0x04 // Latest Exploits
source: Exploit-DB →
Type
EDB-ID
CVE
Platform
Exploit
Published
WebApps
EDB-52629
CVE-2026-38526
multiple
Krayin CRM v2.2.x - Authenticated Remote Code Execution
Jul 8, 2026
WebApps
EDB-52628
CVE-2025-60188
multiple
Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure
Jul 8, 2026
WebApps
EDB-52626
CVE-2026-56290
multiple
Joomla Page Builder CK 3.5.10 - Arbitrary File Upload
Jul 8, 2026
Local
EDB-52615
CVE-2026-36213
windows
MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation
Jul 6, 2026
WebApps
EDB-52611
CVE-2026-49069
multiple
WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting (XSS)
Jul 6, 2026
WebApps
EDB-52609
CVE-2026-3180
multiple
WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
Jun 5, 2026
WebApps
EDB-52596
CVE-2026-1830
multiple
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
May 29, 2026
Local
EDB-52595
CVE-2026-46522
multiple
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
May 29, 2026
Local
EDB-52594
CVE-2026-34473
multiple
ZTE Routers - Unauthenticated Denial of Service
May 29, 2026
Local
EDB-52592
CVE-2026-34474
multiple
ZTE H298A / H108N - Unauthenticated Credential Exposure
May 29, 2026
WebApps
EDB-52590
CVE-2026-42471
php
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
May 29, 2026
Remote
EDB-52589
CVE-2026-44403
multiple
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
May 29, 2026
WebApps
EDB-52588
CVE-2026-44376
multiple
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
May 29, 2026
Remote
EDB-52587
CVE-2026-35330
multiple
strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
May 29, 2026
WebApps
EDB-52584
CVE-2026-6815
go
Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
May 27, 2026
WebApps
EDB-52577
CVE-2026-23918
multiple
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
May 26, 2026
WebApps
EDB-52575
CVE-2026-7567
multiple
Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
May 26, 2026
Local
EDB-52570
—
windows
Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
May 21, 2026
Local
EDB-52566
—
windows
Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
May 15, 2026
Local
EDB-52565
—
windows
Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
May 15, 2026
WebApps
EDB-52564
CVE-2026-4257
multiple
WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
May 14, 2026
WebApps
EDB-52562
CVE-2026-2624
multiple
ePati Antikor NGFW 2.0.1301 - Authentication Bypass
May 14, 2026
WebApps
EDB-52560
CVE-2026-0740
multiple
Ninja Forms Uploads - Unauthenticated PHP File Upload
May 13, 2026
WebApps
EDB-52557
CVE-2025-58434
typescript
Flowise < 3.0.5 - Missing Authentication for Critical Function
May 13, 2026
WebApps
EDB-52551
CVE-2025-34282
multiple
ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)
May 7, 2026
Local
EDB-52550
CVE-2025-40271
linux
Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation
May 4, 2026
Local
EDB-52549
CVE-2026-23231
linux
Linux nf_tables 6.19.3 - Local Privilege Escalation
May 4, 2026
Hardware
EDB-52548
CVE-2025-60690
multiple
Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE)
May 4, 2026
WebApps
EDB-52545
CVE-2025-68930
multiple
Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)
May 4, 2026
WebApps
EDB-52544
CVE-2025-69985
multiple
FUXA 1.2.8 - Authentication Bypass + RCE Exploit
Apr 30, 2026
Local
EDB-52542
CVE-2026-2441
multiple
Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap
Apr 30, 2026
WebApps
EDB-52530
—
multiple
Cybersecurity AI (CAI) Framework 0.5.10 - Command Injection
Apr 30, 2026
No exploits match your filter.