The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2026-02-11	Windows 10.0.17763.7009 - spoofing vulnerability	206	REMOTE	beatrizfn
2026-02-04	windows 10/11 - NTLM Hash Disclosure Spoofing	87	REMOTE	beatrizfn
2026-02-04	Redis 8.0.2 - RCE	148	REMOTE	Beatriz Fresno Naumova
2026-02-04	Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE	89	REMOTE	Beatriz Fresno Naumova
2025-09-16	Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell	329	REMOTE	LiquidWorm
2025-09-16	ClipBucket 5.5.0 - Arbitrary File Upload	240	REMOTE	Mukundsinh Solanki (r00td3str0y3r)
2025-09-16	ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)	154	REMOTE	Mukundsinh Solanki (r00td3str0y3r)
2025-09-16	HTTP/2 2.0 - Denial Of Service (DOS)	145	REMOTE	Madhusudhan Rajappa
2025-09-16	HTMLDOC 1.9.13 - Stack Buffer Overflow	130	REMOTE	wulfgarpro
2025-08-26	GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)	245	REMOTE	Giorgi Dograshvili

Local Exploits

Date	Description		Plat.	Author
2026-04-29	GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation	6	LOCAL	aliguliyev
2026-04-29	OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)	4	LOCAL	Ahmet Mersin
2026-04-29	Fedora - Local Privilege Escalation	4	LOCAL	Chris
2026-04-29	Atlona ATOMERX21 - Authenticated Command Injection	6	LOCAL	rizzziom
2026-04-22	Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation	16	LOCAL	Xavi Beltran
2026-04-22	AVAST Antivirus 25.11 - Unquoted Service Path	16	LOCAL	Milad Karimi (Ex3ptionaL)
2026-04-10	NetBT e-Fatura - Privilege Escalation	30	LOCAL	seccops
2026-04-09	ZSH 5.9 - RCE	29	LOCAL	sinanadilrana
2026-04-08	7-Zip 24.00 - Directory Traversal	32	LOCAL	Mohammed Idrees Banyamer
2026-04-08	SQLite 3.50.1 - Heap Overflow	32	LOCAL	Mohammed Idrees Banyamer

Web Applications

Date	Description		Plat.	Author
2026-04-29	HAX CMS 24.x - Stored Cross-Site Scripting (XSS)	4	WEB	banyamer
2026-04-29	Craft CMS 5.6.16 - RCE	4	WEB	banyamer
2026-04-29	phpMyFAQ 4.0.16 - Improper Authorization	5	WEB	contact
2026-04-29	GeographicLib v2.5.1 - stack buffer overflow	5	WEB	rosario
2026-04-29	OpenKM 6.3.12 - Multiple	5	WEB	skumar
2026-04-29	GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)	7	WEB	unico007x
2026-04-29	JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution	5	WEB	sardordev02
2026-04-29	FacturaScripts 2025.43 - XSS	3	WEB	uvettrivel007
2026-04-29	Xibo CMS 4.3.0 - RCE via SSTI	5	WEB	Cristian Branet
2026-04-29	LangChain Core 1.2.4 - SSTI/RCE	6	WEB	banyamer

DoS/PoC

Date	Description		Plat.	Author
2025-07-28	Xlight FTP 1.1 - Denial Of Service (DOS)	130	DOS	Fernando Mengali
2024-08-28	Windows TCP/IP - RCE Checker and Denial of Service	137	DOS	Photubias
2024-03-28	RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service	117	DOS	ice-wzl
2024-02-26	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'	110	DOS	hyp3rlinx
2024-02-19	XAMPP - Buffer Overflow POC	110	DOS	Talson
2024-02-13	VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service	111	DOS	LiquidWorm
2024-02-09	Elasticsearch - StackOverflow DoS	123	DOS	TOUHAMI Kasbaoui
2024-02-02	Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS	134	DOS	LiquidWorm
2023-10-09	OpenPLC WebServer 3 - Denial of Service	88	DOS	Kai Feng
2023-10-09	Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service	108	DOS	LiquidWorm

Shellcode

Date	Description		Plat.	Author
2025-08-04	Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She	161	SHELLCODE	Muzaffer Umut ŞAHİN
2025-05-21	Windows 11 x64 - Reverse TCP Shellcode (564 bytes)	235	SHELLCODE	Victor Huerlimann
2025-05-21	Linux/x86 - Reverse TCP Shellcode (95 bytes)	166	SHELLCODE	Al Baradi Joy
2025-05-21	Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes)	137	SHELLCODE	Sayan Ray
2023-09-08	Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)	112	SHELLCODE	Senzee
2023-08-21	Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)	126	SHELLCODE	Ivan Nikolsky
2023-07-28	Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	120	SHELLCODE	Senzee
2023-04-25	Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode	118	SHELLCODE	Nayani
2023-04-05	Linux/x86_64 - bash Shellcode with xor encoding	105	SHELLCODE	Jeenika Anadani
2023-04-03	Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She	124	SHELLCODE	Xavi Beltran

Papers

Date	Description		Plat.	Author
2018-11-16	The Powerful Resource of PHP Stream Wrappers	750	PAPERS	Netsparker
2018-11-01	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam	675	PAPERS	phrack
2018-10-09	A Red Teamer’s guide to pivoting	624	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	1607	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	1480	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	1007	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	1046	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	790	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	767	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	1022	PAPERS	CWH Underground