|
2023-05-02
|
|
PHPJabbers Simple CMS 5.0 - SQL Injection
|
22 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-02
|
|
PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)
|
31 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-05-02
|
|
OpenEMR v7.0.1 - Authentication credentials brute force
|
33 |
WEB
|
abhhi (Abhishek Birdawade)
|
|
2023-05-02
|
|
PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
|
27 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
SoftExpert (SE) Suite v2.1.3 - Local File Inclusion
|
27 |
WEB
|
Felipe Alcantara
|
|
2023-05-02
|
|
Serendipity 2.4.0 - File Inclusion RCE
|
33 |
WEB
|
nu11secur1ty
|
|
2023-05-02
|
|
admidio v4.2.5 - CSV Injection
|
26 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
revive-adserver v5.4.1 - Cross-Site Scripting (XSS)
|
26 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
projectSend r1605 - Private file download
|
19 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
phpMyFAQ v3.1.12 - CSV Injection
|
24 |
WEB
|
Mirabbas Ağalarov
|
|
2023-05-02
|
|
PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting
|
25 |
WEB
|
Or4nG.M4N
|
|
2023-04-25
|
|
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
|
28 |
WEB
|
Behnam Abasi Vanda
|
|
2023-04-25
|
|
Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution
|
28 |
WEB
|
Or4nG.M4N
|
|
2023-04-25
|
|
Mars Stealer 8.3 - Admin Account Takeover
|
34 |
WEB
|
Sköll
|
|
2023-04-25
|
|
PaperCut NG/MG 22.0.4 - Authentication Bypass
|
62 |
WEB
|
MaanVader
|
|
2023-04-25
|
|
KodExplorer 4.49 - CSRF to Arbitrary File Upload
|
28 |
WEB
|
Mr Empy
|
|
2023-04-20
|
|
ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)
|
25 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-20
|
|
Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)
|
25 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-20
|
|
FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
|
40 |
WEB
|
Rodolfo Mariano
|
|
2023-04-20
|
|
Chitor-CMS v1.1.2 - Pre-Auth SQL Injection
|
26 |
WEB
|
msd0pe
|
|
2023-04-20
|
|
GDidees CMS 3.9.1 - Local File Disclosure
|
32 |
WEB
|
Hadi Mene
|
|
2023-04-20
|
|
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
|
29 |
WEB
|
Rafael Cintra Lopes
|
|
2023-04-20
|
|
Bang Resto v1.0 - 'Multiple' SQL Injection
|
24 |
WEB
|
Rahad Chowdhury
|
|
2023-04-20
|
|
Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)
|
27 |
WEB
|
Rahad Chowdhury
|
|
2023-04-20
|
|
Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)
|
27 |
WEB
|
max / Zoltan Padanyi
|
|
2023-04-20
|
|
Serendipity 2.4.0 - Cross-Site Scripting (XSS)
|
28 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-20
|
|
Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)
|
31 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP
|
35 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure
|
22 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
|
34 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
|
28 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
|
28 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
|
23 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
|
29 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
|
36 |
WEB
|
LiquidWorm
|
|
2023-04-14
|
|
InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal
|
27 |
WEB
|
Zer0FauLT
|
|
2023-04-14
|
|
Bludit 4.0.0-rc-2 - Account takeover
|
28 |
WEB
|
nu11secur1ty
|
|
2023-04-10
|
|
Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)
|
27 |
WEB
|
Matisse Beckandt
|
|
2023-04-10
|
|
BrainyCP V1.0 - Remote Code Execution
|
28 |
WEB
|
Ahmet Ümit BAYRAM
|
|
2023-04-10
|
|
Roxy Fileman 1.4.5 - Arbitrary File Upload
|
31 |
WEB
|
Zer0FauLT
|
|
2023-04-10
|
|
ever gauzy v0.281.9 - JWT weak HMAC secret
|
29 |
WEB
|
nu11secur1ty
|
|
2023-04-08
|
|
dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)
|
24 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-08
|
|
Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)
|
30 |
WEB
|
dwbzn
|
|
2023-04-08
|
|
WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)
|
35 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-08
|
|
ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)
|
27 |
WEB
|
Abdulaziz Saad
|
|
2023-04-08
|
|
X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)
|
23 |
WEB
|
Betul Denizler
|
|
2023-04-08
|
|
X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
27 |
WEB
|
Betul Denizler
|
|
2023-04-08
|
|
Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)
|
22 |
WEB
|
nu11secur1ty
|
|
2023-04-08
|
|
Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
|
29 |
WEB
|
omurugur
|
|
2023-04-08
|
|
Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
|
32 |
WEB
|
omurugur
|
|
2023-04-08
|
|
Suprema BioStar 2 v2.8.16 - SQL Injection
|
31 |
WEB
|
Yuriy (Vander) Tsarenko
|
|
2023-04-08
|
|
Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)
|
28 |
WEB
|
Youssef Muhammad
|
|
2023-04-08
|
|
Medicine Tracker System v1.0 - Sql Injection
|
24 |
WEB
|
Sanjay Singh
|
|
2023-04-08
|
|
Online Appointment System V1.0 - Cross-Site Scripting (XSS)
|
25 |
WEB
|
Sanjay Singh
|
|
2023-04-08
|
|
ENTAB ERP 1.0 - Username PII leak
|
29 |
WEB
|
Deb Prasad Banerjee
|
|
2023-04-08
|
|
Joomla! v4.2.8 - Unauthenticated information disclosure
|
26 |
WEB
|
Alexandre ZANNI
|
|
2023-04-08
|
|
Restaurant Management System 1.0 - SQL Injection
|
32 |
WEB
|
calfcrusher
|
|
2023-04-08
|
|
Icinga Web 2.10 - Arbitrary File Disclosure
|
28 |
WEB
|
Jacob Ebben
|
|
2023-04-08
|
|
Adobe Connect 11.4.5 - Local File Disclosure
|
29 |
WEB
|
h4shur
|
|
2023-04-08
|
|
Altenergy Power Control Software C1.2.5 - OS command injection
|
25 |
WEB
|
Ahmed Alroky
|
|
2023-04-07
|
|
Snitz Forum v1.0 - Blind SQL Injection
|
26 |
WEB
|
Emiliano Febbi
|
|
2023-04-07
|
|
Rukovoditel 3.3.1 - Remote Code Execution (RCE)
|
23 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-07
|
|
ChurchCRM 4.5.1 - Authenticated SQL Injection
|
22 |
WEB
|
Arvandy
|
|
2023-04-07
|
|
NotrinosERP 0.7 - Authenticated Blind SQL Injection
|
25 |
WEB
|
Arvandy
|
|
2023-04-07
|
|
MAC 1200R - Directory Traversal
|
20 |
WEB
|
Chunlei Shang_ Jiangsu Public Information Co._ Ltd
|
|
2023-04-06
|
|
craftercms 4.x.x - CORS
|
28 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
Purchase Order Management-1.0 - Local File Inclusion
|
26 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI
|
28 |
WEB
|
Kahvi-0
|
|
2023-04-06
|
|
Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)
|
27 |
WEB
|
Anthony Cole
|
|
2023-04-06
|
|
ChurchCRM v4.5.3-121fcc1 - SQL Injection
|
23 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
flatnux 2021-03.25 - Remote Code Execution (Authenticated)
|
26 |
WEB
|
Ömer Hasan Durmuş
|
|
2023-04-06
|
|
Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)
|
27 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - SQL Injection on page Master.php
|
24 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - SQL Injection on page view_music_details.php
|
21 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - Broken Access Control
|
20 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Music Gallery Site v1.0 - SQL Injection on music_list.php
|
21 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Employee Task Management System v1.0 - SQL Injection on edit-task.php
|
24 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)
|
28 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Employee Task Management System v1.0 - Broken Authentication
|
27 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php
|
23 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php
|
21 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Auto Dealer Management System v1.0 - SQL Injection
|
22 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Auto Dealer Management System 1.0 - Broken Access Control Exploit
|
20 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-06
|
|
Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
|
25 |
WEB
|
Ahmed Ismail
|
|
2023-04-06
|
|
Best pos Management System v1.0 - SQL Injection
|
24 |
WEB
|
Ahmed Ismail
|
|
2023-04-06
|
|
Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking
|
25 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
POLR URL 2.3.0 - Shortener Admin Takeover
|
26 |
WEB
|
p4kl0nc4t
|
|
2023-04-06
|
|
modoboa 2.0.4 - Admin TakeOver
|
21 |
WEB
|
7h3h4ckv157
|
|
2023-04-06
|
|
LDAP Tool Box Self Service Password v1.5.2 - Account takeover
|
24 |
WEB
|
Tahar BENNACEF
|
|
2023-04-06
|
|
Intern Record System v1.0 - SQL Injection (Unauthenticated)
|
22 |
WEB
|
Hamdi Sevben
|
|
2023-04-06
|
|
Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)
|
27 |
WEB
|
Hamdi Sevben
|
|
2023-04-06
|
|
Art Gallery Management System Project in PHP v 1.0 - SQL injection
|
24 |
WEB
|
Yogesh Verma
|
|
2023-04-06
|
|
atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE
|
24 |
WEB
|
nu11secur1ty
|
|
2023-04-06
|
|
Dompdf 1.2.1 - Remote Code Execution (RCE)
|
24 |
WEB
|
Ravindu Wickramasinghe
|
|
2023-04-05
|
|
Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
|
24 |
WEB
|
Andreas Finstad
|
|
2023-04-05
|
|
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
|
29 |
WEB
|
Askar
|
|
2023-04-05
|
|
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
|
33 |
WEB
|
Manish Pathak
|
|
2023-04-05
|
|
Answerdev 1.0.3 - Account Takeover
|
89 |
WEB
|
Eduardo Pérez-Malumbres Cervera
|
|
2023-04-05
|
|
ERPNext 12.29 - Cross-Site Scripting (XSS)
|
23 |
WEB
|
Patrick Dean Ramos / Nathu Nandwani / Junnair Manl
|
|
2023-04-05
|
|
BTCPay Server v1.7.4 - HTML Injection
|
24 |
WEB
|
Manojkumar J
|
|
2023-04-05
|
|
itech TrainSmart r1044 - SQL injection
|
27 |
WEB
|
Adrian Bondocea
|
|
2023-04-05
|
|
Responsive FileManager 9.9.5 - Remote Code Execution (RCE)
|
26 |
WEB
|
Galoget Latorre
|
|
2023-04-05
|
|
Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)
|
28 |
WEB
|
Mayank Deshmukh
|
|
2023-04-05
|
|
Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)
|
25 |
WEB
|
Muhammad Navaid Zafar Ansari
|
|
2023-04-05
|
|
bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)
|
29 |
WEB
|
nu11secur1ty
|
|
2023-04-05
|
|
Liferay Portal 6.2.5 - Insecure Permissions
|
22 |
WEB
|
Fu2x2000
|
|
2023-04-05
|
|
Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)
|
28 |
WEB
|
Matteo Conti
|
|
2023-04-05
|
|
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting
|
28 |
WEB
|
Mostafa Farzaneh
|
|
2023-04-05
|
|
zstore 6.6.0 - Cross-Site Scripting (XSS)
|
24 |
WEB
|
nu11secur1ty
|
|
2023-04-05
|
|
projectSend r1605 - Remote Code Exectution RCE
|
26 |
WEB
|
Mirabbas Ağalarov
|
|
2023-04-05
|
|
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
|
23 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-04-05
|
|
PhotoShow 3.0 - Remote Code Execution
|
22 |
WEB
|
LSCP Responsible Disclosure Lab
|
|
2023-04-03
|
|
Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection
|
21 |
WEB
|
r3nt0n
|
|
2023-04-03
|
|
GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)
|
25 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)
|
25 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin
|
22 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion
|
23 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
|
28 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload
|
25 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
|
26 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
Roxy WI v6.1.0.0 - Improper Authentication Control
|
24 |
WEB
|
Nuri Çilengir
|
|
2023-04-03
|
|
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
|
40 |
WEB
|
BLY
|
|
2023-04-03
|
|
ManageEngin AMP 4.3.0 - File-path-traversal
|
26 |
WEB
|
nu11secur1ty
|
|
2023-04-03
|
|
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)
|
35 |
WEB
|
Sajibe Kanti
|
|
2023-04-03
|
|
ERPGo SaaS 3.9 - CSV Injection
|
36 |
WEB
|
Sajibe Kanti
|
