|
2022-09-20
|
|
Bookwyrm v0.4.3 - Authentication Bypass
|
20 |
WEB
|
Akshay Ravi
|
|
2022-09-20
|
|
Buffalo TeraStation Network Attached Storage (NAS) 1.66 - Authentication Bypass
|
23 |
WEB
|
Jordan Glover
|
|
2022-09-15
|
|
Gitea 1.16.6 - Remote Code Execution (RCE) (Metasploit)
|
26 |
WEB
|
samguy
|
|
2022-09-02
|
|
WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
|
25 |
WEB
|
Luqman Hakim Zahari
|
|
2022-09-02
|
|
WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)
|
23 |
WEB
|
Luqman Hakim Zahari
|
|
2022-09-02
|
|
Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass
|
23 |
WEB
|
Aryan Chehreghani
|
|
2022-08-09
|
|
ThingsBoard 3.3.1 'description' - Stored Cross-Site Scripting (XSS)
|
25 |
WEB
|
Steffen Langenfeld
|
|
2022-08-09
|
|
ThingsBoard 3.3.1 'name' - Stored Cross-Site Scripting (XSS)
|
27 |
WEB
|
Steffen Langenfeld
|
|
2022-08-09
|
|
Feehi CMS 2.1.1 - Stored Cross-Site Scripting (XSS)
|
28 |
WEB
|
Shivam Singh
|
|
2022-08-09
|
|
Prestashop blockwishlist module 2.1.0 - SQLi
|
20 |
WEB
|
Karthik UJ
|
|
2022-08-01
|
|
Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)
|
41 |
WEB
|
Emir Polat
|
|
2022-08-01
|
|
NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)
|
30 |
WEB
|
p1ckzi
|
|
2022-08-01
|
|
mPDF 7.0 - Local File Inclusion
|
33 |
WEB
|
Musyoka Ian
|
|
2022-08-01
|
|
CuteEditor for PHP 6.6 - Directory Traversal
|
24 |
WEB
|
Stefan Hesselman
|
|
2022-08-01
|
|
WordPress Plugin Duplicator 1.4.7 - Information Disclosure
|
32 |
WEB
|
SecuriTrust
|
|
2022-08-01
|
|
WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download
|
27 |
WEB
|
SecuriTrust
|
|
2022-08-01
|
|
Wavlink WN530HG4 - Password Disclosure
|
23 |
WEB
|
Ahmed Alroky
|
|
2022-08-01
|
|
Wavlink WN533A8 - Password Disclosure
|
26 |
WEB
|
Ahmed Alroky
|
|
2022-08-01
|
|
Wavlink WN533A8 - Cross-Site Scripting (XSS)
|
25 |
WEB
|
Ahmed Alroky
|
|
2022-07-29
|
|
WordPress Plugin WP-UserOnline 2.87.6 - Stored Cross-Site Scripting (XSS)
|
23 |
WEB
|
Steffin Stanly
|
|
2022-07-29
|
|
Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal
|
20 |
WEB
|
LiquidWorm
|
|
2022-07-29
|
|
Dingtian-DT-R002 3.1.276A - Authentication Bypass
|
22 |
WEB
|
Victor Hanna
|
|
2022-07-29
|
|
Geonetwork 4.2.0 - XML External Entity (XXE)
|
24 |
WEB
|
Amel BOUZIANE-LEBLOND
|
|
2022-07-26
|
|
WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi
|
34 |
WEB
|
nu11secur1ty
|
|
2022-07-21
|
|
OctoBot WebInterface 0.4.3 - Remote Code Execution (RCE)
|
33 |
WEB
|
Samy Younsi
|
|
2022-07-21
|
|
CodoForum v5.1 - Remote Code Execution (RCE)
|
21 |
WEB
|
Krish Pandey
|
|
2022-07-21
|
|
Magnolia CMS 6.2.19 - Stored Cross-Site Scripting (XSS)
|
21 |
WEB
|
Giulio Garzia Ozozuz
|
|
2022-06-27
|
|
Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)
|
24 |
WEB
|
Vulnz
|
|
2022-06-27
|
|
WSO2 Management Console (Multiple Products) - Unauthenticated Reflected Cross-Site Scripting (XSS)
|
28 |
WEB
|
cxosmo
|
|
2022-06-27
|
|
WordPress Plugin Weblizar 8.9 - Backdoor
|
32 |
WEB
|
Sobhan Mahmoodi
|
|
2022-06-14
|
|
SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS)
|
23 |
WEB
|
Ahmed Alroky
|
|
2022-06-14
|
|
SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting (XSS)
|
20 |
WEB
|
Ahmed Alroky
|
|
2022-06-14
|
|
Old Age Home Management System 1.0 - SQLi Authentication Bypass
|
30 |
WEB
|
twseptian
|
|
2022-06-14
|
|
ChurchCRM 4.4.5 - SQLi
|
23 |
WEB
|
nu11secur1ty
|
|
2022-06-14
|
|
phpIPAM 1.4.5 - Remote Code Execution (RCE) (Authenticated)
|
30 |
WEB
|
Guilherme Alves
|
|
2022-06-14
|
|
Pandora FMS v7.0NG.742 - Remote Code Execution (RCE) (Authenticated)
|
25 |
WEB
|
UNICORD
|
|
2022-06-14
|
|
Avantune Genialcloud ProJ 10 - Cross-Site Scripting (XSS)
|
22 |
WEB
|
Andrea Intilangelo
|
|
2022-06-10
|
|
Confluence Data Center 7.18.0 - Remote Code Execution (RCE)
|
23 |
WEB
|
Fellipe Oliveira
|
|
2022-06-10
|
|
WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - Stored Cross-Site Scripting (XSS)
|
35 |
WEB
|
Sanjay Singh
|
|
2022-06-03
|
|
Microweber CMS 1.2.15 - Account Takeover
|
23 |
WEB
|
Manojkumar J
|
|
2022-06-03
|
|
Contao 4.13.2 - Cross-Site Scripting (XSS)
|
26 |
WEB
|
Chetanya Sharma
|
|
2022-05-25
|
|
qdPM 9.1 - Remote Code Execution (RCE) (Authenticated) (v2)
|
22 |
WEB
|
RedHatAugust
|
|
2022-05-23
|
|
m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)
|
29 |
WEB
|
Malte V
|
|
2022-05-23
|
|
OpenCart v3.x Newsletter Module - Blind SQLi
|
25 |
WEB
|
Saud Alenazi
|
|
2022-05-17
|
|
Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
|
23 |
WEB
|
Akshay Ravi
|
|
2022-05-17
|
|
T-Soft E-Commerce 4 - SQLi (Authenticated)
|
25 |
WEB
|
Alperen Ergel
|
|
2022-05-17
|
|
T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
|
27 |
WEB
|
Alperen Ergel
|
|
2022-05-17
|
|
Survey Sparrow Enterprise Survey Software 2022 - Stored Cross-Site Scripting (XSS)
|
20 |
WEB
|
Pankaj Kumar Thakur
|
|
2022-05-12
|
|
TLR-2005KSH - Arbitrary File Delete
|
22 |
WEB
|
Ahmed Alroky
|
|
2022-05-12
|
|
Royal Event Management System 1.0 - 'todate' SQL Injection (Authenticated)
|
26 |
WEB
|
Eren Gozaydin
|
|
2022-05-12
|
|
College Management System 1.0 - 'course_code' SQL Injection (Authenticated)
|
24 |
WEB
|
Eren Gozaydin
|
|
2022-05-11
|
|
TLR-2005KSH - Arbitrary File Upload
|
26 |
WEB
|
Ahmed Alroky
|
|
2022-05-11
|
|
WordPress Plugin stafflist 3.1.2 - SQLi (Authenticated)
|
22 |
WEB
|
Hassan Khan Yusufzai
|
|
2022-05-11
|
|
Joomla Plugin SexyPolling 2.1.7 - SQLi
|
25 |
WEB
|
Wolfgang Hotwagner
|
|
2022-05-11
|
|
WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)
|
30 |
WEB
|
Abisheik M
|
|
2022-05-11
|
|
MyBB 1.8.29 - MyBB 1.8.29 - Remote Code Execution (RCE) (Authenticated)
|
24 |
WEB
|
Altelus
|
|
2022-05-11
|
|
Beehive Forum - Account Takeover
|
19 |
WEB
|
Pablo Santiago
|
|
2022-05-11
|
|
PHProjekt PhpSimplyGest v1.3. - Stored Cross-Site Scripting (XSS)
|
20 |
WEB
|
Andrea Intilangelo
|
|
2022-05-11
|
|
Navigate CMS 2.9.4 - Server-Side Request Forgery (SSRF) (Authenticated)
|
23 |
WEB
|
cheshireca7
|
|
2022-05-11
|
|
Explore CMS 1.0 - SQL Injection
|
21 |
WEB
|
Sajibe Kanti
|
|
2022-05-11
|
|
Anuko Time Tracker - SQLi (Authenticated)
|
23 |
WEB
|
Altelus
|
|
2022-05-11
|
|
e107 CMS v3.2.1 - Multiple Vulnerabilities
|
23 |
WEB
|
Hubert Wojciechowski
|
|
2022-05-11
|
|
Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
|
19 |
WEB
|
Tin Pham
|
|
2022-05-11
|
|
Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)
|
23 |
WEB
|
Tin Pham
|
|
2022-05-11
|
|
CSZ CMS 1.3.0 - 'Multiple' Blind SQLi
|
26 |
WEB
|
Dogukan Dincer
|
|
2022-05-11
|
|
Bitrix24 - Remote Code Execution (RCE) (Authenticated)
|
24 |
WEB
|
heinjame
|
|
2022-05-11
|
|
Magento eCommerce CE v2.3.5-p2 - Blind SQLi
|
23 |
WEB
|
Aydin Naserifard
|
|
2022-05-11
|
|
WordPress Plugin Advanced Uploader 4.2 - Arbitrary File Upload (Authenticated)
|
29 |
WEB
|
Roel van Beurden
|
|
2022-05-11
|
|
WebTareas 2.4 - Blind SQLi (Authenticated)
|
17 |
WEB
|
Behrad Taher
|
|
2022-05-11
|
|
Microfinance Management System 1.0 - 'customer_number' SQLi
|
37 |
WEB
|
Eren Gozaydin
|
|
2022-05-11
|
|
ImpressCMS v1.4.4 - Unrestricted File Upload
|
29 |
WEB
|
Ünsal Furkan Harani
|
|
2022-04-26
|
|
GitLab 14.9 - Stored Cross-Site Scripting (XSS)
|
24 |
WEB
|
Greenwolf
|
|
2022-04-26
|
|
Gitlab 14.9 - Authentication Bypass
|
19 |
WEB
|
Greenwolf
|
|
2022-04-19
|
|
Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF)
|
21 |
WEB
|
Ali J
|
|
2022-04-19
|
|
WordPress Plugin Elementor 3.6.2 - Remote Code Execution (RCE) (Authenticated)
|
29 |
WEB
|
AkuCyberSec
|
|
2022-04-19
|
|
PKP Open Journals System 3.3 - Cross-Site Scripting (XSS)
|
23 |
WEB
|
Hemant Kashyap
|
|
2022-04-19
|
|
REDCap 11.3.9 - Stored Cross Site Scripting
|
19 |
WEB
|
Kendrick Lam
|
|
2022-04-19
|
|
WordPress Plugin Popup Maker 1.16.5 - Stored Cross-Site Scripting (Authenticated)
|
26 |
WEB
|
Roel van Beurden
|
|
2022-04-19
|
|
WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)
|
22 |
WEB
|
UnD3sc0n0c1d0
|
|
2022-04-19
|
|
Scriptcase 9.7 - Remote Code Execution (RCE)
|
20 |
WEB
|
luckyt0mat0
|
|
2022-04-19
|
|
Easy Appointments 1.4.2 - Information Disclosure
|
23 |
WEB
|
Alexandre ZANNI
|
|
2022-04-19
|
|
WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection
|
17 |
WEB
|
Mohsen Dehghani
|
|
2022-04-11
|
|
Razer Sila - Command Injection
|
19 |
WEB
|
Kevin Randall
|
|
2022-04-11
|
|
Razer Sila - Local File Inclusion (LFI)
|
18 |
WEB
|
Kevin Randall
|
|
2022-04-11
|
|
Telesquare TLR-2855KS6 - Arbitrary File Deletion
|
23 |
WEB
|
Momen Eldawakhly
|
|
2022-04-11
|
|
Telesquare TLR-2855KS6 - Arbitrary File Creation
|
24 |
WEB
|
Momen Eldawakhly
|
|
2022-04-11
|
|
SAM SUNNY TRIPOWER 5.0 - Insecure Direct Object Reference (IDOR)
|
25 |
WEB
|
Momen Eldawakhly
|
|
2022-04-07
|
|
ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion
|
22 |
WEB
|
Devansh Bordia
|
|
2022-04-07
|
|
qdPM 9.2 - Cross-site Request Forgery (CSRF)
|
22 |
WEB
|
Chetanya Sharma
|
|
2022-04-07
|
|
minewebcms 1.15.2 - Cross-site Scripting (XSS)
|
21 |
WEB
|
Chetanya Sharma
|
|
2022-04-07
|
|
KLiK Social Media Website 1.0 - 'Multiple' SQLi
|
22 |
WEB
|
corpse
|
|
2022-04-07
|
|
Zenario CMS 9.0.54156 - Remote Code Execution (RCE) (Authenticated)
|
25 |
WEB
|
minhnq22
|
|
2022-03-30
|
|
WordPress Plugin Easy Cookie Policy 1.6.2 - Broken Access Control to Stored XSS
|
21 |
WEB
|
0xB9
|
|
2022-03-30
|
|
CSZ CMS 1.2.9 - 'Multiple' Blind SQLi(Authenticated)
|
26 |
WEB
|
Rahad Chowdhury
|
|
2022-03-30
|
|
WordPress Plugin admin-word-count-column 2.2 - Local File Read
|
22 |
WEB
|
Hassan Khan Yusufzai
|
|
2022-03-30
|
|
WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion
|
22 |
WEB
|
Hassan Khan Yusufzai
|
|
2022-03-30
|
|
WordPress Plugin cab-fare-calculator 1.0.3 - Local File Inclusion
|
17 |
WEB
|
Hassan Khan Yusufzai
|
|
2022-03-30
|
|
WordPress Plugin Curtain 1.0.2 - Cross-site Request Forgery (CSRF)
|
23 |
WEB
|
Hassan Khan Yusufzai
|
|
2022-03-30
|
|
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)
|
24 |
WEB
|
Milad karimi
|
|
2022-03-30
|
|
Atom CMS 2.0 - Remote Code Execution (RCE)
|
26 |
WEB
|
Ashish Koli
|
|
2022-03-30
|
|
ImpressCMS 1.4.2 - Remote Code Execution (RCE)
|
23 |
WEB
|
Egidio Romano
|
|
2022-03-23
|
|
WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated
|
22 |
WEB
|
Hassan Khan Yusufzai
|
|
2022-03-22
|
|
ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Takeover
|
23 |
WEB
|
Devansh Bordia
|
|
2022-03-21
|
|
Wordpress Plugin iQ Block Country 1.2.13 - Arbitrary File Deletion via Zip Slip (Authenticated)
|
19 |
WEB
|
Ceylan BOZOĞULLARINDAN
|
|
2022-03-16
|
|
Tiny File Manager 2.4.6 - Remote Code Execution (RCE)
|
27 |
WEB
|
FEBIN MON SAJI
|
|
2022-03-16
|
|
Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated)
|
30 |
WEB
|
Ashish Koli
|
|
2022-03-16
|
|
Moodle 3.11.5 - SQLi (Authenticated)
|
21 |
WEB
|
Chris Anastasio
|
|
2022-03-14
|
|
Baixar GLPI Project 9.4.6 - SQLi
|
22 |
WEB
|
Prof. Joas Antonio
|
|
2022-03-10
|
|
Zabbix 5.0.17 - Remote Code Execution (RCE) (Authenticated)
|
22 |
WEB
|
Hussien Misbah
|
|
2022-03-09
|
|
Webmin 1.984 - Remote Code Execution (Authenticated)
|
24 |
WEB
|
faisalfs10x
|
|
2022-03-07
|
|
Hasura GraphQL 2.2.0 - Information Disclosure
|
24 |
WEB
|
Dolev Farhi
|
|
2022-03-07
|
|
Attendance and Payroll System v1.0 - SQLi Authentication Bypass
|
24 |
WEB
|
pr0z
|
|
2022-03-07
|
|
Attendance and Payroll System v1.0 - Remote Code Execution (RCE)
|
28 |
WEB
|
pr0z
|
|
2022-03-07
|
|
part-db 0.5.11 - Remote Code Execution (RCE)
|
27 |
WEB
|
Chetanya Sharma
|
|
2022-03-07
|
|
Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE)
|
27 |
WEB
|
Carlos E. Vieira
|
|
2022-03-02
|
|
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (XSS)
|
24 |
WEB
|
Momen Eldawakhly
|
|
2022-03-02
|
|
Xerte 3.9 - Remote Code Execution (RCE) (Authenticated)
|
24 |
WEB
|
Rik Lutz
|
|
2022-03-02
|
|
Xerte 3.10.3 - Directory Traversal (Authenticated)
|
26 |
WEB
|
Rik Lutz
|
|
2022-02-28
|
|
Casdoor 1.13.0 - SQL Injection (Unauthenticated)
|
22 |
WEB
|
Mayank Deshmukh
|
|
2022-02-28
|
|
Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
24 |
WEB
|
Ghuliev
|
|
2022-02-23
|
|
Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)
|
27 |
WEB
|
Talha Karakumru
|
|
2022-02-23
|
|
WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
|
24 |
WEB
|
Antonio Cuomo
|
|
2022-02-23
|
|
WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated)
|
28 |
WEB
|
Antonio Cuomo
|
|
2022-02-23
|
|
Student Record System 1.0 - 'cid' SQLi (Authenticated)
|
25 |
WEB
|
Mohd. Anees
|
|
2022-02-23
|
|
aaPanel 6.8.21 - Directory Traversal (Authenticated)
|
20 |
WEB
|
Ghuliev
|
