|
2023-05-31
|
|
MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)
|
4 |
WEB
|
tmrswrr
|
|
2023-05-31
|
|
Pydio Cells 4.1.2 - Server-Side Request Forgery
|
4 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-05-31
|
|
Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download
|
4 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-05-31
|
|
Pydio Cells 4.1.2 - Unauthorised Role Assignments
|
3 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-05-31
|
|
Faculty Evaluation System 1.0 - Unauthenticated File Upload
|
4 |
WEB
|
URGAN
|
|
2023-05-31
|
|
Online Security Guards Hiring System 1.0 - Reflected XSS
|
4 |
WEB
|
AFFAN AHMED
|
|
2023-05-31
|
|
unilogies/bumsys v1.0.3 beta - Unrestricted File Upload
|
3 |
WEB
|
AFFAN AHMED
|
|
2023-05-31
|
|
SCRMS 2023-05-27 1.0 - Multiple SQL Injection
|
5 |
WEB
|
nu11secur1ty
|
|
2023-05-31
|
|
Rukovoditel 3.3.1 - CSV injection
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-26
|
|
Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
|
5 |
WEB
|
PARAG BAGUL
|
|
2023-05-25
|
|
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
|
4 |
WEB
|
neg0x
|
|
2023-05-25
|
|
Ulicms 2023.1 - create admin user via mass assignment
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-25
|
|
Zenphoto 1.6 - Multiple stored XSS
|
5 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-25
|
|
WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-24
|
|
Service Provider Management System v1.0 - SQL Injection
|
7 |
WEB
|
ASHIK KUNJUMON
|
|
2023-05-23
|
|
FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)
|
6 |
WEB
|
Andrea Intilangelo
|
|
2023-05-23
|
|
CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)
|
6 |
WEB
|
Andrea Intilangelo
|
|
2023-05-23
|
|
ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)
|
5 |
WEB
|
Rahad Chowdhury
|
|
2023-05-23
|
|
Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
3 |
WEB
|
Rahad Chowdhury
|
|
2023-05-23
|
|
GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
|
5 |
WEB
|
Youssef Muhammad
|
|
2023-05-23
|
|
Quicklancer v1.0 - SQL Injection
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
Stackposts Social Marketing Tool v1.0 - SQL Injection
|
2 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
Smart School v1.0 - SQL Injection
|
4 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
LeadPro CRM v1.0 - SQL Injection
|
6 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
Affiliate Me Version 5.0.1 - SQL Injection
|
5 |
WEB
|
h4ck3r
|
|
2023-05-23
|
|
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
|
6 |
WEB
|
Sahil Ojha
|
|
2023-05-23
|
|
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
|
4 |
WEB
|
Sahil Ojha
|
|
2023-05-23
|
|
Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)
|
2 |
WEB
|
Astik Rawat
|
|
2023-05-23
|
|
SitemagicCMS 4.4.3 - Remote Code Execution (RCE)
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-23
|
|
Prestashop 8.0.4 - CSV injection
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-23
|
|
Best POS Management System v1.0 - Unauthenticated Remote Code Execution
|
5 |
WEB
|
Mesut Cetin
|
|
2023-05-23
|
|
PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)
|
6 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-23
|
|
PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)
|
6 |
WEB
|
MaanVader
|
|
2023-05-23
|
|
WBiz Desk 1.2 - SQL Injection
|
3 |
WEB
|
h4ck3r
|
|
2023-05-23
|
|
thrsrossi Millhouse-Project 1.414 - Remote Code Execution
|
4 |
WEB
|
Chokri Hammedi
|
|
2023-05-23
|
|
e107 v2.3.2 - Reflected XSS
|
4 |
WEB
|
Hubert Wojciechowski
|
|
2023-05-23
|
|
PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
|
4 |
WEB
|
Momen Eldawakhly
|
|
2023-05-23
|
|
Apache Superset 2.0.0 - Authentication Bypass
|
4 |
WEB
|
MaanVader
|
|
2023-05-23
|
|
Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title
|
4 |
WEB
|
Yasin Gergin
|
|
2023-05-23
|
|
WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup
|
4 |
WEB
|
Wadeek
|
|
2023-05-23
|
|
TinyWebGallery v2.5 - Remote Code Execution (RCE)
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-13
|
|
TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
|
5 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-13
|
|
Job Portal 1.0 - File Upload Restriction Bypass
|
3 |
WEB
|
Rafael Pedrero
|
|
2023-05-13
|
|
Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
|
6 |
WEB
|
Rafael Pedrero
|
|
2023-05-13
|
|
RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)
|
5 |
WEB
|
Rafael Pedrero
|
|
2023-05-05
|
|
File Thingie 2.5.7 - Remote Code Execution (RCE)
|
5 |
WEB
|
Maurice Fielenbach
|
|
2023-05-05
|
|
Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)
|
6 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
Ulicms-2023.1-sniffing-vicuna - Privilege escalation
|
7 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
|
6 |
WEB
|
URGAN
|
|
2023-05-05
|
|
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)
|
5 |
WEB
|
Rafael Pedrero
|
|
2023-05-05
|
|
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
|
3 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
|
5 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
|
3 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
|
5 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module
|
5 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
|
5 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2022.4.2 - Code Execution via RPC Interfaces
|
4 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Cmaps v8.0 - SQL injection
|
4 |
WEB
|
Lucas Noki (0xPrototype)
|
|
2023-05-05
|
|
Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
|
3 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-05
|
|
pluck v4.7.18 - Stored Cross-Site Scripting (XSS)
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)
|
5 |
WEB
|
nu11secur1ty
|
|
2023-05-02
|
|
GLPI 9.5.7 - Username Enumeration
|
6 |
WEB
|
Rafael B.
|
|
2023-05-02
|
|
Companymaps v8.0 - Stored Cross Site Scripting (XSS)
|
4 |
WEB
|
Lucas Noki (0xPrototype)
|
|
2023-05-02
|
|
PHPJabbers Simple CMS 5.0 - SQL Injection
|
6 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-02
|
|
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)
|
5 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-02
|
|
OpenEMR v7.0.1 - Authentication credentials brute force
|
6 |
WEB
|
abhhi (Abhishek Birdawade)
|
|
2023-05-02
|
|
PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
|
5 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
SoftExpert (SE) Suite v2.1.3 - Local File Inclusion
|
5 |
WEB
|
Felipe Alcantara
|
|
2023-05-02
|
|
Serendipity 2.4.0 - File Inclusion RCE
|
5 |
WEB
|
nu11secur1ty
|
|
2023-05-02
|
|
admidio v4.2.5 - CSV Injection
|
6 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
revive-adserver v5.4.1 - Cross-Site Scripting (XSS)
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
projectSend r1605 - Private file download
|
3 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
phpMyFAQ v3.1.12 - CSV Injection
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting
|
5 |
WEB
|
Or4nG.M4N
|
|
2023-04-25
|
|
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
|
7 |
WEB
|
Behnam Abasi Vanda
|
|
2023-04-25
|
|
Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution
|
6 |
WEB
|
Or4nG.M4N
|
|
2023-04-25
|
|
Mars Stealer 8.3 - Admin Account Takeover
|
6 |
WEB
|
Sköll
|
|
2023-04-25
|
|
PaperCut NG/MG 22.0.4 - Authentication Bypass
|
18 |
WEB
|
MaanVader
|
|
2023-04-25
|
|
KodExplorer 4.49 - CSRF to Arbitrary File Upload
|
8 |
WEB
|
Mr Empy
|
|
2023-04-20
|
|
ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)
|
6 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-20
|
|
Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)
|
8 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-20
|
|
FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
|
6 |
WEB
|
Rodolfo Mariano
|
|
2023-04-20
|
|
Chitor-CMS v1.1.2 - Pre-Auth SQL Injection
|
5 |
WEB
|
msd0pe
|
|
2023-04-20
|
|
GDidees CMS 3.9.1 - Local File Disclosure
|
7 |
WEB
|
Hadi Mene
|
|
2023-04-20
|
|
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
|
7 |
WEB
|
Rafael Cintra Lopes
|
|
2023-04-20
|
|
Bang Resto v1.0 - 'Multiple' SQL Injection
|
7 |
WEB
|
Rahad Chowdhury
|
|
2023-04-20
|
|
Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)
|
7 |
WEB
|
Rahad Chowdhury
|
|
2023-04-20
|
|
Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)
|
5 |
WEB
|
max / Zoltan Padanyi
|
|
2023-04-20
|
|
Serendipity 2.4.0 - Cross-Site Scripting (XSS)
|
5 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-20
|
|
Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)
|
5 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP
|
5 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure
|
5 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
|
6 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
|
5 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
|
5 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
|
4 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
|
5 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
|
5 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal
|
6 |
WEB
|
Zer0FauLT
|
|
2023-04-14
|
|
Bludit 4.0.0-rc-2 - Account takeover
|
7 |
WEB
|
nu11secur1ty
|
|
2023-04-10
|
|
Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)
|
4 |
WEB
|
Matisse Beckandt
|
|
2023-04-10
|
|
BrainyCP V1.0 - Remote Code Execution
|
7 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-04-10
|
|
Roxy Fileman 1.4.5 - Arbitrary File Upload
|
5 |
WEB
|
Zer0FauLT
|
|
2023-04-10
|
|
ever gauzy v0.281.9 - JWT weak HMAC secret
|
6 |
WEB
|
nu11secur1ty
|
|
2023-04-08
|
|
dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-08
|
|
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
|
6 |
WEB
|
dwbzn
|
|
2023-04-08
|
|
WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
|
5 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-08
|
|
ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)
|
4 |
WEB
|
Abdulaziz Saad
|
|
2023-04-08
|
|
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
|
3 |
WEB
|
Betul Denizler
|
|
2023-04-08
|
|
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
5 |
WEB
|
Betul Denizler
|
|
2023-04-08
|
|
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
|
4 |
WEB
|
nu11secur1ty
|
|
2023-04-08
|
|
Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
|
5 |
WEB
|
omurugur
|
|
2023-04-08
|
|
Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
|
6 |
WEB
|
omurugur
|
|
2023-04-08
|
|
Suprema BioStar 2 v2.8.16 - SQL Injection
|
7 |
WEB
|
Yuriy (Vander) Tsarenko
|
|
2023-04-08
|
|
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
|
6 |
WEB
|
Youssef Muhammad
|
|
2023-04-08
|
|
Medicine Tracker System v1.0 - Sql Injection
|
4 |
WEB
|
Sanjay Singh
|
|
2023-04-08
|
|
Online Appointment System V1.0 - Cross-Site Scripting (XSS)
|
6 |
WEB
|
Sanjay Singh
|
|
2023-04-08
|
|
ENTAB ERP 1.0 - Username PII leak
|
8 |
WEB
|
Deb Prasad Banerjee
|
|
2023-04-08
|
|
Joomla! v4.2.8 - Unauthenticated information disclosure
|
6 |
WEB
|
Alexandre ZANNI
|
|
2023-04-08
|
|
Restaurant Management System 1.0 - SQL Injection
|
6 |
WEB
|
calfcrusher
|
|
2023-04-08
|
|
Icinga Web 2.10 - Arbitrary File Disclosure
|
7 |
WEB
|
Jacob Ebben
|
|
2023-04-08
|
|
Adobe Connect 11.4.5 - Local File Disclosure
|
4 |
WEB
|
h4shur
|
|
2023-04-08
|
|
Altenergy Power Control Software C1.2.5 - OS command injection
|
5 |
WEB
|
Ahmed Alroky
|
|
2023-04-07
|
|
Snitz Forum v1.0 - Blind SQL Injection
|
5 |
WEB
|
Emiliano Febbi
|
