The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2025-07-16	NodeJS 24.x - Path Traversal	47	REMOTE	Abdualhadi khalifa
2025-07-16	MikroTik RouterOS 7.19.1 - Reflected XSS	22	REMOTE	Prak Sokchea
2025-07-16	Keras 2.15 - Remote Code Execution (RCE)	29	REMOTE	Mohammed Idrees Banyamer
2025-07-08	Microsoft Outlook - Remote Code Execution (RCE)	80	REMOTE	nu11secur1ty
2025-07-08	ScriptCase 9.12.006 (23) - Remote Command Execution (RCE)	28	REMOTE	Alexandre ZANNI
2025-07-08	Microsoft PowerPoint 2019 - Remote Code Execution (RCE)	23	REMOTE	Mohammed Idrees Banyamer
2025-07-02	Microsoft SharePoint 2019 - NTLM Authentication	37	REMOTE	nu11secur1ty
2025-07-02	gogs 0.13.0 - Remote Code Execution (RCE)	52	REMOTE	cybersploit
2025-07-02	Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)	61	REMOTE	4m3rr0r
2025-06-26	McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information	74	REMOTE	Keenan Scott

Local Exploits

Date	Description		Plat.	Author
2025-07-16	Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of	11	LOCAL	nu11secur1ty
2025-07-16	Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege	12	LOCAL	nu11secur1ty
2025-07-08	Microsoft Defender for Endpoint (MDE) - Elevation of Privilege	33	LOCAL	Rich Mirch
2025-07-08	Sudo 1.9.17 Host Option - Elevation of Privilege	35	LOCAL	Rich Mirch
2025-07-08	Sudo chroot 1.9.17 - Local Privilege Escalation	28	LOCAL	Stratascale
2025-06-20	Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)	44	LOCAL	nu11secur1ty
2025-06-15	Microsoft Excel Use After Free - Local Code Execution	26	LOCAL	nu11secur1ty
2025-06-15	Parrot and DJI variants Drone OSes - Kernel Panic Exploit	20	LOCAL	Mohammed Idrees Banyamer
2025-06-09	TightVNC 2.8.83 - Control Pipe Manipulation	25	LOCAL	Ionut Zevedei
2025-06-09	Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege	46	LOCAL	Mohammed Idrees Banyamer

Web Applications

Date	Description		Plat.	Author
2025-07-16	WP Publications WordPress Plugin 1.2 - Stored XSS	23	WEB	Zeynalxan Quliyev
2025-07-16	White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)	23	WEB	Imraan Khan (Lich-Sec)
2025-07-16	SugarCRM 14.0.0 - SSRF/Code Injection	15	WEB	Egidio Romano
2025-07-16	Langflow 1.2.x - Remote Code Execution (RCE)	17	WEB	Raghad Abdallah Al-syouf
2025-07-16	TOTOLINK N300RB 8.54 - Command Execution	16	WEB	Skander BELABED - Magellan Sécurité
2025-07-16	PivotX 3.0.0 RC3 - Remote Code Execution (RCE)	14	WEB	HayToN
2025-07-08	Discourse 3.2.x - Anonymous Cache Poisoning	36	WEB	İbrahimsql
2025-07-08	Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover	38	WEB	stealthcopter
2025-07-02	Moodle 4.4.0 - Authenticated Remote Code Execution	31	WEB	Likhith Appalaneni
2025-06-26	Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)	55	WEB	Huseyin Mardinli

DoS/PoC

Date	Description		Plat.	Author
2024-08-28	Windows TCP/IP - RCE Checker and Denial of Service	32	DOS	Photubias
2024-03-28	RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service	23	DOS	ice-wzl
2024-02-26	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'	23	DOS	hyp3rlinx
2024-02-19	XAMPP - Buffer Overflow POC	29	DOS	Talson
2024-02-13	VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service	19	DOS	LiquidWorm
2024-02-09	Elasticsearch - StackOverflow DoS	27	DOS	TOUHAMI Kasbaoui
2024-02-02	Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS	25	DOS	LiquidWorm
2023-10-09	OpenPLC WebServer 3 - Denial of Service	17	DOS	Kai Feng
2023-10-09	Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service	18	DOS	LiquidWorm
2023-09-08	SyncBreeze 15.2.24 - 'login' Denial of Service	19	DOS	mohamed youssef

Shellcode

Date	Description		Plat.	Author
2025-05-21	Windows 11 x64 - Reverse TCP Shellcode (564 bytes)	67	SHELLCODE	Victor Huerlimann
2025-05-21	Linux/x86 - Reverse TCP Shellcode (95 bytes)	23	SHELLCODE	Al Baradi Joy
2025-05-21	Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes)	25	SHELLCODE	Sayan Ray
2023-09-08	Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)	18	SHELLCODE	Senzee
2023-08-21	Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)	14	SHELLCODE	Ivan Nikolsky
2023-07-28	Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	22	SHELLCODE	Senzee
2023-04-25	Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode	21	SHELLCODE	Nayani
2023-04-05	Linux/x86_64 - bash Shellcode with xor encoding	21	SHELLCODE	Jeenika Anadani
2023-04-03	Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She	17	SHELLCODE	Xavi Beltran
2023-04-01	FlipRotation v1.0 decoder - Shellcode (146 bytes)	16	SHELLCODE	Eduardo Silva

Papers

Date	Description		Plat.	Author
2018-11-16	The Powerful Resource of PHP Stream Wrappers	628	PAPERS	Netsparker
2018-11-01	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam	563	PAPERS	phrack
2018-10-09	A Red Teamer’s guide to pivoting	476	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	1507	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	1374	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	858	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	954	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	723	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	677	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	881	PAPERS	CWH Underground