ Software Link: https://www.storeapps.org/product/smart-manager/ Version: 8.27.0 Tested on: Ubuntu 22.04 CVE: CVE-2024-0566 SQ...

7.2CVSS6.7AI score0.03301EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.440 views

phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)

Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Version: 3.1.7 Tested on: Ubuntu Windows CVE : CVE-2022-4407 PoC: Get:...

9.8CVSS7.4AI score0.04381EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.258 views

Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)

Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io/ Software Link: https://github.com/Tomblib0/Teedy Version: 1.11 Tested on: Linux...

8.4CVSS7.4AI score0.02628EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.261 views

Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE)

Exploit Title: Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution RCE via file upload Date: 2024-08-28 Exploit Author: Photubias Vendor Homepage: https://dell.com Vendor Advisory: 1...

9.8CVSS7.4AI score0.9079EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.357 views

ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF)

!-- ABB Cylon Aspect 3.08.02 userManagement.php Cross-Site Request Forgery Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...

7.3CVSS7.4AI score0.00656EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.192 views

phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames

Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link: https://github.com/thorsten/phpMyFAQ/ Version: v3.2.10 Tested on: Mac, Win CVE : CVE-2024–558...

7.2CVSS7.4AI score0.02163EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.113 views

ProConf 6.0 - Insecure Direct Object Reference (IDOR)

Exploit Title: ProConf 6.0 - Insecure Direct Object Reference IDOR Date: 19/07/2018 Exploit Author: S. M. Zia Ur Rashid, SC Author Contact: https://www.linkedin.com/in/ziaurrashid/ Vendor Homepage: http://proconf.org & http://myproconf.org Version:...

6.5CVSS7.4AI score0.05949EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.168 views

ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) - File Write DoS

Exploit title: ABB Cylon Aspect 3.08.03 webServerDeviceLabelUpdate.php File Write DoS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalable buildin...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.262 views

NagVis 1.9.33 - Arbitrary File Read

Exploit Title: NagVis 1.9.33 - Arbitrary File Read Date: 03/12/2024 Exploit Author: David Rodríguez a.k.a. xerosec Vendor Homepage: https://www.nagvis.org/ Software Link: https://www.nagvis.org/downloads/archive Version: 1.9.33 Tested on: Linux CVE: CVE-2022-46945 import requests import argparse...

9.1CVSS7.4AI score0.04135EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.265 views

Zabbix 7.0.0 - SQL Injection

Exploit Title: Zabbix 7.0.0 - SQL Injection Date: 06/12/2024 Exploit Author: Leandro Dias Barata @m4nb4 Vendor Homepage: https://www.zabbix.com/ Software Link: https://support.zabbix.com/browse/ZBX-25623 Version: 6.0.0 - 6.0.31 / 6.0.32rc1 6.4.0 - 6.4.16 / 6.4.17rc1 7.0.0 Tested on: Kali Linux...

9.9CVSS7.4AI score0.78831EPSS
Exploits13
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.129 views

ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution

Exploit title : ABB Cylon Aspect 4.00.00 factorySetSerialNum.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =4.00.00 Summary: ASPECT is an award-winning scalable buildi...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.234 views

Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)

Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link: https://github.com/huggingface/transformers/releases Version: 4.41.1 Tested on: Linux, Windows, Mac CVE : CVE-2024-11392 Code flow fro...

8.8CVSS7.4AI score0.0714EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.314 views

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass

Exploit Title: Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass Date: 2022-10-10 Exploit Author: Zach Hanley, SC Vendor Homepage: https://www.fortinet.com Version: 7.0.0 Tested on: Linux CVE : CVE-2022-40684 This module requires Metasploit:...

9.8CVSS9.2AI score0.99984EPSS
Exploits25
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.317 views

Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account

Exploit Title: CommScope Ruckus IoT Controller 1.7.1.0 - Undocumented Account Date: 2021.05.26 Exploit Author: korelogic Vendor Homepage: https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf Affected Product: Ruckus IoT Controller Version: 1.7.1.0 and...

9.8CVSS7.4AI score0.13773EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.200 views

Ethercreative Logs 3.0.3 - Path Traversal

Exploit Title: Ethercreative Logs 3.0.3 - Path Traversal Date: 2022.01.26 Exploit Author: Steffen Rogge, SC Vendor Homepage: https://github.com/ethercreative/logs Software Link: https://plugins.craftcms.com/logs Version: =3.0.4 impact: Medium found: 2021-07-06 SEC Consult Vulnerability Lab An...

4.9CVSS7.4AI score0.13759EPSS
Exploits6
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.219 views

WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page

Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page Date: 25-01-2024 Exploit Author: Rasime Ekici Vendor Homepage: www.softwareag.com Version: 10.15.0000-0092 Tested on: 10.15.0000-0092 CVE : 2024-23733 Description: The /WmAdmin/,/invoke/vm.server/login...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.181 views

ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS

Exploit title: ABB Cylon Aspect 4.00.00 factorySaved.php Unauthenticated XSS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =4.00.00 Summary: ASPECT is an award-winning scalable building energy...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.141 views

FLIR AX8 1.46.16 - Remote Command Injection

Exploit Title: FLIR AX8 1.46.16 - Remote Command Injection Date: 8/19/2022 Exploit Author: Samy Younsi Naqwada https://samy.link, SC Vendor Homepage: https://www.flir.com/ Software Link: https://www.flir.com/products/ax8-automation/ PoC: https://www.youtube.com/watch?v=dh0rfAIWok Version: 1.46.16...

9.8CVSS9.4AI score0.99607EPSS
Exploits9
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.169 views

WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection

Exploit Title: WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection Date: 2024-03-25 Exploit Author: Ivan Spiridonov - xbz0n Software Link: https://codecanyon.net/item/woocommerce-customers-manager/10965432 Version: 29.4 Tested on: Ubuntu 22.04 CVE: CVE-2024-0399 SQL Injection Th...

8.1CVSS7.4AI score0.02877EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.287 views

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)

Exploit Title: ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution RCE Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023, SC Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM Firmware = 1.14.51 probably others Tested on: Linux...

9.8CVSS9.4AI score0.17399EPSS
Exploits6
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.176 views

KodExplorer 4.52 - Open Redirect

Exploit Title: KodExplorer 4.52 - Open Redirect Date: 2024-11-08 Exploit Author: Rahad Chowdhury Vendor Homepage: https://kodcloud.com/ Software Link: https://github.com/kalcaddle/KodExplorer/releases/tag/4.52 Version: 4.52 Tested on: Windows 10, PHP 8.2.4, Apache 2.4.56 Steps to Reproduce: 1. At...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.289 views

Car Rental Project 1.0 - Remote Code Execution

Exploit Title: Car Rental Project 1.0 - Remote Code Execution Date: 1/3/2020 Exploit Author: FULLSHADE, SC Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version: 1.0 Tested on: Windows CVE : CVE-2020-5509...

7.2CVSS7.4AI score0.05808EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.249 views

Garage Management System 1.0 (categoriesName) - Stored XSS

Exploit Title: Garage Management System 1.0 categoriesName - Stored XSS Date: 18-09-2022 Exploit Author: Sam Wallace, SC Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Version: 1.0 Tested on: Debian CVE : CVE-2022-41358 Summary:...

5.4CVSS7.4AI score0.0292EPSS
Exploits4
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.148 views

ABB Cylon Aspect 3.08.03 - Hard-coded Secrets

ABB Cylon Aspect 3.08.03 Hard-coded Secrets Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.03 Summary: ASPECT is an award-winning scalable building energy management and control solution...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.190 views

ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution

ABB Cylon Aspect 3.08.02 uploadDb.php - Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy management and...

10CVSS9.6AI score0.02846EPSS
Exploits10
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.328 views

ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure

ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy management and...

8.7CVSS7AI score0.01497EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.221 views

ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning

ABB Cylon Aspect 3.08.02 webServerUpdate.php Input Validation Config Poisoning Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/15 12:0 a.m.289 views

ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution

ABB Cylon Aspect 3.08.02 bbmdUpdate.php - Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy management an...

10CVSS6.6AI score0.02846EPSS
Exploits17
Total number of security vulnerabilities47904