|
2025-08-26
|
|
StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
|
15 |
WEB
|
xpl0dec
|
|
2025-08-26
|
|
Lingdang CRM 8.6.4.7 - SQL Injection
|
3 |
WEB
|
Beatriz Fresno Naumova
|
|
2025-08-26
|
|
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
|
3 |
WEB
|
Byte Reaper
|
|
2025-08-18
|
|
Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
|
11 |
WEB
|
Byte Reaper
|
|
2025-08-18
|
|
Soosyze CMS 2.0 - Brute Force Login
|
14 |
WEB
|
Beatriz Fresno Naumova
|
|
2025-08-18
|
|
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
|
6 |
WEB
|
Gurjot Singh
|
|
2025-08-18
|
|
BigAnt Office Messenger 5.6.06 - SQL Injection
|
9 |
WEB
|
Nicat Abbasov
|
|
2025-08-11
|
|
JetBrains TeamCity 2023.11.4 - Authentication Bypass
|
19 |
WEB
|
İbrahimsql
|
|
2025-08-11
|
|
ServiceNow Multiple Versions - Input Validation & Template Injection
|
10 |
WEB
|
İbrahimsql
|
|
2025-08-11
|
|
Ghost CMS 5.59.1 - Arbitrary File Read
|
14 |
WEB
|
İbrahimsql
|
|
2025-08-11
|
|
Ghost CMS 5.42.1 - Path Traversal
|
12 |
WEB
|
İbrahimsql
|
|
2025-08-11
|
|
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)
|
26 |
WEB
|
Imraan Khan (Lich-Sec)
|
|
2025-08-11
|
|
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
|
7 |
WEB
|
nu11secur1ty
|
|
2025-08-11
|
|
Grav CMS 1.7.48 - Remote Code Execution (RCE)
|
7 |
WEB
|
/bin/neko
|
|
2025-08-11
|
|
atjiu pybbs 6.0.0 - Cross Site Scripting (XSS)
|
11 |
WEB
|
Byte Reaper
|
|
2025-08-11
|
|
projectworlds Online Admission System 1.0 - SQL Injection
|
9 |
WEB
|
Byte Reaper
|
|
2025-08-03
|
|
Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation
|
31 |
WEB
|
Gurjot Singh
|
|
2025-08-03
|
|
LPAR2RRD 8.04 - Remote Code Execution (RCE)
|
8 |
WEB
|
Byte Reaper
|
|
2025-08-03
|
|
Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
|
6 |
WEB
|
Byte Reaper
|
|
2025-08-03
|
|
Gandia Integra Total 4.4.2236.1 - SQL Injection
|
8 |
WEB
|
Byte Reaper
|
|
2025-07-28
|
|
Adobe ColdFusion 2023.6 - Remote File Read
|
6 |
WEB
|
İbrahimsql
|
|
2025-07-28
|
|
Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)
|
9 |
WEB
|
Kevin Dicks
|
|
2025-07-28
|
|
XWiki 14 - SQL Injection via getdeleteddocuments.vm
|
8 |
WEB
|
Byte Reaper
|
|
2025-07-28
|
|
Invision Community 4.7.20 - (calendar/view.php) SQL Injection
|
6 |
WEB
|
Egidio Romano
|
|
2025-07-22
|
|
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field
|
10 |
WEB
|
Manojkumar J
|
|
2025-07-22
|
|
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function
|
6 |
WEB
|
Manojkumar J
|
|
2025-07-22
|
|
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Personal Canned Messages
|
5 |
WEB
|
Manojkumar J
|
|
2025-07-22
|
|
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field
|
4 |
WEB
|
Manojkumar J
|
|
2025-07-22
|
|
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname
|
5 |
WEB
|
Manojkumar J
|
|
2025-07-22
|
|
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Telegram Bot Username
|
4 |
WEB
|
Manojkumar J
|
|
2025-07-22
|
|
Discourse 3.1.1 - Unauthenticated Chat Message Access
|
7 |
WEB
|
İbrahimsql
|
|
2025-07-22
|
|
Joomla JS Jobs plugin 1.4.2 - SQL injection
|
8 |
WEB
|
Adam Wallwork
|
|
2025-07-22
|
|
Simple File List WordPress Plugin 4.2.2 - File Upload to RCE
|
6 |
WEB
|
Md Amanat Ullah (xSwads)
|
|
2025-07-22
|
|
Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE
|
5 |
WEB
|
Md Amanat Ullah (xSwads)
|
|
2025-07-16
|
|
WP Publications WordPress Plugin 1.2 - Stored XSS
|
41 |
WEB
|
Zeynalxan Quliyev
|
|
2025-07-16
|
|
White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion (LFI)
|
39 |
WEB
|
Imraan Khan (Lich-Sec)
|
|
2025-07-16
|
|
SugarCRM 14.0.0 - SSRF/Code Injection
|
27 |
WEB
|
Egidio Romano
|
|
2025-07-16
|
|
Langflow 1.2.x - Remote Code Execution (RCE)
|
26 |
WEB
|
Raghad Abdallah Al-syouf
|
|
2025-07-16
|
|
TOTOLINK N300RB 8.54 - Command Execution
|
29 |
WEB
|
Skander BELABED - Magellan Sécurité
|
|
2025-07-16
|
|
PivotX 3.0.0 RC3 - Remote Code Execution (RCE)
|
32 |
WEB
|
HayToN
|
|
2025-07-08
|
|
Discourse 3.2.x - Anonymous Cache Poisoning
|
48 |
WEB
|
İbrahimsql
|
|
2025-07-08
|
|
Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
|
50 |
WEB
|
stealthcopter
|
|
2025-07-02
|
|
Moodle 4.4.0 - Authenticated Remote Code Execution
|
42 |
WEB
|
Likhith Appalaneni
|
|
2025-06-26
|
|
Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)
|
69 |
WEB
|
Huseyin Mardinli
|
|
2025-06-26
|
|
Sitecore 10.4 - Remote Code Execution (RCE)
|
30 |
WEB
|
Yesith Alvarez
|
|
2025-06-26
|
|
Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
|
24 |
WEB
|
Zen-kun04
|
|
2025-06-15
|
|
Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI
|
43 |
WEB
|
Cristian Branet
|
|
2025-06-15
|
|
PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
|
43 |
WEB
|
İbrahimsql
|
|
2025-06-15
|
|
Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation
|
28 |
WEB
|
Milad karimi
|
|
2025-06-15
|
|
Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
|
22 |
WEB
|
/bin/neko
|
|
2025-06-13
|
|
Roundcube 1.6.10 - Remote Code Execution (RCE)
|
36 |
WEB
|
Maksim Rogov
|
|
2025-06-09
|
|
Laravel Pulse 1.3.1 - Arbitrary Code Injection
|
35 |
WEB
|
Mohammed Idrees Banyamer
|
|
2025-06-05
|
|
CloudClassroom PHP Project 1.0 - SQL Injection
|
18 |
WEB
|
Sanjay Singh
|
|
2025-05-29
|
|
Campcodes Online Hospital Management System 1.0 - SQL Injection
|
24 |
WEB
|
Carine Constantino
|
|
2025-05-29
|
|
WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
|
26 |
WEB
|
Saleh Tarawneh
|
|
2025-05-25
|
|
Java-springboot-codebase 1.1 - Arbitrary File Read
|
22 |
WEB
|
d3sca
|
|
2025-05-25
|
|
WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass
|
16 |
WEB
|
Mohammed Idrees Banyamer
|
|
2025-05-13
|
|
WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
|
14 |
WEB
|
Md Shoriful Islam
|
|
2025-05-13
|
|
Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
|
12 |
WEB
|
Alex Messham
|
|
2025-05-09
|
|
SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
|
14 |
WEB
|
Abdualhadi khalifa
|
|
2025-05-09
|
|
WordPress Depicter Plugin 3.6.1 - SQL Injection
|
12 |
WEB
|
Andrew Long
|
|
2025-05-06
|
|
ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
|
13 |
WEB
|
Ahmed Thaiban
|
|
2025-05-06
|
|
Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)
|
16 |
WEB
|
Sn1p3r-H4ck3r
|
|
2025-05-06
|
|
Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)
|
12 |
WEB
|
Van Lam Nguyen
|
|
2025-04-22
|
|
WordPress Core 6.2 - Directory Traversal
|
11 |
WEB
|
Milad karimi
|
|
2025-04-19
|
|
FoxCMS 1.2.5 - Remote Code Execution (RCE)
|
19 |
WEB
|
VeryLazyTech
|
|
2025-04-19
|
|
Drupal 11.x-dev - Full Path Disclosure
|
10 |
WEB
|
Milad karimi
|
|
2025-04-18
|
|
KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
|
11 |
WEB
|
samogod
|
|
2025-04-18
|
|
UJCMS 9.6.3 - User Enumeration via IDOR
|
11 |
WEB
|
Cyd Tseng
|
|
2025-04-18
|
|
Inventio Lite 4 - SQL Injection
|
12 |
WEB
|
pointedsec
|
|
2025-04-18
|
|
Apache Commons Text 1.10.0 - Remote Code Execution
|
10 |
WEB
|
Arjun Chaudhary
|
|
2025-04-18
|
|
Tatsu 3.3.11 - Unauthenticated RCE
|
10 |
WEB
|
Milad karimi
|
|
2025-04-18
|
|
Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation
|
11 |
WEB
|
Jun Takemura
|
|
2025-04-17
|
|
compop.ca 3.5.3 - Arbitrary code Execution
|
10 |
WEB
|
dmlino
|
|
2025-04-17
|
|
Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation
|
11 |
WEB
|
Kwangyun Keum
|
|
2025-04-17
|
|
Usermin 2.100 - Username Enumeration
|
8 |
WEB
|
Kjesper
|
|
2025-04-17
|
|
Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
|
12 |
WEB
|
Ravindu Wickramasinghe
|
|
2025-04-17
|
|
ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal
|
10 |
WEB
|
LiquidWorm
|
|
2025-04-17
|
|
ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution
|
10 |
WEB
|
LiquidWorm
|
|
2025-04-16
|
|
WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection
|
7 |
WEB
|
Ivan Spiridonov
|
|
2025-04-16
|
|
Smart Manager 8.27.0 - Post-Authenticated SQL Injection
|
9 |
WEB
|
Ivan Spiridonov
|
|
2025-04-16
|
|
KodExplorer 4.52 - Open Redirect
|
11 |
WEB
|
Rahad Chowdhury
|
|
2025-04-16
|
|
Car Rental Project 1.0 - Remote Code Execution
|
9 |
WEB
|
ub3rsick
|
|
2025-04-16
|
|
Ethercreative Logs 3.0.3 - Path Traversal
|
10 |
WEB
|
ub3rsick
|
|
2025-04-16
|
|
FLIR AX8 1.46.16 - Remote Command Injection
|
9 |
WEB
|
ub3rsick
|
|
2025-04-16
|
|
Garage Management System 1.0 (categoriesName) - Stored XSS
|
8 |
WEB
|
ub3rsick
|
|
2025-04-16
|
|
ProConf 6.0 - Insecure Direct Object Reference (IDOR)
|
7 |
WEB
|
ub3rsick
|
|
2025-04-16
|
|
phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames
|
8 |
WEB
|
Geo
|
|
2025-04-16
|
|
ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) - File Write DoS
|
6 |
WEB
|
LiquidWorm
|
|
2025-04-16
|
|
ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS
|
6 |
WEB
|
LiquidWorm
|
|
2025-04-16
|
|
ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution
|
7 |
WEB
|
LiquidWorm
|
|
2025-04-16
|
|
ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF)
|
8 |
WEB
|
LiquidWorm
|
|
2025-04-16
|
|
Zabbix 7.0.0 - SQL Injection
|
15 |
WEB
|
m4nb4
|
|
2025-04-16
|
|
NagVis 1.9.33 - Arbitrary File Read
|
10 |
WEB
|
xerosec
|
|
2025-04-16
|
|
Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)
|
6 |
WEB
|
Ayato Shitomi @ Fore-Z co.ltd
|
|
2025-04-16
|
|
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
|
9 |
WEB
|
CodeSecLab
|
|
2025-04-15
|
|
Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)
|
8 |
WEB
|
D3Ext
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure
|
7 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.03 - Hard-coded Secrets
|
7 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
|
5 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy
|
7 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection
|
6 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning
|
7 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)
|
9 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
|
6 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution
|
7 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
|
3 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting
|
4 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)
|
6 |
WEB
|
hyp3rlinx
|
|
2025-04-15
|
|
Plane 0.23.1 - Server side request forgery (SSRF)
|
6 |
WEB
|
Saud Alenazi
|
|
2025-04-15
|
|
IBMi Navigator 7.5 - HTTP Security Token Bypass
|
5 |
WEB
|
hyp3rlinx
|
|
2025-04-15
|
|
OpenCMS 17.0 - Stored Cross Site Scripting (XSS)
|
7 |
WEB
|
Siddhartha Naik
|
|
2025-04-15
|
|
Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)
|
4 |
WEB
|
Eui Chul Chung
|
|
2025-04-15
|
|
Really Simple Security 9.1.1.1 - Authentication Bypass
|
5 |
WEB
|
Antonio Francesco Sardella
|
|
2025-04-15
|
|
Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)
|
5 |
WEB
|
d3sca
|
|
2025-04-14
|
|
SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)
|
6 |
WEB
|
James Nicoll
|
|
2025-04-14
|
|
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal
|
3 |
WEB
|
Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsu
|
|
2025-04-14
|
|
OpenPanel 0.3.4 - OS Command Injection
|
6 |
WEB
|
Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsu
|
|
2025-04-14
|
|
OpenPanel 0.3.4 - Incorrect Access Control
|
5 |
WEB
|
Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsu
|
|
2025-04-14
|
|
OpenPanel 0.3.4 - Directory Traversal
|
3 |
WEB
|
Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsu
|
|
2025-04-14
|
|
Pimcore 11.4.2 - Stored cross site scripting
|
5 |
WEB
|
maeitsec
|
|
2025-04-14
|
|
Pimcore customer-data-framework 4.2.0 - SQL injection
|
6 |
WEB
|
maeitsec
|
|
2025-04-14
|
|
Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
|
6 |
WEB
|
hyp3rlinx
|
|
2025-04-14
|
|
ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
|
6 |
WEB
|
tasos meletlidis
|
|
2025-04-11
|
|
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
|
5 |
WEB
|
Giorgi Dograshvili
|
