Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2026-05-30   Notepad++ 8.9.6 - Arbitrary Code Execution 127 REMOTE Kavin Jindal
2026-05-29   Microsoft - NTLMv2 Hash Capture 53 REMOTE nu11secur1ty
2026-05-29   Wing FTP Server 8.1.3 - Authenticated Remote Code Execution 68 REMOTE Ünsal Furkan Harani
2026-05-29   strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow 44 REMOTE Lukas Johannes Moeller
2026-05-07   telnetd 2.7 - Buffer Overflow 83 REMOTE jeffbarron
2026-02-11   Windows 10.0.17763.7009 - spoofing vulnerability 278 REMOTE beatrizfn
2026-02-04   windows 10/11 - NTLM Hash Disclosure Spoofing 148 REMOTE beatrizfn
2026-02-04   Redis 8.0.2 - RCE 258 REMOTE Beatriz Fresno Naumova
2026-02-04   Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE 136 REMOTE Beatriz Fresno Naumova
2025-09-16   Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell 371 REMOTE LiquidWorm

Local Exploits

Date D   Description Plat. Author
2026-05-29   ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion 34 LOCAL Jose Rivas
2026-05-29   ZTE Routers - Unauthenticated Denial of Service 41 LOCAL Mina Nageh Salalma
2026-05-29   ZTE ZXHN H188A V6 - Authentication Bypass 36 LOCAL Mina Nageh Salalma
2026-05-29   ZTE H298A / H108N - Unauthenticated Credential Exposure 40 LOCAL Mina Nageh Salalma
2026-05-29   Linux Kernel - Local Privilege Escalation 42 LOCAL nu11secur1ty
2026-05-27   Linux Kernel - Local Privilege Escalation 49 LOCAL nu11secur1ty
2026-05-27   Realtek rtl819x - Local Privilege 37 LOCAL Daniil Gordeev
2026-05-26   Linux Kernel 6.8 - Local Privilege Escalation 44 LOCAL Long Fong Chan
2026-05-21   Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path 46 LOCAL CENACIF-MX
2026-05-15   Windows Snipping Tool - NTLMv2 Hash Hijack 50 LOCAL nu11secur1ty

Web Applications

Date D   Description Plat. Author
2026-06-08   OpenEMR 7.0.2 - Arbitrary File Read 43 WEB doany1
2026-06-05   WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection 46 WEB cardosource
2026-06-01   Drupal Core 10.5.5 - Error-Based SQL Injection 63 WEB cardosource
2026-06-01   WordPress OrderConvo 14 - Path Traversal 43 WEB Diamorphine
2026-05-30   YAMCS yamcs-core 5.12.7 - No Rate Limiting 40 WEB Daniel Miranda
2026-05-30   YAMCS yamcs-core 5.12.7 - User Enumeration 36 WEB Daniel Miranda
2026-05-30   YAMCS yamcs-core 5.12.7 - LDAP Injection 47 WEB Daniel Miranda
2026-05-29   MikroORM 7.0.13 - SQL Injection 35 WEB cardosource
2026-05-29   Prodigy Commerce 3.3.0 - Local File Inclusion 36 WEB Diamorphine
2026-05-29   Langflow 1.3.0 - Remote Code Execution 50 WEB Diamorphine

DoS/PoC

Date D   Description Plat. Author
2026-05-29   strongSwan 5.9.13 - DoS 39 DOS Lukas Johannes Moeller
2025-07-28   Xlight FTP 1.1 - Denial Of Service (DOS) 166 DOS Fernando Mengali
2024-08-28   Windows TCP/IP - RCE Checker and Denial of Service 174 DOS Photubias
2024-03-28   RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service 158 DOS ice-wzl
2024-02-26   Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS' 151 DOS hyp3rlinx
2024-02-19   XAMPP - Buffer Overflow POC 145 DOS Talson
2024-02-13   VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service 141 DOS LiquidWorm
2024-02-09   Elasticsearch - StackOverflow DoS 157 DOS TOUHAMI Kasbaoui
2024-02-02   Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS 164 DOS LiquidWorm
2023-10-09   OpenPLC WebServer 3 - Denial of Service 115 DOS Kai Feng

Shellcode

Date D   Description Plat. Author
2026-05-29   Win32 - Calc Shellcode 39 SHELLCODE Fernando Mengali
2025-08-04   Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She 191 SHELLCODE Muzaffer Umut ŞAHİN
2025-05-21   Windows 11 x64 - Reverse TCP Shellcode (564 bytes) 278 SHELLCODE Victor Huerlimann
2025-05-21   Linux/x86 - Reverse TCP Shellcode (95 bytes) 213 SHELLCODE Al Baradi Joy
2025-05-21   Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes) 167 SHELLCODE Sayan Ray
2023-09-08   Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes) 145 SHELLCODE Senzee
2023-08-21   Linux/x64 - memfd_create ELF loader Shellcode (170 bytes) 155 SHELLCODE Ivan Nikolsky
2023-07-28   Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes) 150 SHELLCODE Senzee
2023-04-25   Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode 148 SHELLCODE Nayani
2023-04-05   Linux/x86_64 - bash Shellcode with xor encoding 144 SHELLCODE Jeenika Anadani

Papers

Date D   Description Plat. Author
2018-11-16   The Powerful Resource of PHP Stream Wrappers 784 PAPERS Netsparker
2018-11-01   Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam 712 PAPERS phrack
2018-10-09   A Red Teamer’s guide to pivoting 676 PAPERS Artem Kondratenko
2018-10-08   Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) 1652 PAPERS phrack
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 1518 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 1055 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 1085 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 816 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 793 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 1064 PAPERS CWH Underground