Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2026-05-30   Notepad++ 8.9.6 - Arbitrary Code Execution 138 REMOTE Kavin Jindal
2026-05-29   Microsoft - NTLMv2 Hash Capture 66 REMOTE nu11secur1ty
2026-05-29   Wing FTP Server 8.1.3 - Authenticated Remote Code Execution 74 REMOTE Ünsal Furkan Harani
2026-05-29   strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow 51 REMOTE Lukas Johannes Moeller
2026-05-07   telnetd 2.7 - Buffer Overflow 84 REMOTE jeffbarron
2026-02-11   Windows 10.0.17763.7009 - spoofing vulnerability 279 REMOTE beatrizfn
2026-02-04   windows 10/11 - NTLM Hash Disclosure Spoofing 153 REMOTE beatrizfn
2026-02-04   Redis 8.0.2 - RCE 261 REMOTE Beatriz Fresno Naumova
2026-02-04   Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE 137 REMOTE Beatriz Fresno Naumova
2025-09-16   Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell 374 REMOTE LiquidWorm

Local Exploits

Date D   Description Plat. Author
2026-05-29   ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion 36 LOCAL Jose Rivas
2026-05-29   ZTE Routers - Unauthenticated Denial of Service 45 LOCAL Mina Nageh Salalma
2026-05-29   ZTE ZXHN H188A V6 - Authentication Bypass 37 LOCAL Mina Nageh Salalma
2026-05-29   ZTE H298A / H108N - Unauthenticated Credential Exposure 41 LOCAL Mina Nageh Salalma
2026-05-29   Linux Kernel - Local Privilege Escalation 45 LOCAL nu11secur1ty
2026-05-27   Linux Kernel - Local Privilege Escalation 52 LOCAL nu11secur1ty
2026-05-27   Realtek rtl819x - Local Privilege 39 LOCAL Daniil Gordeev
2026-05-26   Linux Kernel 6.8 - Local Privilege Escalation 44 LOCAL Long Fong Chan
2026-05-21   Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path 46 LOCAL CENACIF-MX
2026-05-15   Windows Snipping Tool - NTLMv2 Hash Hijack 52 LOCAL nu11secur1ty

Web Applications

Date D   Description Plat. Author
2026-06-08   OpenEMR 7.0.2 - Arbitrary File Read 46 WEB doany1
2026-06-05   WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection 52 WEB cardosource
2026-06-01   Drupal Core 10.5.5 - Error-Based SQL Injection 66 WEB cardosource
2026-06-01   WordPress OrderConvo 14 - Path Traversal 44 WEB Diamorphine
2026-05-30   YAMCS yamcs-core 5.12.7 - No Rate Limiting 40 WEB Daniel Miranda
2026-05-30   YAMCS yamcs-core 5.12.7 - User Enumeration 37 WEB Daniel Miranda
2026-05-30   YAMCS yamcs-core 5.12.7 - LDAP Injection 47 WEB Daniel Miranda
2026-05-29   MikroORM 7.0.13 - SQL Injection 37 WEB cardosource
2026-05-29   Prodigy Commerce 3.3.0 - Local File Inclusion 39 WEB Diamorphine
2026-05-29   Langflow 1.3.0 - Remote Code Execution 52 WEB Diamorphine

DoS/PoC

Date D   Description Plat. Author
2026-05-29   strongSwan 5.9.13 - DoS 41 DOS Lukas Johannes Moeller
2025-07-28   Xlight FTP 1.1 - Denial Of Service (DOS) 167 DOS Fernando Mengali
2024-08-28   Windows TCP/IP - RCE Checker and Denial of Service 176 DOS Photubias
2024-03-28   RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service 164 DOS ice-wzl
2024-02-26   Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS' 152 DOS hyp3rlinx
2024-02-19   XAMPP - Buffer Overflow POC 145 DOS Talson
2024-02-13   VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service 142 DOS LiquidWorm
2024-02-09   Elasticsearch - StackOverflow DoS 158 DOS TOUHAMI Kasbaoui
2024-02-02   Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS 164 DOS LiquidWorm
2023-10-09   OpenPLC WebServer 3 - Denial of Service 115 DOS Kai Feng

Shellcode

Date D   Description Plat. Author
2026-05-29   Win32 - Calc Shellcode 42 SHELLCODE Fernando Mengali
2025-08-04   Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She 192 SHELLCODE Muzaffer Umut ŞAHİN
2025-05-21   Windows 11 x64 - Reverse TCP Shellcode (564 bytes) 279 SHELLCODE Victor Huerlimann
2025-05-21   Linux/x86 - Reverse TCP Shellcode (95 bytes) 213 SHELLCODE Al Baradi Joy
2025-05-21   Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes) 169 SHELLCODE Sayan Ray
2023-09-08   Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes) 145 SHELLCODE Senzee
2023-08-21   Linux/x64 - memfd_create ELF loader Shellcode (170 bytes) 156 SHELLCODE Ivan Nikolsky
2023-07-28   Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes) 151 SHELLCODE Senzee
2023-04-25   Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode 149 SHELLCODE Nayani
2023-04-05   Linux/x86_64 - bash Shellcode with xor encoding 144 SHELLCODE Jeenika Anadani

Papers

Date D   Description Plat. Author
2018-11-16   The Powerful Resource of PHP Stream Wrappers 789 PAPERS Netsparker
2018-11-01   Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam 713 PAPERS phrack
2018-10-09   A Red Teamer’s guide to pivoting 676 PAPERS Artem Kondratenko
2018-10-08   Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) 1652 PAPERS phrack
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 1519 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 1055 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 1086 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 817 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 795 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 2172 PAPERS CWH Underground