|
2025-04-08
|
|
jQuery 3.3.1 - Prototype Pollution & XSS Exploit
|
1 |
WEB
|
xOryus
|
|
2025-04-08
|
|
Jasmin Ransomware - Arbitrary File Download (Authenticated)
|
1 |
WEB
|
bRpsd
|
|
2025-04-08
|
|
UNA CMS 14.0.0-RC - PHP Object Injection
|
1 |
WEB
|
Egidio Romano
|
|
2025-04-08
|
|
Nagios Xi 5.6.6 - Authenticated Remote Code Execution (RCE)
|
1 |
WEB
|
Calil Khalil
|
|
2025-04-08
|
|
WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation
|
1 |
WEB
|
Al Baradi Joy
|
|
2025-04-07
|
|
XWiki Platform 15.10.10 - Remote Code Execution
|
1 |
WEB
|
Al Baradi Joy
|
|
2025-04-07
|
|
YesWiki 4.5.1 - Unauthenticated Path Traversal
|
1 |
WEB
|
Al Baradi Joy
|
|
2025-04-07
|
|
Apache Tomcat 11.0.3 - Remote Code Execution
|
1 |
WEB
|
Al Baradi Joy
|
|
2025-04-06
|
|
Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)
|
1 |
WEB
|
Ilteris Kaan Pehlivan
|
|
2025-04-06
|
|
WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)
|
1 |
WEB
|
Swammers8
|
|
2025-04-06
|
|
Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload
|
1 |
WEB
|
Al Baradi Joy
|
|
2025-04-06
|
|
Watcharr 1.43.0 - Remote Code Execution (RCE)
|
1 |
WEB
|
Suphawith Phusanbai
|
|
2025-04-06
|
|
Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
|
2 |
WEB
|
ByteHunter
|
|
2025-04-06
|
|
DataEase 2.4.0 - Database Configuration Information Exposure
|
1 |
WEB
|
ByteHunter
|
|
2025-04-05
|
|
Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload
|
1 |
WEB
|
4m3rr0r
|
|
2025-04-05
|
|
Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)
|
1 |
WEB
|
Al Baradi Joy
|
|
2025-04-05
|
|
Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)
|
1 |
WEB
|
4m3rr0r
|
|
2025-04-05
|
|
Next.js Middleware 15.2.2 - Authorization Bypass
|
1 |
WEB
|
kOaDT
|
|
2025-04-05
|
|
IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
|
1 |
WEB
|
Giulio Garzia
|
|
2025-04-03
|
|
AppSmith 1.47 - Remote Code Execution (RCE)
|
2 |
WEB
|
Nishanth Gaddam
|
|
2025-04-03
|
|
Nagios Log Server 2024R1.3.1 - Stored XSS
|
2 |
WEB
|
Seth Kraft
|
|
2025-04-03
|
|
ABB Cylon Aspect 3.07.02 - File Disclosure
|
2 |
WEB
|
LiquidWorm
|
|
2025-04-03
|
|
Webmin Usermin 2.100 - Username Enumeration
|
2 |
WEB
|
Kjesper
|
|
2025-04-03
|
|
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
|
1 |
WEB
|
LiquidWorm
|
|
2025-04-02
|
|
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
|
3 |
WEB
|
LiquidWorm
|
|
2025-04-02
|
|
ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)
|
2 |
WEB
|
LiquidWorm
|
|
2025-04-02
|
|
Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS
|
4 |
WEB
|
arfaoui haythem
|
|
2025-03-29
|
|
XWiki Standard 14.10 - Remote Code Execution (RCE)
|
2 |
WEB
|
Mehran Seifalinia
|
|
2025-03-28
|
|
Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
|
2 |
WEB
|
VeryLazyTech
|
|
2025-03-28
|
|
Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)
|
2 |
WEB
|
VeryLazyTech
|
|
2025-03-28
|
|
Sonatype Nexus Repository 3.53.0-01 - Path Traversal
|
2 |
WEB
|
VeryLazyTech
|
|
2025-03-28
|
|
CodeCanyon RISE CRM 3.7.0 - SQL Injection
|
2 |
WEB
|
Jobyer From Bytium
|
|
2025-03-28
|
|
Litespeed Cache 6.5.0.1 - Authentication Bypass
|
2 |
WEB
|
Caner Tercan
|
|
2025-03-27
|
|
X2CRM 8.5 - Stored Cross-Site Scripting (XSS)
|
2 |
WEB
|
Okan Kurtulus
|
|
2025-03-27
|
|
KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
|
2 |
WEB
|
Okan Kurtulus
|
|
2025-03-27
|
|
MoziloCMS 3.0 - Remote Code Execution (RCE)
|
1 |
WEB
|
Olakojo Olaoluwa Joshua
|
|
2025-03-22
|
|
TeamPass 3.0.0.21 - SQL Injection
|
2 |
WEB
|
Max Meyer - Rivendell
|
|
2025-03-21
|
|
Jasmin Ransomware - SQL Injection Login Bypass
|
2 |
WEB
|
Buğra Enis Dönmez
|
|
2025-03-20
|
|
FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)
|
2 |
WEB
|
Chokri Hammedi
|
|
2025-03-20
|
|
JUX Real Estate 3.4.0 - SQL Injection
|
1 |
WEB
|
CraCkEr
|
|
2025-03-19
|
|
Gitea 1.24.0 - HTML Injection
|
2 |
WEB
|
Mikail KOCADAĞ
|
|
2025-03-19
|
|
TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
2 |
WEB
|
ABABANK REDTEAM
|
|
2025-03-19
|
|
Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
|
2 |
WEB
|
Ravina
|
|
2025-03-19
|
|
Loaded Commerce 6.6 - Client-Side Template Injection(CSTI)
|
2 |
WEB
|
tmrswrr
|
|
2025-03-18
|
|
Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
|
2 |
WEB
|
Mohamed Kamel BOUZEKRIA
|
|
2024-11-15
|
|
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
|
2 |
WEB
|
cybersploit
|
|
2024-10-01
|
|
reNgine 2.2.0 - Command Injection (Authenticated)
|
2 |
WEB
|
Caner Tercan
|
|
2024-10-01
|
|
openSIS 9.1 - SQLi (Authenticated)
|
2 |
WEB
|
Devrim Dıragumandan
|
|
2024-10-01
|
|
dizqueTV 1.5.3 - Remote Code Execution (RCE)
|
1 |
WEB
|
Ahmed Said Saud Al-Busaidi
|
|
2024-08-28
|
|
NoteMark < 0.13.0 - Stored XSS
|
2 |
WEB
|
Alessio Romano (sfoffo)
|
|
2024-08-28
|
|
Gitea 1.22.0 - Stored XSS
|
3 |
WEB
|
Catalin Iovita_ Alexandru Postolache
|
|
2024-08-28
|
|
Invesalius3 - Remote Code Execution
|
11 |
WEB
|
Alessio Romano (sfoffo)_ Riccardo Degli Esposti (p
|
|
2024-08-24
|
|
Aurba 501 - Authenticated RCE
|
7 |
WEB
|
Hosein Vita
|
|
2024-08-24
|
|
HughesNet HT2000W Satellite Modem - Password Reset
|
3 |
WEB
|
Simon Greenblatt
|
|
2024-08-24
|
|
Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure
|
2 |
WEB
|
LiquidWorm
|
|
2024-08-24
|
|
Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
|
1 |
WEB
|
LiquidWorm
|
|
2024-08-24
|
|
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
|
2 |
WEB
|
LiquidWorm
|
|
2024-08-24
|
|
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
|
2 |
WEB
|
LiquidWorm
|
|
2024-08-23
|
|
Helpdeskz v2.0.2 - Stored XSS
|
2 |
WEB
|
Md. Sadikul Islam
|
|
2024-08-23
|
|
Calibre-web 0.6.21 - Stored XSS
|
2 |
WEB
|
Catalin Iovita_ Alexandru Postolache
|
|
2024-08-04
|
|
Devika v1 - Path Traversal via 'snapshot_path'
|
2 |
WEB
|
Alperen Ergel
|
|
2024-08-04
|
|
Ivanti vADC 9.9 - Authentication Bypass
|
2 |
WEB
|
ohnoisploited
|
|
2024-07-01
|
|
Xhibiter NFT Marketplace 1.10.2 - SQL Injection
|
3 |
WEB
|
Sohel Yousef
|
|
2024-07-01
|
|
Azon Dominator Affiliate Marketing Script - SQL Injection
|
2 |
WEB
|
Buğra Enis Dönmez
|
|
2024-07-01
|
|
Microweber 2.0.15 - Stored XSS
|
2 |
WEB
|
tmrswrr
|
|
2024-07-01
|
|
Customer Support System 1.0 - Stored XSS
|
2 |
WEB
|
Geraldo Alcantara
|
|
2024-06-26
|
|
Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
|
2 |
WEB
|
Jerry Thomas
|
|
2024-06-26
|
|
SolarWinds Platform 2024.1 SR1 - Race Condition
|
1 |
WEB
|
Elhussain Fathy
|
|
2024-06-26
|
|
Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
1 |
WEB
|
tmrswrr
|
|
2024-06-26
|
|
Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
|
1 |
WEB
|
Jerry Thomas
|
|
2024-06-14
|
|
Boelter Blue System Management 1.3 - SQL Injection
|
1 |
WEB
|
CBKB
|
|
2024-06-14
|
|
WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
|
1 |
WEB
|
Onur Göğebakan
|
|
2024-06-14
|
|
PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
|
1 |
WEB
|
Yesith Alvarez
|
|
2024-06-14
|
|
AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.
|
1 |
WEB
|
Aslam Anwar Mahimkar
|
|
2024-06-14
|
|
XMB 1.9.12.06 - Stored XSS
|
1 |
WEB
|
Chokri Hammedi
|
|
2024-06-14
|
|
Carbon Forum 5.9.0 - Stored XSS
|
1 |
WEB
|
Chokri Hammedi
|
|
2024-06-14
|
|
AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
|
1 |
WEB
|
Aslam Anwar Mahimkar
|
|
2024-06-03
|
|
appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
|
11 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
WBCE CMS v1.6.2 - Remote Code Execution (RCE)
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
Monstra CMS 3.0.4 - Remote Code Execution (RCE)
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
Dotclear 2.29 - Remote Code Execution (RCE)
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
Serendipity 2.5.0 - Remote Code Execution (RCE)
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-06-03
|
|
Sitefinity 15.0 - Cross-Site Scripting (XSS)
|
1 |
WEB
|
Aldi Saputra Wahyudi
|
|
2024-06-01
|
|
FreePBX 16 - Remote Code Execution (RCE) (Authenticated)
|
1 |
WEB
|
Cold z3ro
|
|
2024-06-01
|
|
Akaunting 3.1.8 - Server-Side Template Injection (SSTI)
|
1 |
WEB
|
tmrswrr
|
|
2024-05-31
|
|
Check Point Security Gateway - Information Disclosure (Unauthenticated)
|
1 |
WEB
|
Yesith Alvarez
|
|
2024-05-31
|
|
Aquatronica Control System 5.1.6 - Information Disclosure
|
2 |
WEB
|
LiquidWorm
|
|
2024-05-31
|
|
changedetection < 0.45.20 - Remote Code Execution (RCE)
|
2 |
WEB
|
Zach Crosman (zcrosman)
|
|
2024-05-31
|
|
ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
|
2 |
WEB
|
tmrswrr
|
|
2024-05-31
|
|
iMLog < 1.307 - Persistent Cross Site Scripting (XSS)
|
2 |
WEB
|
Gabriel Felipe
|
|
2024-05-31
|
|
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
|
2 |
WEB
|
Ivan Spiridonov
|
|
2024-05-19
|
|
htmlLawed 1.2.5 - Remote Code Execution (RCE)
|
2 |
WEB
|
Miguel Redondo
|
|
2024-05-19
|
|
PopojiCMS 2.0.1 - Remote Command Execution (RCE)
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-19
|
|
Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-19
|
|
Apache OFBiz 18.12.12 - Directory Traversal
|
2 |
WEB
|
Abdualhadi khalifa
|
|
2024-05-19
|
|
Wordpress Theme XStore 9.3.8 - SQLi
|
2 |
WEB
|
Abdualhadi khalifa
|
|
2024-05-19
|
|
Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
|
2 |
WEB
|
Sergio Medeiros
|
|
2024-05-13
|
|
Prison Management System - SQL Injection Authentication Bypass
|
2 |
WEB
|
Sanjay Singh
|
|
2024-05-13
|
|
PyroCMS v3.0.1 - Stored XSS
|
1 |
WEB
|
tmrswrr
|
|
2024-05-13
|
|
CE Phoenix Version 1.0.8.20 - Stored XSS
|
1 |
WEB
|
tmrswrr
|
|
2024-05-13
|
|
Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-13
|
|
Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-05-13
|
|
Apache mod_proxy_cluster 1.2.6 - Stored XSS
|
2 |
WEB
|
Mohamed Mounir Boudjema
|
|
2024-05-08
|
|
iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)
|
2 |
WEB
|
modrnProph3t
|
|
2024-05-08
|
|
Clinic Queuing System 1.0 - RCE
|
3 |
WEB
|
Juan Marco Sanchez
|
|
2024-05-04
|
|
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure
|
2 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass
|
2 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
|
1 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass
|
1 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure
|
1 |
WEB
|
LiquidWorm
|
|
2024-05-04
|
|
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass
|
2 |
WEB
|
LiquidWorm
|
|
2024-04-21
|
|
Flowise 1.6.5 - Authentication Bypass
|
2 |
WEB
|
Maerifat Majeed
|
|
2024-04-21
|
|
Laravel Framework 11 - Credential Leakage
|
2 |
WEB
|
Huseein Amer
|
|
2024-04-21
|
|
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-04-21
|
|
Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
|
3 |
WEB
|
Milad karimi
|
|
2024-04-21
|
|
FlatPress v1.3 - Remote Command Execution
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2024-04-15
|
|
OpenClinic GA 5.247.01 - Path Traversal (Authenticated)
|
2 |
WEB
|
VB
|
|
2024-04-15
|
|
OpenClinic GA 5.247.01 - Information Disclosure
|
2 |
WEB
|
VB
|
|
2024-04-15
|
|
Jenkins 2.441 - Local File Inclusion
|
2 |
WEB
|
Matisse Beckandt
|
|
2024-04-15
|
|
djangorestframework-simplejwt 5.3.1 - Information Disclosure
|
2 |
WEB
|
Dhrumil Mistry
|
|
2024-04-13
|
|
BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE
|
2 |
WEB
|
trancap
|
|
2024-04-13
|
|
Stock Management System v1.0 - Unauthenticated SQL Injection
|
2 |
WEB
|
blu3ming
|
|
2024-04-13
|
|
Online Fire Reporting System OFRS - SQL Injection Authentication Bypass
|
2 |
WEB
|
Diyar Saadi
|
|
2024-04-13
|
|
Savsoft Quiz v6.0 Enterprise - Stored XSS
|
2 |
WEB
|
Eren Sen
|
