|
2023-05-23
|
|
Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
31 |
WEB
|
Rahad Chowdhury
|
|
2023-05-23
|
|
GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
|
35 |
WEB
|
Youssef Muhammad
|
|
2023-05-23
|
|
Quicklancer v1.0 - SQL Injection
|
33 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
Stackposts Social Marketing Tool v1.0 - SQL Injection
|
29 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
Smart School v1.0 - SQL Injection
|
39 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
LeadPro CRM v1.0 - SQL Injection
|
32 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-23
|
|
Affiliate Me Version 5.0.1 - SQL Injection
|
28 |
WEB
|
h4ck3r
|
|
2023-05-23
|
|
eScan Management Console 14.0.1400.2281 - Cross Site Scripting
|
33 |
WEB
|
Sahil Ojha
|
|
2023-05-23
|
|
eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)
|
30 |
WEB
|
Sahil Ojha
|
|
2023-05-23
|
|
Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)
|
28 |
WEB
|
Astik Rawat
|
|
2023-05-23
|
|
SitemagicCMS 4.4.3 - Remote Code Execution (RCE)
|
29 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-23
|
|
Prestashop 8.0.4 - CSV injection
|
27 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-23
|
|
Best POS Management System v1.0 - Unauthenticated Remote Code Execution
|
33 |
WEB
|
Mesut Cetin
|
|
2023-05-23
|
|
PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)
|
33 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-23
|
|
PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)
|
33 |
WEB
|
MaanVader
|
|
2023-05-23
|
|
WBiz Desk 1.2 - SQL Injection
|
25 |
WEB
|
h4ck3r
|
|
2023-05-23
|
|
thrsrossi Millhouse-Project 1.414 - Remote Code Execution
|
31 |
WEB
|
Chokri Hammedi
|
|
2023-05-23
|
|
e107 v2.3.2 - Reflected XSS
|
27 |
WEB
|
Hubert Wojciechowski
|
|
2023-05-23
|
|
PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
|
30 |
WEB
|
Momen Eldawakhly
|
|
2023-05-23
|
|
Apache Superset 2.0.0 - Authentication Bypass
|
25 |
WEB
|
MaanVader
|
|
2023-05-23
|
|
Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title
|
25 |
WEB
|
Yasin Gergin
|
|
2023-05-23
|
|
WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup
|
30 |
WEB
|
Wadeek
|
|
2023-05-23
|
|
TinyWebGallery v2.5 - Remote Code Execution (RCE)
|
29 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-13
|
|
TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)
|
30 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-13
|
|
Job Portal 1.0 - File Upload Restriction Bypass
|
31 |
WEB
|
Rafael Pedrero
|
|
2023-05-13
|
|
Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
|
31 |
WEB
|
Rafael Pedrero
|
|
2023-05-13
|
|
RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)
|
28 |
WEB
|
Rafael Pedrero
|
|
2023-05-05
|
|
File Thingie 2.5.7 - Remote Code Execution (RCE)
|
34 |
WEB
|
Maurice Fielenbach
|
|
2023-05-05
|
|
Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)
|
20 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)
|
28 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
Ulicms-2023.1-sniffing-vicuna - Privilege escalation
|
31 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
|
35 |
WEB
|
URGAN
|
|
2023-05-05
|
|
EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)
|
42 |
WEB
|
Rafael Pedrero
|
|
2023-05-05
|
|
Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks
|
25 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls
|
24 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts
|
33 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path
|
41 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module
|
27 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2022.4.2 - Remote Code Execution via Directory Traversal
|
30 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Jedox 2022.4.2 - Code Execution via RPC Interfaces
|
28 |
WEB
|
Team Syslifters
|
|
2023-05-05
|
|
Cmaps v8.0 - SQL injection
|
28 |
WEB
|
Lucas Noki (0xPrototype)
|
|
2023-05-05
|
|
Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
|
28 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-05
|
|
pluck v4.7.18 - Stored Cross-Site Scripting (XSS)
|
28 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-05
|
|
KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)
|
23 |
WEB
|
nu11secur1ty
|
|
2023-05-02
|
|
GLPI 9.5.7 - Username Enumeration
|
20 |
WEB
|
Rafael B.
|
|
2023-05-02
|
|
Companymaps v8.0 - Stored Cross Site Scripting (XSS)
|
21 |
WEB
|
Lucas Noki (0xPrototype)
|
|
2023-05-02
|
|
PHPJabbers Simple CMS 5.0 - SQL Injection
|
27 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-02
|
|
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)
|
36 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-02
|
|
OpenEMR v7.0.1 - Authentication credentials brute force
|
38 |
WEB
|
abhhi (Abhishek Birdawade)
|
|
2023-05-02
|
|
PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
|
31 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
SoftExpert (SE) Suite v2.1.3 - Local File Inclusion
|
30 |
WEB
|
Felipe Alcantara
|
|
2023-05-02
|
|
Serendipity 2.4.0 - File Inclusion RCE
|
36 |
WEB
|
nu11secur1ty
|
|
2023-05-02
|
|
admidio v4.2.5 - CSV Injection
|
29 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
revive-adserver v5.4.1 - Cross-Site Scripting (XSS)
|
28 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
projectSend r1605 - Private file download
|
21 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
phpMyFAQ v3.1.12 - CSV Injection
|
26 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting
|
28 |
WEB
|
Or4nG.M4N
|
|
2023-04-25
|
|
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
|
32 |
WEB
|
Behnam Abasi Vanda
|
|
2023-04-25
|
|
Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution
|
32 |
WEB
|
Or4nG.M4N
|
|
2023-04-25
|
|
Mars Stealer 8.3 - Admin Account Takeover
|
36 |
WEB
|
Sköll
|
|
2023-04-25
|
|
PaperCut NG/MG 22.0.4 - Authentication Bypass
|
88 |
WEB
|
MaanVader
|
|
2023-04-25
|
|
KodExplorer 4.49 - CSRF to Arbitrary File Upload
|
32 |
WEB
|
Mr Empy
|
|
2023-04-20
|
|
ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)
|
29 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-20
|
|
Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)
|
28 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-20
|
|
FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
|
42 |
WEB
|
Rodolfo Mariano
|
|
2023-04-20
|
|
Chitor-CMS v1.1.2 - Pre-Auth SQL Injection
|
30 |
WEB
|
msd0pe
|
|
2023-04-20
|
|
GDidees CMS 3.9.1 - Local File Disclosure
|
37 |
WEB
|
Hadi Mene
|
|
2023-04-20
|
|
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
|
31 |
WEB
|
Rafael Cintra Lopes
|
|
2023-04-20
|
|
Bang Resto v1.0 - 'Multiple' SQL Injection
|
30 |
WEB
|
Rahad Chowdhury
|
|
2023-04-20
|
|
Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)
|
29 |
WEB
|
Rahad Chowdhury
|
|
2023-04-20
|
|
Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)
|
31 |
WEB
|
max / Zoltan Padanyi
|
|
2023-04-20
|
|
Serendipity 2.4.0 - Cross-Site Scripting (XSS)
|
30 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-20
|
|
Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)
|
35 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP
|
37 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure
|
28 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
|
39 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
|
34 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
|
32 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
|
25 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
|
32 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
|
43 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal
|
29 |
WEB
|
Zer0FauLT
|
|
2023-04-14
|
|
Bludit 4.0.0-rc-2 - Account takeover
|
30 |
WEB
|
nu11secur1ty
|
|
2023-04-10
|
|
Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)
|
30 |
WEB
|
Matisse Beckandt
|
|
2023-04-10
|
|
BrainyCP V1.0 - Remote Code Execution
|
32 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-04-10
|
|
Roxy Fileman 1.4.5 - Arbitrary File Upload
|
33 |
WEB
|
Zer0FauLT
|
|
2023-04-10
|
|
ever gauzy v0.281.9 - JWT weak HMAC secret
|
31 |
WEB
|
nu11secur1ty
|
|
2023-04-08
|
|
dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)
|
26 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-08
|
|
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
|
33 |
WEB
|
dwbzn
|
|
2023-04-08
|
|
WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
|
41 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-08
|
|
ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)
|
30 |
WEB
|
Abdulaziz Saad
|
|
2023-04-08
|
|
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
|
25 |
WEB
|
Betul Denizler
|
|
2023-04-08
|
|
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
29 |
WEB
|
Betul Denizler
|
|
2023-04-08
|
|
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
|
24 |
WEB
|
nu11secur1ty
|
|
2023-04-08
|
|
Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
|
31 |
WEB
|
omurugur
|
|
2023-04-08
|
|
Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
|
34 |
WEB
|
omurugur
|
|
2023-04-08
|
|
Suprema BioStar 2 v2.8.16 - SQL Injection
|
33 |
WEB
|
Yuriy (Vander) Tsarenko
|
|
2023-04-08
|
|
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
|
30 |
WEB
|
Youssef Muhammad
|
|
2023-04-08
|
|
Medicine Tracker System v1.0 - Sql Injection
|
28 |
WEB
|
Sanjay Singh
|
|
2023-04-08
|
|
Online Appointment System V1.0 - Cross-Site Scripting (XSS)
|
29 |
WEB
|
Sanjay Singh
|
|
2023-04-08
|
|
ENTAB ERP 1.0 - Username PII leak
|
31 |
WEB
|
Deb Prasad Banerjee
|
|
2023-04-08
|
|
Joomla! v4.2.8 - Unauthenticated information disclosure
|
31 |
WEB
|
Alexandre ZANNI
|
|
2023-04-08
|
|
Restaurant Management System 1.0 - SQL Injection
|
40 |
WEB
|
calfcrusher
|
|
2023-04-08
|
|
Icinga Web 2.10 - Arbitrary File Disclosure
|
30 |
WEB
|
Jacob Ebben
|
|
2023-04-08
|
|
Adobe Connect 11.4.5 - Local File Disclosure
|
33 |
WEB
|
h4shur
|
|
2023-04-08
|
|
Altenergy Power Control Software C1.2.5 - OS command injection
|
28 |
WEB
|
Ahmed Alroky
|
|
2023-04-07
|
|
Snitz Forum v1.0 - Blind SQL Injection
|
28 |
WEB
|
Emiliano Febbi
|
|
2023-04-07
|
|
Rukovoditel 3.3.1 - Remote Code Execution (RCE)
|
25 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-07
|
|
ChurchCRM 4.5.1 - Authenticated SQL Injection
|
26 |
WEB
|
Arvandy
|
|
2023-04-07
|
|
NotrinosERP 0.7 - Authenticated Blind SQL Injection
|
27 |
WEB
|
Arvandy
|
|
2023-04-07
|
|
MAC 1200R - Directory Traversal
|
28 |
WEB
|
Chunlei Shang_ Jiangsu Public Information Co._ Ltd
|
|
2023-04-06
|
|
craftercms 4.x.x - CORS
|
34 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
Purchase Order Management-1.0 - Local File Inclusion
|
29 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
|
30 |
WEB
|
Kahvi-0
|
|
2023-04-06
|
|
Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)
|
31 |
WEB
|
Anthony Cole
|
|
2023-04-06
|
|
ChurchCRM v4.5.3-121fcc1 - SQL Injection
|
27 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
flatnux 2021-03.25 - Remote Code Execution (Authenticated)
|
30 |
WEB
|
Ömer Hasan Durmuş
|
|
2023-04-06
|
|
Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)
|
31 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - SQL Injection on page Master.php
|
26 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - SQL Injection on page view_music_details.php
|
24 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - Broken Access Control
|
23 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - SQL Injection on music_list.php
|
24 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Employee Task Management System v1.0 - SQL Injection on edit-task.php
|
28 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)
|
32 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Employee Task Management System v1.0 - Broken Authentication
|
29 |
WEB
|
Muhammad Navaid Zafar Ansari
|
