The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2026-05-07	telnetd 2.7 - Buffer Overflow	36	REMOTE	jeffbarron
2026-02-11	Windows 10.0.17763.7009 - spoofing vulnerability	241	REMOTE	beatrizfn
2026-02-04	windows 10/11 - NTLM Hash Disclosure Spoofing	116	REMOTE	beatrizfn
2026-02-04	Redis 8.0.2 - RCE	188	REMOTE	Beatriz Fresno Naumova
2026-02-04	Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE	110	REMOTE	Beatriz Fresno Naumova
2025-09-16	Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell	350	REMOTE	LiquidWorm
2025-09-16	ClipBucket 5.5.0 - Arbitrary File Upload	262	REMOTE	Mukundsinh Solanki (r00td3str0y3r)
2025-09-16	ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)	175	REMOTE	Mukundsinh Solanki (r00td3str0y3r)
2025-09-16	HTTP/2 2.0 - Denial Of Service (DOS)	171	REMOTE	Madhusudhan Rajappa
2025-09-16	HTMLDOC 1.9.13 - Stack Buffer Overflow	152	REMOTE	wulfgarpro

Local Exploits

Date	Description		Plat.	Author
2026-05-26	Linux Kernel 6.8 - Local Privilege Escalation	5	LOCAL	Long Fong Chan
2026-05-21	Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path	17	LOCAL	CENACIF-MX
2026-05-15	Windows Snipping Tool - NTLMv2 Hash Hijack	26	LOCAL	nu11secur1ty
2026-05-15	Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listi	28	LOCAL	Chokri Hammedi
2026-05-15	Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution	17	LOCAL	Chokri Hammedi
2026-05-07	NocoBase 2.0.27 - VM Sandbox Escape	28	LOCAL	onurcangencbilkent
2026-05-04	Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation	34	LOCAL	aviralyash27
2026-05-04	Linux nf_tables 6.19.3 - Local Privilege Escalation	32	LOCAL	aviralyash27
2026-05-04	Windows 11 24H2 - Local Privilege Escalation	24	LOCAL	3302509675
2026-04-30	Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap	27	LOCAL	nu11secur1ty

Web Applications

Date	Description		Plat.	Author
2026-05-26	Grav CMS 2.0.0-beta.2 - Remote Code Execution	4	WEB	Mustafa Murat Akgül
2026-05-26	Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service	5	WEB	alisunbul
2026-05-26	D-Link DSL2600U - 'rom-0' Admin Password Disclosure	3	WEB	Amir Hossein Jamshidi
2026-05-26	Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypa	3	WEB	Amir Hossein Jamshidi
2026-05-26	cPanel - CRLF Injection	4	WEB	nu11secur1ty
2026-05-21	Cockpit 359 - RCE	27	WEB	Abdelazim Mohammed
2026-05-21	BookStack 25.12.1 - Denial of Service	12	WEB	Gabriel Rodrigues
2026-05-21	solaredge - (CSRF-OOB-Injection)	9	WEB	nu11secur1ty
2026-05-21	FUXA 1.2.9 - RCE	10	WEB	Anthony Cihan
2026-05-14	WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI	26	WEB	bootstrapbool

DoS/PoC

Date	Description		Plat.	Author
2025-07-28	Xlight FTP 1.1 - Denial Of Service (DOS)	145	DOS	Fernando Mengali
2024-08-28	Windows TCP/IP - RCE Checker and Denial of Service	151	DOS	Photubias
2024-03-28	RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service	131	DOS	ice-wzl
2024-02-26	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'	124	DOS	hyp3rlinx
2024-02-19	XAMPP - Buffer Overflow POC	123	DOS	Talson
2024-02-13	VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service	127	DOS	LiquidWorm
2024-02-09	Elasticsearch - StackOverflow DoS	137	DOS	TOUHAMI Kasbaoui
2024-02-02	Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS	146	DOS	LiquidWorm
2023-10-09	OpenPLC WebServer 3 - Denial of Service	99	DOS	Kai Feng
2023-10-09	Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service	120	DOS	LiquidWorm

Shellcode

Date	Description		Plat.	Author
2025-08-04	Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She	169	SHELLCODE	Muzaffer Umut ŞAHİN
2025-05-21	Windows 11 x64 - Reverse TCP Shellcode (564 bytes)	250	SHELLCODE	Victor Huerlimann
2025-05-21	Linux/x86 - Reverse TCP Shellcode (95 bytes)	182	SHELLCODE	Al Baradi Joy
2025-05-21	Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes)	149	SHELLCODE	Sayan Ray
2023-09-08	Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)	120	SHELLCODE	Senzee
2023-08-21	Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)	138	SHELLCODE	Ivan Nikolsky
2023-07-28	Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	136	SHELLCODE	Senzee
2023-04-25	Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode	130	SHELLCODE	Nayani
2023-04-05	Linux/x86_64 - bash Shellcode with xor encoding	123	SHELLCODE	Jeenika Anadani
2023-04-03	Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She	138	SHELLCODE	Xavi Beltran

Papers

Date	Description		Plat.	Author
2018-11-16	The Powerful Resource of PHP Stream Wrappers	768	PAPERS	Netsparker
2018-11-01	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam	691	PAPERS	phrack
2018-10-09	A Red Teamer’s guide to pivoting	648	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	1628	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	1502	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	1029	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	1064	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	800	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	781	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	1045	PAPERS	CWH Underground