The Exploit Database

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Our aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Remote Exploits

Date	Description		Plat.	Author
2026-05-30	Notepad++ 8.9.6 - Arbitrary Code Execution	28	REMOTE	Kavin Jindal
2026-05-29	Microsoft - NTLMv2 Hash Capture	14	REMOTE	nu11secur1ty
2026-05-29	Wing FTP Server 8.1.3 - Authenticated Remote Code Execution	17	REMOTE	Ünsal Furkan Harani
2026-05-29	strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow	11	REMOTE	Lukas Johannes Moeller
2026-05-07	telnetd 2.7 - Buffer Overflow	48	REMOTE	jeffbarron
2026-02-11	Windows 10.0.17763.7009 - spoofing vulnerability	245	REMOTE	beatrizfn
2026-02-04	windows 10/11 - NTLM Hash Disclosure Spoofing	120	REMOTE	beatrizfn
2026-02-04	Redis 8.0.2 - RCE	202	REMOTE	Beatriz Fresno Naumova
2026-02-04	Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE	113	REMOTE	Beatriz Fresno Naumova
2025-09-16	Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell	353	REMOTE	LiquidWorm

Local Exploits

Date	Description		Plat.	Author
2026-05-29	ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion	12	LOCAL	Jose Rivas
2026-05-29	ZTE Routers - Unauthenticated Denial of Service	14	LOCAL	Mina Nageh Salalma
2026-05-29	ZTE ZXHN H188A V6 - Authentication Bypass	12	LOCAL	Mina Nageh Salalma
2026-05-29	ZTE H298A / H108N - Unauthenticated Credential Exposure	14	LOCAL	Mina Nageh Salalma
2026-05-29	Linux Kernel - Local Privilege Escalation	12	LOCAL	nu11secur1ty
2026-05-27	Linux Kernel - Local Privilege Escalation	14	LOCAL	nu11secur1ty
2026-05-27	Realtek rtl819x - Local Privilege	11	LOCAL	Daniil Gordeev
2026-05-26	Linux Kernel 6.8 - Local Privilege Escalation	16	LOCAL	Long Fong Chan
2026-05-21	Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path	24	LOCAL	CENACIF-MX
2026-05-15	Windows Snipping Tool - NTLMv2 Hash Hijack	31	LOCAL	nu11secur1ty

Web Applications

Date	Description		Plat.	Author
2026-06-01	Drupal Core 10.5.5 - Error-Based SQL Injection	6	WEB	cardosource
2026-06-01	WordPress OrderConvo 14 - Path Traversal	6	WEB	Diamorphine
2026-05-30	YAMCS yamcs-core 5.12.7 - No Rate Limiting	15	WEB	Daniel Miranda
2026-05-30	YAMCS yamcs-core 5.12.7 - User Enumeration	13	WEB	Daniel Miranda
2026-05-30	YAMCS yamcs-core 5.12.7 - LDAP Injection	18	WEB	Daniel Miranda
2026-05-29	MikroORM 7.0.13 - SQL Injection	11	WEB	cardosource
2026-05-29	Prodigy Commerce 3.3.0 - Local File Inclusion	10	WEB	Diamorphine
2026-05-29	Langflow 1.3.0 - Remote Code Execution	13	WEB	Diamorphine
2026-05-29	Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution	13	WEB	cardosource
2026-05-29	MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution	13	WEB	cardosource

DoS/PoC

Date	Description		Plat.	Author
2026-05-29	strongSwan 5.9.13 - DoS	13	DOS	Lukas Johannes Moeller
2025-07-28	Xlight FTP 1.1 - Denial Of Service (DOS)	146	DOS	Fernando Mengali
2024-08-28	Windows TCP/IP - RCE Checker and Denial of Service	152	DOS	Photubias
2024-03-28	RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service	131	DOS	ice-wzl
2024-02-26	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'	127	DOS	hyp3rlinx
2024-02-19	XAMPP - Buffer Overflow POC	126	DOS	Talson
2024-02-13	VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service	127	DOS	LiquidWorm
2024-02-09	Elasticsearch - StackOverflow DoS	139	DOS	TOUHAMI Kasbaoui
2024-02-02	Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS	147	DOS	LiquidWorm
2023-10-09	OpenPLC WebServer 3 - Denial of Service	100	DOS	Kai Feng

Shellcode

Date	Description		Plat.	Author
2026-05-29	Win32 - Calc Shellcode	11	SHELLCODE	Fernando Mengali
2025-08-04	Linux/x86_64 - execve(_/bin/sh__[_-c__cmd]_NULL) Arbitrary Command Execution She	172	SHELLCODE	Muzaffer Umut ŞAHİN
2025-05-21	Windows 11 x64 - Reverse TCP Shellcode (564 bytes)	253	SHELLCODE	Victor Huerlimann
2025-05-21	Linux/x86 - Reverse TCP Shellcode (95 bytes)	188	SHELLCODE	Al Baradi Joy
2025-05-21	Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes)	151	SHELLCODE	Sayan Ray
2023-09-08	Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)	123	SHELLCODE	Senzee
2023-08-21	Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)	140	SHELLCODE	Ivan Nikolsky
2023-07-28	Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)	137	SHELLCODE	Senzee
2023-04-25	Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode	132	SHELLCODE	Nayani
2023-04-05	Linux/x86_64 - bash Shellcode with xor encoding	124	SHELLCODE	Jeenika Anadani

Papers

Date	Description		Plat.	Author
2018-11-16	The Powerful Resource of PHP Stream Wrappers	770	PAPERS	Netsparker
2018-11-01	Phrack: Viewer Discretion Advised: (De)coding an iOS Kernel Vulnerability (Adam	693	PAPERS	phrack
2018-10-09	A Red Teamer’s guide to pivoting	651	PAPERS	Artem Kondratenko
2018-10-08	Phrack: Twenty years of Escaping the Java Sandbox (Ieu Eauvidoum & disk noise)	1633	PAPERS	phrack
2018-01-15	Phrack: .NET Instrumentation via MSIL bytecode injection (Antonio "s4tan" Parata	1504	PAPERS	phrack
2017-08-28	Abusing Token Privileges For LPE	1032	PAPERS	drone and breenmachine
2017-01-12	OpenSSL - Weak KDF	1069	PAPERS	anonymous
2014-08-27	SSDP Amplification Scanner	803	PAPERS	SaMaN
2014-06-26	[Hacking-Contest] SSH Server wrapper	783	PAPERS	Jakob Lell
2012-03-20	Full MSSQL Injection PWNage	1049	PAPERS	CWH Underground