The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2025-09-16	Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell	282	REMOTE	LiquidWorm
2025-09-16	ClipBucket 5.5.0 - Arbitrary File Upload	178	REMOTE	Mukundsinh Solanki (r00td3str0y3r)
2025-09-16	ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)	104	REMOTE	Mukundsinh Solanki (r00td3str0y3r)
2025-09-16	HTTP/2 2.0 - Denial Of Service (DOS)	87	REMOTE	Madhusudhan Rajappa
2025-09-16	HTMLDOC 1.9.13 - Stack Buffer Overflow	82	REMOTE	wulfgarpro
2025-08-26	GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)	196	REMOTE	Giorgi Dograshvili
2025-08-26	Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass	98	REMOTE	İbrahimsql
2025-08-18	Tenda AC20 16.03.08.12 - Command Injection	180	REMOTE	Byte Reaper
2025-08-18	Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure	135	REMOTE	Ruben Enkaoua
2025-08-18	PHPMyAdmin 3.0 - Bruteforce Login Bypass	189	REMOTE	Nikola Markovic

Local Exploits

Date	Description		Plat.	Author
2025-09-16	Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of P	126	LOCAL	Milad Karimi (Ex3ptionaL)
2025-09-16	Mbed TLS 3.6.4 - Use-After-Free	64	LOCAL	Byte Reaper
2025-08-26	GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure	84	LOCAL	Giorgi Dograshvili
2025-08-11	Microsoft Windows - Storage QoS Filter Driver Checker	58	LOCAL	nu11secur1ty
2025-08-03	Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)	106	LOCAL	nu11secur1ty
2025-07-28	Linux PAM Environment - Variable Injection Local Privilege Escalation	68	LOCAL	İbrahimsql
2025-07-16	Microsoft Graphics Component Windows 11 Pro (Build 26100+) - Local Elevation of	72	LOCAL	nu11secur1ty
2025-07-16	Microsoft Brokering File System Windows 11 Version 22H2 - Elevation of Privilege	84	LOCAL	nu11secur1ty
2025-07-08	Microsoft Defender for Endpoint (MDE) - Elevation of Privilege	107	LOCAL	Rich Mirch
2025-07-08	Sudo 1.9.17 Host Option - Elevation of Privilege	120	LOCAL	Rich Mirch

Web Applications

Date	Description		Plat.	Author
2026-02-02	Piranha CMS 12.0 - Stored XSS in Text Block	3	WEB	terminalvenoms
2026-02-02	RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)	3	WEB	Beatriz Fresno Naumova
2026-02-02	D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)	4	WEB	Beatriz Fresno Naumova
2026-01-17	RPi-Jukebox-RFID 2.8.0 - Remote Command Execution	30	WEB	Beatriz Fresno Naumova
2026-01-17	Siklu EtherHaul Series EH-8010 - Arbitrary File Upload	19	WEB	semaja2
2026-01-17	Siklu EtherHaul Series EH-8010 - Remote Command Execution	14	WEB	semaja2
2025-12-25	WordPress Quiz Maker 6.7.0.56 - SQL Injection	82	WEB	Rahul Sreenivasan
2025-12-25	Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cooki	26	WEB	0xsabre
2025-12-25	FreeBSD rtsold 15.x - Remote Code Execution via DNSSL	41	WEB	Lukas Johannes Möller
2025-12-16	Summar Employee Portal 3.98.0 - Authenticated SQL Injection	47	WEB	Peter Gabaldon

DoS/PoC

Date	Description		Plat.	Author
2025-07-28	Xlight FTP 1.1 - Denial Of Service (DOS)	90	DOS	Fernando Mengali
2024-08-28	Windows TCP/IP - RCE Checker and Denial of Service	83	DOS	Photubias
2024-03-28	RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service	73	DOS	ice-wzl
2024-02-26	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'	73	DOS	hyp3rlinx
2024-02-19	XAMPP - Buffer Overflow POC	67	DOS	Talson
2024-02-13	VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service	63	DOS	LiquidWorm
2024-02-09	Elasticsearch - StackOverflow DoS	83	DOS	TOUHAMI Kasbaoui
2024-02-02	Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS	94	DOS	LiquidWorm
2023-10-09	OpenPLC WebServer 3 - Denial of Service	50	DOS	Kai Feng
2023-10-09	Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service	67	DOS	LiquidWorm

Shellcode

Date	Description		Plat.	Author
2025-08-04	Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She	104	SHELLCODE	Muzaffer Umut ŞAHİN
2025-05-21	Windows 11 x64 - Reverse TCP Shellcode (564 bytes)	161	SHELLCODE	Victor Huerlimann
2025-05-21	Linux/x86 - Reverse TCP Shellcode (95 bytes)	116	SHELLCODE	Al Baradi Joy
2025-05-21	Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes)	95	SHELLCODE	Sayan Ray
2023-09-08	Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)	69	SHELLCODE	Senzee
2023-08-21	Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)	71	SHELLCODE	Ivan Nikolsky
2023-07-28	Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	78	SHELLCODE	Senzee
2023-04-25	Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode	77	SHELLCODE	Nayani
2023-04-05	Linux/x86_64 - bash Shellcode with xor encoding	59	SHELLCODE	Jeenika Anadani
2023-04-03	Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free She	81	SHELLCODE	Xavi Beltran

Papers

Date	Description		Plat.	Author
2018-11-16	The Powerful Resource of PHP Stream Wrappers	692	PAPERS	Netsparker
2018-11-01	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam	603	PAPERS	phrack
2018-10-09	A Red Teamer’s guide to pivoting	557	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	1556	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	1419	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	932	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	1003	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	760	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	717	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	967	PAPERS	CWH Underground