|
2025-03-19
|
|
Gitea 1.24.0 - HTML Injection
|
27 |
WEB
|
Mikail KOCADAĞ
|
|
2025-03-19
|
|
TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
16 |
WEB
|
ABABANK REDTEAM
|
|
2025-03-19
|
|
Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
|
21 |
WEB
|
Ravina
|
|
2025-03-19
|
|
Loaded Commerce 6.6 - Client-Side Template Injection(CSTI)
|
16 |
WEB
|
tmrswrr
|
|
2025-03-18
|
|
Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
|
18 |
WEB
|
Mohamed Kamel BOUZEKRIA
|
|
2024-11-15
|
|
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
|
18 |
WEB
|
cybersploit
|
|
2024-10-01
|
|
reNgine 2.2.0 - Command Injection (Authenticated)
|
18 |
WEB
|
Caner Tercan
|
|
2024-10-01
|
|
openSIS 9.1 - SQLi (Authenticated)
|
16 |
WEB
|
Devrim Dıragumandan
|
|
2024-10-01
|
|
dizqueTV 1.5.3 - Remote Code Execution (RCE)
|
22 |
WEB
|
Ahmed Said Saud Al-Busaidi
|
|
2024-08-28
|
|
NoteMark < 0.13.0 - Stored XSS
|
18 |
WEB
|
Alessio Romano (sfoffo)
|
|
2024-08-28
|
|
Gitea 1.22.0 - Stored XSS
|
23 |
WEB
|
Catalin Iovita_ Alexandru Postolache
|
|
2024-08-28
|
|
Invesalius3 - Remote Code Execution
|
57 |
WEB
|
Alessio Romano (sfoffo)_ Riccardo Degli Esposti (p
|
|
2024-08-24
|
|
Aurba 501 - Authenticated RCE
|
63 |
WEB
|
Hosein Vita
|
|
2024-08-24
|
|
HughesNet HT2000W Satellite Modem - Password Reset
|
19 |
WEB
|
Simon Greenblatt
|
|
2024-08-24
|
|
Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure
|
18 |
WEB
|
LiquidWorm
|
|
2024-08-24
|
|
Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
|
20 |
WEB
|
LiquidWorm
|
|
2024-08-24
|
|
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
|
15 |
WEB
|
LiquidWorm
|
|
2024-08-24
|
|
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
|
17 |
WEB
|
LiquidWorm
|
|
2024-08-23
|
|
Helpdeskz v2.0.2 - Stored XSS
|
18 |
WEB
|
Md. Sadikul Islam
|
|
2024-08-23
|
|
Calibre-web 0.6.21 - Stored XSS
|
18 |
WEB
|
Catalin Iovita_ Alexandru Postolache
|
|
2024-08-04
|
|
Devika v1 - Path Traversal via 'snapshot_path'
|
21 |
WEB
|
Alperen Ergel
|
|
2024-08-04
|
|
Ivanti vADC 9.9 - Authentication Bypass
|
20 |
WEB
|
ohnoisploited
|
|
2024-07-01
|
|
Xhibiter NFT Marketplace 1.10.2 - SQL Injection
|
21 |
WEB
|
Sohel Yousef
|
|
2024-07-01
|
|
Azon Dominator Affiliate Marketing Script - SQL Injection
|
26 |
WEB
|
Buğra Enis Dönmez
|
|
2024-07-01
|
|
Microweber 2.0.15 - Stored XSS
|
20 |
WEB
|
tmrswrr
|
|
2024-07-01
|
|
Customer Support System 1.0 - Stored XSS
|
18 |
WEB
|
Geraldo Alcantara
|
|
2024-06-26
|
|
Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
|
16 |
WEB
|
Jerry Thomas
|
|
2024-06-26
|
|
SolarWinds Platform 2024.1 SR1 - Race Condition
|
16 |
WEB
|
Elhussain Fathy
|
|
2024-06-26
|
|
Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
19 |
WEB
|
tmrswrr
|
|
2024-06-26
|
|
Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
|
27 |
WEB
|
Jerry Thomas
|
|
2024-06-14
|
|
Boelter Blue System Management 1.3 - SQL Injection
|
23 |
WEB
|
CBKB
|
|
2024-06-14
|
|
WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
|
15 |
WEB
|
Onur Göğebakan
|
|
2024-06-14
|
|
PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
|
19 |
WEB
|
Yesith Alvarez
|
|
2024-06-14
|
|
AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.
|
18 |
WEB
|
Aslam Anwar Mahimkar
|
|
2024-06-14
|
|
XMB 1.9.12.06 - Stored XSS
|
17 |
WEB
|
Chokri Hammedi
|
|
2024-06-14
|
|
Carbon Forum 5.9.0 - Stored XSS
|
17 |
WEB
|
Chokri Hammedi
|
|
2024-06-14
|
|
AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
|
20 |
WEB
|
Aslam Anwar Mahimkar
|
|
2024-06-03
|
|
appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
|
33 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
|
24 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
WBCE CMS v1.6.2 - Remote Code Execution (RCE)
|
18 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
Monstra CMS 3.0.4 - Remote Code Execution (RCE)
|
20 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
Dotclear 2.29 - Remote Code Execution (RCE)
|
23 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
Serendipity 2.5.0 - Remote Code Execution (RCE)
|
23 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
Sitefinity 15.0 - Cross-Site Scripting (XSS)
|
17 |
WEB
|
Aldi Saputra Wahyudi
|
|
2024-06-01
|
|
FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
|
21 |
WEB
|
Cold z3ro
|
|
2024-06-01
|
|
Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
|
22 |
WEB
|
tmrswrr
|
|
2024-05-31
|
|
Check Point Security Gateway - Information Disclosure (Unauthenticated)
|
16 |
WEB
|
Yesith Alvarez
|
|
2024-05-31
|
|
Aquatronica Control System 5.1.6 - Information Disclosure
|
16 |
WEB
|
LiquidWorm
|
|
2024-05-31
|
|
changedetection < 0.45.20 - Remote Code Execution (RCE)
|
23 |
WEB
|
Zach Crosman (zcrosman)
|
|
2024-05-31
|
|
ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
|
20 |
WEB
|
tmrswrr
|
|
2024-05-31
|
|
iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
|
14 |
WEB
|
Gabriel Felipe
|
|
2024-05-31
|
|
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
|
22 |
WEB
|
Ivan Spiridonov
|
|
2024-05-19
|
|
htmlLawed 1.2.5 - Remote Code Execution (RCE)
|
17 |
WEB
|
Miguel Redondo
|
|
2024-05-19
|
|
PopojiCMS 2.0.1 - Remote Command Execution (RCE)
|
19 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-19
|
|
Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
|
15 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-19
|
|
Apache OFBiz 18.12.12 - Directory Traversal
|
17 |
WEB
|
Abdualhadi khalifa
|
|
2024-05-19
|
|
Wordpress Theme XStore 9.3.8 - SQLi
|
19 |
WEB
|
Abdualhadi khalifa
|
|
2024-05-19
|
|
Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
|
17 |
WEB
|
Sergio Medeiros
|
|
2024-05-13
|
|
Prison Management System - SQL Injection Authentication Bypass
|
15 |
WEB
|
Sanjay Singh
|
|
2024-05-13
|
|
PyroCMS v3.0.1 - Stored XSS
|
16 |
WEB
|
tmrswrr
|
|
2024-05-13
|
|
CE Phoenix Version 1.0.8.20 - Stored XSS
|
17 |
WEB
|
tmrswrr
|
|
2024-05-13
|
|
Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
|
17 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-13
|
|
Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)
|
16 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-13
|
|
Apache mod_proxy_cluster 1.2.6 - Stored XSS
|
22 |
WEB
|
Mohamed Mounir Boudjema
|
|
2024-05-08
|
|
iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)
|
16 |
WEB
|
modrnProph3t
|
|
2024-05-08
|
|
Clinic Queuing System 1.0 - RCE
|
17 |
WEB
|
Juan Marco Sanchez
|
|
2024-05-04
|
|
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure
|
19 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass
|
16 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
|
12 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass
|
13 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure
|
14 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass
|
16 |
WEB
|
LiquidWorm
|
|
2024-04-21
|
|
Flowise 1.6.5 - Authentication Bypass
|
18 |
WEB
|
Maerifat Majeed
|
|
2024-04-21
|
|
Laravel Framework 11 - Credential Leakage
|
15 |
WEB
|
Huseein Amer
|
|
2024-04-21
|
|
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
|
16 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-04-21
|
|
Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
|
19 |
WEB
|
Milad karimi
|
|
2024-04-21
|
|
FlatPress v1.3 - Remote Command Execution
|
22 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-04-15
|
|
OpenClinic GA 5.247.01 - Path Traversal (Authenticated)
|
19 |
WEB
|
VB
|
|
2024-04-15
|
|
OpenClinic GA 5.247.01 - Information Disclosure
|
18 |
WEB
|
VB
|
|
2024-04-15
|
|
Jenkins 2.441 - Local File Inclusion
|
20 |
WEB
|
Matisse Beckandt
|
|
2024-04-15
|
|
djangorestframework-simplejwt 5.3.1 - Information Disclosure
|
17 |
WEB
|
Dhrumil Mistry
|
|
2024-04-13
|
|
BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE
|
21 |
WEB
|
trancap
|
|
2024-04-13
|
|
Stock Management System v1.0 - Unauthenticated SQL Injection
|
16 |
WEB
|
blu3ming
|
|
2024-04-13
|
|
Online Fire Reporting System OFRS - SQL Injection Authentication Bypass
|
20 |
WEB
|
Diyar Saadi
|
|
2024-04-13
|
|
Savsoft Quiz v6.0 Enterprise - Stored XSS
|
13 |
WEB
|
Eren Sen
|
|
2024-04-12
|
|
Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)
|
22 |
WEB
|
Erdemstar
|
|
2024-04-12
|
|
WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)
|
17 |
WEB
|
tmrswrr
|
|
2024-04-12
|
|
WBCE 1.6.0 - Unauthenticated SQL injection
|
18 |
WEB
|
young pope
|
|
2024-04-12
|
|
Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - _sort_ parameter
|
25 |
WEB
|
Julio Ángel Ferrari
|
|
2024-04-12
|
|
PopojiCMS Version 2.0.1 - Remote Command Execution
|
23 |
WEB
|
tmrswrr
|
|
2024-04-12
|
|
Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)
|
14 |
WEB
|
Erdemstar
|
|
2024-04-12
|
|
HTMLy Version v2.9.6 - Stored XSS
|
18 |
WEB
|
tmrswrr
|
|
2024-04-12
|
|
Ray OS v2.6.3 - Command Injection RCE(Unauthorized)
|
22 |
WEB
|
Fire_Wolf
|
|
2024-04-12
|
|
GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload
|
18 |
WEB
|
George Tsimpidas
|
|
2024-04-08
|
|
Open Source Medicine Ordering System v1.0 - SQLi
|
14 |
WEB
|
Onur Karasalihoğlu
|
|
2024-04-08
|
|
Daily Expense Manager 1.0 - 'term' SQLi
|
16 |
WEB
|
Stefan Hesselman
|
|
2024-04-08
|
|
Best Student Result Management System v1.0 - Multiple SQLi
|
17 |
WEB
|
nu11secur1ty
|
|
2024-04-08
|
|
Human Resource Management System v1.0 - Multiple SQLi
|
18 |
WEB
|
nu11secur1ty
|
|
2024-04-08
|
|
Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload
|
25 |
WEB
|
Milad karimi
|
|
2024-04-03
|
|
Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)
|
24 |
WEB
|
Erdemstar
|
|
2024-04-03
|
|
Computer Laboratory Management System v1.0 - Multiple-SQLi
|
19 |
WEB
|
nu11secur1ty
|
|
2024-04-02
|
|
Axigen < 10.5.7 - Persistent Cross-Site Scripting
|
20 |
WEB
|
Vincent McRae_ Mesut Cetin
|
|
2024-04-02
|
|
Gibbon LMS v26.0.00 - SSTI vulnerability
|
17 |
WEB
|
Ali Maharramli_Fikrat Guliev_Islam Rzayev
|
|
2024-04-02
|
|
Casdoor < v1.331.0 - '/api/set-password' CSRF
|
16 |
WEB
|
Van Lam Nguyen
|
|
2024-04-02
|
|
Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthentic
|
27 |
WEB
|
Milad karimi
|
|
2024-04-02
|
|
Smart School 6.4.1 - SQL Injection
|
15 |
WEB
|
CraCkEr
|
|
2024-04-02
|
|
CE Phoenix v1.0.8.20 - Remote Code Execution
|
19 |
WEB
|
tmrswrr
|
|
2024-04-02
|
|
Elementor Website Builder < 3.12.2 - Admin+ SQLi
|
20 |
WEB
|
E1 Coders
|
|
2024-04-02
|
|
Blood Bank v1.0 - Stored Cross Site Scripting (XSS)
|
13 |
WEB
|
Ersin Erenler
|
|
2024-04-02
|
|
Daily Habit Tracker 1.0 - Broken Access Control
|
15 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
Daily Habit Tracker 1.0 - SQL Injection
|
12 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)
|
16 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
Employee Management System 1.0 - _txtusername_ and _txtpassword_ SQL Injection (Admin Login)
|
14 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
Employee Management System 1.0 - _txtfullname_ and _txtphone_ SQL Injection
|
17 |
WEB
|
Yevhenii Butenko
|
|
2024-04-02
|
|
LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)
|
18 |
WEB
|
tmrswrr
|
|
2024-04-02
|
|
FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)
|
19 |
WEB
|
Chokri Hammedi
|
|
2024-04-02
|
|
FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)
|
19 |
WEB
|
Chokri Hammedi
|
|
2024-04-02
|
|
Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)
|
20 |
WEB
|
Sandeep Vishwakarma
|
|
2024-04-02
|
|
E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)
|
18 |
WEB
|
Sandeep Vishwakarma
|
|
2024-04-02
|
|
Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)
|
21 |
WEB
|
Sandeep Vishwakarma
|
|
2024-04-02
|
|
OpenCart Core 4.0.2.3 - 'search' SQLi
|
21 |
WEB
|
Saud Alenazi
|
|
2024-04-02
|
|
Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)
|
28 |
WEB
|
Gian Paris C. Agsam
|
|
2024-04-02
|
|
Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal
|
19 |
WEB
|
Ven3xy
|
|
2024-03-28
|
|
liveSite Version 2019.1 - Remote Code Execution
|
20 |
WEB
|
tmrswrr
|
|
2024-03-28
|
|
Broken Access Control - on NodeBB v3.6.7
|
48 |
WEB
|
Vibhor Sharma
|
