Source: Exploit-DB

• [local] NetBT e-Fatura - Privilege Escalation
  Exploit-DB · cybersec · 2026-04-10 00:00 UTC · 1 min read

  NetBT e-Fatura - Privilege Escalation

• [webapps] D-Link DIR-650IN - Authenticated Command Injection
  Exploit-DB · cybersec · 2026-04-10 00:00 UTC · 1 min read

  D-Link DIR-650IN - Authenticated Command Injection

• [webapps] React Server 19.2.0 - Remote Code Execution
  Exploit-DB · cybersec · 2026-04-09 00:00 UTC · 2 min read

  React Server 19.2.0 - Remote Code Execution

• [webapps] RomM 4.4.0 - XSS_CSRF Chain
  Exploit-DB · cybersec · 2026-04-09 00:00 UTC · 2 min read

  RomM 4.4.0 - XSS_CSRF Chain

• [webapps] Jumbo Website Manager - Remote Code Execution
  Exploit-DB · cybersec · 2026-04-09 00:00 UTC · 2 min read

  Jumbo Website Manager - Remote Code Execution

• [local] ZSH 5.9 - RCE
  Exploit-DB · cybersec · 2026-04-09 00:00 UTC · 2 min read

  ZSH 5.9 - RCE

• [webapps] FortiWeb 8.0.2 - Remote Code Execution
  Exploit-DB · cybersec · 2026-04-08 00:00 UTC · 2 min read

  FortiWeb 8.0.2 - Remote Code Execution

• [local] 7-Zip 24.00 - Directory Traversal
  Exploit-DB · cybersec · 2026-04-08 00:00 UTC · 2 min read

  7-Zip 24.00 - Directory Traversal

• [webapps] xibocms 3.3.4 - RCE
  Exploit-DB · cybersec · 2026-04-08 00:00 UTC · 4 min read

  xibocms 3.3.4 - RCE

• [local] SQLite 3.50.1 - Heap Overflow
  Exploit-DB · cybersec · 2026-04-08 00:00 UTC · 3 min read

  SQLite 3.50.1 - Heap Overflow

• [local] Microsoft MMC MSC EvilTwin - Local Admin Creation
  Exploit-DB · cybersec · 2026-04-08 00:00 UTC · 2 min read

  Microsoft MMC MSC EvilTwin - Local Admin Creation

• [webapps] Horilla v1.3 - RCE
  Exploit-DB · cybersec · 2026-04-08 00:00 UTC · 3 min read

  Horilla v1.3 - RCE

• [local] is-localhost-ip 2.0.0 - SSRF
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 4 min read

  is-localhost-ip 2.0.0 - SSRF

• [webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 3 min read

  Fortinet FortiWeb v8.0.1 - Auth Bypass

• [local] Windows Kernel - Elevation of Privilege
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 7 min read

  Windows Kernel - Elevation of Privilege

• [local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 2 min read

  Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation

• [webapps] ASP.net 8.0.10 - Bypass
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 4 min read

  ASP.net 8.0.10 - Bypass

• [webapps] Grafana 11.6.0 - SSRF
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 1 min read

  Grafana 11.6.0 - SSRF

• [webapps] Zhiyuan OA - arbitrary file upload leading
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 2 min read

  Zhiyuan OA - arbitrary file upload leading

• [webapps] WBCE CMS 1.6.4 - Remote Code Execution
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 2 min read

  WBCE CMS 1.6.4 - Remote Code Execution

• [webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 1 min read

  RiteCMS 3.1.0 - Authenticated Remote Code Execution

• [webapps] WordPress Madara - Local File Inclusion
  Exploit-DB · cybersec · 2026-04-06 00:00 UTC · 1 min read

  WordPress Madara - Local File Inclusion

• [webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
  Exploit-DB · cybersec · 2026-03-03 00:00 UTC · 3 min read

  WordPress Backup Migration 1.3.7 - Remote Command Execution

• [webapps] mailcow 2025-01a - Host Header Password Reset Poisoning
  Exploit-DB · cybersec · 2026-03-03 00:00 UTC · 9 min read

  mailcow 2025-01a - Host Header Password Reset Poisoning

• [webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow
  Exploit-DB · cybersec · 2026-03-03 00:00 UTC · 9 min read

  Easy File Sharing Web Server v7.2 - Buffer Overflow

• [webapps] WeGIA 3.5.0 - SQL Injection
  Exploit-DB · cybersec · 2026-03-03 00:00 UTC · 3 min read

  WeGIA 3.5.0 - SQL Injection

• [webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)
  Exploit-DB · cybersec · 2026-03-03 00:00 UTC · 1 min read

  Boss Mini v1.4.0 - Local File Inclusion (LFI)

• [webapps] motionEye 0.43.1b4 - RCE
  Exploit-DB · cybersec · 2026-02-11 00:00 UTC · 2 min read

  motionEye 0.43.1b4 - RCE

• [remote] Windows 10.0.17763.7009 - spoofing vulnerability
  Exploit-DB · cybersec · 2026-02-11 00:00 UTC · 4 min read

  Windows 10.0.17763.7009 - spoofing vulnerability

• [local] glibc 2.38 - Buffer Overflow
  Exploit-DB · cybersec · 2026-02-11 00:00 UTC · 4 min read

  glibc 2.38 - Buffer Overflow

• [remote] windows 10/11 - NTLM Hash Disclosure Spoofing
  Exploit-DB · cybersec · 2026-02-04 00:00 UTC · 4 min read

  windows 10/11 - NTLM Hash Disclosure Spoofing

• [remote] Redis 8.0.2 - RCE
  Exploit-DB · cybersec · 2026-02-04 00:00 UTC · 2 min read

  Redis 8.0.2 - RCE

• [webapps] OctoPrint 1.11.2 - File Upload
  Exploit-DB · cybersec · 2026-02-04 00:00 UTC · 3 min read

  OctoPrint 1.11.2 - File Upload

• [remote] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
  Exploit-DB · cybersec · 2026-02-04 00:00 UTC · 3 min read

  Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE

• [webapps] aiohttp 3.9.1 - directory traversal PoC
  Exploit-DB · cybersec · 2026-02-04 00:00 UTC · 3 min read

  aiohttp 3.9.1 - directory traversal PoC

• [webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
  Exploit-DB · cybersec · 2026-02-04 00:00 UTC · 1 min read

  FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

• [local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
  Exploit-DB · cybersec · 2026-02-04 00:00 UTC · 2 min read

  Docker Desktop 4.44.3 - Unauthenticated API Exposure

• [webapps] Piranha CMS 12.0 - Stored XSS in Text Block
  Exploit-DB · cybersec · 2026-02-02 00:00 UTC · 2 min read

  Piranha CMS 12.0 - Stored XSS in Text Block

• [webapps] RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)
  Exploit-DB · cybersec · 2026-02-02 00:00 UTC · 1 min read

  RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)

• [hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
  Exploit-DB · cybersec · 2026-02-02 00:00 UTC · 1 min read

  D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)

• [webapps] RPi-Jukebox-RFID 2.8.0 - Remote Command Execution
  Exploit-DB · cybersec · 2026-01-17 00:00 UTC · 1 min read

  RPi-Jukebox-RFID 2.8.0 - Remote Command Execution

• [webapps] Siklu EtherHaul Series EH-8010 - Arbitrary File Upload
  Exploit-DB · cybersec · 2026-01-17 00:00 UTC · 3 min read

  Siklu EtherHaul Series EH-8010 - Arbitrary File Upload

• [webapps] Siklu EtherHaul Series EH-8010 - Remote Command Execution
  Exploit-DB · cybersec · 2026-01-17 00:00 UTC · 3 min read

  Siklu EtherHaul Series EH-8010 - Remote Command Execution

• [webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
  Exploit-DB · cybersec · 2025-12-25 00:00 UTC · 3 min read

  WordPress Quiz Maker 6.7.0.56 - SQL Injection

• [webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
  Exploit-DB · cybersec · 2025-12-25 00:00 UTC · 2 min read

  Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie

• [webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
  Exploit-DB · cybersec · 2025-12-25 00:00 UTC · 3 min read

  FreeBSD rtsold 15.x - Remote Code Execution via DNSSL

• [webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
  Exploit-DB · cybersec · 2025-12-16 00:00 UTC · 1 min read

  Summar Employee Portal 3.98.0 - Authenticated SQL Injection

• [webapps] esm-dev 136 - Path Traversal
  Exploit-DB · cybersec · 2025-12-16 00:00 UTC · 10 min read

  esm-dev 136 - Path Traversal

• [webapps] Pluck 4.7.7-dev2 - PHP Code Execution
  Exploit-DB · cybersec · 2025-12-08 00:00 UTC · 1 min read

  Pluck 4.7.7-dev2 - PHP Code Execution

• [webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
  Exploit-DB · cybersec · 2025-12-03 00:00 UTC · 1 min read

  phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)