|
2023-07-19
|
|
phpfm v1.7.9 - Authentication type juggling
|
1 |
WEB
|
thoughtfault
|
|
2023-07-19
|
|
PimpMyLog v1.7.14 - Improper access control
|
1 |
WEB
|
thoughtfault
|
|
2023-07-15
|
|
Pluck v4.7.18 - Remote Code Execution (RCE)
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-15
|
|
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting
|
1 |
WEB
|
abhishek morla
|
|
2023-07-15
|
|
Admidio v4.2.10 - Remote Code Execution (RCE)
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-15
|
|
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass
|
1 |
WEB
|
Fatih Sencer
|
|
2023-07-15
|
|
ProjeQtOr Project Management System v10.4.1 - Multiple XSS
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-15
|
|
News Portal v4.0 - SQL Injection (Unauthorized)
|
1 |
WEB
|
Hubert Wojciechowski
|
|
2023-07-15
|
|
Icinga Web 2.10 - Authenticated Remote Code Execution
|
1 |
WEB
|
Dante Corona
|
|
2023-07-11
|
|
Ateme TITAN File 3.9 - SSRF File Enumeration
|
0 |
WEB
|
LiquidWorm
|
|
2023-07-11
|
|
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
|
1 |
WEB
|
Idan Malihi
|
|
2023-07-11
|
|
Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)
|
1 |
WEB
|
Sander Ferdinand
|
|
2023-07-11
|
|
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
|
4 |
WEB
|
GatoGamer1155
|
|
2023-07-11
|
|
Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
|
1 |
WEB
|
tmrswrr
|
|
2023-07-07
|
|
Faculty Evaluation System v1.0 - SQL Injection
|
1 |
WEB
|
Andrey Stoykov
|
|
2023-07-06
|
|
Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
1 |
WEB
|
Okan Kurtulus
|
|
2023-07-06
|
|
Lost and Found Information System v1.0 - SQL Injection
|
1 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-07-06
|
|
Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)
|
1 |
WEB
|
Omer Shaik
|
|
2023-07-04
|
|
Beauty Salon Management System v1.0 - SQLi
|
1 |
WEB
|
Fatih Nacar
|
|
2023-07-04
|
|
Car Rental Script 1.8 - Stored Cross-site scripting (XSS)
|
1 |
WEB
|
CraCkEr
|
|
2023-07-03
|
|
WBCE CMS 1.6.1 - Open Redirect & CSRF
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
PodcastGenerator 3.2.9 - Blind SSRF via XML Injection
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)
|
1 |
WEB
|
tmrswrr
|
|
2023-07-03
|
|
Prestashop 8.0.4 - Cross-Site Scripting (XSS)
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)
|
1 |
WEB
|
CraCkEr
|
|
2023-07-03
|
|
WP AutoComplete 1.0.4 - Unauthenticated SQLi
|
0 |
WEB
|
matitanium
|
|
2023-07-03
|
|
GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
CraCkEr
|
|
2023-07-03
|
|
Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
CraCkEr
|
|
2023-07-03
|
|
spip v4.1.10 - Spoofing Admin account
|
0 |
WEB
|
nu11secur1ty
|
|
2023-07-03
|
|
D-Link DAP-1325 - Broken Access Control
|
0 |
WEB
|
ieduardogoncalves
|
|
2023-07-03
|
|
WebsiteBaker v2.13.3 - Directory Traversal
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
WebsiteBaker v2.13.3 - Stored XSS
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
|
0 |
WEB
|
yuyudhn
|
|
2023-07-03
|
|
FuguHub 8.1 - Remote Code Execution
|
0 |
WEB
|
redfire359
|
|
2023-07-03
|
|
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
|
0 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-07-03
|
|
Rukovoditel 3.4.1 - Multiple Stored XSS
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-06-26
|
|
Xenforo Version 2.2.13 - Authenticated Stored XSS
|
1 |
WEB
|
Furkan Karaarslan
|
|
2023-06-26
|
|
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
|
1 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-06-26
|
|
Microsoft SharePoint Enterprise Server 2016 - Spoofing
|
1 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-06-23
|
|
MCL-Net 4.3.5.8788 - Information Disclosure
|
1 |
WEB
|
Victor A. Morales
|
|
2023-06-23
|
|
Bludit < 3.13.1 Backup Plugin - Arbitrary File Download (Authenticated)
|
1 |
WEB
|
Antonio Cuomo
|
|
2023-06-22
|
|
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
|
1 |
WEB
|
Tejas Pingulkar
|
|
2023-06-21
|
|
HiSecOS 04.0.01 - Privilege Escalation
|
1 |
WEB
|
dreizehnutters
|
|
2023-06-20
|
|
SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
|
1 |
WEB
|
nuts7
|
|
2023-06-20
|
|
Super Socializer 7.13.52 - Reflected XSS
|
1 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-06-20
|
|
WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)
|
1 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-06-14
|
|
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
|
0 |
WEB
|
Gabriel Lima
|
|
2023-06-19
|
|
WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password
|
0 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-06-19
|
|
Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
|
0 |
WEB
|
Harshit Joshi
|
|
2023-06-19
|
|
Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)
|
0 |
WEB
|
tmrswrr
|
|
2023-06-19
|
|
Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
VIVEK CHOUDHARY
|
|
2023-06-19
|
|
Jobpilot v2.61 - SQL Injection
|
0 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-06-19
|
|
Groomify v1.0 - SQL Injection
|
0 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-06-19
|
|
The Shop v2.5 - SQL Injection
|
0 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-06-15
|
|
Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)
|
0 |
WEB
|
Ramil Mustafayev
|
|
2023-06-14
|
|
Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
0 |
WEB
|
tmrswrr
|
|
2023-06-14
|
|
Online Thesis Archiving System v1.0 - Multiple-SQLi
|
0 |
WEB
|
nu11secur1ty
|
|
2023-06-14
|
|
Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
0 |
WEB
|
tmrswrr
|
|
2023-06-14
|
|
Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
tmrswrr
|
|
2023-06-14
|
|
projectSend r1605 - Stored XSS
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-06-14
|
|
projectSend r1605 - CSV injection
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-06-13
|
|
Sales Tracker Management System v1.0 - Multiple Vulnerabilities
|
0 |
WEB
|
AFFAN AHMED
|
|
2023-06-13
|
|
Teachers Record Management System 1.0 - File Upload Type Validation
|
0 |
WEB
|
AFFAN AHMED
|
|
2023-06-13
|
|
Online Examination System Project 1.0 - Cross-site request forgery (CSRF)
|
0 |
WEB
|
Ramil Mustafayev
|
|
2023-06-09
|
|
WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution
|
0 |
WEB
|
Mohammad Hossein Khanaki
|
|
2023-06-09
|
|
Thruk Monitoring Web Interface 3.06 - Path Traversal
|
0 |
WEB
|
Galoget Latorre
|
|
2023-06-06
|
|
Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)
|
1 |
WEB
|
LEE SE HYOUNG
|
|
2023-06-04
|
|
File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)
|
0 |
WEB
|
Mateus Machado Tesser
|
|
2023-06-04
|
|
MotoCMS Version 3.4.3 - SQL Injection
|
1 |
WEB
|
tmrswrr
|
|
2023-06-04
|
|
STARFACE 7.3.0.10 - Authentication with Password Hash Possible
|
1 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-06-04
|
|
Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
1 |
WEB
|
tmrswrr
|
|
2023-06-04
|
|
Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)
|
1 |
WEB
|
VIVEK CHOUDHARY
|
|
2023-06-04
|
|
Total CMS 1.7.4 - Remote Code Execution (RCE)
|
1 |
WEB
|
tmrswrr
|
|
2023-05-31
|
|
MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)
|
1 |
WEB
|
tmrswrr
|
|
2023-05-31
|
|
Pydio Cells 4.1.2 - Server-Side Request Forgery
|
1 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-05-31
|
|
Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
|
1 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-05-31
|
|
Pydio Cells 4.1.2 - Unauthorised Role Assignments
|
1 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-05-31
|
|
Faculty Evaluation System 1.0 - Unauthenticated File Upload
|
1 |
WEB
|
URGAN
|
|
2023-05-31
|
|
Online Security Guards Hiring System 1.0 - Reflected XSS
|
1 |
WEB
|
AFFAN AHMED
|
|
2023-05-31
|
|
unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
|
0 |
WEB
|
AFFAN AHMED
|
|
2023-05-31
|
|
SCRMS 2023-05-27 1.0 - Multiple SQL Injection
|
0 |
WEB
|
nu11secur1ty
|
|
2023-05-31
|
|
Rukovoditel 3.3.1 - CSV injection
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-26
|
|
Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
|
0 |
WEB
|
PARAG BAGUL
|
|
2023-05-25
|
|
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
|
0 |
WEB
|
neg0x
|
|
2023-05-25
|
|
Ulicms 2023.1 - create admin user via mass assignment
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-25
|
|
Zenphoto 1.6 - Multiple stored XSS
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-25
|
|
WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-24
|
|
Service Provider Management System v1.0 - SQL Injection
|
1 |
WEB
|
ASHIK KUNJUMON
|
|
2023-05-23
|
|
FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)
|
1 |
WEB
|
Andrea Intilangelo
|
|
2023-05-23
|
|
CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)
|
1 |
WEB
|
Andrea Intilangelo
|
|
2023-05-23
|
|
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
|
0 |
WEB
|
Rahad Chowdhury
|
|
2023-05-23
|
|
Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
0 |
WEB
|
Rahad Chowdhury
|
|
2023-05-23
|
|
GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
|
1 |
WEB
|
Youssef Muhammad
|
|
2023-05-23
|
|
Quicklancer v1.0 - SQL Injection
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
Stackposts Social Marketing Tool v1.0 - SQL Injection
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
Smart School v1.0 - SQL Injection
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
LeadPro CRM v1.0 - SQL Injection
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
Affiliate Me Version 5.0.1 - SQL Injection
|
1 |
WEB
|
h4ck3r
|
|
2023-05-23
|
|
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
|
1 |
WEB
|
Sahil Ojha
|
|
2023-05-23
|
|
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
|
1 |
WEB
|
Sahil Ojha
|
|
2023-05-23
|
|
Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)
|
0 |
WEB
|
Astik Rawat
|
|
2023-05-23
|
|
SitemagicCMS 4.4.3 - Remote Code Execution (RCE)
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-23
|
|
Prestashop 8.0.4 - CSV injection
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-23
|
|
Best POS Management System v1.0 - Unauthenticated Remote Code Execution
|
1 |
WEB
|
Mesut Cetin
|
|
2023-05-23
|
|
PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-23
|
|
PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)
|
0 |
WEB
|
MaanVader
|
|
2023-05-23
|
|
WBiz Desk 1.2 - SQL Injection
|
0 |
WEB
|
h4ck3r
|
|
2023-05-23
|
|
thrsrossi Millhouse-Project 1.414 - Remote Code Execution
|
0 |
WEB
|
Chokri Hammedi
|
|
2023-05-23
|
|
e107 v2.3.2 - Reflected XSS
|
0 |
WEB
|
Hubert Wojciechowski
|
|
2023-05-23
|
|
PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
|
0 |
WEB
|
Momen Eldawakhly
|
|
2023-05-23
|
|
Apache Superset 2.0.0 - Authentication Bypass
|
0 |
WEB
|
MaanVader
|
|
2023-05-23
|
|
Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title
|
0 |
WEB
|
Yasin Gergin
|
|
2023-05-23
|
|
WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup
|
0 |
WEB
|
Wadeek
|
|
2023-05-23
|
|
TinyWebGallery v2.5 - Remote Code Execution (RCE)
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-13
|
|
TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-13
|
|
Job Portal 1.0 - File Upload Restriction Bypass
|
0 |
WEB
|
Rafael Pedrero
|
|
2023-05-13
|
|
Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
Rafael Pedrero
|
|
2023-05-13
|
|
RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
Rafael Pedrero
|
|
2023-05-05
|
|
File Thingie 2.5.7 - Remote Code Execution (RCE)
|
0 |
WEB
|
Maurice Fielenbach
|
|
2023-05-05
|
|
Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
Ulicms-2023.1-sniffing-vicuna - Privilege escalation
|
0 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
|
1 |
WEB
|
URGAN
|
|
2023-05-05
|
|
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)
|
1 |
WEB
|
Rafael Pedrero
|
|
2023-05-05
|
|
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
|
1 |
WEB
|
Team Syslifters
|
