Blog RSSExploits RSSFacebook

WEB

Date D   Description Plat. Author
2026-06-08   OpenEMR 7.0.2 - Arbitrary File Read 46 WEB doany1
2026-06-05   WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection 52 WEB cardosource
2026-06-01   Drupal Core 10.5.5 - Error-Based SQL Injection 66 WEB cardosource
2026-06-01   WordPress OrderConvo 14 - Path Traversal 44 WEB Diamorphine
2026-05-30   YAMCS yamcs-core 5.12.7 - No Rate Limiting 40 WEB Daniel Miranda
2026-05-30   YAMCS yamcs-core 5.12.7 - User Enumeration 36 WEB Daniel Miranda
2026-05-30   YAMCS yamcs-core 5.12.7 - LDAP Injection 47 WEB Daniel Miranda
2026-05-29   MikroORM 7.0.13 - SQL Injection 37 WEB cardosource
2026-05-29   Prodigy Commerce 3.3.0 - Local File Inclusion 39 WEB Diamorphine
2026-05-29   Langflow 1.3.0 - Remote Code Execution 52 WEB Diamorphine
2026-05-29   Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution 38 WEB cardosource
2026-05-29   MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution 33 WEB cardosource
2026-05-29   CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated) 29 WEB Th3-SAx11
2026-05-27   Casdoor 3.54.1 - Arbitrary File Write via Path Traversal 28 WEB sixpain
2026-05-27   EspoCRM 9.3.3 - SSRF 26 WEB Max Gabriel
2026-05-27   scramble - Remote Code Execution 22 WEB joshua
2026-05-27   MeiG Smart FORGE_SLT711 - OS Command Injection 28 WEB Daniil Gordeev
2026-05-27   OpenCATS 0.9.7.4 - SQL Injection 23 WEB Gabriel Rodrigues
2026-05-26   Grav CMS 2.0.0-beta.2 - Remote Code Execution 29 WEB Mustafa Murat Akgül
2026-05-26   Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service 26 WEB alisunbul
2026-05-26   D-Link DSL2600U - 'rom-0' Admin Password Disclosure 24 WEB Amir Hossein Jamshidi
2026-05-26   Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeov 31 WEB Amir Hossein Jamshidi
2026-05-26   cPanel - CRLF Injection 34 WEB nu11secur1ty
2026-05-21   Cockpit 359 - RCE 42 WEB Abdelazim Mohammed
2026-05-21   BookStack 25.12.1 - Denial of Service 34 WEB Gabriel Rodrigues
2026-05-21   solaredge - (CSRF-OOB-Injection) 32 WEB nu11secur1ty
2026-05-21   FUXA 1.2.9 - RCE 31 WEB Anthony Cihan
2026-05-14   WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI 38 WEB bootstrapbool
2026-05-14   Apache HertzBeat 1.8.0 - Remote Code Execution 32 WEB Brett Gervasoni
2026-05-14   ePati Antikor NGFW 2.0.1301 - Authentication Bypass 30 WEB sadik
2026-05-14   PJPROJECT 2.16 - Heap Bufferoverflow 24 WEB vabismo452
2026-05-13   Ninja Forms Uploads - Unauthenticated PHP File Upload 37 WEB selim.lanouar
2026-05-13   glances 4.5.2 - command injection 35 WEB best.sell
2026-05-13   coreruleset 4.21.0 - Firewall Bypass 29 WEB anonimicerum
2026-05-13   Flowise < 3.0.5 - Missing Authentication for Critical Function 32 WEB andersoncezar048
2026-05-07   Ghost CMS 6.19.0 - SQLi 50 WEB Maksim Rogov
2026-05-07   LuaJIT 2.1.1774638290 - Arbitrary Code Execution 30 WEB Taurus Omar
2026-05-07   Bludit CMS 3.18.4 - RCE 36 WEB yahia
2026-05-07   ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF) 29 WEB 9tamilmathi
2026-05-04   Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE) 40 WEB jarrett
2026-05-04   MindsDB 25.9.1.1 - Path Traversal 41 WEB thewhiteh4t
2026-05-04   Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH) 27 WEB hazar
2026-04-30   FUXA 1.2.8 - Authentication Bypass + RCE Exploit 45 WEB joshua
2026-04-30   Python-Multipart 0.0.22 - Path Traversal 35 WEB jefersoncardoso.dev
2026-04-30   Repetier-Server 1.4.10 - Path Traversal 25 WEB banyamer
2026-04-30   HUSTOJ Zip-Slip v26.01.24 - RCE 26 WEB Marshall Whittaker
2026-04-30   BusyBox 1.37.0 - Path Traversal 32 WEB Calil Khalil
2026-04-30   JUNG Smart Visu Server 1.1.1050 - Dos 28 WEB banyamer
2026-04-30   SumatraPDF 3.5.2 - Remote Code Execution 34 WEB banyamer
2026-04-30   NiceGUI 3.6.1 - Path Traversal 21 WEB banyamer
2026-04-30   Frigate NVR 0.16.3 - Remote Code Execution 15 WEB jduardo2704
2026-04-30   Js2Py 0.74 - RCE 29 WEB alisunbul
2026-04-30   Camaleon CMS v2.9.0 - Path Traversal 15 WEB velampudisakshi
2026-04-30   Cybersecurity AI (CAI) Framework 0.5.10 - Command Injection 18 WEB banyamer
2026-04-30   Erugo 0.2.14 - Remote Code Execution (RCE) 20 WEB abdulmoiz
2026-04-30   deephas 1.0.7 - Prototype Pollution 23 WEB banyamer
2026-04-30   SUSE Manager 4.3.15 - Code Execution 15 WEB wjmaj98
2026-04-29   HAX CMS 24.x - Stored Cross-Site Scripting (XSS) 16 WEB banyamer
2026-04-29   Craft CMS 5.6.16 - RCE 30 WEB banyamer
2026-04-29   phpMyFAQ 4.0.16 - Improper Authorization 29 WEB contact
2026-04-29   GeographicLib v2.5.1 - stack buffer overflow 28 WEB rosario
2026-04-29   OpenKM 6.3.12 - Multiple 20 WEB skumar
2026-04-29   GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE) 18 WEB unico007x
2026-04-29   JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution 28 WEB sardordev02
2026-04-29   FacturaScripts 2025.43 - XSS 19 WEB uvettrivel007
2026-04-29   Xibo CMS 4.3.0 - RCE via SSTI 23 WEB Cristian Branet
2026-04-29   LangChain Core 1.2.4 - SSTI/RCE 20 WEB banyamer
2026-04-22   WordPress Plugin 5.2.0 - Broken Access Control 28 WEB cydev.turing
2026-04-10   D-Link DIR-650IN - Authenticated Command Injection 28 WEB Sanjay Singh
2026-04-09   React Server 19.2.0 - Remote Code Execution 39 WEB danieljavanrad
2026-04-09   RomM 4.4.0 - XSS_CSRF Chain 22 WEB mmohammedheshamm
2026-04-09   Jumbo Website Manager - Remote Code Execution 28 WEB Mirabbas Ağalarov
2026-04-08   FortiWeb 8.0.2 - Remote Code Execution 53 WEB Mohammed Idrees Banyamer
2026-04-08   xibocms 3.3.4 - RCE 37 WEB complexusprada
2026-04-08   Horilla v1.3 - RCE 35 WEB nakleh
2026-04-06   Fortinet FortiWeb v8.0.1 - Auth Bypass 33 WEB nu11secur1ty
2026-04-06   ASP.net 8.0.10 - Bypass 33 WEB Mohammed Idrees Banyamer
2026-04-06   Grafana 11.6.0 - SSRF 32 WEB Beatriz Fresno Naumova
2026-04-06   Zhiyuan OA - arbitrary file upload leading 37 WEB Beatriz Fresno Naumova
2026-04-06   WBCE CMS 1.6.4 - Remote Code Execution 18 WEB red
2026-04-06   RiteCMS 3.1.0 - Authenticated Remote Code Execution 17 WEB red
2026-04-06   WordPress Madara - Local File Inclusion 25 WEB Beatriz Fresno Naumova
2026-03-03   WordPress Backup Migration 1.3.7 - Remote Command Execution 94 WEB dangwenjing
2026-03-03   mailcow 2025-01a - Host Header Password Reset Poisoning 43 WEB alvarez
2026-03-03   Easy File Sharing Web Server v7.2 - Buffer Overflow 41 WEB diogo
2026-03-03   WeGIA 3.5.0 - SQL Injection 53 WEB onurdemir
2026-03-03   Boss Mini v1.4.0 - Local File Inclusion (LFI) 34 WEB andersoncezar048
2026-02-11   motionEye 0.43.1b4 - RCE 70 WEB prabhat
2026-02-04   OctoPrint 1.11.2 - File Upload 104 WEB prabhat
2026-02-04   aiohttp 3.9.1 - directory traversal PoC 66 WEB Beatriz Fresno Naumova
2026-02-04   FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution 63 WEB Milad Karimi (Ex3ptionaL)
2026-02-02   Piranha CMS 12.0 - Stored XSS in Text Block 63 WEB terminalvenoms
2026-02-02   RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS) 42 WEB Beatriz Fresno Naumova
2026-02-02   D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS) 40 WEB Beatriz Fresno Naumova
2026-01-17   RPi-Jukebox-RFID 2.8.0 - Remote Command Execution 68 WEB Beatriz Fresno Naumova
2026-01-17   Siklu EtherHaul Series EH-8010 - Arbitrary File Upload 51 WEB semaja2
2026-01-17   Siklu EtherHaul Series EH-8010 - Remote Command Execution 46 WEB semaja2
2025-12-25   WordPress Quiz Maker 6.7.0.56 - SQL Injection 121 WEB Rahul Sreenivasan
2025-12-25   Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie 41 WEB 0xsabre
2025-12-25   FreeBSD rtsold 15.x - Remote Code Execution via DNSSL 61 WEB Lukas Johannes Möller
2025-12-16   Summar Employee Portal 3.98.0 - Authenticated SQL Injection 74 WEB Peter Gabaldon
2025-12-16   esm-dev 136 - Path Traversal 52 WEB Byte Reaper
2025-12-08   Pluck 4.7.7-dev2 - PHP Code Execution 82 WEB CodeSecLab
2025-12-03   phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF) 67 WEB CodeSecLab
2025-12-03   phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF) 48 WEB CodeSecLab
2025-12-03   MaNGOSWebV4 4.0.6 - Reflected XSS 48 WEB CodeSecLab
2025-12-03   Django 5.1.13 - SQL Injection 100 WEB Wafcontrol Security Team
2025-12-03   phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF) 52 WEB CodeSecLab
2025-12-03   MobileDetect 2.8.31 - Cross-Site Scripting (XSS) 35 WEB CodeSecLab
2025-12-03   phpIPAM 1.4 - SQL-Injection 43 WEB CodeSecLab
2025-12-03   OpenRepeater 2.1 - OS Command Injection 43 WEB CodeSecLab
2025-12-03   phpMyAdmin 5.0.0 - SQL Injection 56 WEB CodeSecLab
2025-12-03   RosarioSIS 6.7.2 - Cross Site Scripting (XSS) 40 WEB CodeSecLab
2025-12-03   RosarioSIS 6.7.2 - Cross-Site Scripting (XSS) 35 WEB CodeSecLab
2025-12-03   PluckCMS 4.7.10 - Unrestricted File Upload 53 WEB CodeSecLab
2025-12-03   openSIS Community Edition 8.0 - SQL Injection 34 WEB CodeSecLab
2025-12-02   YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF) 29 WEB CodeSecLab
2025-12-02   phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS) 47 WEB CodeSecLab
2025-12-02   phpIPAM 1.5.1 - SQL Injection 40 WEB CodeSecLab
2025-12-02   Piwigo 13.6.0 - SQL Injection 42 WEB CodeSecLab
2025-12-02   phpIPAM 1.6 - Reflected-Cross-Site Scripting (XSS) 34 WEB CodeSecLab
2025-12-02   phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS) 35 WEB CodeSecLab
2025-10-31   Flowise 3.0.4 - Remote Code Execution (RCE) 127 WEB nltt0
2025-10-29   Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF) 80 WEB Van Lam Nguyen
2025-09-16   Tourism Management System 2.0 - Arbitrary Shell Upload 168 WEB Debug Security