Blog RSSExploits RSSFacebook
CVE Certified

The Exploit Database

GHDB

 

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.


Remote Exploits

Date D   Description Plat. Author
2026-05-30   Notepad++ 8.9.6 - Arbitrary Code Execution 106 REMOTE Kavin Jindal
2026-05-29   Microsoft - NTLMv2 Hash Capture 37 REMOTE nu11secur1ty
2026-05-29   Wing FTP Server 8.1.3 - Authenticated Remote Code Execution 60 REMOTE Ünsal Furkan Harani
2026-05-29   strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow 40 REMOTE Lukas Johannes Moeller
2026-05-07   telnetd 2.7 - Buffer Overflow 77 REMOTE jeffbarron
2026-02-11   Windows 10.0.17763.7009 - spoofing vulnerability 264 REMOTE beatrizfn
2026-02-04   windows 10/11 - NTLM Hash Disclosure Spoofing 139 REMOTE beatrizfn
2026-02-04   Redis 8.0.2 - RCE 253 REMOTE Beatriz Fresno Naumova
2026-02-04   Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE 133 REMOTE Beatriz Fresno Naumova
2025-09-16   Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell 371 REMOTE LiquidWorm

Local Exploits

Date D   Description Plat. Author
2026-05-29   ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion 33 LOCAL Jose Rivas
2026-05-29   ZTE Routers - Unauthenticated Denial of Service 40 LOCAL Mina Nageh Salalma
2026-05-29   ZTE ZXHN H188A V6 - Authentication Bypass 34 LOCAL Mina Nageh Salalma
2026-05-29   ZTE H298A / H108N - Unauthenticated Credential Exposure 38 LOCAL Mina Nageh Salalma
2026-05-29   Linux Kernel - Local Privilege Escalation 33 LOCAL nu11secur1ty
2026-05-27   Linux Kernel - Local Privilege Escalation 46 LOCAL nu11secur1ty
2026-05-27   Realtek rtl819x - Local Privilege 37 LOCAL Daniil Gordeev
2026-05-26   Linux Kernel 6.8 - Local Privilege Escalation 43 LOCAL Long Fong Chan
2026-05-21   Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path 43 LOCAL CENACIF-MX
2026-05-15   Windows Snipping Tool - NTLMv2 Hash Hijack 47 LOCAL nu11secur1ty

Web Applications

Date D   Description Plat. Author
2026-06-08   OpenEMR 7.0.2 - Arbitrary File Read 33 WEB doany1
2026-06-05   WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection 36 WEB cardosource
2026-06-01   Drupal Core 10.5.5 - Error-Based SQL Injection 45 WEB cardosource
2026-06-01   WordPress OrderConvo 14 - Path Traversal 33 WEB Diamorphine
2026-05-30   YAMCS yamcs-core 5.12.7 - No Rate Limiting 39 WEB Daniel Miranda
2026-05-30   YAMCS yamcs-core 5.12.7 - User Enumeration 36 WEB Daniel Miranda
2026-05-30   YAMCS yamcs-core 5.12.7 - LDAP Injection 46 WEB Daniel Miranda
2026-05-29   MikroORM 7.0.13 - SQL Injection 31 WEB cardosource
2026-05-29   Prodigy Commerce 3.3.0 - Local File Inclusion 34 WEB Diamorphine
2026-05-29   Langflow 1.3.0 - Remote Code Execution 47 WEB Diamorphine

DoS/PoC

Date D   Description Plat. Author
2026-05-29   strongSwan 5.9.13 - DoS 38 DOS Lukas Johannes Moeller
2025-07-28   Xlight FTP 1.1 - Denial Of Service (DOS) 165 DOS Fernando Mengali
2024-08-28   Windows TCP/IP - RCE Checker and Denial of Service 171 DOS Photubias
2024-03-28   RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service 158 DOS ice-wzl
2024-02-26   Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS' 149 DOS hyp3rlinx
2024-02-19   XAMPP - Buffer Overflow POC 144 DOS Talson
2024-02-13   VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service 141 DOS LiquidWorm
2024-02-09   Elasticsearch - StackOverflow DoS 157 DOS TOUHAMI Kasbaoui
2024-02-02   Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS 164 DOS LiquidWorm
2023-10-09   OpenPLC WebServer 3 - Denial of Service 114 DOS Kai Feng

Shellcode

Date D   Description Plat. Author
2026-05-29   Win32 - Calc Shellcode 35 SHELLCODE Fernando Mengali
2025-08-04   Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She 185 SHELLCODE Muzaffer Umut ŞAHİN
2025-05-21   Windows 11 x64 - Reverse TCP Shellcode (564 bytes) 278 SHELLCODE Victor Huerlimann
2025-05-21   Linux/x86 - Reverse TCP Shellcode (95 bytes) 212 SHELLCODE Al Baradi Joy
2025-05-21   Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes) 167 SHELLCODE Sayan Ray
2023-09-08   Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes) 145 SHELLCODE Senzee
2023-08-21   Linux/x64 - memfd_create ELF loader Shellcode (170 bytes) 155 SHELLCODE Ivan Nikolsky
2023-07-28   Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes) 150 SHELLCODE Senzee
2023-04-25   Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode 148 SHELLCODE Nayani
2023-04-05   Linux/x86_64 - bash Shellcode with xor encoding 143 SHELLCODE Jeenika Anadani

Papers

Date D   Description Plat. Author
2018-11-16   The Powerful Resource of PHP Stream Wrappers 782 PAPERS Netsparker
2018-11-01   Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam 712 PAPERS phrack
2018-10-09   A Red Teamer’s guide to pivoting 673 PAPERS Artem Kondratenko
2018-10-08   Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise) 1651 PAPERS phrack
2018-01-15   Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata 1517 PAPERS phrack
2017-08-28   Abusing Token Privileges For LPE 1055 PAPERS drone and breenmachine
2017-01-12   OpenSSL - Weak KDF 1085 PAPERS anonymous
2014-08-27   SSDP Amplification Scanner 816 PAPERS SaMaN
2014-06-26   [Hacking-Contest] SSH Server wrapper 793 PAPERS Jakob Lell
2012-03-20   Full MSSQL Injection PWNage 1064 PAPERS CWH Underground