Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2025-06-20   Ingress-NGINX 4.11.0 - Remote Code Execution (RCE) 28 REMOTE Likhith Appalaneni
2025-06-20   FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse 11 REMOTE Shahid Hakim
2025-06-15   WebDAV Windows 10 - Remote Code Execution (RCE) 21 REMOTE Dev Bui Hieu
2025-06-15   AirKeyboard iOS App 1.0.5 - Remote Input Injection 9 REMOTE Chokri Hammedi
2025-06-15   Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE) 11 REMOTE Mohammed Idrees Banyamer
2025-06-15   PCMan FTP Server 2.0.7 - Buffer Overflow 9 REMOTE Fernando Mengali
2025-06-13   Windows File Explorer Windows 10 Pro x64 - TAR Extraction 18 REMOTE Daniel Miranda
2025-06-13   Freefloat FTP Server 1.0 - Remote Buffer Overflow 16 REMOTE Fernando Mengali
2025-06-09   ProSSHD 1.2 20090726 - Denial of Service (DoS) 15 REMOTE Fernando Mengali
2025-06-05   Apache Tomcat 10.1.39 - Denial of Service (DoS) 36 REMOTE Abdualhadi khalifa

Local Exploits

Date D   Description Plat. Author
2025-06-20   Microsoft Excel LTSC 2024 - Remote Code Execution (RCE) 8 LOCAL nu11secur1ty
2025-06-15   Microsoft Excel Use After Free - Local Code Execution 9 LOCAL nu11secur1ty
2025-06-15   Parrot and DJI variants Drone OSes - Kernel Panic Exploit 6 LOCAL Mohammed Idrees Banyamer
2025-06-09   TightVNC 2.8.83 - Control Pipe Manipulation 14 LOCAL Ionut Zevedei
2025-06-09   Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege 20 LOCAL Mohammed Idrees Banyamer
2025-06-05   macOS LaunchDaemon iOS 17.2 - Privilege Escalation 12 LOCAL Mohammed Idrees Banyamer
2025-05-25   ABB Cylon Aspect Studio 3.08.03 - Binary Planting 7 LOCAL LiquidWorm
2025-05-25   Microsoft Windows Server 2016 - Win32k Elevation of Privilege 7 LOCAL Milad karimi
2025-05-18   Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation 9 LOCAL Marco Ivaldi
2025-05-13   TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow 10 LOCAL Mohamed Maatallah

Web Applications

Date D   Description Plat. Author
2025-06-15   Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI 20 WEB Cristian Branet
2025-06-15   PHP CGI Module 8.3.4 - Remote Code Execution (RCE) 15 WEB İbrahimsql
2025-06-15   Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation 7 WEB Milad karimi
2025-06-15   Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS) 9 WEB /bin/neko
2025-06-13   Roundcube 1.6.10 - Remote Code Execution (RCE) 22 WEB Maksim Rogov
2025-06-09   Laravel Pulse 1.3.1 - Arbitrary Code Injection 15 WEB Mohammed Idrees Banyamer
2025-06-05   CloudClassroom PHP Project 1.0 - SQL Injection 11 WEB Sanjay Singh
2025-05-29   Campcodes Online Hospital Management System 1.0 - SQL Injection 17 WEB Carine Constantino
2025-05-29   WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing 15 WEB Saleh Tarawneh
2025-05-25   Java-springboot-codebase 1.1 - Arbitrary File Read 10 WEB d3sca

DoS/PoC

Date D   Description Plat. Author
2024-08-28   Windows TCP/IP - RCE Checker and Denial of Service 10 DOS Photubias
2024-03-28   RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service 7 DOS ice-wzl
2024-02-26   Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS' 6 DOS hyp3rlinx
2024-02-19   XAMPP - Buffer Overflow POC 8 DOS Talson
2024-02-13   VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service 7 DOS LiquidWorm
2024-02-09   Elasticsearch - StackOverflow DoS 7 DOS TOUHAMI Kasbaoui
2024-02-02   Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS 8 DOS LiquidWorm
2023-10-09   OpenPLC WebServer 3 - Denial of Service 7 DOS Kai Feng
2023-10-09   Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service 6 DOS LiquidWorm
2023-09-08   SyncBreeze 15.2.24 - 'login' Denial of Service 8 DOS mohamed youssef

Shellcode

Date D   Description Plat. Author
2025-05-21   Windows 11 x64 - Reverse TCP Shellcode (564 bytes) 17 SHELLCODE Victor Huerlimann
2025-05-21   Linux/x86 - Reverse TCP Shellcode (95 bytes) 8 SHELLCODE Al Baradi Joy
2025-05-21   Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes) 12 SHELLCODE Sayan Ray
2023-09-08   Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes) 4 SHELLCODE Senzee
2023-08-21   Linux/x64 - memfd_create ELF loader Shellcode (170 bytes) 3 SHELLCODE Ivan Nikolsky
2023-07-28   Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes) 7 SHELLCODE Senzee
2023-04-25   Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode 5 SHELLCODE Nayani
2023-04-05   Linux/x86_64 - bash Shellcode with xor encoding 4 SHELLCODE Jeenika Anadani
2023-04-03   Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She 5 SHELLCODE Xavi Beltran
2023-04-01   FlipRotation v1.0 decoder - Shellcode (146 bytes) 4 SHELLCODE Eduardo Silva

Papers

Date D   Description Plat. Author
2018-11-16   The Powerful Resource of PHP Stream Wrappers 616 PAPERS Netsparker
2018-11-01   Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam 557 PAPERS phrack
2018-10-09   A Red Teamer’s guide to pivoting 461 PAPERS Artem Kondratenko
2018-10-08   Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) 1493 PAPERS phrack
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 1366 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 850 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 944 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 710 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 667 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 869 PAPERS CWH Underground