| 2024-08-29 |
[dos] Windows TCP/IP - RCE Checker and Denial of Service |
|
|
| 2024-08-29 |
[webapps] Gitea 1.22.0 - Stored XSS |
|
|
| 2024-08-29 |
[webapps] Invesalius3 - Remote Code Execution |
|
|
| 2024-08-29 |
[webapps] NoteMark < 0.13.0 - Stored XSS |
|
|
| 2024-08-24 |
[webapps] HughesNet HT2000W Satellite Modem - Password Reset |
|
|
| 2024-08-24 |
[webapps] Aurba 501 - Authenticated RCE |
|
|
| 2024-08-24 |
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass |
|
|
| 2024-08-24 |
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass |
|
|
| 2024-08-24 |
[webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config |
|
|
| 2024-08-24 |
[webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure |
|
|
| 2024-08-23 |
[webapps] Calibre-web 0.6.21 - Stored XSS |
|
|
| 2024-08-23 |
[webapps] Helpdeskz v2.0.2 - Stored XSS |
|
|
| 2024-08-04 |
[webapps] Ivanti vADC 9.9 - Authentication Bypass |
|
|
| 2024-08-04 |
[local] Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path |
|
|
| 2024-08-04 |
[local] Oracle Database 12c Release 1 - Unquoted Service Path |
|
|
| 2024-08-04 |
[local] SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path |
|
|
| 2024-08-04 |
[webapps] Devika v1 - Path Traversal via 'snapshot_path' |
|
|
| 2024-07-17 |
[local] Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation |
|
|
| 2024-07-01 |
[webapps] Azon Dominator Affiliate Marketing Script - SQL Injection |
|
|
| 2024-07-01 |
[webapps] Microweber 2.0.15 - Stored XSS |
|
|
| 2024-07-01 |
[webapps] Xhibiter NFT Marketplace 1.10.2 - SQL Injection |
|
|
| 2024-07-01 |
[webapps] Customer Support System 1.0 - Stored XSS |
|
|
| 2024-06-26 |
[webapps] Poultry Farm Management System v1.0 - Remote Code Execution (RCE) |
|
|
| 2024-06-26 |
[webapps] Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated) |
|
|
| 2024-06-26 |
[webapps] SolarWinds Platform 2024.1 SR1 - Race Condition |
|
|
| 2024-06-26 |
[webapps] Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS) |
|
|
| 2024-06-14 |
[webapps] WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated) |
|
|
| 2024-06-14 |
[remote] Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit) |
|
|
| 2024-06-14 |
[webapps] ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated) |
|
|
| 2024-06-14 |
[webapps] Boelter Blue System Management 1.3 - SQL Injection |
|
|
| 2024-06-14 |
[webapps] Rebar3 3.13.2 - Command Injection |
|
|
| 2024-06-14 |
[webapps] AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS) |
|
|
| 2024-06-14 |
[webapps] AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability. |
|
|
| 2024-06-14 |
[webapps] Carbon Forum 5.9.0 - Stored XSS |
|
|
| 2024-06-14 |
[webapps] XMB 1.9.12.06 - Stored XSS |
|
|
| 2024-06-14 |
[webapps] AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE) |
|
|
| 2024-06-14 |
[webapps] PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows) |
|
|
| 2024-06-03 |
[webapps] CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated) |
|
|
| 2024-06-03 |
[webapps] Dotclear 2.29 - Remote Code Execution (RCE) |
|
|
| 2024-06-03 |
[webapps] Monstra CMS 3.0.4 - Remote Code Execution (RCE) |
|
|
| 2024-06-03 |
[webapps] WBCE CMS v1.6.2 - Remote Code Execution (RCE) |
|
|
| 2024-06-03 |
[webapps] appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated) |
|
|
| 2024-06-03 |
[webapps] Sitefinity 15.0 - Cross-Site Scripting (XSS) |
|
|
| 2024-06-03 |
[webapps] Serendipity 2.5.0 - Remote Code Execution (RCE) |
|
|
| 2024-06-01 |
[webapps] FreePBX 16 - Remote Code Execution (RCE) (Authenticated) |
|
|
| 2024-06-01 |
[webapps] Akaunting 3.1.8 - Server-Side Template Injection (SSTI) |
|
|
| 2024-06-01 |
[remote] Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure |
|
|
| 2024-06-01 |
[remote] ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access |
|
|
| 2024-06-01 |
[webapps] Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated) |
|
|
| 2024-05-31 |
[webapps] Aquatronica Control System 5.1.6 - Information Disclosure |
|
|
| 2024-05-31 |
[webapps] BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection |
|
|
| 2024-05-31 |
[webapps] iMLog < 1.307 - Persistent Cross Site Scripting (XSS) |
|
|
| 2024-05-31 |
[webapps] ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated) |
|
|
| 2024-05-31 |
[webapps] changedetection < 0.45.20 - Remote Code Execution (RCE) |
|
|
| 2024-05-31 |
[webapps] Check Point Security Gateway - Information Disclosure (Unauthenticated) |
|
|
| 2024-05-19 |
[webapps] Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS) |
|
|
| 2024-05-19 |
[webapps] Wordpress Theme XStore 9.3.8 - SQLi |
|
|
| 2024-05-19 |
[webapps] Apache OFBiz 18.12.12 - Directory Traversal |
|
|
| 2024-05-19 |
[webapps] Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE) |
|
|
| 2024-05-19 |
[webapps] PopojiCMS 2.0.1 - Remote Command Execution (RCE) |
|
|
| 2024-05-19 |
[webapps] htmlLawed 1.2.5 - Remote Code Execution (RCE) |
|
|
| 2024-05-14 |
[webapps] PyroCMS v3.0.1 - Stored XSS |
|
|
| 2024-05-14 |
[remote] CrushFTP < 11.1.0 - Directory Traversal |
|
|
| 2024-05-14 |
[webapps] Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS) |
|
|
| 2024-05-14 |
[webapps] Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS) |
|
|
| 2024-05-14 |
[webapps] CE Phoenix Version 1.0.8.20 - Stored XSS |
|
|
| 2024-05-14 |
[webapps] Prison Management System - SQL Injection Authentication Bypass |
|
|
| 2024-05-14 |
[webapps] Apache mod_proxy_cluster - Stored XSS |
|
|
| 2024-05-14 |
[local] Plantronics Hub 3.25.1 - Arbitrary File Read |
|
|
| 2024-05-09 |
[webapps] Clinic Queuing System 1.0 - RCE |
|
|
| 2024-05-09 |
[webapps] iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS) |
|
|
| 2024-05-05 |
[webapps] Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass |
|
|
| 2024-05-05 |
[webapps] Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure |
|
|
| 2024-05-05 |
[webapps] Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass |
|
|
| 2024-05-05 |
[webapps] Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure |
|
|
| 2024-05-05 |
[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass |
|
|
| 2024-05-05 |
[webapps] Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure |
|
|
| 2024-04-22 |
[webapps] Laravel Framework 11 - Credential Leakage |
|
|
| 2024-04-22 |
[webapps] SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated) |
|
|
| 2024-04-22 |
[webapps] Flowise 1.6.5 - Authentication Bypass |
|
|
| 2024-04-21 |
[remote] Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation |
|
|
| 2024-04-21 |
[webapps] FlatPress v1.3 - Remote Command Execution |
|
|
| 2024-04-21 |
[webapps] Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution |
|
|
| 2024-04-15 |
[webapps] djangorestframework-simplejwt 5.3.1 - Information Disclosure |
|
|
| 2024-04-15 |
[webapps] Jenkins 2.441 - Local File Inclusion |
|
|
| 2024-04-15 |
[webapps] OpenClinic GA 5.247.01 - Information Disclosure |
|
|
| 2024-04-15 |
[webapps] OpenClinic GA 5.247.01 - Path Traversal (Authenticated) |
|
|
| 2024-04-14 |
[webapps] Stock Management System v1.0 - Unauthenticated SQL Injection |
|
|
| 2024-04-14 |
[webapps] Online Fire Reporting System OFRS - SQL Injection Authentication Bypass |
|
|
| 2024-04-14 |
[webapps] BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE |
|
|
| 2024-04-14 |
[webapps] Savsoft Quiz v6.0 Enterprise - Stored XSS |
|
|
| 2024-04-13 |
[webapps] Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS) |
|
|
| 2024-04-13 |
[webapps] PopojiCMS Version 2.0.1 - Remote Command Execution |
|
|
| 2024-04-13 |
[local] PrusaSlicer 2.6.1 - Arbitrary code execution |
|
|
| 2024-04-13 |
[webapps] Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter |
|
|
| 2024-04-13 |
[webapps] WBCE 1.6.0 - Unauthenticated SQL injection |
|
|
| 2024-04-13 |
[webapps] WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated) |
|
|
| 2024-04-12 |
[webapps] Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS) |
|
|
| 2024-04-12 |
[webapps] HTMLy Version v2.9.6 - Stored XSS |
|
|
| 2024-04-12 |
[local] Terratec dmx_6fire USB - Unquoted Service Path |
|
|
