|
2023-04-01
|
|
SugarCRM 12.2.0 - Remote Code Execution (RCE)
|
21 |
WEB
|
sw33t.0day
|
|
2023-04-01
|
|
perfSONAR v4.4.5 - Partial Blind CSRF
|
19 |
WEB
|
Ryan Moore
|
|
2023-04-01
|
|
Prizm Content Connect v10.5.1030.8315 - XXE
|
16 |
WEB
|
xhzeem
|
|
2023-04-01
|
|
XCMS v1.83 - Remote Command Execution (RCE)
|
18 |
WEB
|
Onurcan
|
|
2023-04-01
|
|
GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
|
18 |
WEB
|
Antonio Francesco Sardella
|
|
2023-04-01
|
|
GeoVision Camera GV-ADR2701 - Authentication Bypass
|
18 |
WEB
|
Chan Nyein Wai
|
|
2023-03-31
|
|
Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)
|
16 |
WEB
|
Alperen Ergel
|
|
2023-03-31
|
|
Bangresto 1.0 - SQL Injection
|
17 |
WEB
|
nu11secur1ty
|
|
2023-03-31
|
|
Cacti v1.2.22 - Remote Command Execution (RCE)
|
24 |
WEB
|
Riadh Bouchahoua
|
|
2023-03-31
|
|
Judging Management System v1.0 - Authentication Bypass
|
16 |
WEB
|
Angelo Pio Amirante
|
|
2023-03-31
|
|
Judging Management System v1.0 - Remote Code Execution (RCE)
|
20 |
WEB
|
Angelo Pio Amirante
|
|
2023-03-31
|
|
rconfig 3.9.7 - Sql Injection (Authenticated)
|
20 |
WEB
|
azhen
|
|
2023-03-31
|
|
Spitfire CMS 1.0.475 - PHP Object Injection
|
24 |
WEB
|
LiquidWorm
|
|
2023-03-31
|
|
Senayan Library Management System v9.0.0 - SQL Injection
|
25 |
WEB
|
nu11secur1ty
|
|
2023-03-31
|
|
Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)
|
20 |
WEB
|
Alperen Ergel
|
|
2023-03-31
|
|
WooCommerce v7.1.0 - Remote Code Execution(RCE)
|
20 |
WEB
|
Milad karimi
|
|
2023-03-31
|
|
EQ Enterprise management system v2.2.0 - SQL Injection
|
21 |
WEB
|
TLF
|
|
2023-03-30
|
|
Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)
|
30 |
WEB
|
@casp3r0x0 hassan ali al-khafaji
|
|
2023-03-30
|
|
WPForms 1.7.8 - Cross-Site Scripting (XSS)
|
34 |
WEB
|
Milad karimi
|
|
2023-03-30
|
|
Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)
|
20 |
WEB
|
Andrey Stoykov
|
|
2023-03-30
|
|
LISTSERV 17 - Insecure Direct Object Reference (IDOR)
|
24 |
WEB
|
Shaunt Der-Grigorian
|
|
2023-03-30
|
|
LISTSERV 17 - Reflected Cross Site Scripting (XSS)
|
27 |
WEB
|
Shaunt Der-Grigorian
|
|
2023-03-30
|
|
4images 1.9 - Remote Command Execution (RCE)
|
21 |
WEB
|
Andrey Stoykov
|
|
2023-03-30
|
|
Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)
|
19 |
WEB
|
Eric Flokstra
|
|
2023-03-30
|
|
Concrete5 CME v9.1.3 - Xpath injection
|
18 |
WEB
|
nu11secur1ty
|
|
2023-03-30
|
|
Virtual Reception v1.0 - Web Server Directory Traversal
|
23 |
WEB
|
Spinae
|
|
2023-03-30
|
|
Covenant v0.5 - Remote Code Execution (RCE)
|
25 |
WEB
|
xThaz
|
|
2023-03-30
|
|
Ecommerse v1.0 - Cross-Site Scripting (XSS)
|
17 |
WEB
|
nu11secur1ty
|
|
2023-03-30
|
|
Boa Web Server v0.94.14 - Authentication Bypass
|
26 |
WEB
|
George Tsimpidas
|
|
2023-03-30
|
|
myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)
|
22 |
WEB
|
Andrey Stoykov
|
|
2023-03-30
|
|
ClicShopping v3.402 - Cross-Site Scripting (XSS)
|
19 |
WEB
|
nu11secur1ty
|
|
2023-03-30
|
|
Dreamer CMS v4.0.0 - SQL Injection
|
21 |
WEB
|
lvren
|
|
2023-03-29
|
|
Revenue Collection System v1.0 - Remote Code Execution (RCE)
|
19 |
WEB
|
Joe Pollock
|
|
2023-03-29
|
|
Helmet Store Showroom v1.0 - SQL Injection
|
18 |
WEB
|
Ameer Hamza
|
|
2023-03-29
|
|
Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
|
17 |
WEB
|
Bleron Rrustemi
|
|
2023-03-29
|
|
Human Resource Management System 1.0 - SQL Injection (unauthenticated)
|
21 |
WEB
|
Matthijs van der Vaart (eMVee)
|
|
2023-03-29
|
|
Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
|
20 |
WEB
|
Rajeshwar Singh
|
|
2023-03-29
|
|
WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)
|
23 |
WEB
|
AkuCyberSec
|
|
2023-03-28
|
|
rukovoditel 3.2.1 - Cross-Site Scripting (XSS)
|
18 |
WEB
|
nu11secur1ty
|
|
2023-03-28
|
|
Senayan Library Management System v9.5.0 - SQL Injection
|
21 |
WEB
|
nu11secur1ty
|
|
2023-03-28
|
|
iBooking v1.0.8 - Arbitrary File Upload
|
27 |
WEB
|
d1z1n370/oPty
|
|
2023-03-28
|
|
ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)
|
19 |
WEB
|
Okan Kurtulus
|
|
2023-03-28
|
|
Social-Share-Buttons v2.2.3 - SQL Injection
|
23 |
WEB
|
nu11secur1ty
|
|
2023-03-28
|
|
Moodle LMS 4.0 - Cross-Site Scripting (XSS)
|
18 |
WEB
|
Saud Alenazi
|
|
2023-03-28
|
|
OPSWAT Metadefender Core - Privilege Escalation
|
23 |
WEB
|
Ulascan Yildirim
|
|
2023-03-28
|
|
ZKTeco ZEM/ZMM 8.88 - Missing Authentication
|
29 |
WEB
|
RedTeam Pentesting GmbH
|
|
2023-03-28
|
|
Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)
|
17 |
WEB
|
Sinem Şahin
|
|
2023-03-28
|
|
Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)
|
20 |
WEB
|
Ryan Smith
|
|
2023-03-28
|
|
BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
|
18 |
WEB
|
zetc0de
|
|
2023-03-28
|
|
Jetpack 11.4 - Cross Site Scripting (XSS)
|
16 |
WEB
|
Behrouz Mansoori
|
|
2023-03-28
|
|
Online shopping system advanced 1.0 - Multiple Vulnerabilities
|
21 |
WEB
|
Rafael Pedrero
|
|
2023-03-28
|
|
YouPHPTube<= 7.8 - Multiple Vulnerabilities
|
21 |
WEB
|
Rafael Pedrero
|
|
2023-03-28
|
|
Pega Platform 8.1.0 - Remote Code Execution (RCE)
|
22 |
WEB
|
Marcin Wolak
|
|
2023-03-28
|
|
Beauty-salon v1.0 - Remote Code Execution (RCE)
|
20 |
WEB
|
nu11secur1ty
|
|
2023-03-27
|
|
FortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass
|
21 |
WEB
|
Felipe Alcantara
|
|
2023-03-27
|
|
WebTareas 2.4 - RCE (Authorized)
|
18 |
WEB
|
Hubert Wojciechowski
|
|
2023-03-27
|
|
WebTareas 2.4 - Reflected XSS (Unauthorised)
|
16 |
WEB
|
Hubert Wojciechowski
|
|
2023-03-27
|
|
WebTareas 2.4 - SQL Injection (Unauthorised)
|
19 |
WEB
|
Hubert Wojciechowski
|
|
2023-03-27
|
|
Atom CMS v2.0 - SQL Injection (no auth)
|
23 |
WEB
|
Hubert Wojciechowski
|
|
2023-03-27
|
|
Aero CMS v0.0.1 - PHP Code Injection (auth)
|
18 |
WEB
|
Hubert Wojciechowski
|
|
2023-03-27
|
|
Aero CMS v0.0.1 - SQL Injection (no auth)
|
27 |
WEB
|
Hubert Wojciechowski
|
|
2023-03-27
|
|
Desktop Central 9.1.0 - Multiple Vulnerabilities
|
25 |
WEB
|
Rafael Pedrero
|
|
2023-03-27
|
|
WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities
|
17 |
WEB
|
Rafael Pedrero
|
|
2023-03-27
|
|
Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE)
|
20 |
WEB
|
Rafael Pedrero
|
|
2023-03-27
|
|
Grafana <=6.2.4 - HTML Injection
|
23 |
WEB
|
SimranJeet Singh
|
|
2023-03-27
|
|
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
|
20 |
WEB
|
Trenches of IT
|
|
2023-03-27
|
|
Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)
|
22 |
WEB
|
Sinem Şahin
|
|
2023-03-27
|
|
Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)
|
20 |
WEB
|
mister0xf
|
|
2023-03-27
|
|
FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
|
22 |
WEB
|
Sinem Şahin
|
|
2023-03-27
|
|
eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)
|
24 |
WEB
|
ErPaciocco
|
|
2023-03-27
|
|
Canteen-Management v1.0 - SQL Injection
|
22 |
WEB
|
nu11secur1ty
|
|
2023-03-27
|
|
Canteen-Management v1.0 - XSS-Reflected
|
23 |
WEB
|
nu11secur1ty
|
|
2023-03-25
|
|
PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS
|
19 |
WEB
|
Prasheek Kamble
|
|
2023-03-25
|
|
Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution
|
20 |
WEB
|
Sarang Tumne
|
|
2023-03-25
|
|
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution
|
18 |
WEB
|
Sarang Tumne
|
|
2023-03-25
|
|
Abantecart v1.3.2 - Authenticated Remote Code Execution
|
16 |
WEB
|
Sarang Tumne
|
|
2023-03-25
|
|
SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution
|
21 |
WEB
|
Sarang Tumne
|
|
2023-03-25
|
|
ImpressCMS v1.4.3 - Authenticated SQL Injection
|
17 |
WEB
|
Sarang Tumne
|
|
2023-03-25
|
|
Password Manager for IIS v2.0 - XSS
|
19 |
WEB
|
VP4TR10T
|
|
2023-03-25
|
|
Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)
|
20 |
WEB
|
Ali Alipour
|
|
2023-03-25
|
|
GuppY CMS v6.00.10 - Remote Code Execution
|
23 |
WEB
|
Chokri Hammedi
|
|
2023-03-25
|
|
Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal
|
22 |
WEB
|
nu11secur1ty
|
|
2023-03-25
|
|
Employee Performance Evaluation System v1.0 - File Inclusion and RCE
|
22 |
WEB
|
nu11secur1ty
|
|
2023-03-25
|
|
Yoga Class Registration System v1.0 - Multiple SQLi
|
18 |
WEB
|
Abdulhakim Öner
|
|
2023-03-25
|
|
Human Resources Management System v1.0 - Multiple SQLi
|
21 |
WEB
|
Abdulhakim Öner
|
|
2023-03-25
|
|
Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)
|
15 |
WEB
|
yousef alraddadi
|
|
2023-03-25
|
|
Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection
|
22 |
WEB
|
Elias Hohl
|
|
2023-03-25
|
|
NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi
|
24 |
WEB
|
Elias Hohl
|
|
2023-03-25
|
|
_camp_ Raspberry Pi camera server 1.0 - Authentication Bypass
|
25 |
WEB
|
Elias Hohl
|
|
2023-03-23
|
|
Bitbucket v7.0.0 - RCE
|
20 |
WEB
|
khal4n1
|
|
2023-03-23
|
|
wkhtmltopdf 0.12.6 - Server Side Request Forgery
|
22 |
WEB
|
Momen Eldawakhly
|
|
2023-03-23
|
|
WorkOrder CMS 0.1.0 - SQL Injection
|
26 |
WEB
|
Chokri Hammedi
|
|
2023-03-23
|
|
MAN-EAM-0003 V3.2.4 - XXE
|
19 |
WEB
|
Ahmed Alroky
|
|
2023-03-23
|
|
Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities
|
17 |
WEB
|
Chokri Hammedi
|
|
2023-03-22
|
|
Linksys AX3200 V1.1.00 - Command Injection
|
17 |
WEB
|
Ahmed Alroky
|
|
2023-03-22
|
|
VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities
|
18 |
WEB
|
Edd13Mora
|
|
2023-02-20
|
|
pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)
|
16 |
WEB
|
IHTeam
|
|
2022-11-11
|
|
CVAT 2.0 - Server Side Request Forgery
|
16 |
WEB
|
Emir Polat
|
|
2022-11-11
|
|
Open Web Analytics 1.7.3 - Remote Code Execution
|
24 |
WEB
|
Jacob Ebben
|
|
2022-10-17
|
|
Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)
|
22 |
WEB
|
ABDO10
|
|
2022-10-06
|
|
Wordpress Plugin Zephyr Project Manager 3.2.42 - Multiple SQLi
|
19 |
WEB
|
Rizacan Tufan
|
|
2022-09-23
|
|
Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)
|
18 |
WEB
|
Ashkan Moghaddas
|
|
2022-09-23
|
|
Aero CMS v0.0.1 - SQLi
|
20 |
WEB
|
nu11secur1ty
|
|
2022-09-23
|
|
Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
|
19 |
WEB
|
UnD3sc0n0c1d0
|
|
2022-09-23
|
|
Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)
|
17 |
WEB
|
UnD3sc0n0c1d0
|
|
2022-09-23
|
|
Feehi CMS 2.1.1 - Remote Code Execution (Authenticated)
|
21 |
WEB
|
yuyudhn
|
|
2022-09-23
|
|
TP-Link Tapo c200 1.1.15 - Remote Code Execution (RCE)
|
17 |
WEB
|
hacefresko
|
|
2022-09-20
|
|
Bookwyrm v0.4.3 - Authentication Bypass
|
16 |
WEB
|
Akshay Ravi
|
|
2022-09-20
|
|
Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass
|
18 |
WEB
|
Jordan Glover
|
|
2022-09-15
|
|
Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
|
17 |
WEB
|
samguy
|
|
2022-09-02
|
|
WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
|
19 |
WEB
|
Luqman Hakim Zahari
|
|
2022-09-02
|
|
WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)
|
18 |
WEB
|
Luqman Hakim Zahari
|
|
2022-09-02
|
|
Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
|
19 |
WEB
|
Aryan Chehreghani
|
|
2022-08-09
|
|
ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
|
17 |
WEB
|
Steffen Langenfeld
|
|
2022-08-09
|
|
ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
|
19 |
WEB
|
Steffen Langenfeld
|
|
2022-08-09
|
|
Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
|
17 |
WEB
|
Shivam Singh
|
|
2022-08-09
|
|
Prestashop blockwishlist module 2.1.0 - SQLi
|
14 |
WEB
|
Karthik UJ
|
|
2022-08-01
|
|
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
|
29 |
WEB
|
Emir Polat
|
|
2022-08-01
|
|
NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)
|
21 |
WEB
|
p1ckzi
|
|
2022-08-01
|
|
mPDF 7.0 - Local File Inclusion
|
22 |
WEB
|
Musyoka Ian
|
|
2022-08-01
|
|
CuteEditor for PHP 6.6 - Directory Traversal
|
19 |
WEB
|
Stefan Hesselman
|
|
2022-08-01
|
|
WordPress Plugin Duplicator 1.4.7 - Information Disclosure
|
21 |
WEB
|
SecuriTrust
|
|
2022-08-01
|
|
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
|
18 |
WEB
|
SecuriTrust
|
|
2022-08-01
|
|
Wavlink WN530HG4 - Password Disclosure
|
20 |
WEB
|
Ahmed Alroky
|
|
2022-08-01
|
|
Wavlink WN533A8 - Password Disclosure
|
21 |
WEB
|
Ahmed Alroky
|
