|
2024-02-09
|
|
Wordpress Augmented-Reality - Remote Code Execution Unauthenticated
|
7 |
WEB
|
Milad karimi
|
|
2024-02-09
|
|
Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)
|
2 |
WEB
|
Furkan ÖZER
|
|
2024-02-05
|
|
WhatsUp Gold 2022 (22.1.0 Build 39) - XSS
|
2 |
WEB
|
Andreas Finstad
|
|
2024-02-05
|
|
MISP 2.4.171 - Stored XSS
|
3 |
WEB
|
Mücahit Çeri
|
|
2024-02-05
|
|
Clinic's Patient Management System 1.0 - Unauthenticated RCE
|
3 |
WEB
|
Oğulcan Hami Gül
|
|
2024-02-05
|
|
Curfew e-Pass Management System 1.0 - FromDate SQL Injection
|
3 |
WEB
|
Puja Dey
|
|
2024-02-05
|
|
GYM MS - GYM Management System - Cross Site Scripting (Stored)
|
3 |
WEB
|
yozgatalperen1
|
|
2024-02-02
|
|
Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)
|
1 |
WEB
|
whiteOwl
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
|
3 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal
|
3 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass
|
3 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
|
3 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure
|
3 |
WEB
|
LiquidWorm
|
|
2024-02-02
|
|
TP-LINK TL-WR740N - Multiple HTML Injection
|
3 |
WEB
|
Shujaat Amin (ZEROXINN)
|
|
2024-02-02
|
|
TP-Link TL-WR740N - UnAuthenticated Directory Transversal
|
3 |
WEB
|
Syed Affan Ahmed (ZEROXINN)
|
|
2024-01-31
|
|
GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities
|
3 |
WEB
|
Syed Affan Ahmed (ZEROXINN)
|
|
2024-01-31
|
|
Grocy <=4.0.2 - CSRF
|
2 |
WEB
|
Chance Proctor
|
|
2024-01-31
|
|
101 News 1.0 - Multiple-SQLi
|
3 |
WEB
|
nu11secur1ty
|
|
2024-01-31
|
|
Academy LMS 6.2 - SQL Injection
|
2 |
WEB
|
CraCkEr
|
|
2024-01-29
|
|
PHP Shopping Cart 4.2 - Multiple-SQLi
|
2 |
WEB
|
nu11secur1ty
|
|
2024-01-29
|
|
Fundraising Script 1.0 - SQLi
|
3 |
WEB
|
nu11secur1ty
|
|
2024-01-29
|
|
Bank Locker Management System - SQL Injection
|
2 |
WEB
|
SoSPiro
|
|
2023-10-09
|
|
Splunk 9.0.5 - admin account take over
|
9 |
WEB
|
Redway Security
|
|
2023-10-09
|
|
Shuttle-Booking-Software v1.0 - Multiple-SQLi
|
5 |
WEB
|
nu11secur1ty
|
|
2023-10-09
|
|
Limo Booking Software v1.0 - CORS
|
1 |
WEB
|
nu11secur1ty
|
|
2023-10-09
|
|
Webedition CMS v2.9.8.8 - Blind SSRF
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-10-09
|
|
BoidCMS v2.0.0 - authenticated file upload vulnerability
|
2 |
WEB
|
1337kid
|
|
2023-10-09
|
|
Cacti 1.2.24 - Authenticated command injection when using SNMP options
|
1 |
WEB
|
Antonio Francesco Sardella
|
|
2023-10-09
|
|
Wordpress Sonaar Music Plugin 4.7 - Stored XSS
|
2 |
WEB
|
Furkan Karaarslan
|
|
2023-10-09
|
|
Coppermine Gallery 1.6.25 - RCE
|
3 |
WEB
|
Mirabbas Ağalarov
|
|
2023-10-09
|
|
Media Library Assistant Wordpress Plugin - RCE and LFI
|
2 |
WEB
|
Florent MONTEL
|
|
2023-10-09
|
|
WEBIGniter v28.7.23 File Upload - Remote Code Execution
|
2 |
WEB
|
nu11secur1ty
|
|
2023-10-09
|
|
Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation
|
1 |
WEB
|
Revan Arifio
|
|
2023-10-09
|
|
Minio 2022-07-29T19-40-48Z - Path traversal
|
2 |
WEB
|
Jenson Zhao
|
|
2023-10-09
|
|
Clcknshop 1.0.0 - SQL Injection
|
6 |
WEB
|
CraCkEr
|
|
2023-10-09
|
|
Online ID Generator 1.0 - Remote Code Execution (RCE)
|
3 |
WEB
|
nu11secur1ty
|
|
2023-10-09
|
|
GLPI GZIP(Py3) 9.4.5 - RCE
|
7 |
WEB
|
Brian Peters
|
|
2023-09-08
|
|
Drupal 10.1.2 - web-cache-poisoning-External-service-interaction
|
2 |
WEB
|
nu11secur1ty
|
|
2023-09-08
|
|
Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS
|
6 |
WEB
|
AmirZargham
|
|
2023-09-08
|
|
soosyze 2.0.0 - File Upload
|
2 |
WEB
|
nu11secur1ty
|
|
2023-09-08
|
|
Wp2Fac - OS Command Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-09-08
|
|
Wordpress Plugin Elementor 3.5.5 - Iframe Injection
|
1 |
WEB
|
Miguel Santareno
|
|
2023-09-08
|
|
Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure
|
2 |
WEB
|
nu11secur1ty
|
|
2023-09-08
|
|
SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection
|
2 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
Bus Reservation System 1.1 - Multiple-SQLi
|
2 |
WEB
|
nu11secur1ty
|
|
2023-09-04
|
|
WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)
|
3 |
WEB
|
psychoSherlock
|
|
2023-09-04
|
|
Member Login Script 3.3 - Client-side desync
|
2 |
WEB
|
nu11secur1ty
|
|
2023-09-04
|
|
DLINK DPH-400SE - Exposure of Sensitive Information
|
2 |
WEB
|
tahaafarooq
|
|
2023-09-04
|
|
FileMage Gateway 1.10.9 - Local File Inclusion
|
2 |
WEB
|
Bryce Raindayzz Harty
|
|
2023-09-04
|
|
AdminLTE PiHole 5.18 - Broken Access Control
|
2 |
WEB
|
kv1to
|
|
2023-09-04
|
|
CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')
|
2 |
WEB
|
Daniel González
|
|
2023-09-04
|
|
CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
|
2 |
WEB
|
Daniel González
|
|
2023-09-04
|
|
Academy LMS 6.1 - Arbitrary File Upload
|
2 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
Credit Lite 1.5.4 - SQL Injection
|
2 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
Hyip Rio 2.1 - Arbitrary File Upload
|
2 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
Blood Donor Management System v1.0 - Stored XSS
|
3 |
WEB
|
Ehlullah Albayrak
|
|
2023-08-24
|
|
Uvdesk 1.1.4 - Stored XSS (Authenticated)
|
2 |
WEB
|
Hubert Wojciechowski
|
|
2023-08-24
|
|
User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)
|
2 |
WEB
|
Ashutosh Singh Umath
|
|
2023-08-24
|
|
User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)
|
7 |
WEB
|
Ashutosh Singh Umath
|
|
2023-08-21
|
|
Taskhub CRM Tool 2.8.6 - SQL Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-21
|
|
OVOO Movie Portal CMS v3.3.3 - SQL Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-21
|
|
Global - Multi School Management System Express v1.0- SQL Injection
|
1 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-21
|
|
Color Prediction Game v1.0 - SQL Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-21
|
|
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
|
2 |
WEB
|
0xBr
|
|
2023-08-21
|
|
PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities
|
2 |
WEB
|
Kerimcan Ozturk
|
|
2023-08-21
|
|
Dolibarr Version 17.0.1 - Stored XSS
|
2 |
WEB
|
Furkan Karaarslan
|
|
2023-08-08
|
|
Emagic Data Center Management Suite v6.0 - OS Command Injection
|
2 |
WEB
|
thewhiteh4t
|
|
2023-08-08
|
|
PHPJabbers Vacation Rental Script 4.0 - CSRF
|
2 |
WEB
|
Hasan Ali YILDIR
|
|
2023-08-08
|
|
Social-Commerce 3.1.6 - Reflected XSS
|
1 |
WEB
|
CraCkEr
|
|
2023-08-08
|
|
mooSocial 3.1.8 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-08
|
|
Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)
|
3 |
WEB
|
Daniel Barros
|
|
2023-08-08
|
|
Lucee 5.4.2.17 - Authenticated Reflected XSS
|
2 |
WEB
|
Yehia Elghaly
|
|
2023-08-08
|
|
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution
|
2 |
WEB
|
Mehmet Kelepçe
|
|
2023-08-04
|
|
WordPress adivaha Travel Plugin 2.3 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
Webedition CMS v2.9.8.8 - Stored XSS
|
2 |
WEB
|
Mirabbas Ağalarov
|
|
2023-08-04
|
|
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
|
2 |
WEB
|
Mirabbas Ağalarov
|
|
2023-08-04
|
|
Webutler v3.2 - Remote Code Execution (RCE)
|
2 |
WEB
|
Mirabbas Ağalarov
|
|
2023-08-04
|
|
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
|
2 |
WEB
|
Miguel Santareno
|
|
2023-08-04
|
|
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
|
2 |
WEB
|
Miguel Santareno
|
|
2023-08-04
|
|
Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload
|
2 |
WEB
|
Rajdip Dey Sarkar
|
|
2023-08-04
|
|
WordPress adivaha Travel Plugin 2.3 - SQL Injection
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
Academy LMS 6.0 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Taxi Booking 2.0 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Cleaning Business 1.0 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Night Club Booking 1.0 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Service Booking Script 1.0 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
|
3 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
JLex GuestBook 1.6.4 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-04
|
|
Joomla JLex Review 6.0.1 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS
|
2 |
WEB
|
Mehran Seifalinia
|
|
2023-08-04
|
|
Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting
|
2 |
WEB
|
Pedro
|
|
2023-07-31
|
|
Joomla iProperty Real Estate 4.1.1 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-07-31
|
|
Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
|
2 |
WEB
|
Daniel Barros
|
|
2023-07-31
|
|
Joomla Solidres 2.13.3 - Reflected XSS
|
3 |
WEB
|
CraCkEr
|
|
2023-07-28
|
|
copyparty 1.8.2 - Directory Traversal
|
4 |
WEB
|
Vartamtezidis Theodoros
|
|
2023-07-28
|
|
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
|
6 |
WEB
|
Vartamtezidis Theodoros
|
|
2023-07-28
|
|
WordPress Plugin AN_Gradebook 5.0.1 - SQLi
|
2 |
WEB
|
Lukas Kinneberg
|
|
2023-07-28
|
|
Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-07-28
|
|
October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
2 |
WEB
|
Okan Kurtulus
|
|
2023-07-28
|
|
Joomla HikaShop 4.7.4 - Reflected XSS
|
2 |
WEB
|
CraCkEr
|
|
2023-07-28
|
|
mooDating 1.2 - Reflected Cross-site scripting (XSS)
|
2 |
WEB
|
CraCkEr
|
|
2023-07-28
|
|
Perch v3.2 - Persistent Cross Site Scripting (XSS)
|
2 |
WEB
|
Dinesh Mohanty
|
|
2023-07-28
|
|
Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)
|
1 |
WEB
|
Andrey Stoykov
|
|
2023-07-28
|
|
Zomplog 3.9 - Cross-site scripting (XSS)
|
2 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-28
|
|
zomplog 3.9 - Remote Code Execution (RCE)
|
2 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-28
|
|
RosarioSIS 10.8.4 - CSV Injection
|
2 |
WEB
|
Ranjeet Jaiswal
|
|
2023-07-21
|
|
Perch v3.2 - Stored XSS
|
1 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-21
|
|
Perch v3.2 - Remote Code Execution (RCE)
|
2 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-20
|
|
RWS WorldServer 11.7.3 - Session Token Enumeration
|
2 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-07-20
|
|
PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities
|
1 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Aures Booking & POS Terminal - Local Privilege Escalation
|
1 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Webile v1.0.1 - Multiple Cross Site Scripting
|
2 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities
|
1 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
PaulPrinting CMS - (Search Delivery) Cross Site Scripting
|
2 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities
|
2 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Boom CMS v8.0.7 - Cross Site Scripting
|
2 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection
|
1 |
WEB
|
Ansh Jain
|
|
2023-07-20
|
|
pfSense v2.7.0 - OS Command Injection
|
2 |
WEB
|
Emir Polat
|
|
2023-07-19
|
|
TP-Link TL-WR740N - Authenticated Directory Transversal
|
2 |
WEB
|
Anish Feroz
|
|
2023-07-19
|
|
Blackcat Cms v1.4 - Remote Code Execution (RCE)
|
2 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-19
|
|
Blackcat Cms v1.4 - Stored XSS
|
2 |
WEB
|
Mirabbas Ağalarov
|
