The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2025-08-26	GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)	6	REMOTE	Giorgi Dograshvili
2025-08-26	Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass	6	REMOTE	İbrahimsql
2025-08-18	Tenda AC20 16.03.08.12 - Command Injection	30	REMOTE	Byte Reaper
2025-08-18	Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure	14	REMOTE	Ruben Enkaoua
2025-08-18	PHPMyAdmin 3.0 - Bruteforce Login Bypass	22	REMOTE	Nikola Markovic
2025-08-11	Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials	44	REMOTE	Byte Reaper
2025-08-11	Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE	18	REMOTE	Agampreet Singh
2025-08-11	Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection	12	REMOTE	Byte Reaper
2025-08-11	Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure	5	REMOTE	Yesith Alvarez
2025-08-11	Cisco ISE 3.0 - Authorization Bypass	10	REMOTE	İbrahimsql

Local Exploits

Date	Description		Plat.	Author
2025-08-26	GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure	2	LOCAL	Giorgi Dograshvili
2025-08-11	Microsoft Windows - Storage QoS Filter Driver Checker	9	LOCAL	nu11secur1ty
2025-08-03	Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)	32	LOCAL	nu11secur1ty
2025-07-28	Linux PAM Environment - Variable Injection Local Privilege Escalation	15	LOCAL	İbrahimsql
2025-07-16	Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of	25	LOCAL	nu11secur1ty
2025-07-16	Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege	27	LOCAL	nu11secur1ty
2025-07-08	Microsoft Defender for Endpoint (MDE) - Elevation of Privilege	50	LOCAL	Rich Mirch
2025-07-08	Sudo 1.9.17 Host Option - Elevation of Privilege	55	LOCAL	Rich Mirch
2025-07-08	Sudo chroot 1.9.17 - Local Privilege Escalation	41	LOCAL	Stratascale
2025-06-20	Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)	55	LOCAL	nu11secur1ty

Web Applications

Date	Description		Plat.	Author
2025-08-26	StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload	15	WEB	xpl0dec
2025-08-26	Lingdang CRM 8.6.4.7 - SQL Injection	3	WEB	Beatriz Fresno Naumova
2025-08-26	Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure	3	WEB	Byte Reaper
2025-08-18	Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)	11	WEB	Byte Reaper
2025-08-18	Soosyze CMS 2.0 - Brute Force Login	14	WEB	Beatriz Fresno Naumova
2025-08-18	RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)	6	WEB	Gurjot Singh
2025-08-18	BigAnt Office Messenger 5.6.06 - SQL Injection	9	WEB	Nicat Abbasov
2025-08-11	JetBrains TeamCity 2023.11.4 - Authentication Bypass	19	WEB	İbrahimsql
2025-08-11	ServiceNow Multiple Versions - Input Validation & Template Injection	10	WEB	İbrahimsql
2025-08-11	Ghost CMS 5.59.1 - Arbitrary File Read	14	WEB	İbrahimsql

DoS/PoC

Date	Description		Plat.	Author
2025-07-28	Xlight FTP 1.1 - Denial Of Service (DOS)	8	DOS	Fernando Mengali
2024-08-28	Windows TCP/IP - RCE Checker and Denial of Service	44	DOS	Photubias
2024-03-28	RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service	35	DOS	ice-wzl
2024-02-26	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'	35	DOS	hyp3rlinx
2024-02-19	XAMPP - Buffer Overflow POC	41	DOS	Talson
2024-02-13	VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service	31	DOS	LiquidWorm
2024-02-09	Elasticsearch - StackOverflow DoS	39	DOS	TOUHAMI Kasbaoui
2024-02-02	Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS	56	DOS	LiquidWorm
2023-10-09	OpenPLC WebServer 3 - Denial of Service	21	DOS	Kai Feng
2023-10-09	Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service	29	DOS	LiquidWorm

Shellcode

Date	Description		Plat.	Author
2025-08-04	Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She	17	SHELLCODE	Muzaffer Umut ŞAHİN
2025-05-21	Windows 11 x64 - Reverse TCP Shellcode (564 bytes)	94	SHELLCODE	Victor Huerlimann
2025-05-21	Linux/x86 - Reverse TCP Shellcode (95 bytes)	48	SHELLCODE	Al Baradi Joy
2025-05-21	Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes)	38	SHELLCODE	Sayan Ray
2023-09-08	Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)	27	SHELLCODE	Senzee
2023-08-21	Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)	25	SHELLCODE	Ivan Nikolsky
2023-07-28	Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	33	SHELLCODE	Senzee
2023-04-25	Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode	41	SHELLCODE	Nayani
2023-04-05	Linux/x86_64 - bash Shellcode with xor encoding	31	SHELLCODE	Jeenika Anadani
2023-04-03	Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She	37	SHELLCODE	Xavi Beltran

Papers

Date	Description		Plat.	Author
2018-11-16	The Powerful Resource of PHP Stream Wrappers	649	PAPERS	Netsparker
2018-11-01	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam	570	PAPERS	phrack
2018-10-09	A Red Teamer’s guide to pivoting	491	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	1519	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	1382	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	879	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	972	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	731	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	688	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	897	PAPERS	CWH Underground