|
2024-03-20
|
|
Simple Task List 1.0 - 'status' SQLi
|
14 |
WEB
|
Ersin Erenler
|
|
2024-03-20
|
|
Blood Bank 1.0 - 'bid' SQLi
|
14 |
WEB
|
Ersin Erenler
|
|
2024-03-20
|
|
Employee Management System 1.0 - 'admin_id' SQLi
|
13 |
WEB
|
Shubham Pandey
|
|
2024-03-18
|
|
Quick.CMS 6.7 - SQL Injection Login Bypass
|
14 |
WEB
|
H4X.Forensics
|
|
2024-03-18
|
|
xbtitFM 4.1.18 - Multiple Vulnerabilities
|
18 |
WEB
|
h5kj23kj32io2kj
|
|
2024-03-18
|
|
Backdrop CMS 1.23.0 - Stored XSS
|
17 |
WEB
|
Sinem Şahin
|
|
2024-03-18
|
|
Atlassian Confluence < 8.5.3 - Remote Code Execution
|
20 |
WEB
|
MaanVader
|
|
2024-03-18
|
|
Gibbon LMS < v26.0.00 - Authenticated RCE
|
21 |
WEB
|
Ali Maharramli_Fikrat Guliev_Islam Rzayev
|
|
2024-03-18
|
|
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
|
16 |
WEB
|
Ravindu Wickramasinghe
|
|
2024-03-18
|
|
TYPO3 11.5.24 - Path Traversal (Authenticated)
|
15 |
WEB
|
Saeed reza Zamanian
|
|
2024-03-18
|
|
WEBIGniter v28.7.23 - Stored XSS
|
14 |
WEB
|
Mesut Cetin
|
|
2024-03-18
|
|
WordPress File Upload Plugin < 4.23.3 - Stored XSS
|
13 |
WEB
|
Faiyaz Ahmad
|
|
2024-03-16
|
|
UPS Network Management Card 4 - Path Traversal
|
14 |
WEB
|
Víctor García
|
|
2024-03-16
|
|
Nokia BMC Log Scanner - Remote Code Execution
|
21 |
WEB
|
Carlos Andres Gonzalez_ Matthew Gregory
|
|
2024-03-16
|
|
Karaf v4.4.3 Console - RCE
|
14 |
WEB
|
Andrzej Olchawa_ Milenko Starcik
|
|
2024-03-16
|
|
Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)
|
18 |
WEB
|
tmrswrr
|
|
2024-03-12
|
|
SnipeIT 6.2.1 - Stored Cross Site Scripting
|
17 |
WEB
|
Shahzaib Ali Khan
|
|
2024-03-12
|
|
Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE
|
20 |
WEB
|
Abdualhadi khalifa
|
|
2024-03-12
|
|
Client Details System 1.0 - SQL Injection
|
14 |
WEB
|
Hamdi Sevben
|
|
2024-03-12
|
|
OSGi v3.7.2 (and below) Console - RCE
|
12 |
WEB
|
Andrzej Olchawa_ Milenko Starcik
|
|
2024-03-12
|
|
OSGi v3.8-3.18 Console - RCE
|
12 |
WEB
|
Andrzej Olchawa_ Milenko Starcik
|
|
2024-03-12
|
|
Human Resource Management System 1.0 - 'employeeid' SQL Injection
|
13 |
WEB
|
Srikar
|
|
2024-03-11
|
|
Sitecore - Remote Code Execution v8.2
|
13 |
WEB
|
abhishek morla
|
|
2024-03-11
|
|
Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read
|
12 |
WEB
|
Youssef Muhammad
|
|
2024-03-11
|
|
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
|
23 |
WEB
|
Dmitrii Ignatyev
|
|
2024-03-11
|
|
Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR
|
15 |
WEB
|
Arslan Masood
|
|
2024-03-10
|
|
Hide My WP < 6.2.9 - Unauthenticated SQLi
|
18 |
WEB
|
Xenofon Vassilakopoulos
|
|
2024-03-10
|
|
Akaunting < 3.1.3 - RCE
|
17 |
WEB
|
u32i
|
|
2024-03-10
|
|
Ladder v0.0.21 - Server-side request forgery (SSRF)
|
10 |
WEB
|
@_chebuya
|
|
2024-03-10
|
|
DataCube3 v1.0 - Unrestricted file upload 'RCE'
|
14 |
WEB
|
Samy Younsi - NS Labs
|
|
2024-03-10
|
|
Numbas < v7.3 - Remote Code Execution
|
14 |
WEB
|
Matheus Alexandre
|
|
2024-03-10
|
|
TP-Link TL-WR740N - Buffer Overflow 'DOS'
|
14 |
WEB
|
Anish Feroz
|
|
2024-03-06
|
|
GLiNet - Router Authentication Bypass
|
12 |
WEB
|
Daniele Linguaglossa
|
|
2024-03-06
|
|
elFinder Web file manager Version - 2.1.53 Remote Command Execution
|
15 |
WEB
|
tmrswrr
|
|
2024-03-06
|
|
CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution
|
14 |
WEB
|
tmrswrr
|
|
2024-03-06
|
|
CVE-2023-50071 - Multiple SQL Injection
|
13 |
WEB
|
Geraldo Alcantara
|
|
2024-03-06
|
|
Lot Reservation Management System - Unauthenticated File Disclosure
|
15 |
WEB
|
Elijah Mandila Syoyi
|
|
2024-03-06
|
|
Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution
|
15 |
WEB
|
Elijah Mandila Syoyi
|
|
2024-03-05
|
|
kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition
|
17 |
WEB
|
Mohammad Reza Omrani
|
|
2024-03-05
|
|
Neontext Wordpress Plugin - Stored XSS
|
12 |
WEB
|
Eren Car
|
|
2024-03-05
|
|
Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS
|
15 |
WEB
|
Vincent McRae_ Mesut Cetin
|
|
2024-03-03
|
|
Easywall 0.3.1 - Authenticated Remote Command Execution
|
15 |
WEB
|
Melvin Mejia
|
|
2024-03-03
|
|
Boss Mini 1.4.0 - local file inclusion
|
12 |
WEB
|
nltt0
|
|
2024-03-03
|
|
Magento ver. 2.4.6 - XSLT Server Side Injection
|
15 |
WEB
|
tmrswrr
|
|
2024-02-28
|
|
WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection
|
17 |
WEB
|
Meryem Taşkın
|
|
2024-02-28
|
|
Blood Bank v1.0 - Multiple SQL Injection
|
14 |
WEB
|
Ersin Erenler
|
|
2024-02-28
|
|
WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - _Dashboard Redirect_ field St
|
20 |
WEB
|
Rachit Arora
|
|
2024-02-28
|
|
WP Rocket < 2.10.3 - Local File Inclusion (LFI)
|
19 |
WEB
|
E1 Coders
|
|
2024-02-27
|
|
Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)
|
18 |
WEB
|
Emir Polat
|
|
2024-02-27
|
|
Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
|
20 |
WEB
|
Leopoldo Angulo (leoanggal1)
|
|
2024-02-27
|
|
Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super a
|
19 |
WEB
|
Marcin Kozlowski
|
|
2024-02-27
|
|
Automatic-Systems SOC FL9600 FastLine - Directory Transversal
|
15 |
WEB
|
Marcin Kozlowski
|
|
2024-02-27
|
|
SuperStoreFinder - Multiple Vulnerabilities
|
15 |
WEB
|
bRpsd
|
|
2024-02-27
|
|
Moodle 4.3 - Insecure Direct Object Reference
|
17 |
WEB
|
tmrswrr
|
|
2024-02-27
|
|
Zoo Management System 1.0 - Unauthenticated RCE
|
16 |
WEB
|
Çağatay Ceyhan
|
|
2024-02-27
|
|
dawa-pharma 1.0-2022 - Multiple-SQLi
|
20 |
WEB
|
nu11secur1ty
|
|
2024-02-26
|
|
Online Shopping System Advanced - Sql Injection
|
17 |
WEB
|
Furkan Gedik
|
|
2024-02-26
|
|
taskhub 2.8.7 - SQL Injection
|
17 |
WEB
|
CraCkEr
|
|
2024-02-26
|
|
comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset
|
17 |
WEB
|
Diaa Hanna
|
|
2024-02-21
|
|
WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)
|
18 |
WEB
|
Sagar Banwa
|
|
2024-02-19
|
|
JFrog Artifactory < 7.25.4 - Blind SQL Injection
|
16 |
WEB
|
ardr
|
|
2024-02-19
|
|
Wondercms 4.3.2 - XSS to RCE
|
16 |
WEB
|
Anas Zakir
|
|
2024-02-19
|
|
SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
|
18 |
WEB
|
Jonas Benjamin Friedli
|
|
2024-02-19
|
|
Employee Management System v1 - 'email' SQL Injection
|
16 |
WEB
|
SoSPiro
|
|
2024-02-19
|
|
phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
|
44 |
WEB
|
Egidio Romano
|
|
2024-02-15
|
|
Metabase 0.46.6 - Pre-Auth Remote Code Execution
|
23 |
WEB
|
Musyoka Ian
|
|
2024-02-15
|
|
SISQUALWFM 7.1.319.103 - Host Header Injection
|
16 |
WEB
|
Omer Shaik
|
|
2024-02-13
|
|
Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over
|
17 |
WEB
|
Or4nG.M4N
|
|
2024-02-13
|
|
ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure
|
35 |
WEB
|
Metin Yunus Kandemir
|
|
2024-02-13
|
|
Splunk 9.0.4 - Information Disclosure
|
47 |
WEB
|
Parsa Rezaie Khiabanloo
|
|
2024-02-09
|
|
Online Nurse Hiring System 1.0 - Time-Based SQL Injection
|
20 |
WEB
|
yozgatalperen1
|
|
2024-02-09
|
|
Rail Pass Management System 1.0 - Time-Based SQL Injection
|
20 |
WEB
|
yozgatalperen1
|
|
2024-02-09
|
|
Wordpress Seotheme - Remote Code Execution Unauthenticated
|
20 |
WEB
|
Milad karimi
|
|
2024-02-09
|
|
Wordpress Augmented-Reality - Remote Code Execution Unauthenticated
|
38 |
WEB
|
Milad karimi
|
|
2024-02-09
|
|
Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
|
14 |
WEB
|
Furkan ÖZER
|
|
2024-02-05
|
|
WhatsUp Gold 2022 (22.1.0 Build 39) - XSS
|
19 |
WEB
|
Andreas Finstad
|
|
2024-02-05
|
|
MISP 2.4.171 - Stored XSS
|
13 |
WEB
|
Mücahit Çeri
|
|
2024-02-05
|
|
Clinic's Patient Management System 1.0 - Unauthenticated RCE
|
17 |
WEB
|
Oğulcan Hami Gül
|
|
2024-02-05
|
|
Curfew e-Pass Management System 1.0 - FromDate SQL Injection
|
14 |
WEB
|
Puja Dey
|
|
2024-02-05
|
|
GYM MS - GYM Management System - Cross Site Scripting (Stored)
|
14 |
WEB
|
yozgatalperen1
|
|
2024-02-02
|
|
Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)
|
14 |
WEB
|
whiteOwl
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
|
35 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal
|
38 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass
|
17 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
|
17 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure
|
15 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
TP-LINK TL-WR740N - Multiple HTML Injection
|
18 |
WEB
|
Shujaat Amin (ZEROXINN)
|
|
2024-02-02
|
|
TP-Link TL-WR740N - UnAuthenticated Directory Transversal
|
17 |
WEB
|
Syed Affan Ahmed (ZEROXINN)
|
|
2024-01-31
|
|
GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities
|
15 |
WEB
|
Syed Affan Ahmed (ZEROXINN)
|
|
2024-01-31
|
|
Grocy <=4.0.2 - CSRF
|
17 |
WEB
|
Chance Proctor
|
|
2024-01-31
|
|
101 News 1.0 - Multiple-SQLi
|
17 |
WEB
|
nu11secur1ty
|
|
2024-01-31
|
|
Academy LMS 6.2 - SQL Injection
|
16 |
WEB
|
CraCkEr
|
|
2024-01-29
|
|
PHP Shopping Cart 4.2 - Multiple-SQLi
|
19 |
WEB
|
nu11secur1ty
|
|
2024-01-29
|
|
Fundraising Script 1.0 - SQLi
|
16 |
WEB
|
nu11secur1ty
|
|
2024-01-29
|
|
Bank Locker Management System - SQL Injection
|
19 |
WEB
|
SoSPiro
|
|
2023-10-09
|
|
Splunk 9.0.5 - admin account take over
|
48 |
WEB
|
Redway Security
|
|
2023-10-09
|
|
Shuttle-Booking-Software v1.0 - Multiple-SQLi
|
51 |
WEB
|
nu11secur1ty
|
|
2023-10-09
|
|
Limo Booking Software v1.0 - CORS
|
15 |
WEB
|
nu11secur1ty
|
|
2023-10-09
|
|
Webedition CMS v2.9.8.8 - Blind SSRF
|
17 |
WEB
|
Mirabbas Ağalarov
|
|
2023-10-09
|
|
BoidCMS v2.0.0 - authenticated file upload vulnerability
|
17 |
WEB
|
1337kid
|
|
2023-10-09
|
|
Cacti 1.2.24 - Authenticated command injection when using SNMP options
|
17 |
WEB
|
Antonio Francesco Sardella
|
|
2023-10-09
|
|
Wordpress Sonaar Music Plugin 4.7 - Stored XSS
|
14 |
WEB
|
Furkan Karaarslan
|
|
2023-10-09
|
|
Coppermine Gallery 1.6.25 - RCE
|
15 |
WEB
|
Mirabbas Ağalarov
|
|
2023-10-09
|
|
Media Library Assistant Wordpress Plugin - RCE and LFI
|
14 |
WEB
|
Florent MONTEL
|
|
2023-10-09
|
|
WEBIGniter v28.7.23 File Upload - Remote Code Execution
|
14 |
WEB
|
nu11secur1ty
|
|
2023-10-09
|
|
Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation
|
21 |
WEB
|
Revan Arifio
|
|
2023-10-09
|
|
Minio 2022-07-29T19-40-48Z - Path traversal
|
17 |
WEB
|
Jenson Zhao
|
|
2023-10-09
|
|
Clcknshop 1.0.0 - SQL Injection
|
35 |
WEB
|
CraCkEr
|
|
2023-10-09
|
|
Online ID Generator 1.0 - Remote Code Execution (RCE)
|
21 |
WEB
|
nu11secur1ty
|
|
2023-10-09
|
|
GLPI GZIP(Py3) 9.4.5 - RCE
|
27 |
WEB
|
Brian Peters
|
|
2023-09-08
|
|
Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
|
20 |
WEB
|
nu11secur1ty
|
|
2023-09-08
|
|
Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS
|
33 |
WEB
|
AmirZargham
|
|
2023-09-08
|
|
soosyze 2.0.0 - File Upload
|
14 |
WEB
|
nu11secur1ty
|
|
2023-09-08
|
|
Wp2Fac - OS Command Injection
|
15 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-09-08
|
|
Wordpress Plugin Elementor 3.5.5 - Iframe Injection
|
16 |
WEB
|
Miguel Santareno
|
|
2023-09-08
|
|
Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure
|
14 |
WEB
|
nu11secur1ty
|
|
2023-09-08
|
|
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
|
13 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
|
15 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
Bus Reservation System 1.1 - Multiple-SQLi
|
13 |
WEB
|
nu11secur1ty
|
|
2023-09-04
|
|
WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)
|
14 |
WEB
|
psychoSherlock
|
|
2023-09-04
|
|
Member Login Script 3.3 - Client-side desync
|
14 |
WEB
|
nu11secur1ty
|
|
2023-09-04
|
|
DLINK DPH-400SE - Exposure of Sensitive Information
|
16 |
WEB
|
tahaafarooq
|
|
2023-09-04
|
|
FileMage Gateway 1.10.9 - Local File Inclusion
|
17 |
WEB
|
Bryce Raindayzz Harty
|
|
2023-09-04
|
|
AdminLTE PiHole 5.18 - Broken Access Control
|
15 |
WEB
|
kv1to
|
|
2023-09-04
|
|
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')
|
22 |
WEB
|
Daniel González
|
