Exploit-DB updates
订阅

最新

1. [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
2. [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
3. [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
4. [webapps] openSIS 9.1 - SQLi (Authenticated)
5. [dos] Windows TCP/IP - RCE Checker and Denial of Service
6. [webapps] Invesalius3 - Remote Code Execution
7. [webapps] Gitea 1.22.0 - Stored XSS
8. [webapps] NoteMark < 0.13.0 - Stored XSS
9. [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
10. [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure
11. [webapps] HughesNet HT2000W Satellite Modem - Password Reset
12. [webapps] Aurba 501 - Authenticated RCE
13. [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
14. [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
15. [webapps] Calibre-web 0.6.21 - Stored XSS
16. [webapps] Helpdeskz v2.0.2 - Stored XSS
17. [webapps] Ivanti vADC 9.9 - Authentication Bypass
18. [local] Oracle Database 12c Release 1 - Unquoted Service Path
19. [local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
20. [local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path
21. [webapps] Devika v1 - Path Traversal via 'snapshot_path'
22. [local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
23. [webapps] Microweber 2.0.15 - Stored XSS
24. [webapps] Azon Dominator Affiliate Marketing Script - SQL Injection
25. [webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection
26. [webapps] Customer Support System 1.0 - Stored XSS
27. [webapps] SolarWinds Platform 2024.1 SR1 - Race Condition
28. [webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
29. [webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
30. [webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
31. [webapps] Carbon Forum 5.9.0 - Stored XSS
32. [webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
33. [webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.
34. [webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
35. [webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
36. [webapps] Boelter Blue System Management 1.3 - SQL Injection
37. [webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
38. [webapps] XMB 1.9.12.06 - Stored XSS
39. [webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)
40. [webapps] Dotclear 2.29 - Remote Code Execution (RCE)
41. [webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)
42. [webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)
43. [webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
44. [webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)
45. [webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
46. [webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
47. [webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
48. [webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)
49. [webapps] Aquatronica Control System 5.1.6 - Information Disclosure
50. [webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)
更新于 23 分钟前

近期历史最近 100 条记录

2024-11-15 [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
2024-10-02 [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
2024-10-02 [webapps] openSIS 9.1 - SQLi (Authenticated)
2024-10-02 [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
2024-08-29 [dos] Windows TCP/IP - RCE Checker and Denial of Service
2024-08-29 [webapps] Gitea 1.22.0 - Stored XSS
2024-08-29 [webapps] Invesalius3 - Remote Code Execution
2024-08-29 [webapps] NoteMark < 0.13.0 - Stored XSS
2024-08-24 [webapps] HughesNet HT2000W Satellite Modem - Password Reset
2024-08-24 [webapps] Aurba 501 - Authenticated RCE
2024-08-24 [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
2024-08-24 [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
2024-08-24 [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
2024-08-24 [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure
2024-08-23 [webapps] Calibre-web 0.6.21 - Stored XSS
2024-08-23 [webapps] Helpdeskz v2.0.2 - Stored XSS
2024-08-04 [webapps] Ivanti vADC 9.9 - Authentication Bypass
2024-08-04 [local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path
2024-08-04 [local] Oracle Database 12c Release 1 - Unquoted Service Path
2024-08-04 [local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
2024-08-04 [webapps] Devika v1 - Path Traversal via 'snapshot_path'
2024-07-17 [local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
2024-07-01 [webapps] Azon Dominator Affiliate Marketing Script - SQL Injection
2024-07-01 [webapps] Microweber 2.0.15 - Stored XSS
2024-07-01 [webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection
2024-07-01 [webapps] Customer Support System 1.0 - Stored XSS
2024-06-26 [webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
2024-06-26 [webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
2024-06-26 [webapps] SolarWinds Platform 2024.1 SR1 - Race Condition
2024-06-26 [webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
2024-06-14 [webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
2024-06-14 [remote] Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)
2024-06-14 [webapps] ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)
2024-06-14 [webapps] Boelter Blue System Management 1.3 - SQL Injection
2024-06-14 [webapps] Rebar3 3.13.2 - Command Injection
2024-06-14 [webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
2024-06-14 [webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.
2024-06-14 [webapps] Carbon Forum 5.9.0 - Stored XSS
2024-06-14 [webapps] XMB 1.9.12.06 - Stored XSS
2024-06-14 [webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)
2024-06-14 [webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
2024-06-03 [webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
2024-06-03 [webapps] Dotclear 2.29 - Remote Code Execution (RCE)
2024-06-03 [webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE)
2024-06-03 [webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE)
2024-06-03 [webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
2024-06-03 [webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS)
2024-06-03 [webapps] Serendipity 2.5.0 - Remote Code Execution (RCE)
2024-06-01 [webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
2024-06-01 [webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
2024-06-01 [remote] Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure
2024-06-01 [remote] ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access
2024-06-01 [webapps] Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)
2024-05-31 [webapps] Aquatronica Control System 5.1.6 - Information Disclosure
2024-05-31 [webapps] BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
2024-05-31 [webapps] iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
2024-05-31 [webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
2024-05-31 [webapps] changedetection < 0.45.20 - Remote Code Execution (RCE)
2024-05-31 [webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated)
2024-05-19 [webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
2024-05-19 [webapps] Wordpress Theme XStore 9.3.8 - SQLi
2024-05-19 [webapps] Apache OFBiz 18.12.12 - Directory Traversal
2024-05-19 [webapps] Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
2024-05-19 [webapps] PopojiCMS 2.0.1 - Remote Command Execution (RCE)
2024-05-19 [webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE)
2024-05-14 [webapps] PyroCMS v3.0.1 - Stored XSS
2024-05-14 [remote] CrushFTP < 11.1.0 - Directory Traversal
2024-05-14 [webapps] Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)
2024-05-14 [webapps] Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
2024-05-14 [webapps] CE Phoenix Version 1.0.8.20 - Stored XSS
2024-05-14 [webapps] Prison Management System - SQL Injection Authentication Bypass
2024-05-14 [webapps] Apache mod_proxy_cluster - Stored XSS
2024-05-14 [local] Plantronics Hub 3.25.1 - Arbitrary File Read
2024-05-09 [webapps] Clinic Queuing System 1.0 - RCE
2024-05-09 [webapps] iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)
2024-05-05 [webapps] Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass
2024-05-05 [webapps] Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure
2024-05-05 [webapps] Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass
2024-05-05 [webapps] Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
2024-05-05 [webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass
2024-05-05 [webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure
2024-04-22 [webapps] Laravel Framework 11 - Credential Leakage
2024-04-22 [webapps] SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
2024-04-22 [webapps] Flowise 1.6.5 - Authentication Bypass
2024-04-21 [remote] Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
2024-04-21 [webapps] FlatPress v1.3 - Remote Command Execution
2024-04-21 [webapps] Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
2024-04-15 [webapps] djangorestframework-simplejwt 5.3.1 - Information Disclosure
2024-04-15 [webapps] Jenkins 2.441 - Local File Inclusion
2024-04-15 [webapps] OpenClinic GA 5.247.01 - Information Disclosure
2024-04-15 [webapps] OpenClinic GA 5.247.01 - Path Traversal (Authenticated)
2024-04-14 [webapps] Stock Management System v1.0 - Unauthenticated SQL Injection
2024-04-14 [webapps] Online Fire Reporting System OFRS - SQL Injection Authentication Bypass
2024-04-14 [webapps] BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE
2024-04-14 [webapps] Savsoft Quiz v6.0 Enterprise - Stored XSS
2024-04-13 [webapps] Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)
2024-04-13 [webapps] PopojiCMS Version 2.0.1 - Remote Command Execution
2024-04-13 [local] PrusaSlicer 2.6.1 - Arbitrary code execution
2024-04-13 [webapps] Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter
2024-04-13 [webapps] WBCE 1.6.0 - Unauthenticated SQL injection

匿名用户只展示最新 100 条榜单历史,更多历史数据请登录后查看,支持时光机按天筛选

Sponsors

今日解忧 - 赛博修行,舒缓静心,21世纪解压神器!
今日历 - 全球最全的日历,日历届的航空母舰!
百晓生AI - 全能创作助手