|
2023-04-07
|
|
Rukovoditel 3.3.1 - Remote Code Execution (RCE)
|
3 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-07
|
|
ChurchCRM 4.5.1 - Authenticated SQL Injection
|
4 |
WEB
|
Arvandy
|
|
2023-04-07
|
|
NotrinosERP 0.7 - Authenticated Blind SQL Injection
|
4 |
WEB
|
Arvandy
|
|
2023-04-07
|
|
MAC 1200R - Directory Traversal
|
5 |
WEB
|
Chunlei Shang_ Jiangsu Public Information Co._ Ltd
|
|
2023-04-06
|
|
craftercms 4.x.x - CORS
|
5 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
Purchase Order Management-1.0 - Local File Inclusion
|
6 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
|
6 |
WEB
|
Kahvi-0
|
|
2023-04-06
|
|
Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)
|
7 |
WEB
|
Anthony Cole
|
|
2023-04-06
|
|
ChurchCRM v4.5.3-121fcc1 - SQL Injection
|
5 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
flatnux 2021-03.25 - Remote Code Execution (Authenticated)
|
7 |
WEB
|
Ömer Hasan Durmuş
|
|
2023-04-06
|
|
Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)
|
7 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - SQL Injection on page Master.php
|
6 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - SQL Injection on page view_music_details.php
|
4 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - Broken Access Control
|
3 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - SQL Injection on music_list.php
|
4 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Employee Task Management System v1.0 - SQL Injection on edit-task.php
|
5 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)
|
5 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Employee Task Management System v1.0 - Broken Authentication
|
6 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php
|
4 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php
|
5 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Auto Dealer Management System v1.0 - SQL Injection
|
4 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Auto Dealer Management System 1.0 - Broken Access Control Exploit
|
4 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
|
5 |
WEB
|
Ahmed Ismail
|
|
2023-04-06
|
|
Best pos Management System v1.0 - SQL Injection
|
5 |
WEB
|
Ahmed Ismail
|
|
2023-04-06
|
|
Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking
|
5 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
POLR URL 2.3.0 - Shortener Admin Takeover
|
6 |
WEB
|
p4kl0nc4t
|
|
2023-04-06
|
|
modoboa 2.0.4 - Admin TakeOver
|
5 |
WEB
|
7h3h4ckv157
|
|
2023-04-06
|
|
LDAP Tool Box Self Service Password v1.5.2 - Account takeover
|
4 |
WEB
|
Tahar BENNACEF
|
|
2023-04-06
|
|
Intern Record System v1.0 - SQL Injection (Unauthenticated)
|
4 |
WEB
|
Hamdi Sevben
|
|
2023-04-06
|
|
Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
|
5 |
WEB
|
Hamdi Sevben
|
|
2023-04-06
|
|
Art Gallery Management System Project in PHP v 1.0 - SQL injection
|
6 |
WEB
|
Yogesh Verma
|
|
2023-04-06
|
|
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
|
4 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
Dompdf 1.2.1 - Remote Code Execution (RCE)
|
5 |
WEB
|
Ravindu Wickramasinghe
|
|
2023-04-05
|
|
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
|
5 |
WEB
|
Andreas Finstad
|
|
2023-04-05
|
|
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
|
7 |
WEB
|
Askar
|
|
2023-04-05
|
|
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
|
7 |
WEB
|
Manish Pathak
|
|
2023-04-05
|
|
Answerdev 1.0.3 - Account Takeover
|
19 |
WEB
|
Eduardo Pérez-Malumbres Cervera
|
|
2023-04-05
|
|
ERPNext 12.29 - Cross-Site Scripting (XSS)
|
5 |
WEB
|
Patrick Dean Ramos / Nathu Nandwani / Junnair Manl
|
|
2023-04-05
|
|
BTCPay Server v1.7.4 - HTML Injection
|
6 |
WEB
|
Manojkumar J
|
|
2023-04-05
|
|
itech TrainSmart r1044 - SQL injection
|
5 |
WEB
|
Adrian Bondocea
|
|
2023-04-05
|
|
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
|
5 |
WEB
|
Galoget Latorre
|
|
2023-04-05
|
|
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
|
4 |
WEB
|
Mayank Deshmukh
|
|
2023-04-05
|
|
Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)
|
5 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-05
|
|
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)
|
4 |
WEB
|
nu11secur1ty
|
|
2023-04-05
|
|
Liferay Portal 6.2.5 - Insecure Permissions
|
4 |
WEB
|
Fu2x2000
|
|
2023-04-05
|
|
Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)
|
5 |
WEB
|
Matteo Conti
|
|
2023-04-05
|
|
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting
|
5 |
WEB
|
Mostafa Farzaneh
|
|
2023-04-05
|
|
zstore 6.6.0 - Cross-Site Scripting (XSS)
|
5 |
WEB
|
nu11secur1ty
|
|
2023-04-05
|
|
projectSend r1605 - Remote Code Exectution RCE
|
4 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-05
|
|
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
|
5 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-04-05
|
|
PhotoShow 3.0 - Remote Code Execution
|
6 |
WEB
|
LSCP Responsible Disclosure Lab
|
|
2023-04-03
|
|
Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection
|
6 |
WEB
|
r3nt0n
|
|
2023-04-03
|
|
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
|
5 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
|
5 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
|
5 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion
|
5 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
|
5 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload
|
4 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
|
5 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
Roxy WI v6.1.0.0 - Improper Authentication Control
|
6 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
|
6 |
WEB
|
BLY
|
|
2023-04-03
|
|
ManageEngin AMP 4.3.0 - File-path-traversal
|
5 |
WEB
|
nu11secur1ty
|
|
2023-04-03
|
|
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)
|
3 |
WEB
|
Sajibe Kanti
|
|
2023-04-03
|
|
ERPGo SaaS 3.9 - CSV Injection
|
5 |
WEB
|
Sajibe Kanti
|
|
2023-04-03
|
|
AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)
|
9 |
WEB
|
Sajibe Kanti
|
|
2023-04-03
|
|
SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
|
6 |
WEB
|
geeklinuxman
|
|
2023-04-03
|
|
Art Gallery Management System Project v1.0 - SQL Injection (editid) authenticated
|
21 |
WEB
|
Rahul Patwari
|
|
2023-04-03
|
|
Art Gallery Management System Project v1.0 - SQL Injection (cid) Unauthenticated
|
2 |
WEB
|
Rahul Patwari
|
|
2023-04-03
|
|
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
|
5 |
WEB
|
Rahul Patwari
|
|
2023-04-03
|
|
MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)
|
5 |
WEB
|
lUc1f3r11
|
|
2023-04-03
|
|
SLIMSV 9.5.2 - Cross-Site Scripting (XSS)
|
6 |
WEB
|
nu11secur1ty
|
|
2023-04-03
|
|
Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)
|
16 |
WEB
|
nu11secur1ty
|
|
2023-04-03
|
|
Nacos 2.0.3 - Access Control vulnerability
|
7 |
WEB
|
Jenson Zhao
|
|
2023-04-03
|
|
Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
|
5 |
WEB
|
Mohammed Chemouri
|
|
2023-04-03
|
|
ChiKoi v1.0 - SQL Injection
|
4 |
WEB
|
nu11secur1ty
|
|
2023-04-03
|
|
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute
|
6 |
WEB
|
nu11secur1ty
|
|
2023-04-01
|
|
ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)
|
2 |
WEB
|
Rob_ CTRL Group
|
|
2023-04-01
|
|
Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)
|
5 |
WEB
|
SITE Team
|
|
2023-04-01
|
|
PMB 7.4.6 - SQL Injection
|
6 |
WEB
|
str0xo DZ
|
|
2023-04-01
|
|
Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)
|
5 |
WEB
|
numan türle
|
|
2023-04-01
|
|
Apache 2.4.x - Buffer Overflow
|
5 |
WEB
|
Sunil Iyengar
|
|
2023-04-01
|
|
Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)
|
4 |
WEB
|
Mohammed A.Siledar
|
|
2023-04-01
|
|
SugarCRM 12.2.0 - Remote Code Execution (RCE)
|
6 |
WEB
|
sw33t.0day
|
|
2023-04-01
|
|
perfSONAR v4.4.5 - Partial Blind CSRF
|
5 |
WEB
|
Ryan Moore
|
|
2023-04-01
|
|
Prizm Content Connect v10.5.1030.8315 - XXE
|
5 |
WEB
|
xhzeem
|
|
2023-04-01
|
|
XCMS v1.83 - Remote Command Execution (RCE)
|
4 |
WEB
|
Onurcan
|
|
2023-04-01
|
|
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
|
5 |
WEB
|
Antonio Francesco Sardella
|
|
2023-04-01
|
|
GeoVision Camera GV-ADR2701 - Authentication Bypass
|
3 |
WEB
|
Chan Nyein Wai
|
|
2023-03-31
|
|
Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)
|
3 |
WEB
|
Alperen Ergel
|
|
2023-03-31
|
|
Bangresto 1.0 - SQL Injection
|
5 |
WEB
|
nu11secur1ty
|
|
2023-03-31
|
|
Cacti v1.2.22 - Remote Command Execution (RCE)
|
7 |
WEB
|
Riadh Bouchahoua
|
|
2023-03-31
|
|
Judging Management System v1.0 - Authentication Bypass
|
5 |
WEB
|
Angelo Pio Amirante
|
|
2023-03-31
|
|
Judging Management System v1.0 - Remote Code Execution (RCE)
|
5 |
WEB
|
Angelo Pio Amirante
|
|
2023-03-31
|
|
rconfig 3.9.7 - Sql Injection (Authenticated)
|
5 |
WEB
|
azhen
|
|
2023-03-31
|
|
Spitfire CMS 1.0.475 - PHP Object Injection
|
7 |
WEB
|
LiquidWorm
|
|
2023-03-31
|
|
Senayan Library Management System v9.0.0 - SQL Injection
|
6 |
WEB
|
nu11secur1ty
|
|
2023-03-31
|
|
Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)
|
8 |
WEB
|
Alperen Ergel
|
|
2023-03-31
|
|
WooCommerce v7.1.0 - Remote Code Execution(RCE)
|
5 |
WEB
|
Milad karimi
|
|
2023-03-31
|
|
EQ Enterprise management system v2.2.0 - SQL Injection
|
4 |
WEB
|
TLF
|
|
2023-03-30
|
|
Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)
|
17 |
WEB
|
@casp3r0x0 hassan ali al-khafaji
|
|
2023-03-30
|
|
WPForms 1.7.8 - Cross-Site Scripting (XSS)
|
17 |
WEB
|
Milad karimi
|
|
2023-03-30
|
|
Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)
|
6 |
WEB
|
Andrey Stoykov
|
|
2023-03-30
|
|
LISTSERV 17 - Insecure Direct Object Reference (IDOR)
|
7 |
WEB
|
Shaunt Der-Grigorian
|
|
2023-03-30
|
|
LISTSERV 17 - Reflected Cross Site Scripting (XSS)
|
10 |
WEB
|
Shaunt Der-Grigorian
|
|
2023-03-30
|
|
4images 1.9 - Remote Command Execution (RCE)
|
4 |
WEB
|
Andrey Stoykov
|
|
2023-03-30
|
|
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
|
3 |
WEB
|
Eric Flokstra
|
|
2023-03-30
|
|
Concrete5 CME v9.1.3 - Xpath injection
|
5 |
WEB
|
nu11secur1ty
|
|
2023-03-30
|
|
Virtual Reception v1.0 - Web Server Directory Traversal
|
5 |
WEB
|
Spinae
|
|
2023-03-30
|
|
Covenant v0.5 - Remote Code Execution (RCE)
|
5 |
WEB
|
xThaz
|
|
2023-03-30
|
|
Ecommerse v1.0 - Cross-Site Scripting (XSS)
|
4 |
WEB
|
nu11secur1ty
|
|
2023-03-30
|
|
Boa Web Server v0.94.14 - Authentication Bypass
|
12 |
WEB
|
George Tsimpidas
|
|
2023-03-30
|
|
myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)
|
5 |
WEB
|
Andrey Stoykov
|
|
2023-03-30
|
|
ClicShopping v3.402 - Cross-Site Scripting (XSS)
|
5 |
WEB
|
nu11secur1ty
|
|
2023-03-30
|
|
Dreamer CMS v4.0.0 - SQL Injection
|
4 |
WEB
|
lvren
|
|
2023-03-29
|
|
Revenue Collection System v1.0 - Remote Code Execution (RCE)
|
5 |
WEB
|
Joe Pollock
|
|
2023-03-29
|
|
Helmet Store Showroom v1.0 - SQL Injection
|
6 |
WEB
|
Ameer Hamza
|
|
2023-03-29
|
|
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
|
5 |
WEB
|
Bleron Rrustemi
|
|
2023-03-29
|
|
Human Resource Management System 1.0 - SQL Injection (unauthenticated)
|
3 |
WEB
|
Matthijs van der Vaart (eMVee)
|
|
2023-03-29
|
|
Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
|
5 |
WEB
|
Rajeshwar Singh
|
|
2023-03-29
|
|
WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)
|
3 |
WEB
|
AkuCyberSec
|
|
2023-03-28
|
|
rukovoditel 3.2.1 - Cross-Site Scripting (XSS)
|
3 |
WEB
|
nu11secur1ty
|
|
2023-03-28
|
|
Senayan Library Management System v9.5.0 - SQL Injection
|
4 |
WEB
|
nu11secur1ty
|
|
2023-03-28
|
|
iBooking v1.0.8 - Arbitrary File Upload
|
5 |
WEB
|
d1z1n370/oPty
|
|
2023-03-28
|
|
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
|
6 |
WEB
|
Okan Kurtulus
|
|
2023-03-28
|
|
Social-Share-Buttons v2.2.3 - SQL Injection
|
6 |
WEB
|
nu11secur1ty
|
