|
2025-04-16
|
|
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
|
17 |
WEB
|
CodeSecLab
|
|
2025-04-15
|
|
Cacti 1.2.26 - Remote Code Execution (RCE) (Authenticated)
|
19 |
WEB
|
D3Ext
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure
|
16 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.03 - Hard-coded Secrets
|
15 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
|
16 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy
|
16 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection
|
18 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning
|
18 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)
|
20 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
|
15 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution
|
15 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
|
13 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting
|
13 |
WEB
|
LiquidWorm
|
|
2025-04-15
|
|
IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)
|
18 |
WEB
|
hyp3rlinx
|
|
2025-04-15
|
|
Plane 0.23.1 - Server side request forgery (SSRF)
|
19 |
WEB
|
Saud Alenazi
|
|
2025-04-15
|
|
IBMi Navigator 7.5 - HTTP Security Token Bypass
|
16 |
WEB
|
hyp3rlinx
|
|
2025-04-15
|
|
OpenCMS 17.0 - Stored Cross Site Scripting (XSS)
|
19 |
WEB
|
Siddhartha Naik
|
|
2025-04-15
|
|
Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)
|
18 |
WEB
|
Eui Chul Chung
|
|
2025-04-15
|
|
Really Simple Security 9.1.1.1 - Authentication Bypass
|
17 |
WEB
|
Antonio Francesco Sardella
|
|
2025-04-15
|
|
Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)
|
29 |
WEB
|
d3sca
|
|
2025-04-14
|
|
SilverStripe 5.3.8 - Stored Cross Site Scripting (XSS) (Authenticated)
|
17 |
WEB
|
James Nicoll
|
|
2025-04-14
|
|
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal
|
13 |
WEB
|
Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsu
|
|
2025-04-14
|
|
OpenPanel 0.3.4 - OS Command Injection
|
20 |
WEB
|
Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsu
|
|
2025-04-14
|
|
OpenPanel 0.3.4 - Incorrect Access Control
|
15 |
WEB
|
Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsu
|
|
2025-04-14
|
|
OpenPanel 0.3.4 - Directory Traversal
|
16 |
WEB
|
Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsu
|
|
2025-04-14
|
|
Pimcore 11.4.2 - Stored cross site scripting
|
19 |
WEB
|
maeitsec
|
|
2025-04-14
|
|
Pimcore customer-data-framework 4.2.0 - SQL injection
|
19 |
WEB
|
maeitsec
|
|
2025-04-14
|
|
Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
|
19 |
WEB
|
hyp3rlinx
|
|
2025-04-14
|
|
ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
|
26 |
WEB
|
tasos meletlidis
|
|
2025-04-11
|
|
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
|
19 |
WEB
|
Giorgi Dograshvili
|
|
2025-04-11
|
|
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
|
15 |
WEB
|
LiquidWorm
|
|
2025-04-11
|
|
GeoVision GV-ASManager 6.1.1.0 - CSRF
|
14 |
WEB
|
Giorgi Dograshvili
|
|
2025-04-11
|
|
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)
|
18 |
WEB
|
LiquidWorm
|
|
2025-04-11
|
|
WebFileSys 2.31.0 - Directory Path Traversal
|
18 |
WEB
|
Korn Chaisuwan_ Charanin Thongudom_ Pongtorn Angsu
|
|
2025-04-11
|
|
ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning
|
15 |
WEB
|
LiquidWorm
|
|
2025-04-11
|
|
Netman 204 - Remote command without authentication
|
15 |
WEB
|
Parsa Rezaie Khiabanloo
|
|
2025-04-11
|
|
ABB Cylon Aspect 3.08.02 - PHP Session Fixation
|
16 |
WEB
|
LiquidWorm
|
|
2025-04-11
|
|
CMU CERT/CC VINCE 2.0.6 - Stored XSS
|
14 |
WEB
|
LiquidWorm
|
|
2025-04-11
|
|
ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery
|
13 |
WEB
|
LiquidWorm
|
|
2025-04-11
|
|
ABB Cylon FLXeon 9.3.4 - Default Credentials
|
13 |
WEB
|
LiquidWorm
|
|
2025-04-11
|
|
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
|
14 |
WEB
|
LiquidWorm
|
|
2025-04-11
|
|
Nagios Log Server 2024R1.3.1 - API Key Exposure
|
14 |
WEB
|
Seth Kraft
|
|
2025-04-11
|
|
phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)
|
17 |
WEB
|
CodeSecLab
|
|
2025-04-11
|
|
MiniCMS 1.1 - Cross Site Scripting (XSS)
|
17 |
WEB
|
CodeSecLab
|
|
2025-04-11
|
|
NEWS-BUZZ News Management System 1.0 - SQL Injection
|
15 |
WEB
|
egsec
|
|
2025-04-11
|
|
Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
|
15 |
WEB
|
AmirZargham
|
|
2025-04-11
|
|
CyberPanel 2.3.6 - Remote Code Execution (RCE)
|
16 |
WEB
|
Luka Petrovic (refr4g)
|
|
2025-04-11
|
|
LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection
|
14 |
WEB
|
Francisco Moraga (BTshell)
|
|
2025-04-11
|
|
MagnusSolution magnusbilling 7.3.0 - Command Injection
|
19 |
WEB
|
CodeSecLab
|
|
2025-04-11
|
|
RosarioSIS 7.6 - SQL Injection
|
21 |
WEB
|
CodeSecLab
|
|
2025-04-11
|
|
GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)
|
23 |
WEB
|
CodeSecLab
|
|
2025-04-11
|
|
Gnuboard5 5.3.2.8 - SQL Injection
|
16 |
WEB
|
CodeSecLab
|
|
2025-04-11
|
|
flatCore 1.5 - Cross Site Request Forgery (CSRF)
|
14 |
WEB
|
CodeSecLab
|
|
2025-04-10
|
|
flatCore 1.5.5 - Arbitrary File Upload
|
16 |
WEB
|
CodeSecLab
|
|
2025-04-10
|
|
AquilaCMS 1.409.20 - Remote Command Execution (RCE)
|
20 |
WEB
|
Eui Chul Chung
|
|
2025-04-10
|
|
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)
|
13 |
WEB
|
cyberaz0r
|
|
2025-04-10
|
|
Typecho 1.3.0 - Race Condition
|
15 |
WEB
|
cyberaz0r
|
|
2025-04-10
|
|
Cosy+ firmware 21.2s7 - Command Injection
|
23 |
WEB
|
CodeB0ss
|
|
2025-04-10
|
|
CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)
|
17 |
WEB
|
Raj Nandi
|
|
2025-04-10
|
|
PandoraFMS 7.0NG.772 - SQL Injection
|
15 |
WEB
|
Osama Yousef
|
|
2025-04-10
|
|
Centron 19.04 - Remote Code Execution (RCE)
|
27 |
WEB
|
Starry Sky
|
|
2025-04-10
|
|
Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover
|
16 |
WEB
|
Mohammed Adel
|
|
2025-04-10
|
|
Feng Office 3.11.1.2 - SQL Injection
|
19 |
WEB
|
Andrey Stoykov
|
|
2025-04-09
|
|
PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)
|
17 |
WEB
|
Vuln Seeker Cybersecurity Team
|
|
2025-04-09
|
|
ChurchCRM 5.9.1 - SQL Injection
|
18 |
WEB
|
Sanan Qasimzada
|
|
2025-04-09
|
|
Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)
|
22 |
WEB
|
Andrew Lemon/Red Threat
|
|
2025-04-09
|
|
ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)
|
17 |
WEB
|
Jeremia Geraldi Sihombing
|
|
2025-04-09
|
|
Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)
|
19 |
WEB
|
Yesith Alvarez
|
|
2025-04-09
|
|
Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege
|
17 |
WEB
|
Metin Yunus Kandemir
|
|
2025-04-09
|
|
Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
|
22 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2025-04-09
|
|
Artica Proxy 4.50 - Remote Code Execution (RCE)
|
23 |
WEB
|
Madan
|
|
2025-04-09
|
|
DocsGPT 0.12.0 - Remote Code Execution
|
14 |
WEB
|
Shreyas Malhotra
|
|
2025-04-08
|
|
GeoVision GV-ASManager 6.1.0.0 - Information Disclosure
|
16 |
WEB
|
Giorgi Dograshvili
|
|
2025-04-08
|
|
jQuery 3.3.1 - Prototype Pollution & XSS Exploit
|
16 |
WEB
|
xOryus
|
|
2025-04-08
|
|
Jasmin Ransomware - Arbitrary File Download (Authenticated)
|
16 |
WEB
|
bRpsd
|
|
2025-04-08
|
|
UNA CMS 14.0.0-RC - PHP Object Injection
|
17 |
WEB
|
Egidio Romano
|
|
2025-04-08
|
|
Nagios Xi 5.6.6 - Authenticated Remote Code Execution (RCE)
|
16 |
WEB
|
Calil Khalil
|
|
2025-04-08
|
|
WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation
|
19 |
WEB
|
Al Baradi Joy
|
|
2025-04-07
|
|
XWiki Platform 15.10.10 - Remote Code Execution
|
20 |
WEB
|
Al Baradi Joy
|
|
2025-04-07
|
|
YesWiki 4.5.1 - Unauthenticated Path Traversal
|
16 |
WEB
|
Al Baradi Joy
|
|
2025-04-07
|
|
Apache Tomcat 11.0.3 - Remote Code Execution
|
17 |
WEB
|
Al Baradi Joy
|
|
2025-04-06
|
|
Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)
|
15 |
WEB
|
Ilteris Kaan Pehlivan
|
|
2025-04-06
|
|
WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)
|
13 |
WEB
|
Swammers8
|
|
2025-04-06
|
|
Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload
|
20 |
WEB
|
Al Baradi Joy
|
|
2025-04-06
|
|
Watcharr 1.43.0 - Remote Code Execution (RCE)
|
16 |
WEB
|
Suphawith Phusanbai
|
|
2025-04-06
|
|
Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover
|
15 |
WEB
|
ByteHunter
|
|
2025-04-06
|
|
DataEase 2.4.0 - Database Configuration Information Exposure
|
13 |
WEB
|
ByteHunter
|
|
2025-04-05
|
|
Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload
|
21 |
WEB
|
4m3rr0r
|
|
2025-04-05
|
|
Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)
|
15 |
WEB
|
Al Baradi Joy
|
|
2025-04-05
|
|
Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)
|
15 |
WEB
|
4m3rr0r
|
|
2025-04-05
|
|
Next.js Middleware 15.2.2 - Authorization Bypass
|
17 |
WEB
|
kOaDT
|
|
2025-04-05
|
|
IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
|
17 |
WEB
|
Giulio Garzia
|
|
2025-04-03
|
|
AppSmith 1.47 - Remote Code Execution (RCE)
|
15 |
WEB
|
Nishanth Gaddam
|
|
2025-04-03
|
|
Nagios Log Server 2024R1.3.1 - Stored XSS
|
19 |
WEB
|
Seth Kraft
|
|
2025-04-03
|
|
ABB Cylon Aspect 3.07.02 - File Disclosure
|
14 |
WEB
|
LiquidWorm
|
|
2025-04-03
|
|
Webmin Usermin 2.100 - Username Enumeration
|
18 |
WEB
|
Kjesper
|
|
2025-04-03
|
|
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
|
18 |
WEB
|
LiquidWorm
|
|
2025-04-02
|
|
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
|
14 |
WEB
|
LiquidWorm
|
|
2025-04-02
|
|
ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)
|
15 |
WEB
|
LiquidWorm
|
|
2025-04-02
|
|
Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS
|
19 |
WEB
|
arfaoui haythem
|
|
2025-03-29
|
|
XWiki Standard 14.10 - Remote Code Execution (RCE)
|
21 |
WEB
|
Mehran Seifalinia
|
|
2025-03-28
|
|
Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass
|
18 |
WEB
|
VeryLazyTech
|
|
2025-03-28
|
|
Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)
|
24 |
WEB
|
VeryLazyTech
|
|
2025-03-28
|
|
Sonatype Nexus Repository 3.53.0-01 - Path Traversal
|
14 |
WEB
|
VeryLazyTech
|
|
2025-03-28
|
|
CodeCanyon RISE CRM 3.7.0 - SQL Injection
|
24 |
WEB
|
Jobyer From Bytium
|
|
2025-03-28
|
|
Litespeed Cache 6.5.0.1 - Authentication Bypass
|
14 |
WEB
|
Caner Tercan
|
|
2025-03-27
|
|
X2CRM 8.5 - Stored Cross-Site Scripting (XSS)
|
15 |
WEB
|
Okan Kurtulus
|
|
2025-03-27
|
|
KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)
|
21 |
WEB
|
Okan Kurtulus
|
|
2025-03-27
|
|
MoziloCMS 3.0 - Remote Code Execution (RCE)
|
16 |
WEB
|
Olakojo Olaoluwa Joshua
|
|
2025-03-22
|
|
TeamPass 3.0.0.21 - SQL Injection
|
17 |
WEB
|
Max Meyer - Rivendell
|
|
2025-03-21
|
|
Jasmin Ransomware - SQL Injection Login Bypass
|
17 |
WEB
|
Buğra Enis Dönmez
|
|
2025-03-20
|
|
FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)
|
15 |
WEB
|
Chokri Hammedi
|
|
2025-03-20
|
|
JUX Real Estate 3.4.0 - SQL Injection
|
14 |
WEB
|
CraCkEr
|
|
2025-03-19
|
|
Gitea 1.24.0 - HTML Injection
|
23 |
WEB
|
Mikail KOCADAĞ
|
|
2025-03-19
|
|
TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
14 |
WEB
|
ABABANK REDTEAM
|
|
2025-03-19
|
|
Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE)
|
19 |
WEB
|
Ravina
|
|
2025-03-19
|
|
Loaded Commerce 6.6 - Client-Side Template Injection(CSTI)
|
14 |
WEB
|
tmrswrr
|
|
2025-03-18
|
|
Chamilo LMS 1.11.24 - Remote Code Execution (RCE)
|
16 |
WEB
|
Mohamed Kamel BOUZEKRIA
|
|
2024-11-15
|
|
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
|
15 |
WEB
|
cybersploit
|
|
2024-10-01
|
|
reNgine 2.2.0 - Command Injection (Authenticated)
|
14 |
WEB
|
Caner Tercan
|
|
2024-10-01
|
|
openSIS 9.1 - SQLi (Authenticated)
|
14 |
WEB
|
Devrim Dıragumandan
|
|
2024-10-01
|
|
dizqueTV 1.5.3 - Remote Code Execution (RCE)
|
21 |
WEB
|
Ahmed Said Saud Al-Busaidi
|
|
2024-08-28
|
|
NoteMark < 0.13.0 - Stored XSS
|
16 |
WEB
|
Alessio Romano (sfoffo)
|
|
2024-08-28
|
|
Gitea 1.22.0 - Stored XSS
|
21 |
WEB
|
Catalin Iovita_ Alexandru Postolache
|
|
2024-08-28
|
|
Invesalius3 - Remote Code Execution
|
50 |
WEB
|
Alessio Romano (sfoffo)_ Riccardo Degli Esposti (p
|
