The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2026-05-29	Microsoft - NTLMv2 Hash Capture	4	REMOTE	nu11secur1ty
2026-05-29	Wing FTP Server 8.1.3 - Authenticated Remote Code Execution	4	REMOTE	Ünsal Furkan Harani
2026-05-29	strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow	3	REMOTE	Lukas Johannes Moeller
2026-05-07	telnetd 2.7 - Buffer Overflow	41	REMOTE	jeffbarron
2026-02-11	Windows 10.0.17763.7009 - spoofing vulnerability	242	REMOTE	beatrizfn
2026-02-04	windows 10/11 - NTLM Hash Disclosure Spoofing	117	REMOTE	beatrizfn
2026-02-04	Redis 8.0.2 - RCE	196	REMOTE	Beatriz Fresno Naumova
2026-02-04	Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE	111	REMOTE	Beatriz Fresno Naumova
2025-09-16	Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell	350	REMOTE	LiquidWorm
2025-09-16	ClipBucket 5.5.0 - Arbitrary File Upload	263	REMOTE	Mukundsinh Solanki (r00td3str0y3r)

Local Exploits

Date	Description		Plat.	Author
2026-05-29	ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion	5	LOCAL	Jose Rivas
2026-05-29	ZTE Routers - Unauthenticated Denial of Service	5	LOCAL	Mina Nageh Salalma
2026-05-29	ZTE ZXHN H188A V6 - Authentication Bypass	5	LOCAL	Mina Nageh Salalma
2026-05-29	ZTE H298A / H108N - Unauthenticated Credential Exposure	6	LOCAL	Mina Nageh Salalma
2026-05-29	Linux Kernel - Local Privilege Escalation	4	LOCAL	nu11secur1ty
2026-05-27	Linux Kernel - Local Privilege Escalation	12	LOCAL	nu11secur1ty
2026-05-27	Realtek rtl819x - Local Privilege	8	LOCAL	Daniil Gordeev
2026-05-26	Linux Kernel 6.8 - Local Privilege Escalation	12	LOCAL	Long Fong Chan
2026-05-21	Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path	19	LOCAL	CENACIF-MX
2026-05-15	Windows Snipping Tool - NTLMv2 Hash Hijack	27	LOCAL	nu11secur1ty

Web Applications

Date	Description		Plat.	Author
2026-05-29	MikroORM 7.0.13 - SQL Injection	4	WEB	cardosource
2026-05-29	Prodigy Commerce 3.3.0 - Local File Inclusion	4	WEB	Diamorphine
2026-05-29	Langflow 1.3.0 - Remote Code Execution	6	WEB	Diamorphine
2026-05-29	Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution	5	WEB	cardosource
2026-05-29	MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution	6	WEB	cardosource
2026-05-29	CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)	2	WEB	Th3-SAx11
2026-05-27	Casdoor 3.54.1 - Arbitrary File Write via Path Traversal	10	WEB	sixpain
2026-05-27	EspoCRM 9.3.3 - SSRF	10	WEB	Max Gabriel
2026-05-27	scramble - Remote Code Execution	13	WEB	joshua
2026-05-27	MeiG Smart FORGE_SLT711 - OS Command Injection	11	WEB	Daniil Gordeev

DoS/PoC

Date	Description		Plat.	Author
2026-05-29	strongSwan 5.9.13 - DoS	3	DOS	Lukas Johannes Moeller
2025-07-28	Xlight FTP 1.1 - Denial Of Service (DOS)	145	DOS	Fernando Mengali
2024-08-28	Windows TCP/IP - RCE Checker and Denial of Service	151	DOS	Photubias
2024-03-28	RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service	131	DOS	ice-wzl
2024-02-26	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'	124	DOS	hyp3rlinx
2024-02-19	XAMPP - Buffer Overflow POC	123	DOS	Talson
2024-02-13	VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service	127	DOS	LiquidWorm
2024-02-09	Elasticsearch - StackOverflow DoS	137	DOS	TOUHAMI Kasbaoui
2024-02-02	Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS	146	DOS	LiquidWorm
2023-10-09	OpenPLC WebServer 3 - Denial of Service	99	DOS	Kai Feng

Shellcode

Date	Description		Plat.	Author
2026-05-29	Win32 - Calc Shellcode	5	SHELLCODE	Fernando Mengali
2025-08-04	Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She	171	SHELLCODE	Muzaffer Umut ŞAHİN
2025-05-21	Windows 11 x64 - Reverse TCP Shellcode (564 bytes)	250	SHELLCODE	Victor Huerlimann
2025-05-21	Linux/x86 - Reverse TCP Shellcode (95 bytes)	183	SHELLCODE	Al Baradi Joy
2025-05-21	Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes)	150	SHELLCODE	Sayan Ray
2023-09-08	Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)	121	SHELLCODE	Senzee
2023-08-21	Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)	138	SHELLCODE	Ivan Nikolsky
2023-07-28	Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	136	SHELLCODE	Senzee
2023-04-25	Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode	131	SHELLCODE	Nayani
2023-04-05	Linux/x86_64 - bash Shellcode with xor encoding	123	SHELLCODE	Jeenika Anadani

Papers

Date	Description		Plat.	Author
2018-11-16	The Powerful Resource of PHP Stream Wrappers	768	PAPERS	Netsparker
2018-11-01	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam	691	PAPERS	phrack
2018-10-09	A Red Teamer’s guide to pivoting	649	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	1629	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	1502	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	1029	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	1066	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	802	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	781	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	1046	PAPERS	CWH Underground