The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2026-02-11	Windows 10.0.17763.7009 - spoofing vulnerability	97	REMOTE	beatrizfn
2026-02-04	windows 10/11 - NTLM Hash Disclosure Spoofing	64	REMOTE	beatrizfn
2026-02-04	Redis 8.0.2 - RCE	107	REMOTE	Beatriz Fresno Naumova
2026-02-04	Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE	74	REMOTE	Beatriz Fresno Naumova
2025-09-16	Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell	313	REMOTE	LiquidWorm
2025-09-16	ClipBucket 5.5.0 - Arbitrary File Upload	227	REMOTE	Mukundsinh Solanki (r00td3str0y3r)
2025-09-16	ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)	137	REMOTE	Mukundsinh Solanki (r00td3str0y3r)
2025-09-16	HTTP/2 2.0 - Denial Of Service (DOS)	131	REMOTE	Madhusudhan Rajappa
2025-09-16	HTMLDOC 1.9.13 - Stack Buffer Overflow	116	REMOTE	wulfgarpro
2025-08-26	GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)	232	REMOTE	Giorgi Dograshvili

Local Exploits

Date	Description		Plat.	Author
2026-02-11	glibc 2.38 - Buffer Overflow	45	LOCAL	Beatriz Fresno Naumova
2026-02-04	Docker Desktop 4.44.3 - Unauthenticated API Exposure	48	LOCAL	aprillefou
2025-09-16	Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of P	169	LOCAL	Milad Karimi (Ex3ptionaL)
2025-09-16	Mbed TLS 3.6.4 - Use-After-Free	94	LOCAL	Byte Reaper
2025-08-26	GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure	114	LOCAL	Giorgi Dograshvili
2025-08-11	Microsoft Windows - Storage QoS Filter Driver Checker	75	LOCAL	nu11secur1ty
2025-08-03	Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)	143	LOCAL	nu11secur1ty
2025-07-28	Linux PAM Environment - Variable Injection Local Privilege Escalation	96	LOCAL	İbrahimsql
2025-07-16	Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of	106	LOCAL	nu11secur1ty
2025-07-16	Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege	108	LOCAL	nu11secur1ty

Web Applications

Date	Description		Plat.	Author
2026-03-03	WordPress Backup Migration 1.3.7 - Remote Command Execution	59	WEB	dangwenjing
2026-03-03	mailcow 2025-01a - Host Header Password Reset Poisoning	22	WEB	alvarez
2026-03-03	Easy File Sharing Web Server v7.2 - Buffer Overflow	25	WEB	diogo
2026-03-03	WeGIA 3.5.0 - SQL Injection	36	WEB	onurdemir
2026-03-03	Boss Mini v1.4.0 - Local File Inclusion (LFI)	18	WEB	andersoncezar048
2026-02-11	motionEye 0.43.1b4 - RCE	43	WEB	prabhat
2026-02-04	OctoPrint 1.11.2 - File Upload	68	WEB	prabhat
2026-02-04	aiohttp 3.9.1 - directory traversal PoC	42	WEB	Beatriz Fresno Naumova
2026-02-04	FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution	40	WEB	Milad Karimi (Ex3ptionaL)
2026-02-02	Piranha CMS 12.0 - Stored XSS in Text Block	41	WEB	terminalvenoms

DoS/PoC

Date	Description		Plat.	Author
2025-07-28	Xlight FTP 1.1 - Denial Of Service (DOS)	119	DOS	Fernando Mengali
2024-08-28	Windows TCP/IP - RCE Checker and Denial of Service	110	DOS	Photubias
2024-03-28	RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service	99	DOS	ice-wzl
2024-02-26	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'	97	DOS	hyp3rlinx
2024-02-19	XAMPP - Buffer Overflow POC	95	DOS	Talson
2024-02-13	VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service	94	DOS	LiquidWorm
2024-02-09	Elasticsearch - StackOverflow DoS	109	DOS	TOUHAMI Kasbaoui
2024-02-02	Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS	118	DOS	LiquidWorm
2023-10-09	OpenPLC WebServer 3 - Denial of Service	75	DOS	Kai Feng
2023-10-09	Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service	96	DOS	LiquidWorm

Shellcode

Date	Description		Plat.	Author
2025-08-04	Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She	145	SHELLCODE	Muzaffer Umut ŞAHİN
2025-05-21	Windows 11 x64 - Reverse TCP Shellcode (564 bytes)	222	SHELLCODE	Victor Huerlimann
2025-05-21	Linux/x86 - Reverse TCP Shellcode (95 bytes)	150	SHELLCODE	Al Baradi Joy
2025-05-21	Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes)	127	SHELLCODE	Sayan Ray
2023-09-08	Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)	101	SHELLCODE	Senzee
2023-08-21	Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)	101	SHELLCODE	Ivan Nikolsky
2023-07-28	Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	107	SHELLCODE	Senzee
2023-04-25	Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode	105	SHELLCODE	Nayani
2023-04-05	Linux/x86_64 - bash Shellcode with xor encoding	89	SHELLCODE	Jeenika Anadani
2023-04-03	Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She	111	SHELLCODE	Xavi Beltran

Papers

Date	Description		Plat.	Author
2018-11-16	The Powerful Resource of PHP Stream Wrappers	726	PAPERS	Netsparker
2018-11-01	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam	647	PAPERS	phrack
2018-10-09	A Red Teamer’s guide to pivoting	602	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	1592	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	1455	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	984	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	1035	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	780	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	754	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	1003	PAPERS	CWH Underground