|
2023-09-04
|
|
CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )
|
16 |
WEB
|
Daniel González
|
|
2023-09-04
|
|
Academy LMS 6.1 - Arbitrary File Upload
|
14 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
Credit Lite 1.5.4 - SQL Injection
|
14 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
Hyip Rio 2.1 - Arbitrary File Upload
|
18 |
WEB
|
CraCkEr
|
|
2023-09-04
|
|
Blood Donor Management System v1.0 - Stored XSS
|
17 |
WEB
|
Ehlullah Albayrak
|
|
2023-08-24
|
|
Uvdesk 1.1.4 - Stored XSS (Authenticated)
|
17 |
WEB
|
Hubert Wojciechowski
|
|
2023-08-24
|
|
User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)
|
16 |
WEB
|
Ashutosh Singh Umath
|
|
2023-08-24
|
|
User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)
|
31 |
WEB
|
Ashutosh Singh Umath
|
|
2023-08-21
|
|
Taskhub CRM Tool 2.8.6 - SQL Injection
|
33 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-21
|
|
OVOO Movie Portal CMS v3.3.3 - SQL Injection
|
17 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-21
|
|
Global - Multi School Management System Express v1.0- SQL Injection
|
18 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-21
|
|
Color Prediction Game v1.0 - SQL Injection
|
19 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-21
|
|
Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)
|
17 |
WEB
|
0xBr
|
|
2023-08-21
|
|
PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities
|
15 |
WEB
|
Kerimcan Ozturk
|
|
2023-08-21
|
|
Dolibarr Version 17.0.1 - Stored XSS
|
20 |
WEB
|
Furkan Karaarslan
|
|
2023-08-08
|
|
Emagic Data Center Management Suite v6.0 - OS Command Injection
|
19 |
WEB
|
thewhiteh4t
|
|
2023-08-08
|
|
PHPJabbers Vacation Rental Script 4.0 - CSRF
|
13 |
WEB
|
Hasan Ali YILDIR
|
|
2023-08-08
|
|
Social-Commerce 3.1.6 - Reflected XSS
|
14 |
WEB
|
CraCkEr
|
|
2023-08-08
|
|
mooSocial 3.1.8 - Reflected XSS
|
18 |
WEB
|
CraCkEr
|
|
2023-08-08
|
|
Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)
|
14 |
WEB
|
Daniel Barros
|
|
2023-08-08
|
|
Lucee 5.4.2.17 - Authenticated Reflected XSS
|
13 |
WEB
|
Yehia Elghaly
|
|
2023-08-08
|
|
Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure
|
18 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution
|
20 |
WEB
|
Mehmet Kelepçe
|
|
2023-08-04
|
|
WordPress adivaha Travel Plugin 2.3 - Reflected XSS
|
15 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
Webedition CMS v2.9.8.8 - Stored XSS
|
15 |
WEB
|
Mirabbas Ağalarov
|
|
2023-08-04
|
|
Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
|
14 |
WEB
|
Mirabbas Ağalarov
|
|
2023-08-04
|
|
Webutler v3.2 - Remote Code Execution (RCE)
|
16 |
WEB
|
Mirabbas Ağalarov
|
|
2023-08-04
|
|
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
|
14 |
WEB
|
Miguel Santareno
|
|
2023-08-04
|
|
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
|
16 |
WEB
|
Miguel Santareno
|
|
2023-08-04
|
|
Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload
|
16 |
WEB
|
Rajdip Dey Sarkar
|
|
2023-08-04
|
|
WordPress adivaha Travel Plugin 2.3 - SQL Injection
|
14 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
Academy LMS 6.0 - Reflected XSS
|
17 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
|
14 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Taxi Booking 2.0 - Reflected XSS
|
16 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Cleaning Business 1.0 - Reflected XSS
|
14 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Night Club Booking 1.0 - Reflected XSS
|
13 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Service Booking Script 1.0 - Reflected XSS
|
14 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS
|
19 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
JLex GuestBook 1.6.4 - Reflected XSS
|
17 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)
|
18 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-08-04
|
|
Joomla JLex Review 6.0.1 - Reflected XSS
|
17 |
WEB
|
CraCkEr
|
|
2023-08-04
|
|
WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS
|
16 |
WEB
|
Mehran Seifalinia
|
|
2023-08-04
|
|
Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting
|
18 |
WEB
|
Pedro
|
|
2023-07-31
|
|
Joomla iProperty Real Estate 4.1.1 - Reflected XSS
|
17 |
WEB
|
CraCkEr
|
|
2023-07-31
|
|
Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
|
20 |
WEB
|
Daniel Barros
|
|
2023-07-31
|
|
Joomla Solidres 2.13.3 - Reflected XSS
|
23 |
WEB
|
CraCkEr
|
|
2023-07-28
|
|
copyparty 1.8.2 - Directory Traversal
|
22 |
WEB
|
Vartamtezidis Theodoros
|
|
2023-07-28
|
|
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
|
36 |
WEB
|
Vartamtezidis Theodoros
|
|
2023-07-28
|
|
WordPress Plugin AN_Gradebook 5.0.1 - SQLi
|
18 |
WEB
|
Lukas Kinneberg
|
|
2023-07-28
|
|
Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS
|
20 |
WEB
|
CraCkEr
|
|
2023-07-28
|
|
October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
16 |
WEB
|
Okan Kurtulus
|
|
2023-07-28
|
|
Joomla HikaShop 4.7.4 - Reflected XSS
|
16 |
WEB
|
CraCkEr
|
|
2023-07-28
|
|
mooDating 1.2 - Reflected Cross-site scripting (XSS)
|
16 |
WEB
|
CraCkEr
|
|
2023-07-28
|
|
Perch v3.2 - Persistent Cross Site Scripting (XSS)
|
16 |
WEB
|
Dinesh Mohanty
|
|
2023-07-28
|
|
Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)
|
16 |
WEB
|
Andrey Stoykov
|
|
2023-07-28
|
|
Zomplog 3.9 - Cross-site scripting (XSS)
|
20 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-28
|
|
zomplog 3.9 - Remote Code Execution (RCE)
|
14 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-28
|
|
RosarioSIS 10.8.4 - CSV Injection
|
19 |
WEB
|
Ranjeet Jaiswal
|
|
2023-07-21
|
|
Perch v3.2 - Stored XSS
|
16 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-21
|
|
Perch v3.2 - Remote Code Execution (RCE)
|
17 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-20
|
|
RWS WorldServer 11.7.3 - Session Token Enumeration
|
16 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-07-20
|
|
PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities
|
11 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Aures Booking & POS Terminal - Local Privilege Escalation
|
13 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Webile v1.0.1 - Multiple Cross Site Scripting
|
12 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities
|
12 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
PaulPrinting CMS - (Search Delivery) Cross Site Scripting
|
16 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities
|
16 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Boom CMS v8.0.7 - Cross Site Scripting
|
17 |
WEB
|
Vulnerability-Lab
|
|
2023-07-20
|
|
Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection
|
17 |
WEB
|
Ansh Jain
|
|
2023-07-20
|
|
pfSense v2.7.0 - OS Command Injection
|
16 |
WEB
|
Emir Polat
|
|
2023-07-19
|
|
TP-Link TL-WR740N - Authenticated Directory Transversal
|
23 |
WEB
|
Anish Feroz
|
|
2023-07-19
|
|
Blackcat Cms v1.4 - Remote Code Execution (RCE)
|
12 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-19
|
|
Blackcat Cms v1.4 - Stored XSS
|
13 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-19
|
|
ABB FlowX v4.00 - Exposure of Sensitive Information
|
15 |
WEB
|
Paul Smith
|
|
2023-07-19
|
|
Statamic 4.7.0 - File-Inclusion
|
14 |
WEB
|
nu11secur1ty
|
|
2023-07-19
|
|
CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS)
|
14 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-19
|
|
CmsMadeSimple v2.2.17 - Remote Code Execution (RCE)
|
11 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-19
|
|
CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI)
|
15 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-19
|
|
Online Piggery Management System v1.0 - unauthenticated file upload vulnerability
|
16 |
WEB
|
1337kid
|
|
2023-07-19
|
|
Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS)
|
18 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-19
|
|
Vaidya-Mitra 1.0 - Multiple SQLi
|
16 |
WEB
|
nu11secur1ty
|
|
2023-07-19
|
|
Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration)
|
17 |
WEB
|
qw3rTyTy
|
|
2023-07-19
|
|
phpfm v1.7.9 - Authentication type juggling
|
14 |
WEB
|
thoughtfault
|
|
2023-07-19
|
|
PimpMyLog v1.7.14 - Improper access control
|
16 |
WEB
|
thoughtfault
|
|
2023-07-15
|
|
Pluck v4.7.18 - Remote Code Execution (RCE)
|
13 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-15
|
|
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting
|
15 |
WEB
|
abhishek morla
|
|
2023-07-15
|
|
Admidio v4.2.10 - Remote Code Execution (RCE)
|
13 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-15
|
|
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass
|
12 |
WEB
|
Fatih Sencer
|
|
2023-07-15
|
|
ProjeQtOr Project Management System v10.4.1 - Multiple XSS
|
13 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-15
|
|
News Portal v4.0 - SQL Injection (Unauthorized)
|
15 |
WEB
|
Hubert Wojciechowski
|
|
2023-07-15
|
|
Icinga Web 2.10 - Authenticated Remote Code Execution
|
21 |
WEB
|
Dante Corona
|
|
2023-07-11
|
|
Ateme TITAN File 3.9 - SSRF File Enumeration
|
18 |
WEB
|
LiquidWorm
|
|
2023-07-11
|
|
BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
|
19 |
WEB
|
Idan Malihi
|
|
2023-07-11
|
|
Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)
|
16 |
WEB
|
Sander Ferdinand
|
|
2023-07-11
|
|
Spring Cloud 3.2.2 - Remote Command Execution (RCE)
|
25 |
WEB
|
GatoGamer1155
|
|
2023-07-11
|
|
Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)
|
16 |
WEB
|
tmrswrr
|
|
2023-07-07
|
|
Faculty Evaluation System v1.0 - SQL Injection
|
16 |
WEB
|
Andrey Stoykov
|
|
2023-07-06
|
|
Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
18 |
WEB
|
Okan Kurtulus
|
|
2023-07-06
|
|
Lost and Found Information System v1.0 - SQL Injection
|
17 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-07-06
|
|
Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)
|
15 |
WEB
|
Omer Shaik
|
|
2023-07-04
|
|
Beauty Salon Management System v1.0 - SQLi
|
13 |
WEB
|
Fatih Nacar
|
|
2023-07-04
|
|
Car Rental Script 1.8 - Stored Cross-site scripting (XSS)
|
12 |
WEB
|
CraCkEr
|
|
2023-07-03
|
|
WBCE CMS 1.6.1 - Open Redirect & CSRF
|
17 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
PodcastGenerator 3.2.9 - Blind SSRF via XML Injection
|
14 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)
|
16 |
WEB
|
tmrswrr
|
|
2023-07-03
|
|
Prestashop 8.0.4 - Cross-Site Scripting (XSS)
|
14 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)
|
16 |
WEB
|
CraCkEr
|
|
2023-07-03
|
|
WP AutoComplete 1.0.4 - Unauthenticated SQLi
|
20 |
WEB
|
matitanium
|
|
2023-07-03
|
|
GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)
|
16 |
WEB
|
CraCkEr
|
|
2023-07-03
|
|
Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)
|
16 |
WEB
|
CraCkEr
|
|
2023-07-03
|
|
spip v4.1.10 - Spoofing Admin account
|
16 |
WEB
|
nu11secur1ty
|
|
2023-07-03
|
|
D-Link DAP-1325 - Broken Access Control
|
17 |
WEB
|
ieduardogoncalves
|
|
2023-07-03
|
|
WebsiteBaker v2.13.3 - Directory Traversal
|
15 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
WebsiteBaker v2.13.3 - Stored XSS
|
16 |
WEB
|
Mirabbas Ağalarov
|
|
2023-07-03
|
|
POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
|
14 |
WEB
|
yuyudhn
|
|
2023-07-03
|
|
FuguHub 8.1 - Remote Code Execution
|
16 |
WEB
|
redfire359
|
|
2023-07-03
|
|
Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
|
13 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-07-03
|
|
Rukovoditel 3.4.1 - Multiple Stored XSS
|
17 |
WEB
|
Mirabbas Ağalarov
|
|
2023-06-26
|
|
Xenforo Version 2.2.13 - Authenticated Stored XSS
|
24 |
WEB
|
Furkan Karaarslan
|
|
2023-06-26
|
|
PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
|
24 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-06-26
|
|
Microsoft SharePoint Enterprise Server 2016 - Spoofing
|
19 |
WEB
|
Amirhossein Bahramizadeh
|
|
2023-06-23
|
|
MCL-Net 4.3.5.8788 - Information Disclosure
|
12 |
WEB
|
Victor A. Morales
|
|
2023-06-23
|
|
Bludit < 3.13.1 Backup Plugin - Arbitrary File Download (Authenticated)
|
22 |
WEB
|
Antonio Cuomo
|
|
2023-06-22
|
|
Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
|
20 |
WEB
|
Tejas Pingulkar
|
|
2023-06-21
|
|
HiSecOS 04.0.01 - Privilege Escalation
|
15 |
WEB
|
dreizehnutters
|
