header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Vulnerability Type
No results found
SQL Injection (6841)
Buffer Overflow (3830)
Cross-Site Scripting (2498)
Denial of Service (1853)
Remote Code Execution (1494)
Cross-Site Scripting (XSS) (852)
Directory Traversal (841)
Remote File Include (787)
Remote File Inclusion (723)
Privilege Escalation (675)
Authentication Bypass (671)
Local File Inclusion (606)
Information Disclosure (483)
Remote Command Execution (459)
Arbitrary File Upload (427)
Blind SQL Injection (425)
HTML Injection (398)
Cross-Site Request Forgery (384)
Command Injection (349)
Cross-Site Request Forgery (CSRF) (331)
Stack Buffer Overflow (320)
Stack Overflow (304)
Remote SQL Injection (288)
Unquoted Service Path (264)
Memory Corruption (254)
Denial of Service (DoS) (246)
Stored XSS (246)
Local Privilege Escalation (245)
Local File Include (241)
Remote Denial of Service (229)
Use-After-Free (211)
Heap-overflow (201)
Stored Cross-Site Scripting (XSS) (197)
Persistent Cross Site Scripting (187)
Remote Code Execution (RCE) (176)
XSS (169)
Stack-Based Buffer Overflow (165)
Remote Buffer Overflow (146)
Format String Vulnerability (145)
CSRF (142)
Path Traversal (136)
Integer Overflow (135)
Arbitrary Code Execution (134)
Code Execution (134)
Remote File Disclosure (127)
Input Validation (125)
SQL Injection and Cross Site Scripting (123)
Stored Cross Site Scripting (117)
Command Execution (115)
Insecure Cookie Handling (113)
CWE
No results found
89 (8351)
79 (5937)
119 (4722)
78 (2037)
22 (1944)
98 (1882)
N/A (1389)
200 (1304)
400 (1281)
264 (1205)
287 (1099)
352 (1097)
120 (1032)
94 (1031)
20 (1026)
Unknown (897)
434 (850)
269 (267)
416 (254)
284 (219)
121 (196)
134 (187)
190 (149)
399 (138)
611 (120)
426 (115)
476 (110)
Buffer Overflow (110)
120 (Buffer Copy without Checking Size of Input) (104)
362 (95)
125 (92)
601 (87)
428 (86)
843 (86)
502 (85)
787 (84)
798 (79)
122 (77)
427 (73)
Not mentioned (70)
522 (65)
Not provided (59)
80 (55)
259 (54)
918 (44)
113 (40)
285 (40)
613 (39)
614 (37)
None (35)
CPE
No results found
N/A (12110)
Unknown (758)
None (168)
Not mentioned (160)
a:microsoft:internet_explorer (139)
o:microsoft:windows (132)
Not provided (121)
o:linux:linux_kernel (97)
Not Specified (90)
a:joomla:joomla (72)
Not Available (52)
a:wordpress:wordpress (49)
o:apple:mac_os_x (47)
o:freebsd:freebsd (44)
o:microsoft:windows_xp (37)
a:mozilla:firefox (35)
a:php:php (34)
o:microsoft:windows_2000 (34)
a:google:chrome (31)
o:sun:solaris (27)
o:microsoft:windows_2000::sp4 (25)
a:microsoft:iis (23)
a:wireshark:wireshark (23)
a:adobe:flash_player (22)
a:apple:safari (22)
o:microsoft:windows_7 (22)
a:apache:tomcat (21)
o:microsoft:windows_xp::sp2 (18)
a:invision_power_services:invision_power_board (16)
o:microsoft:windows_xp::sp3 (16)
o:sgi:irix (16)
a:apple:quicktime (15)
a:samba:samba (15)
a:mybb:mybb (14)
a:mysql:mysql (14)
a:phpnuke:php-nuke (14)
a:videolan:vlc_media_player (14)
a:cpanel:cpanel (13)
a:microsoft:windows_media_player (13)
a:openemr:openemr (13)
a:opera_software:opera (13)
Solaris (13)
2.0 (12)
a:freepbx:freepbx (12)
a:oracle:virtualbox (12)
a:php:php:5.0.0 (12)
apple:safari (12)
o:cisco:ios (12)
o:google:android (12)
o:hp:hp-ux (12)
Vendor
No results found
N/A (3323)
Microsoft (1764)
WordPress (672)
Unknown (576)
Joomla! (539)
Apple (448)
Sourcecodester (363)
Oracle (319)
IBM (254)
Adobe (242)
Apache (242)
Linux (228)
Cisco (194)
HP (178)
PHP (170)
Mozilla (164)
Google (163)
Sun (141)
D-Link (140)
Novell (125)
Inc (107)
PHPGurukul (106)
Symantec (100)
PHP-Nuke (92)
ManageEngine (91)
Codecanyon (88)
XOOPS (87)
GNU (84)
Ltd. (84)
MyBB (83)
PHP Script Small (83)
phpBB (79)
SAP (76)
FreeBSD (73)
Sun Microsystems (69)
NETGEAR (68)
Not mentioned (68)
SourceForge (67)
vBulletin (64)
Hewlett Packard (61)
TP-Link (60)
Trend Micro (60)
Wireshark (58)
McAfee (57)
Mambo (56)
IPSwitch (54)
Itechscripts (53)
VMware (52)
VideoLAN (51)
e107 (50)
Product Name
No results found
N/A (695)
Internet Explorer (307)
Windows (303)
Linux Kernel (183)
PHP (172)
Unknown (140)
Firefox (115)
Solaris (113)
Joomla (107)
Mac OS X (96)
Flash Player (90)
Windows XP (88)
WordPress (87)
CMS (71)
Safari (65)
Chrome (62)
FreeBSD (57)
vBulletin (57)
Windows 7 (57)
Wireshark (55)
Kernel (54)
PHP-Nuke (54)
MySQL (52)
phpBB (51)
VLC media player (50)
Windows 2000 (50)
Windows 10 (49)
MyBB (48)
IIS (46)
Winamp (45)
AIX (44)
iOS (43)
macOS (40)
Android (38)
Opera (38)
Oracle Database (38)
Tomcat (38)
Windows Media Player (38)
Invision Power Board (37)
Samba (37)
Irix (35)
PHP-Fusion (35)
Linux (33)
phpMyAdmin (33)
osCommerce (32)
RealPlayer (32)
Apache HTTP Server (31)
ProFTPD (31)
Chromium (30)
OpenEMR (30)
Version
From
No results found
N/A (6626)
Unknown (1792)
1 (961)
1.0 (901)
3.1 (726)
1.1 (323)
2 (285)
All versions (234)
1.2 (223)
2.0 (221)
2.1 (175)
3 (157)
1.5 (150)
1.3 (146)
1.0.0 (142)
2.2 (140)
All (119)
1.0.1 (106)
1.4 (100)
v1.0 (98)
0.1 (95)
3.0 (95)
2.5 (94)
4 (90)
1.0.2 (84)
not specified (82)
2.3 (81)
1.6 (74)
Not mentioned (73)
< 3.2 (70)
2.0.0 (70)
6 (68)
5 (64)
1.0.3 (62)
1.7 (61)
3.3 (59)
2.0.1 (57)
2.4 (57)
Windows 7 (57)
1.8 (53)
3.5 (51)
Windows 2000 (51)
0.2 (50)
3.0.0 (48)
Not provided (48)
2.6 (46)
1.0.4 (45)
2.0.2 (45)
4.0 (45)
4.2 (45)
To
No results found
N/A (7012)
Unknown (2684)
1.0 (858)
1 (796)
3.5-RC7 (386)
1.1 (310)
2 (250)
1.2 (247)
2.0 (229)
All versions (221)
2.1 (153)
Not mentioned (153)
3 (152)
1.5 (142)
1.3 (131)
2.2 (129)
not specified (127)
All (118)
Other versions may also be affected. (114)
1.0.0 (111)
1.0.1 (97)
v1.0 (95)
1.0.2 (92)
2.5 (91)
3.0 (91)
1.4 (89)
3.1 (89)
0.1 (83)
Prior versions (79)
Not provided (78)
4 (77)
2.3 (75)
1.6 (72)
5 (66)
1.7 (63)
3.2 (63)
1.0.3 (61)
6 (59)
3.3 (57)
2.4 (56)
Windows 10 (55)
1.8 (54)
2.0.1 (54)
3.5 (49)
None (48)
2.0.2 (47)
2.6 (46)
4.0 (45)
4.2 (45)
0.2 (43)
Severity Type
No results found
HIGH (33263)
MEDIUM (4679)
N/A (2324)
CRITICAL (1705)
LOW (287)
Severity Number
No results found
7.5 (16267)
7 (7608)
5 (6608)
8 (3345)
N/A (2741)
9 (2195)
8.8 (1966)
5.5 (1836)
3 (1433)
9.8 (995)
Exploit Author
No results found
SecurityFocus (6696)
Unknown (2432)
Ihsan Sencan (887)
Gjoko 'LiquidWorm' Krstic (361)
Anonymous (353)
Project Zero (308)
milw0rm.com (271)
juan vazquez (245)
rgod (243)
LiquidWorm (222)
MC (202)
ajann (187)
Luigi Auriemma (187)
N/A (187)
Google Security Research (183)
indoushka (182)
shinnai (162)
sinn3r (154)
hdm (138)
John Page (aka hyp3rlinx) (131)
jduck (121)
cr4wl3r (113)
Hussin X (113)
Not mentioned (111)
Vulnerability Laboratory Research Team (108)
ZoRLu (99)
Kacper (a.k.a Rahim) (92)
nu11secur1ty (91)
mr_me (90)
Easy Laster (89)
CWH Underground (88)
S@BUN (84)
SirGod (83)
Ahmet Ümit BAYRAM (80)
High-Tech Bridge Security Research Lab (80)
xoron (80)
Dr_IDE (78)
Sid3^effects aKa haRi (78)
Todor Donev (75)
hyp3rlinx (74)
Stack (73)
Francis Provencher (71)
High-Tech Bridge SA - Ethical Hacking & Penetration Testing (70)
Ismail Tasdelen (70)
AntiSecurity (69)
His0k4 (68)
Kingcope (65)
ThE g0bL!N (65)
Not Specified (64)
Miroslav Stampar (61)
Platforms Tested
No results found
N/A (12658)
Windows (4998)
Linux (3440)
None (1839)
Mac (981)
Unknown (939)
Windows XP SP3 (683)
WiN7_x64/KaLiLinuX_x64 (546)
Windows 10 (529)
unix (487)
Windows 7 (410)
Kali Linux (332)
PHP (305)
Kali linux X64 (296)
Win7 x64 (276)
Windows XP SP2 (267)
Windows XP (233)
WordPress (196)
iOS (151)
All (142)
Not mentioned (132)
macOS (126)
Ubuntu (120)
Microsoft Windows (117)
Not Specified (106)
Solaris (105)
Apache (99)
Windows 7 x64 (98)
Android (96)
Xampp (91)
FreeBSD (90)
Windows 10 Pro x64 es (80)
Mac OS X (78)
Windows 2000 (77)
Windows 10 x64 (73)
Ubuntu 18.04 (72)
Windows 7 SP1 (70)
Windows Vista (70)
Not provided (69)
Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) (68)
Windows 7 x86 (67)
Windows XP SP3 EN (62)
Kali Linux 2.0 (59)
Windows 10 Pro (59)
Windows XP Professional SP2 (59)
Debian (55)
Linux & Windows (55)
Windows XP Professional SP2 with Internet Explorer 7 (53)
Java (51)
Microsoft Windows XP Professional SP3 (EN) (50)
Year
Year
No results found
2008 (3443)
2009 (3242)
2020 (2781)
Unknown (2618)
2010 (2541)
2002 (2329)
2006 (2050)
2012 (1810)
2005 (1774)
2018 (1744)
2017 (1739)
2007 (1560)
2011 (1328)
2013 (1295)
2019 (1295)
2016 (1130)
2015 (1109)
2021 (1104)
2014 (995)
2023 (733)
2004 (529)
2022 (474)
2001 (444)
2003 (387)
2000 (238)
N/A (178)
2024 (155)
Not mentioned (138)
1999 (136)
Not provided (89)
Not Specified (89)
1998 (72)
1997 (48)
1996 (16)
Not available (9)
HIGH (6)
None (6)
[date] (4)
2005-2006 (4)
0day (3)
1994 (3)
Discovered in 2020 (3)
Found in 2020 (3)
MEDIUM (3)
TBD (3)
1988 (2)
2003-2004 (2)
2004-2019 (2)
2006-2007 (2)
2009/2010 (2)

Explore all Exploits:

Show More

Cross-Site Scripting in Twitter Feed Plugin for WordPress

The Twitter Feed Plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name
Twitter Feed Plugin
Platforms Tested
WordPress
Affected Version
From:
2000.3.1
To:
2000.3.1
2010
Show More

Multiple Remote Vulnerabilities in Drupal Embedded Media Field, Media: Video Flotsam, and Media: Audio Flotsam Modules

An attacker could exploit these vulnerabilities to execute arbitrary script code in a user's browser in the context of the affected site or execute arbitrary code on the server.

7.5
CVSS
HIGH
HTML-injection and arbitrary-file-upload vulnerabilities
79, 434
CWE
Product Name
Drupal
Platforms Tested
Affected Version
From:
Embedded Media Field module for Drupal 6.x versions prior to 6.x-1.26 and 6.x-2.4, and for Drupal 5.x versions prior to 5.x-1.12. Media: Video Flotsam module for Drupal 6.x versions prior to 6.x-1.2. Media: Audio Flotsam module for Drupal 6.x versions prior to 6.x-1.1.
To:
2010
Show More

ScriptMagix FAQ Builder <= 2.0 (index.php) Remote Blind SQL Injection Exploit

This exploit allows an attacker to perform a blind SQL injection attack on the ScriptMagix FAQ Builder version 2.0 or lower. By exploiting this vulnerability, the attacker can extract sensitive information such as usernames and passwords from the admin database.

7.5
CVSS
HIGH
Remote Blind SQL Injection
89
CWE
Product Name
FAQ Builder
Platforms Tested
Affected Version
From:
<=2.0
To:
2
Unknown
Show More

Cross-Site Scripting Vulnerabilities in pfSense

The pfSense firewall software is prone to multiple cross-site scripting vulnerabilities due to inadequate sanitization of user-supplied input. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a targeted user, potentially leading to the theft of authentication credentials and other malicious activities.

5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name
pfSense
Platforms Tested
Affected Version
From:
2 Beta 4
To:
Unknown
Unknown
Show More

Cross-Site Scripting Vulnerability in Safe Search Plugin for WordPress

The Safe Search plugin for Wordpress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name
Safe Search Plugin
Platforms Tested
Affected Version
From:
0.7
To:
0.7
2010
Show More

Cross-Site Scripting Vulnerability in Processing Embed plugin for WordPress

The Processing Embed plugin for Wordpress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name
Processing Embed plugin for Wordpress
Platforms Tested
Affected Version
From:
0.5
To:
0.5
Unknown
Show More

SolarWinds Orion NPM Multiple Cross-Site Scripting Vulnerabilities

SolarWinds Orion NPM is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name
Orion Network Performance Monitor (NPM)
Platforms Tested
Affected Version
From:
SolarWinds Orion Network Performance Monitor (NPM) 10.1
To:
Show More

Zimplit CMS Multiple Cross-Site Scripting Vulnerabilities

Zimplit CMS is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name
Zimplit CMS
Platforms Tested
Affected Version
From:
To:

Recent Exploits:

openSIS 9.1 – SQL Injection (Authenticated)

author
Devrim Dıragumandan (d0ub1edd)
vendor
OS4Ed
severity
6.1
HIGH

dizqueTV 1.5.3 – Remote Code Execution (RCE)

author
Ahmed Said Saud Al-Busaidi
vendor
Vexorian
severity
8.1
CRITICAL

reNgine 2.2.0 – Command Injection (Authenticated)

author
Caner Tercan
vendor
reNgine
severity
7.1
HIGH

Stored Cross-Site Scripting (XSS) in NoteMark

author
Alessio Romano (sfoffo)
vendor
Enchanted Code
severity
6.1
HIGH

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

author
Photubias
vendor
Microsoft
severity
6.1
HIGH

Invesalius 3.1 – Remote Code Execution (RCE)

author
Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
vendor
Invesalius
severity
6.1
HIGH

Stored XSS in Gitea

author
Catalin Iovita & Alexandru Postolache
vendor
Gitea
severity
6.1
HIGH

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

author
Gjoko 'LiquidWorm'
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR

cqrsecured