
The Exploit Database
The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.
Remote Exploits
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2025-07-08 |
![]() |
Microsoft Outlook - Remote Code Execution (RCE) | 1 | REMOTE | nu11secur1ty |
2025-07-08 |
![]() |
ScriptCase 9.12.006 (23) - Remote Command Execution (RCE) | 2 | REMOTE | Alexandre ZANNI |
2025-07-08 |
![]() |
Microsoft PowerPoint 2019 - Remote Code Execution (RCE) | 3 | REMOTE | Mohammed Idrees Banyamer |
2025-07-02 |
![]() |
Microsoft SharePoint 2019 - NTLM Authentication | 20 | REMOTE | nu11secur1ty |
2025-07-02 |
![]() |
gogs 0.13.0 - Remote Code Execution (RCE) | 20 | REMOTE | cybersploit |
2025-07-02 |
![]() |
Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE) | 25 | REMOTE | 4m3rr0r |
2025-06-26 |
![]() |
McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information | 56 | REMOTE | Keenan Scott |
2025-06-26 |
![]() |
Microsoft Excel 2024 Use after free - Remote Code Execution (RCE) | 46 | REMOTE | nu11secur1ty |
2025-06-26 |
![]() |
freeSSHd 1.0.9 - Denial of Service (DoS) | 20 | REMOTE | Fernando Mengali |
2025-06-26 |
![]() |
OneTrust SDK 6.33.0 - Denial Of Service (DoS) | 17 | REMOTE | Alameen Karim Merali |
Local Exploits
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2025-07-08 |
![]() |
Microsoft Defender for Endpoint (MDE) - Elevation of Privilege | 1 | LOCAL | Rich Mirch |
2025-07-08 |
![]() |
Sudo 1.9.17 Host Option - Elevation of Privilege | 2 | LOCAL | Rich Mirch |
2025-07-08 |
![]() |
Sudo chroot 1.9.17 - Local Privilege Escalation | 2 | LOCAL | Stratascale |
2025-06-20 |
![]() |
Microsoft Excel LTSC 2024 - Remote Code Execution (RCE) | 37 | LOCAL | nu11secur1ty |
2025-06-15 |
![]() |
Microsoft Excel Use After Free - Local Code Execution | 16 | LOCAL | nu11secur1ty |
2025-06-15 |
![]() |
Parrot and DJI variants Drone OSes - Kernel Panic Exploit | 12 | LOCAL | Mohammed Idrees Banyamer |
2025-06-09 |
![]() |
TightVNC 2.8.83 - Control Pipe Manipulation | 17 | LOCAL | Ionut Zevedei |
2025-06-09 |
![]() |
Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege | 32 | LOCAL | Mohammed Idrees Banyamer |
2025-06-05 |
![]() |
macOS LaunchDaemon iOS 17.2 - Privilege Escalation | 17 | LOCAL | Mohammed Idrees Banyamer |
2025-05-25 |
![]() |
ABB Cylon Aspect Studio 3.08.03 - Binary Planting | 7 | LOCAL | LiquidWorm |
Web Applications
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2025-07-08 | ![]() |
Discourse 3.2.x - Anonymous Cache Poisoning | 4 | WEB | İbrahimsql |
2025-07-08 | ![]() |
Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover | 5 | WEB | stealthcopter |
2025-07-02 | ![]() |
Moodle 4.4.0 - Authenticated Remote Code Execution | 14 | WEB | Likhith Appalaneni |
2025-06-26 | ![]() |
Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE) | 37 | WEB | Huseyin Mardinli |
2025-06-26 | ![]() |
Sitecore 10.4 - Remote Code Execution (RCE) | 15 | WEB | Yesith Alvarez |
2025-06-26 | ![]() |
Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE) | 13 | WEB | Zen-kun04 |
2025-06-15 | ![]() |
Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI | 31 | WEB | Cristian Branet |
2025-06-15 | ![]() |
PHP CGI Module 8.3.4 - Remote Code Execution (RCE) | 28 | WEB | İbrahimsql |
2025-06-15 | ![]() |
Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation | 13 | WEB | Milad karimi |
2025-06-15 | ![]() |
Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS) | 15 | WEB | /bin/neko |
DoS/PoC
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2024-08-28 | ![]() |
Windows TCP/IP - RCE Checker and Denial of Service | 21 | DOS | Photubias |
2024-03-28 | ![]() |
RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service | 12 | DOS | ice-wzl |
2024-02-26 | ![]() |
Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS' | 12 | DOS | hyp3rlinx |
2024-02-19 | ![]() |
XAMPP - Buffer Overflow POC | 14 | DOS | Talson |
2024-02-13 | ![]() |
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service | 13 | DOS | LiquidWorm |
2024-02-09 | ![]() |
Elasticsearch - StackOverflow DoS | 16 | DOS | TOUHAMI Kasbaoui |
2024-02-02 | ![]() |
Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS | 15 | DOS | LiquidWorm |
2023-10-09 | ![]() |
OpenPLC WebServer 3 - Denial of Service | 11 | DOS | Kai Feng |
2023-10-09 | ![]() |
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service | 10 | DOS | LiquidWorm |
2023-09-08 | ![]() |
SyncBreeze 15.2.24 - 'login' Denial of Service | 11 | DOS | mohamed youssef |
Shellcode
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2025-05-21 | ![]() |
Windows 11 x64 - Reverse TCP Shellcode (564 bytes) | 35 | SHELLCODE | Victor Huerlimann |
2025-05-21 | ![]() |
Linux/x86 - Reverse TCP Shellcode (95 bytes) | 16 | SHELLCODE | Al Baradi Joy |
2025-05-21 | ![]() |
Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes) | 17 | SHELLCODE | Sayan Ray |
2023-09-08 | ![]() |
Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes) | 10 | SHELLCODE | Senzee |
2023-08-21 | ![]() |
Linux/x64 - memfd_create ELF loader Shellcode (170 bytes) | 8 | SHELLCODE | Ivan Nikolsky |
2023-07-28 | ![]() |
Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes) | 12 | SHELLCODE | Senzee |
2023-04-25 | ![]() |
Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode | 9 | SHELLCODE | Nayani |
2023-04-05 | ![]() |
Linux/x86_64 - bash Shellcode with xor encoding | 11 | SHELLCODE | Jeenika Anadani |
2023-04-03 | ![]() |
Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She | 8 | SHELLCODE | Xavi Beltran |
2023-04-01 | ![]() |
FlipRotation v1.0 decoder - Shellcode (146 bytes) | 9 | SHELLCODE | Eduardo Silva |
Papers
Date | D | Description | Plat. | Author | |
---|---|---|---|---|---|
2018-11-16 | ![]() |
The Powerful Resource of PHP Stream Wrappers | 621 | PAPERS | Netsparker |
2018-11-01 | ![]() |
Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam | 559 | PAPERS | phrack |
2018-10-09 | ![]() |
A Red Teamer’s guide to pivoting | 467 | PAPERS | Artem Kondratenko |
2018-10-08 | ![]() |
Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) | 1499 | PAPERS | phrack |
2018-01-15 | ![]() |
Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata | 1369 | PAPERS | phrack |
2017-08-28 | ![]() |
Abusing Token Privileges For LPE | 853 | PAPERS | drone and breenmachine |
2017-01-12 | ![]() |
OpenSSL - Weak KDF | 949 | PAPERS | anonymous |
2014-08-27 | ![]() |
SSDP Amplification Scanner | 712 | PAPERS | SaMaN |
2014-06-26 | ![]() |
[Hacking-Contest] SSH Server wrapper | 672 | PAPERS | Jakob Lell |
2012-03-20 | ![]() |
Full MSSQL Injection PWNage | 871 | PAPERS | CWH Underground |