|
2024-06-03
|
|
Serendipity 2.5.0 - Remote Code Execution (RCE)
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
Sitefinity 15.0 - Cross-Site Scripting (XSS)
|
3 |
WEB
|
Aldi Saputra Wahyudi
|
|
2024-06-01
|
|
FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
|
4 |
WEB
|
Cold z3ro
|
|
2024-06-01
|
|
Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
|
6 |
WEB
|
tmrswrr
|
|
2024-05-31
|
|
Check Point Security Gateway - Information Disclosure (Unauthenticated)
|
5 |
WEB
|
Yesith Alvarez
|
|
2024-05-31
|
|
Aquatronica Control System 5.1.6 - Information Disclosure
|
5 |
WEB
|
LiquidWorm
|
|
2024-05-31
|
|
changedetection < 0.45.20 - Remote Code Execution (RCE)
|
6 |
WEB
|
Zach Crosman (zcrosman)
|
|
2024-05-31
|
|
ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
|
5 |
WEB
|
tmrswrr
|
|
2024-05-31
|
|
iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
|
4 |
WEB
|
Gabriel Felipe
|
|
2024-05-31
|
|
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
|
4 |
WEB
|
Ivan Spiridonov
|
|
2024-05-19
|
|
htmlLawed 1.2.5 - Remote Code Execution (RCE)
|
4 |
WEB
|
Miguel Redondo
|
|
2024-05-19
|
|
PopojiCMS 2.0.1 - Remote Command Execution (RCE)
|
5 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-19
|
|
Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-19
|
|
Apache OFBiz 18.12.12 - Directory Traversal
|
5 |
WEB
|
Abdualhadi khalifa
|
|
2024-05-19
|
|
Wordpress Theme XStore 9.3.8 - SQLi
|
6 |
WEB
|
Abdualhadi khalifa
|
|
2024-05-19
|
|
Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
|
5 |
WEB
|
Sergio Medeiros
|
|
2024-05-13
|
|
Prison Management System - SQL Injection Authentication Bypass
|
4 |
WEB
|
Sanjay Singh
|
|
2024-05-13
|
|
PyroCMS v3.0.1 - Stored XSS
|
4 |
WEB
|
tmrswrr
|
|
2024-05-13
|
|
CE Phoenix Version 1.0.8.20 - Stored XSS
|
4 |
WEB
|
tmrswrr
|
|
2024-05-13
|
|
Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-13
|
|
Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-13
|
|
Apache mod_proxy_cluster 1.2.6 - Stored XSS
|
6 |
WEB
|
Mohamed Mounir Boudjema
|
|
2024-05-08
|
|
iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)
|
4 |
WEB
|
modrnProph3t
|
|
2024-05-08
|
|
Clinic Queuing System 1.0 - RCE
|
4 |
WEB
|
Juan Marco Sanchez
|
|
2024-05-04
|
|
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure
|
4 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass
|
3 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
|
3 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass
|
5 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure
|
4 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass
|
4 |
WEB
|
LiquidWorm
|
|
2024-04-21
|
|
Flowise 1.6.5 - Authentication Bypass
|
3 |
WEB
|
Maerifat Majeed
|
|
2024-04-21
|
|
Laravel Framework 11 - Credential Leakage
|
4 |
WEB
|
Huseein Amer
|
|
2024-04-21
|
|
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-04-21
|
|
Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
|
5 |
WEB
|
Milad karimi
|
|
2024-04-21
|
|
FlatPress v1.3 - Remote Command Execution
|
5 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-04-15
|
|
OpenClinic GA 5.247.01 - Path Traversal (Authenticated)
|
4 |
WEB
|
VB
|
|
2024-04-15
|
|
OpenClinic GA 5.247.01 - Information Disclosure
|
5 |
WEB
|
VB
|
|
2024-04-15
|
|
Jenkins 2.441 - Local File Inclusion
|
7 |
WEB
|
Matisse Beckandt
|
|
2024-04-15
|
|
djangorestframework-simplejwt 5.3.1 - Information Disclosure
|
4 |
WEB
|
Dhrumil Mistry
|
|
2024-04-13
|
|
BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE
|
4 |
WEB
|
trancap
|
|
2024-04-13
|
|
Stock Management System v1.0 - Unauthenticated SQL Injection
|
5 |
WEB
|
blu3ming
|
|
2024-04-13
|
|
Online Fire Reporting System OFRS - SQL Injection Authentication Bypass
|
6 |
WEB
|
Diyar Saadi
|
|
2024-04-13
|
|
Savsoft Quiz v6.0 Enterprise - Stored XSS
|
4 |
WEB
|
Eren Sen
|
|
2024-04-12
|
|
Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)
|
3 |
WEB
|
Erdemstar
|
|
2024-04-12
|
|
WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)
|
4 |
WEB
|
tmrswrr
|
|
2024-04-12
|
|
WBCE 1.6.0 - Unauthenticated SQL injection
|
5 |
WEB
|
young pope
|
|
2024-04-12
|
|
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - _sort_ parameter
|
6 |
WEB
|
Julio Ángel Ferrari
|
|
2024-04-12
|
|
PopojiCMS Version 2.0.1 - Remote Command Execution
|
6 |
WEB
|
tmrswrr
|
|
2024-04-12
|
|
Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)
|
3 |
WEB
|
Erdemstar
|
|
2024-04-12
|
|
HTMLy Version v2.9.6 - Stored XSS
|
5 |
WEB
|
tmrswrr
|
|
2024-04-12
|
|
Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
|
7 |
WEB
|
Fire_Wolf
|
|
2024-04-12
|
|
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
|
3 |
WEB
|
George Tsimpidas
|
|
2024-04-08
|
|
Open Source Medicine Ordering System v1.0 - SQLi
|
3 |
WEB
|
Onur Karasalihoğlu
|
|
2024-04-08
|
|
Daily Expense Manager 1.0 - 'term' SQLi
|
4 |
WEB
|
Stefan Hesselman
|
|
2024-04-08
|
|
Best Student Result Management System v1.0 - Multiple SQLi
|
3 |
WEB
|
nu11secur1ty
|
|
2024-04-08
|
|
Human Resource Management System v1.0 - Multiple SQLi
|
4 |
WEB
|
nu11secur1ty
|
|
2024-04-08
|
|
Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload
|
4 |
WEB
|
Milad karimi
|
|
2024-04-03
|
|
Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)
|
6 |
WEB
|
Erdemstar
|
|
2024-04-03
|
|
Computer Laboratory Management System v1.0 - Multiple-SQLi
|
6 |
WEB
|
nu11secur1ty
|
|
2024-04-02
|
|
Axigen < 10.5.7 - Persistent Cross-Site Scripting
|
4 |
WEB
|
Vincent McRae_ Mesut Cetin
|
|
2024-04-02
|
|
Gibbon LMS v26.0.00 - SSTI vulnerability
|
6 |
WEB
|
Ali Maharramli_Fikrat Guliev_Islam Rzayev
|
|
2024-04-02
|
|
Casdoor < v1.331.0 - '/api/set-password' CSRF
|
4 |
WEB
|
Van Lam Nguyen
|
|
2024-04-02
|
|
Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthentic
|
4 |
WEB
|
Milad karimi
|
|
2024-04-02
|
|
Smart School 6.4.1 - SQL Injection
|
4 |
WEB
|
CraCkEr
|
|
2024-04-02
|
|
CE Phoenix v1.0.8.20 - Remote Code Execution
|
6 |
WEB
|
tmrswrr
|
|
2024-04-02
|
|
Elementor Website Builder < 3.12.2 - Admin+ SQLi
|
4 |
WEB
|
E1 Coders
|
|
2024-04-02
|
|
Blood Bank v1.0 - Stored Cross Site Scripting (XSS)
|
1 |
WEB
|
Ersin Erenler
|
|
2024-04-02
|
|
Daily Habit Tracker 1.0 - Broken Access Control
|
3 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
Daily Habit Tracker 1.0 - SQL Injection
|
2 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)
|
4 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
Employee Management System 1.0 - _txtusername_ and _txtpassword_ SQL Injection (Admin Login)
|
3 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
Employee Management System 1.0 - _txtfullname_ and _txtphone_ SQL Injection
|
4 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)
|
5 |
WEB
|
tmrswrr
|
|
2024-04-02
|
|
FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)
|
4 |
WEB
|
Chokri Hammedi
|
|
2024-04-02
|
|
FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)
|
6 |
WEB
|
Chokri Hammedi
|
|
2024-04-02
|
|
Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
|
7 |
WEB
|
Sandeep Vishwakarma
|
|
2024-04-02
|
|
E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)
|
5 |
WEB
|
Sandeep Vishwakarma
|
|
2024-04-02
|
|
Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)
|
6 |
WEB
|
Sandeep Vishwakarma
|
|
2024-04-02
|
|
OpenCart Core 4.0.2.3 - 'search' SQLi
|
5 |
WEB
|
Saud Alenazi
|
|
2024-04-02
|
|
Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)
|
7 |
WEB
|
Gian Paris C. Agsam
|
|
2024-04-02
|
|
Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal
|
5 |
WEB
|
Ven3xy
|
|
2024-03-28
|
|
liveSite Version 2019.1 - Remote Code Execution
|
5 |
WEB
|
tmrswrr
|
|
2024-03-28
|
|
Broken Access Control - on NodeBB v3.6.7
|
17 |
WEB
|
Vibhor Sharma
|
|
2024-03-28
|
|
Purei CMS 1.0 - SQL Injection
|
5 |
WEB
|
Number 7
|
|
2024-03-28
|
|
Workout Journal App 1.0 - Stored XSS
|
4 |
WEB
|
MURAT CAGRI ALIS
|
|
2024-03-25
|
|
LimeSurvey Community 5.3.32 - Stored XSS
|
5 |
WEB
|
Subhankar Singh
|
|
2024-03-25
|
|
Nagios XI Version 2024R1.01 - SQL Injection
|
5 |
WEB
|
Jarod Jaslow (MAWK)
|
|
2024-03-25
|
|
Wallos < 1.11.2 - File Upload RCE
|
5 |
WEB
|
sml
|
|
2024-03-25
|
|
Tourism Management System v2.0 - Arbitrary File Upload
|
5 |
WEB
|
SoSPiro
|
|
2024-03-25
|
|
MobileShop master v1.0 - SQL Injection Vuln.
|
5 |
WEB
|
HAZIM ARBAŞ
|
|
2024-03-25
|
|
Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS
|
4 |
WEB
|
Hakkı TOKLU
|
|
2024-03-25
|
|
SPA-CART CMS - Stored XSS
|
5 |
WEB
|
Eren Sen
|
|
2024-03-25
|
|
Craft CMS 4.4.14 - Unauthenticated Remote Code Execution
|
5 |
WEB
|
Olivier Lasne
|
|
2024-03-20
|
|
CSZCMS v1.3.0 - SQL Injection (Authenticated)
|
6 |
WEB
|
Abdulaziz Almetairy
|
|
2024-03-20
|
|
Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi
|
5 |
WEB
|
Ersin Erenler
|
|
2024-03-20
|
|
Simple Task List 1.0 - 'status' SQLi
|
5 |
WEB
|
Ersin Erenler
|
|
2024-03-20
|
|
Blood Bank 1.0 - 'bid' SQLi
|
5 |
WEB
|
Ersin Erenler
|
|
2024-03-20
|
|
Employee Management System 1.0 - 'admin_id' SQLi
|
4 |
WEB
|
Shubham Pandey
|
|
2024-03-18
|
|
Quick.CMS 6.7 - SQL Injection Login Bypass
|
5 |
WEB
|
H4X.Forensics
|
|
2024-03-18
|
|
xbtitFM 4.1.18 - Multiple Vulnerabilities
|
5 |
WEB
|
h5kj23kj32io2kj
|
|
2024-03-18
|
|
Backdrop CMS 1.23.0 - Stored XSS
|
7 |
WEB
|
Sinem Şahin
|
|
2024-03-18
|
|
Atlassian Confluence < 8.5.3 - Remote Code Execution
|
7 |
WEB
|
MaanVader
|
|
2024-03-18
|
|
Gibbon LMS < v26.0.00 - Authenticated RCE
|
6 |
WEB
|
Ali Maharramli_Fikrat Guliev_Islam Rzayev
|
|
2024-03-18
|
|
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
|
5 |
WEB
|
Ravindu Wickramasinghe
|
|
2024-03-18
|
|
TYPO3 11.5.24 - Path Traversal (Authenticated)
|
5 |
WEB
|
Saeed reza Zamanian
|
|
2024-03-18
|
|
WEBIGniter v28.7.23 - Stored XSS
|
5 |
WEB
|
Mesut Cetin
|
|
2024-03-18
|
|
WordPress File Upload Plugin < 4.23.3 - Stored XSS
|
4 |
WEB
|
Faiyaz Ahmad
|
|
2024-03-16
|
|
UPS Network Management Card 4 - Path Traversal
|
5 |
WEB
|
Víctor García
|
|
2024-03-16
|
|
Nokia BMC Log Scanner - Remote Code Execution
|
6 |
WEB
|
Carlos Andres Gonzalez_ Matthew Gregory
|
|
2024-03-16
|
|
Karaf v4.4.3 Console - RCE
|
6 |
WEB
|
Andrzej Olchawa_ Milenko Starcik
|
|
2024-03-16
|
|
Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)
|
7 |
WEB
|
tmrswrr
|
|
2024-03-12
|
|
SnipeIT 6.2.1 - Stored Cross Site Scripting
|
4 |
WEB
|
Shahzaib Ali Khan
|
|
2024-03-12
|
|
Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE
|
7 |
WEB
|
Abdualhadi khalifa
|
|
2024-03-12
|
|
Client Details System 1.0 - SQL Injection
|
5 |
WEB
|
Hamdi Sevben
|
|
2024-03-12
|
|
OSGi v3.7.2 (and below) Console - RCE
|
5 |
WEB
|
Andrzej Olchawa_ Milenko Starcik
|
|
2024-03-12
|
|
OSGi v3.8-3.18 Console - RCE
|
4 |
WEB
|
Andrzej Olchawa_ Milenko Starcik
|
|
2024-03-12
|
|
Human Resource Management System 1.0 - 'employeeid' SQL Injection
|
6 |
WEB
|
Srikar
|
|
2024-03-11
|
|
Sitecore - Remote Code Execution v8.2
|
5 |
WEB
|
abhishek morla
|
|
2024-03-11
|
|
Adobe ColdFusion versions 2018_15 (and earlier) and 2021_5 and earlier - Arbitrary File Read
|
3 |
WEB
|
Youssef Muhammad
|
|
2024-03-11
|
|
WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover
|
8 |
WEB
|
Dmitrii Ignatyev
|
|
2024-03-11
|
|
Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR
|
6 |
WEB
|
Arslan Masood
|
|
2024-03-10
|
|
Hide My WP < 6.2.9 - Unauthenticated SQLi
|
8 |
WEB
|
Xenofon Vassilakopoulos
|
|
2024-03-10
|
|
Akaunting < 3.1.3 - RCE
|
8 |
WEB
|
u32i
|
|
2024-03-10
|
|
Ladder v0.0.21 - Server-side request forgery (SSRF)
|
4 |
WEB
|
@_chebuya
|
|
2024-03-10
|
|
DataCube3 v1.0 - Unrestricted file upload 'RCE'
|
4 |
WEB
|
Samy Younsi - NS Labs
|
