header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Vulnerability Type
No results found
SQL Injection (32)
Remote Code Execution (RCE) (16)
Stored Cross-Site Scripting (XSS) (16)
Remote Code Execution (14)
Unquoted Service Path (6)
Cross-Site Scripting (XSS) (4)
Windows Defender Detection Mitigation Bypass - TrojanWin32Powessere.G (4)
Remote Command Execution (3)
Remote Command Execution (RCE) (3)
Server-Side Request Forgery (SSRF) (3)
Server-Side Template Injection (SSTI) (3)
Account Enumeration (2)
Arbitrary File Download (2)
Arbitrary File Upload (2)
Authentication Bypass (2)
Broken Access Control (2)
Buffer Overflow (2)
Cross-Site Scripting (2)
Denial of Service (DoS) (2)
Directory Traversal (2)
Incorrect Access Control (Credentials Disclosure) (2)
Password Reset Vulnerability (2)
Path Traversal (2)
Remote Credential Theft (2)
Arbitrary Code Execution (1)
Arbitrary File Upload to Shell (1)
Blind SQL Injection (1)
Command Injection (1)
Command Injection and Arbitrary File Creation (1)
Command Injection Remote Code Execution (Unauthorized) (1)
Credential Disclosure (1)
Credential Leakage (1)
Cross-Site Request Forgery (CSRF) (1)
Denial of Service (1)
Detection Mitigation Bypass (1)
Detection Mitigation Bypass - Backdoor:JS/Relvelshe.A (1)
Incorrect Access Control (Denial of Service) (1)
Incorrect Access Control (DOS) (1)
Information Disclosure (1)
Insecure File Upload (1)
Kernel Privilege Escalation (1)
Local File Inclusion (1)
Local File Inclusion (LFI) (1)
Out of Bounds Access Violation (1)
Persistent Cross Site Scripting (XSS) (1)
PHP Deserialization (1)
Privilege Escalation (1)
Stored Cross Site Scripting (1)
Unauthenticated SQL Injection (1)
Unquoted Service Path Vulnerability (1)
CWE
No results found
89 (34)
79 (24)
94 (17)
78 (16)
434 (9)
428 (7)
22 (6)
287 (5)
119 (4)
200 (4)
918 (4)
522 (3)
20 (2)
284 (2)
285 (2)
400 (2)
269 (1)
352 (1)
502 (1)
74 (1)
798 (1)
862 (1)
937 (1)
98 (1)
RCE (1)
RCE-78 (1)
CPE
No results found
a:petrol_pump_management_software:petrol_pump_management_software:1.0 (10)
a:wyrestorm:apollo_vx20:1.3.57 (5)
a:employee_management_system:employee_management_system:1.0 (4)
a:petrol_pump_management_software:1.0 (4)
o:microsoft:windows_defender (4)
a:codeastro:real_estate_management_system:1.0 (3)
a:everywall:ladder:0.0.21 (3)
a:akaunting:akaunting:3.1.3 (2)
a:daily_habit_tracker:1.0 (2)
a:friendsofflarum:pretty_mail:1.1.2 (2)
a:microsoft:windows_defender (2)
a:numbas_project:numbas:7.2 (2)
a:akaunting:akaunting (1)
a:akaunting:akaunting:3.1.8 (1)
a:anydesk:anydesk:7.0.15 (1)
a:apache:ofbiz (1)
a:apprain:cmf:4.0.5 (1)
a:aruba:aruba_os:501 (1)
a:atlassian:confluence (1)
a:backdrop_cms:backdrop:1.27.1 (1)
a:casdoor_project:casdoor:1.331.0 (1)
a:chyrp:chyrp:2.5.2 (1)
a:cmsimple:cmsimple:5.15 (1)
a:code-projects:daily_expense_manager:1.0 (1)
a:code-projects:hospital_management_system:1.0 (1)
a:crushftp:crushftp (1)
a:cszcms:cszcms:1.3.0 (1)
a:cyd01:kitty:0.76.1.13 (1)
a:daily_habit_tracker_project:daily_habit_tracker:1.0 (1)
a:devikaai:devika:v1 (1)
a:dotclear:dotclear:2.29 (1)
a:elkarte:elkarte:1.1.9 (1)
a:ellite:wallos (1)
a:eset:nod32_antivirus:17.0.16.0 (1)
a:faq_management_system:faq_management_system:1.0 (1)
a:flashcard_quiz_app:flashcard_quiz_app:1.0 (1)
a:flatpress:flatpress:1.3 (1)
a:flowiseai:flowise:1.6.5 (1)
a:freepbx:freepbx (1)
a:genexus:protection_server:9.7.2.10 (1)
a:gibbonedu:gibbon_lms:26.0.00 (1)
a:gitlab:gitlab (1)
a:go-gitea:gitea:1.22.0 (1)
a:helpdesk-z:helpdeskz:2.0.2 (1)
a:htmly:htmly:2.9.6 (1)
a:human_resource_management_system:1.0 (1)
a:ibm:i_access_client_solutions (1)
a:ibm:ibm_i_access_client_solutions (1)
a:insurance_management_system_php_and_mysql:1.0 (1)
a:invesalius:invesalius:3.1.99998 (1)
Vendor
No results found
Petrol Pump Management Software (12)
Microsoft (8)
https://www.sourcecodester.com/ (7)
Sourcecodester (7)
WyreStorm (6)
Akaunting (4)
Code-Projects (3)
Codeastro (3)
Everywall (3)
Numbas (3)
Sitecore (3)
sourcecodester.com (3)
WordPress (3)
Flarum (2)
Gibbon (2)
https://wordpress.com/ (2)
IBM (2)
oretnom23 (2)
PHPGurukul (2)
AnyDesk (1)
Apache (1)
appRain (1)
Aruba (1)
Atlassian (1)
Backdrop (1)
Backdrop CMS (1)
Casdoor (1)
Chyrp (1)
CMSimple (1)
CrushFTP (1)
Daily Habit Tracker Project (1)
Devika (1)
DotClear (1)
Elite (1)
ElkArte (1)
Employee Management System (1)
Enchanted Code (1)
ESET (1)
FAQ Management System (1)
Flatpress (1)
Flowise (1)
Genexus (1)
Gitea (1)
GitLab (1)
GL-inet (1)
GUnet OpenEclass (1)
HelpDeskZ (1)
HTMLy (1)
http://djvu.sourceforge.net/ (1)
http://minalic.sourceforge.net/ (1)
Product Name
No results found
Petrol Pump Management Software (14)
APOLLO VX20 (6)
Windows Defender (6)
Employee Management System (5)
Akaunting (4)
Human Resource Management System (4)
Daily Habit Tracker (3)
Ladder (3)
Numbas (3)
Real Estate Management System (3)
FAQ Management System (2)
Flashcard Quiz App (2)
FoF Pretty Mail (2)
Gibbon LMS (2)
IBM i Access Client Solutions (2)
KiTTY (2)
Simple Inventory Management System (2)
Sitecore Experience Platform (2)
Windows (2)
Alemha Watermarker (1)
AnyDesk (1)
appRain CMF (1)
Aurba 501 (1)
Backdrop (1)
Backdrop CMS (1)
Best Student Result Management System (1)
Calibre-web (1)
Casdoor (1)
Chyrp (1)
CMSimple (1)
Computer Laboratory Management System (1)
Confluence (1)
CrushFTP (1)
CSZCMS (1)
Daily Expense Manager (1)
Devika (1)
dizqueTV (1)
djangorestframework-simplejwt (1)
dmx_6fire USB (1)
DotClear (1)
E-INSUARANCE (1)
ElkArte Forum (1)
ESET NOD32 Antivirus (1)
FlatPress (1)
Flowise (1)
FreePBX (1)
Genexus Protection Server (1)
Gitea (1)
GitLab CE/EE (1)
GL-iNet MT6000 (1)
Version
From
No results found
1 (41)
APOLLO VX20 < 1.3.58 (6)
v1.0 (4)
not specified (3)
Unknown (3)
v0.0.1 (3)
≤ 0.76.1.13 (2)
1.1.2002 (2)
1.2 (2)
1.27.1 (2)
9.0 Initial Release (2)
v1 (2)
v26.0.00 (2)
< 16.5.6 (1)
< 16.6.4 (1)
0.13.0 (1)
1.0.3 (1)
1.1.2001 (1)
1.1.2009 (1)
1.22.0 (1)
1.3 (1)
1.3.2000 (1)
1.3.2001 (1)
1.32 (1)
1.331.0 (1)
1.5.2003 (1)
1.6.2002 (1)
1.6.2005 (1)
1.9.0.3 (1)
11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189 (1)
17.0.16.0 (1)
18.12.12 (1)
2 (1)
2.0.2 (1)
2.2.2000 (1)
2.29 (1)
2.441 (1)
2.5.2000 (1)
2.5.2002 (1)
2.6.3 (1)
2000.6.21 (1)
2019.1 (1)
3.0.4 (1)
3.1.2003 (1)
3.1.2008 (1)
3.1.99991 (1)
3.15 (1)
3.6.2007 (1)
3.9.2002 (1)
36709 (1)
To
No results found
1 (41)
v1.0 (4)
1.3.1958 (3)
not specified (3)
v0.0.21 (3)
0.76.1.13 (2)
1.1.2002 (2)
1.2 (2)
1.27.1 (2)
10.3 Initial Release (2)
21245 (2)
Numbas version 7.2 (2)
Unknown (2)
v1 (2)
v26.0.00 (2)
0.13.0 and below (1)
1.0.3 (1)
1.1.2001 (1)
1.1.2009 (1)
1.22.0 (1)
1.3 (1)
1.3.2000 (1)
1.3.2001 (1)
1.3.58 (1)
1.32 (1)
1.331.0 (1)
1.5.2003 (1)
1.6.2002 (1)
1.6.2005 (1)
1.9.0.3 (1)
10.3 (1)
11 (1)
16.7.1 and below (1)
17.0.16.0 (1)
18.12.12 (1)
2 (1)
2.0.2 (1)
2.1.2006 (1)
2.2.2000 (1)
2.29 (1)
2.441 (1)
2.5.2000 (1)
2.5.2002 (1)
2.6.2003 (1)
2000.6.21 (1)
2019.1 (1)
3.0.4 (1)
3.1.2003 (1)
3.1.2008 (1)
3.1.99998 (1)
Severity Type
No results found
HIGH (114)
CRITICAL (27)
MEDIUM (11)
LOW (2)
N/A (1)
Severity Number
No results found
6.1 (109)
8.1 (27)
4.1 (9)
7.1 (5)
2.1 (2)
5.1 (2)
N/A (1)
Exploit Author
No results found
Shubham Pandey (14)
Ahmet Ümit BAYRAM (11)
John Page (aka hyp3rlinx) (9)
SoSPiro (9)
Milad Karimi (Ex3ptionaL) (7)
John Page (hyp3rlinx) (5)
tmrswrr (5)
Yevhenii Butenko (5)
Diyar Saadi (4)
_chebuya (3)
abhishek morla (3)
Erdemstar (3)
Matheus Boschetti (3)
nu11secur1ty (3)
Sandeep Vishwakarma (3)
Srikar (3)
Abdualhadi khalifa (2)
Alessio Romano (sfoffo) (2)
Chokri Hammedi (2)
DEFCESCO (Austin A. DeFrancesco) (2)
Eren Sen (2)
Fikrat Guliev (2)
Saud Alenazi (2)
u32i@proton.me (2)
./H4X.Forensics - Diyar (1)
Abdulaziz Almetairy (1)
Ahmed Said Saud Al-Busaidi (1)
Ali Maharramli) (1)
Alperen Ergel (1)
Anonymous (1)
Bandar Alharbi (1)
Caner Tercan (1)
Catalin Iovita & Alexandru Postolache (1)
Cold z3ro (1)
Devrim Dıragumandan (d0ub1edd) (1)
Dhrumil Mistry (1)
drone (@dronesec) (1)
E1.Coders (1)
Fernando Mengali (1)
Fire_Wolf (1)
Georgios Tsimpidas (1)
Gian Paris C. Agsam (1)
Hakkı TOKLU (1)
HAZIM ARBAŞ (1)
Hosein Vita (1)
Huseein Amer (1)
ice-wzl (1)
Islam Rzayev) (1)
Jarod Jaslow (MAWK) (1)
Jenson Zhao (1)
Platforms Tested
No results found
Windows (35)
Linux (33)
macOS (14)
Windows 10 (10)
Windows 10 64 bit Wampserver (7)
Debian (6)
Kali Linux (4)
FireFox (3)
Mozilla FireFox (3)
Ubuntu 20.04.6 LTS on AWS EC2 (3)
Ubuntu 22.04 (3)
Web (3)
Windows (64-bit) (3)
Windows 10 Pro (3)
Windows 10 Pro x64 (3)
Windows 11 + XAMPP 8.0.30 (3)
Ubuntu 22.0 (2)
Windows 11 (2)
Windows XP (2)
Xampp (2)
15 (1)
and 16 (1)
Apache (1)
Apache/2.4.58 (Debian) / PHP 8.2.12 (1)
Debian 12 (1)
Debian 12 (Bookworm) (1)
Debian Kali (1)
Firefox 115.1.0esr (64-bit) (1)
Mac OS (1)
Microsoft Windows 11/10/8/7/XP (1)
MySQL (1)
RouterOS (1)
Tested on versions 14 (1)
Ubuntu 20.04.6 LTS (1)
Web Application (1)
Windows 10 64 bit with Wampserver (1)
Windows 10 Pro 10.0.19044 + XAMPP V3.3.0 (1)
Windows 10 x64 (1)
Windows 11 / PHP 8.1 & XAMPP 3.3.0 (1)
Windows 11 23H2 (1)
Windows 11 Home Edition (1)
Windows 7-11 (1)
Windows Server 2022 (1)
Windows XP Professional - Service Pack 2 and 3 - English (1)
WinXP/Win7 (1)
XAMPP 8.0.30 (1)
Year
2024
No results found
2008 (3443)
2009 (3242)
2020 (2781)
Unknown (2618)
2010 (2541)
2002 (2329)
2006 (2050)
2012 (1810)
2005 (1774)
2018 (1744)
2017 (1739)
2007 (1560)
2011 (1328)
2013 (1295)
2019 (1295)
2016 (1130)
2015 (1109)
2021 (1104)
2014 (995)
2023 (733)
2004 (529)
2022 (474)
2001 (444)
2003 (387)
2000 (238)
N/A (178)
2024 (155)
Not mentioned (138)
1999 (136)
Not provided (89)
Not Specified (89)
1998 (72)
1997 (48)
1996 (16)
Not available (9)
HIGH (6)
None (6)
[date] (4)
2005-2006 (4)
0day (3)
1994 (3)
Discovered in 2020 (3)
Found in 2020 (3)
MEDIUM (3)
TBD (3)
1988 (2)
2003-2004 (2)
2004-2019 (2)
2006-2007 (2)
2009/2010 (2)

Explore all Exploits:

openSIS 9.1 – SQL Injection (Authenticated)

A SQL injection vulnerability was discovered in OS4Ed Open Source Information System Community version 9.1. By manipulating the 'X-Forwarded-For' header parameters in a POST request to /Ajax.php, an attacker can execute malicious SQL queries.

dizqueTV 1.5.3 – Remote Code Execution (RCE)

dizqueTV version 1.5.3 is susceptible to a remote code execution vulnerability that allows attackers to execute unauthorized commands remotely. By manipulating the FFMPEG Executable Path in the settings to include a malicious command like "; cat /etc/passwd && echo 'poc'", an attacker can view the content of /etc/passwd.

reNgine 2.2.0 – Command Injection (Authenticated)

The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.

Stored Cross-Site Scripting (XSS) in NoteMark

The vulnerability exists in NoteMark version 0.13.0 and below. By injecting a malicious payload into a note and rendering it using the 'Rendered' tab, an attacker can execute arbitrary JavaScript code in the context of the user's session.

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

The exploit targets Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189, allowing an attacker to cause denial-of-service. By corrupting the tcpip.sys memory per batch, the attacker can disrupt the normal functioning of the system. This vulnerability is identified as CVE-2024-38063.

Invesalius 3.1 – Remote Code Execution (RCE)

A Remote Code Execution (RCE) vulnerability was found in the DICOM file import process of Invesalius 3. This vulnerability affects versions 3.1.99991 to 3.1.99998. By utilizing a specially crafted DICOM file, an attacker can execute arbitrary code on the victim's system.

HughesNet HT2000W Satellite Modem Password Reset

The exploit allows an attacker to reset the administrator password for HughesNet HT2000W Satellite Modem by taking advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon. The exploit also exploits other vulnerabilities like improper use of httokens for authentication and leaking the MD5 hash of the password.

Stored XSS Vulnerability via File Name

The vulnerability allows attackers to execute malicious scripts by embedding them in the filename of an image file uploaded as part of creating a new ticket in the HelpDeskZ software version 2.0.2. Successful exploitation can lead to compromise of the administration panel and execution of unauthorized scripts in the administrator's environment.

Recent Exploits:

cqrsecured