Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2025-07-16   NodeJS 24.x - Path Traversal 19 REMOTE Abdualhadi khalifa
2025-07-16   MikroTik RouterOS 7.19.1 - Reflected XSS 8 REMOTE Prak Sokchea
2025-07-16   Keras 2.15 - Remote Code Execution (RCE) 11 REMOTE Mohammed Idrees Banyamer
2025-07-08   Microsoft Outlook - Remote Code Execution (RCE) 58 REMOTE nu11secur1ty
2025-07-08   ScriptCase 9.12.006 (23) - Remote Command Execution (RCE) 21 REMOTE Alexandre ZANNI
2025-07-08   Microsoft PowerPoint 2019 - Remote Code Execution (RCE) 16 REMOTE Mohammed Idrees Banyamer
2025-07-02   Microsoft SharePoint 2019 - NTLM Authentication 31 REMOTE nu11secur1ty
2025-07-02   gogs 0.13.0 - Remote Code Execution (RCE) 47 REMOTE cybersploit
2025-07-02   Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE) 55 REMOTE 4m3rr0r
2025-06-26   McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information 70 REMOTE Keenan Scott

Local Exploits

Date D   Description Plat. Author
2025-07-16   Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of 4 LOCAL nu11secur1ty
2025-07-16   Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege 5 LOCAL nu11secur1ty
2025-07-08   Microsoft Defender for Endpoint (MDE) - Elevation of Privilege 28 LOCAL Rich Mirch
2025-07-08   Sudo 1.9.17 Host Option - Elevation of Privilege 30 LOCAL Rich Mirch
2025-07-08   Sudo chroot 1.9.17 - Local Privilege Escalation 23 LOCAL Stratascale
2025-06-20   Microsoft Excel LTSC 2024 - Remote Code Execution (RCE) 42 LOCAL nu11secur1ty
2025-06-15   Microsoft Excel Use After Free - Local Code Execution 22 LOCAL nu11secur1ty
2025-06-15   Parrot and DJI variants Drone OSes - Kernel Panic Exploit 16 LOCAL Mohammed Idrees Banyamer
2025-06-09   TightVNC 2.8.83 - Control Pipe Manipulation 22 LOCAL Ionut Zevedei
2025-06-09   Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege 42 LOCAL Mohammed Idrees Banyamer

Web Applications

Date D   Description Plat. Author
2025-07-16   WP Publications WordPress Plugin 1.2 - Stored XSS 7 WEB Zeynalxan Quliyev
2025-07-16   White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI) 12 WEB Imraan Khan (Lich-Sec)
2025-07-16   SugarCRM 14.0.0 - SSRF/Code Injection 7 WEB Egidio Romano
2025-07-16   Langflow 1.2.x - Remote Code Execution (RCE) 6 WEB Raghad Abdallah Al-syouf
2025-07-16   TOTOLINK N300RB 8.54 - Command Execution 9 WEB Skander BELABED - Magellan Sécurité
2025-07-16   PivotX 3.0.0 RC3 - Remote Code Execution (RCE) 6 WEB HayToN
2025-07-08   Discourse 3.2.x - Anonymous Cache Poisoning 24 WEB İbrahimsql
2025-07-08   Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover 30 WEB stealthcopter
2025-07-02   Moodle 4.4.0 - Authenticated Remote Code Execution 24 WEB Likhith Appalaneni
2025-06-26   Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE) 48 WEB Huseyin Mardinli

DoS/PoC

Date D   Description Plat. Author
2024-08-28   Windows TCP/IP - RCE Checker and Denial of Service 28 DOS Photubias
2024-03-28   RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service 18 DOS ice-wzl
2024-02-26   Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS' 17 DOS hyp3rlinx
2024-02-19   XAMPP - Buffer Overflow POC 22 DOS Talson
2024-02-13   VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service 15 DOS LiquidWorm
2024-02-09   Elasticsearch - StackOverflow DoS 23 DOS TOUHAMI Kasbaoui
2024-02-02   Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS 22 DOS LiquidWorm
2023-10-09   OpenPLC WebServer 3 - Denial of Service 14 DOS Kai Feng
2023-10-09   Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service 13 DOS LiquidWorm
2023-09-08   SyncBreeze 15.2.24 - 'login' Denial of Service 16 DOS mohamed youssef

Shellcode

Date D   Description Plat. Author
2025-05-21   Windows 11 x64 - Reverse TCP Shellcode (564 bytes) 52 SHELLCODE Victor Huerlimann
2025-05-21   Linux/x86 - Reverse TCP Shellcode (95 bytes) 19 SHELLCODE Al Baradi Joy
2025-05-21   Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes) 21 SHELLCODE Sayan Ray
2023-09-08   Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes) 12 SHELLCODE Senzee
2023-08-21   Linux/x64 - memfd_create ELF loader Shellcode (170 bytes) 12 SHELLCODE Ivan Nikolsky
2023-07-28   Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes) 16 SHELLCODE Senzee
2023-04-25   Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode 15 SHELLCODE Nayani
2023-04-05   Linux/x86_64 - bash Shellcode with xor encoding 16 SHELLCODE Jeenika Anadani
2023-04-03   Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She 13 SHELLCODE Xavi Beltran
2023-04-01   FlipRotation v1.0 decoder - Shellcode (146 bytes) 12 SHELLCODE Eduardo Silva

Papers

Date D   Description Plat. Author
2018-11-16   The Powerful Resource of PHP Stream Wrappers 623 PAPERS Netsparker
2018-11-01   Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam 559 PAPERS phrack
2018-10-09   A Red Teamer’s guide to pivoting 471 PAPERS Artem Kondratenko
2018-10-08   Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) 1502 PAPERS phrack
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 1370 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 854 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 950 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 715 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 674 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 874 PAPERS CWH Underground