Exploit Web Applications 2021

Exploit Web Applications 2021() -

Web Applications H 2023 2022 2021 2020 2019 2018

2021-12-20	Exponent CMS 2.6 - Multiple Vulnerabilities	WebApps	PHP
2021-12-20	phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-12-20	WBCE CMS 1.5.1 - Admin Password Reset	WebApps	PHP
2021-12-16	Arunna 1.0.0 - 'Multiple' Cross-Site Request Forgery (CSRF)	WebApps	PHP
2021-12-16	Croogo 3.0.2 - 'Multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-12-16	Croogo 3.0.2 - Unrestricted File Upload	WebApps	PHP
2021-12-16	Cibele Thinfinity VirtualUI 2.5.41.0 - User Enumeration	WebApps	Multiple
2021-12-14	Online Thesis Archiving System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-12-14	meterN v1.2.3 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-12-14	Zucchetti Axess CLOKI Access Control 1.64 - Cross Site Request Forgery (CSRF)	WebApps	Hardware
2021-12-14	Booked Scheduler 2.7.5 - Remote Command Execution (RCE) (Authenticated)	WebApps	PHP
2021-12-14	WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)	WebApps	PHP
2021-12-13	WebHMI 4.0 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-12-10	Free School Management Software 1.0 - Remote Code Execution (RCE)	WebApps	PHP
2021-12-10	Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-12-10	OpenCATS 0.9.4 - Remote Code Execution (RCE)	WebApps	PHP
2021-12-09	Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting (XSS)	WebApps	PHP
2021-12-09	Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass	WebApps	PHP
2021-12-09	Grafana 8.3.0 - Directory Traversal and Arbitrary File Read	WebApps	Multiple
2021-12-09	Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-12-09	Student Management System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-12-09	TestLink 1.19 - Arbitrary File Download (Unauthenticated)	WebApps	PHP
2021-12-09	LimeSurvey 5.2.4 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-12-09	Chikitsa Patient Management System 2.0.2 - 'backup' Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-12-09	Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-12-06	Croogo 3.0.2 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-12-03	WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated)	WebApps	PHP
2021-12-03	WordPress Plugin Slider by Soliloquy 2.6.2 - 'title' Stored Cross Site Scripting (XSS) (Authenticated)	WebApps	PHP
2021-12-03	WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion (LFI)	WebApps	PHP
2021-12-03	Online Magazine Management System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-12-03	Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-12-01	Online Enrollment Management System in PHP and PayPal 1.0 - 'U_NAME' Stored Cross-Site Scripting	WebApps	PHP
2021-11-30	Laundry Booking Management System 1.0 - Remote Code Execution (RCE)	WebApps	PHP
2021-11-29	opencart 3.0.3.8 - Sessjion Injection	WebApps	PHP
2021-11-29	orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting (XSS) (Authenticated)	WebApps	Multiple
2021-11-29	orangescrum 1.8.0 - 'Multiple' SQL Injection (Authenticated)	WebApps	Multiple
2021-11-29	orangescrum 1.8.0 - Privilege escalation (Authenticated)	WebApps	Multiple
2021-11-26	Bagisto 1.3.3 - Client-Side Template Injection	WebApps	Multiple
2021-11-24	CMSimple 5.4 - Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)	WebApps	PHP
2021-11-23	FLEX 1085 Web 1.6.0 - HTML Injection	WebApps	Multiple
2021-11-23	Bus Pass Management System 1.0 - 'Search' SQL injection	WebApps	PHP
2021-11-23	Webrun 3.6.0.42 - 'P_0' SQL Injection	WebApps	Multiple
2021-11-23	Wordpress Plugin WP Guppy 1.1 - WP-JSON API Sensitive Information Disclosure	WebApps	PHP
2021-11-22	Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection	WebApps	PHP
2021-11-17	Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload	WebApps	PHP
2021-11-17	GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	Ruby
2021-11-17	SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)	WebApps	PHP
2021-11-17	Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)	WebApps	PHP
2021-11-17	Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)	WebApps	PHP
2021-11-16	CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)	WebApps	Multiple
2021-11-16	Online Learning System 2.0 - Remote Code Execution (RCE)	WebApps	PHP
2021-11-15	PHP Laravel 8.70.1 - Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)	WebApps	PHP
2021-11-15	WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)	WebApps	PHP
2021-11-15	Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)	WebApps	PHP
2021-11-15	Simple Subscription Website 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-11-15	KONGA 0.14.9 - Privilege Escalation	WebApps	Multiple
2021-11-15	WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting (XSS)	WebApps	PHP
2021-11-12	Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)	WebApps	Multiple
2021-11-12	WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-12	WordPress Plugin WP Symposium Pro 2021.10 - 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-11	FormaLMS 2.4.4 - Authentication Bypass	WebApps	Multiple
2021-11-11	Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)	WebApps	Multiple
2021-11-11	YeaLink SIP-TXXXP 53.84.0.15 - 'cmd' Command Injection (Authenticated)	WebApps	Hardware
2021-11-10	Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-10	Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-08	FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-11-08	WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion	WebApps	PHP
2021-11-08	Froxlor 0.10.29.1 - SQL Injection (Authenticated)	WebApps	PHP
2021-11-08	Money Transfer Management System 1.0 - Authentication Bypass	WebApps	PHP
2021-11-08	Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)	WebApps	PHP
2021-11-08	Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-08	Simple Client Management System 1.0 - SQLi (Authentication Bypass)	WebApps	PHP
2021-11-05	ImportExportTools NG 10.0.4 - HTML Injection	WebApps	Multiple
2021-11-05	Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-04	Opencart 3 Extension TMD Vendor System - Blind SQL Injection	WebApps	PHP
2021-11-03	Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-03	Vanguard 2.1 - 'Search' Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-03	Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)	WebApps	Multiple
2021-11-03	Mult-e-Cart Ultimate 2.4 - 'id' SQL Injection	WebApps	PHP
2021-11-03	PHP Melody 3.0 - Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-03	PHP Melody 3.0 - 'vid' SQL Injection	WebApps	PHP
2021-11-03	PHP Melody 3.0 - 'Multiple' Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-03	Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)	WebApps	Hardware
2021-11-03	Simplephpscripts Simple CMS 2.1 - 'Multiple' SQL Injection	WebApps	PHP
2021-11-03	Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-03	OpenAM 13.0 - LDAP Injection	WebApps	Java
2021-11-03	WordPress Plugin Popup Anything 2.0.3 - 'Multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-03	Eclipse Jetty 11.0.5 - Sensitive File Disclosure	WebApps	Java
2021-11-03	Fuel CMS 1.4.1 - Remote Code Execution (3)	WebApps	PHP
2021-11-03	WordPress Plugin Hotel Listing 3 - 'Multiple' Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-03	PHPJabbers Simple CMS 5 - 'name' Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-11-02	Codiad 2.8.4 - Remote Code Execution (Authenticated) (4)	WebApps	Multiple
2021-11-02	i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw	WebApps	Multiple
2021-11-02	Ericsson Network Location MPS GMPC21 - Privilege Escalation (Metasploit)	WebApps	Multiple
2021-11-02	Ericsson Network Location MPS GMPC21 - Remote Code Execution (RCE) (Metasploit)	WebApps	Multiple
2021-11-02	Employee Record Management System 1.2 - 'empid' SQL injection (Unauthenticated)	WebApps	PHP
2021-10-29	Movable Type 7 r.5002 - XMLRPC API OS Command Injection (Metasploit)	WebApps	CGI
2021-10-29	WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS)	WebApps	Multiple
2021-10-29	Umbraco v8.14.1 - 'baseUrl' SSRF	WebApps	ASPX
2021-10-28	PHPGurukul Hostel Management System 2.1 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)	WebApps	PHP
2021-10-28	WordPress Plugin Supsystic Contact Form 1.7.18 - 'label' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-26	WordPress Plugin Filterable Portfolio Gallery 1.0 - 'title' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-25	phpMyAdmin 4.8.1 - Remote Code Execution (RCE)	WebApps	PHP
2021-10-25	Wordpress 4.9.6 - Arbitrary File Deletion (Authenticated) (2)	WebApps	PHP
2021-10-25	WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-25	WordPress Plugin Media-Tags 3.2.0.2 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-25	Engineers Online Portal 1.0 - 'id' SQL Injection	WebApps	PHP
2021-10-25	Engineers Online Portal 1.0 - 'multiple' Authentication Bypass	WebApps	PHP
2021-10-25	Engineers Online Portal 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-25	Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-25	Balbooa Joomla Forms Builder 2.0.6 - SQL Injection (Unauthenticated)	WebApps	PHP
2021-10-25	Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2)	WebApps	Multiple
2021-10-25	Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated)	WebApps	ASP
2021-10-25	Engineers Online Portal 1.0 - File Upload Remote Code Execution (RCE)	WebApps	PHP
2021-10-25	WordPress Plugin TaxoPress 3.0.7.1 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2021-10-25	Hikvision Web Server Build 210702 - Command Injection	WebApps	Hardware
2021-10-22	Online Course Registration 1.0 - Blind Boolean-Based SQL Injection (Authenticated)	WebApps	PHP
2021-10-22	Clinic Management System 1.0 - SQL injection to Remote Code Execution	WebApps	PHP
2021-10-22	Jetty 9.4.37.v20210219 - Information Disclosure	WebApps	Java
2021-10-21	Easy Chat Server 3.1 - Directory Traversal and Arbitrary File Read	WebApps	Windows
2021-10-21	Small CRM 3.0 - 'description' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-20	Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation	WebApps	PHP
2021-10-20	SonicWall SMA 10.2.1.0-17sv - Password Reset	WebApps	Hardware
2021-10-19	Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)	WebApps	PHP
2021-10-19	myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting (XSS)	WebApps	Multiple
2021-10-19	WordPress Theme Enfold 4.8.3 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-18	Plastic SCM 10.0.16.5622 - WebAdmin Server Access	WebApps	Multiple
2021-10-18	Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF)	WebApps	PHP
2021-10-18	Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-18	Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)	WebApps	Hardware
2021-10-18	Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure	WebApps	Hardware
2021-10-18	Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-18	Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read	WebApps	PHP
2021-10-18	Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-15	i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)	WebApps	PHP
2021-10-14	TextPattern CMS 4.8.7 - Remote Command Execution (RCE) (Authenticated)	WebApps	PHP
2021-10-13	Sonicwall SonicOS 7.0 - Host Header Injection	WebApps	Hardware
2021-10-13	Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)	WebApps	Multiple
2021-10-13	Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-13	Simple Issue Tracker System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-10-13	Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass	WebApps	PHP
2021-10-13	Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)	WebApps	PHP
2021-10-13	Apache HTTP Server 2.4.50 - Path Traversal & Remote Code Execution (RCE)	WebApps	Multiple
2021-10-13	Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)	WebApps	Java
2021-10-13	Company's Recruitment Management System 1.0 - 'Multiple' SQL Injection (Unauthenticated)	WebApps	PHP
2021-10-13	Simple Payroll System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-10-08	Loan Management System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-10-08	Online Employees Work From Home Attendance System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-10-08	Online Enrollment Management System 1.0 - Authentication Bypass	WebApps	PHP
2021-10-08	Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection	WebApps	PHP
2021-10-08	Simple Online College Entrance Exam System 1.0 - Account Takeover	WebApps	PHP
2021-10-08	Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation	WebApps	PHP
2021-10-08	WordPress Plugin Pie Register 3.7.1.4 - Admin Privilege Escalation (Unauthenticated)	WebApps	PHP
2021-10-08	Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-10-08	django-unicorn 0.35.3 - Stored Cross-Site Scripting (XSS)	WebApps	Python
2021-10-08	Online Traffic Offense Management System 1.0 - Privilage escalation (Unauthenticated)	WebApps	PHP
2021-10-08	IFSC Code Finder Project 1.0 - SQL injection (Unauthenticated)	WebApps	PHP
2021-10-07	Simple Online College Entrance Exam System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-10-07	Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)	WebApps	PHP
2021-10-07	Online Traffic Offense Management System 1.0 - Multiple XSS (Unauthenticated)	WebApps	PHP
2021-10-07	Online Traffic Offense Management System 1.0 - Multiple SQL Injection (Unauthenticated)	WebApps	PHP
2021-10-07	Online DJ Booking Management System 1.0 - 'Multiple' Blind Cross-Site Scripting	WebApps	PHP
2021-10-06	Apache HTTP Server 2.4.49 - Path Traversal & Remote Code Execution (RCE)	WebApps	Multiple
2021-10-06	Wordpress Plugin BulletProof Security 5.1 - Sensitive Information Disclosure	WebApps	PHP
2021-10-06	Odine Solutions GateKeeper 1.0 - 'trafficCycle' SQL Injection	WebApps	Multiple
2021-10-06	Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read	WebApps	Multiple
2021-10-05	Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload	WebApps	PHP
2021-10-05	Wordpress Plugin TheCartPress 1.5.3.6 - Privilege Escalation (Unauthenticated)	WebApps	PHP
2021-10-05	Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read	WebApps	Java
2021-10-05	Student Quarterly Grading System 1.0 - SQLi Authentication Bypass	WebApps	PHP
2021-10-04	Young Entrepreneur E-Negosyo System 1.0 - 'PRODESC' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-10-04	Young Entrepreneur E-Negosyo System 1.0 - SQL Injection Authentication Bypass	WebApps	PHP
2021-10-04	Open Game Panel - Remote Code Execution (RCE) (Authenticated)	WebApps	Multiple
2021-10-04	Lodging Reservation Management System 1.0 - Authentication Bypass	WebApps	PHP
2021-10-04	Payara Micro Community 5.2021.6 - Directory Traversal	WebApps	Multiple
2021-10-01	Directory Management System 1.0 - SQL Injection Authentication Bypass	WebApps	PHP
2021-10-01	CMSimple_XH 1.7.4 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-10-01	WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2021-10-01	Dairy Farm Shop Management System 1.0 - SQL Injection Authentication Bypass	WebApps	PHP
2021-10-01	Vehicle Service Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-10-01	Phpwcms 1.9.30 - Arbitrary File Upload	WebApps	PHP
2021-10-01	Blood Bank System 1.0 - Authentication Bypass	WebApps	PHP
2021-10-01	Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation	WebApps	PHP
2021-10-01	Exam Form Submission System 1.0 - SQL Injection Authentication Bypass	WebApps	PHP
2021-09-30	Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection (SQLi)	WebApps	PHP
2021-09-30	Cmsimple 5.4 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-09-30	Cyber Cafe Management System Project (CCMS) 1.0 - SQL Injection Authentication Bypass	WebApps	PHP
2021-09-29	Pet Shop Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-09-29	OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-29	WordPress Plugin Redirect 404 to Parent 1.3.0 - Reflected Cross-Site Scripting	WebApps	PHP
2021-09-29	WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-29	Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-09-28	WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-28	WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-28	WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-28	WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2021-09-28	FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation	WebApps	Hardware
2021-09-28	FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)	WebApps	Hardware
2021-09-28	FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)	WebApps	Hardware
2021-09-28	FatPipe Networks WARP 10.2.2 - Authorization Bypass	WebApps	Hardware
2021-09-28	FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)	WebApps	Hardware
2021-09-27	Library System 1.0 - 'student_id' SQL injection (Authenticated)	WebApps	PHP
2021-09-27	WordPress Plugin Wappointment 2.2.4 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-24	Pharmacy Point of Sale System 1.0 - SQLi Authentication BYpass	WebApps	PHP
2021-09-24	SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure	WebApps	ASPX
2021-09-23	Police Crime Record Management Project 1.0 - Time Based SQLi	WebApps	PHP
2021-09-23	Budget and Expense Tracker System 1.0 - Arbitrary File Upload	WebApps	PHP
2021-09-23	WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)	WebApps	PHP
2021-09-23	WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-23	Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery (CSRF)	WebApps	PHP
2021-09-23	Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload	WebApps	PHP
2021-09-23	Gurock Testrail 7.2.0.3014 - 'files.md5' Improper Access Control	WebApps	Multiple
2021-09-22	Online Reviewer System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-09-22	Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)	WebApps	Python
2021-09-22	Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)	WebApps	Multiple
2021-09-22	OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)	WebApps	PHP
2021-09-22	e107 CMS 2.3.0 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-09-22	Filerun 2021.03.26 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-09-22	Simple Attendance System 1.0 - Unauthenticated Blind SQLi	WebApps	PHP
2021-09-21	WebsiteBaker 2.13.0 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-09-21	Budget and Expense Tracker System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-09-20	Budget and Expense Tracker System 1.0 - Authenticated Bypass	WebApps	PHP
2021-09-20	Church Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-09-20	Online Food Ordering System 2.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-09-20	WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated)	WebApps	PHP
2021-09-20	Church Management System 1.0 - 'search' SQL Injection (Unauthenticated)	WebApps	PHP
2021-09-20	T-Soft E-Commerce 4 - change 'admin credentials' Cross-Site Request Forgery (CSRF)	WebApps	Multiple
2021-09-17	Simple Attendance System 1.0 - Authenticated bypass	WebApps	PHP
2021-09-17	Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)	WebApps	PHP
2021-09-17	WordPress Plugin WooCommerce Booster Plugin 5.4.3 - Authentication Bypass	WebApps	PHP
2021-09-16	ImpressCMS 1.4.2 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-09-15	AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-09-15	Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-09-15	Seowon 130-SLC router - 'queriesCnt' Remote Code Execution (Unauthenticated)	WebApps	Hardware
2021-09-15	Support Board 3.3.3 - 'Multiple' SQL Injection (Unauthenticated)	WebApps	PHP
2021-09-14	Purchase Order Management System 1.0 - Remote File Upload	WebApps	PHP
2021-09-13	Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection	WebApps	PHP
2021-09-13	Wordpress Plugin Download From Files 1.48 - Arbitrary File Upload	WebApps	PHP
2021-09-13	ECOA Building Automation System - Arbitrary File Deletion	WebApps	Hardware
2021-09-13	ECOA Building Automation System - Local File Disclosure	WebApps	Hardware
2021-09-13	ECOA Building Automation System - Remote Privilege Escalation	WebApps	Hardware
2021-09-13	ECOA Building Automation System - Configuration Download Information Disclosure	WebApps	Hardware
2021-09-13	ECOA Building Automation System - Cookie Poisoning Authentication Bypass	WebApps	Hardware
2021-09-13	ECOA Building Automation System - 'multiple' Cross-Site Request Forgery (CSRF)	WebApps	Hardware
2021-09-13	ECOA Building Automation System - Directory Traversal Content Disclosure	WebApps	Hardware
2021-09-13	ECOA Building Automation System - Path Traversal Arbitrary File Upload	WebApps	Hardware
2021-09-13	ECOA Building Automation System - Weak Default Credentials	WebApps	Hardware
2021-09-13	Men Salon Management System 1.0 - Multiple Vulnerabilities	WebApps	PHP
2021-09-09	Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-08	WordPress Plugin TablePress 1.14 - CSV Injection	WebApps	PHP
2021-09-07	WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection (2)	WebApps	PHP
2021-09-07	WordPress Plugin WP Sitemap Page 1.6.4 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-06	Antminer Monitor 0.5.0 - Authentication Bypass	WebApps	Multiple
2021-09-06	Patient Appointment Scheduler System 1.0 - Persistent Cross-Site Scripting	WebApps	PHP
2021-09-06	Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload	WebApps	PHP
2021-09-06	Bus Pass Management System 1.0 - 'viewid' Insecure direct object references (IDOR)	WebApps	PHP
2021-09-06	FlatCore CMS 2.0.7 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-09-06	OpenEMR 6.0.0 - 'noteid' Insecure Direct Object Reference (IDOR)	WebApps	PHP
2021-09-03	OpenSIS 8.0 'modname' - Directory Traversal	WebApps	PHP
2021-09-02	WordPress Plugin Duplicate Page 4.4.1 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-09-02	WPanel 4.3.1 - Remote Code Execution (RCE) (Authenticated)	WebApps	Multiple
2021-09-02	Compro Technology IP Camera - ' mjpegStreamer.cgi' Screenshot Disclosure	WebApps	Hardware
2021-09-02	Compro Technology IP Camera - ' index_MJpeg.cgi' Stream Disclosure	WebApps	Hardware
2021-09-02	Compro Technology IP Camera - 'Multiple' Credential Disclosure	WebApps	Hardware
2021-09-02	Compro Technology IP Camera - RTSP stream disclosure (Unauthenticated)	WebApps	Hardware
2021-09-02	Compro Technology IP Camera - 'killps.cgi' Denial of Service (DoS)	WebApps	Hardware
2021-09-02	OpenSIS Community 8.0 - 'cp_id_miss_attn' SQL Injection	WebApps	PHP
2021-09-02	Dolibarr ERP 14.0.1 - Privilege Escalation	WebApps	PHP
2021-09-01	WordPress Plugin Payments Plugin \| GetPaid 2.4.6 - HTML Injection	WebApps	PHP
2021-09-01	Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-09-01	Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)	WebApps	Java
2021-08-31	WordPress Plugin ProfilePress 3.1.3 - Privilege Escalation (Unauthenticated)	WebApps	PHP
2021-08-31	Umbraco CMS 8.9.1 - Directory Traversal	WebApps	ASPX
2021-08-30	Projectsend r1295 - 'name' Stored XSS	WebApps	PHP
2021-08-30	Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	Multiple
2021-08-30	Strapi 3.0.0-beta.17.7 - Remote Code Execution (RCE) (Authenticated)	WebApps	Multiple
2021-08-30	Strapi 3.0.0-beta - Set Password (Unauthenticated)	WebApps	Multiple
2021-08-30	Bus Pass Management System 1.0 - 'viewid' SQL Injection	WebApps	PHP
2021-08-30	Usermin 1.820 - Remote Code Execution (RCE) (Authenticated)	WebApps	Linux
2021-08-30	ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated)	WebApps	Multiple
2021-08-27	COMMAX UMS Client ActiveX Control 1.7.0.2 - 'CNC_Ctrl.dll' Heap Buffer Overflow	WebApps	Hardware
2021-08-27	COMMAX WebViewer ActiveX Control 2.1.4.5 - 'Commax_WebViewer.ocx' Buffer Overflow	WebApps	Hardware
2021-08-27	CyberPanel 2.1 - Remote Code Execution (RCE) (Authenticated)	WebApps	Multiple
2021-08-26	ProcessMaker 3.5.4 - Local File inclusion	WebApps	Multiple
2021-08-25	Online Leave Management System 1.0 - Arbitrary File Upload to Shell (Unauthenticated)	WebApps	PHP
2021-08-25	HP OfficeJet 4630/7110 MYM1FN2025AR/2117A - Stored Cross-Site Scripting (XSS)	WebApps	Hardware
2021-08-25	WordPress Plugin Mail Masta 1.0 - Local File Inclusion (2)	WebApps	PHP
2021-08-23	RaspAP 2.6.6 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-08-23	Simple Phone Book 1.0 - 'Username' SQL Injection (Unauthenticated)	WebApps	PHP
2021-08-23	Online Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-08-20	Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-08-20	Laundry Booking Management System 1.0 - 'Multiple' SQL Injection	WebApps	PHP
2021-08-20	Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)	WebApps	PHP
2021-08-19	Charity Management System CMS 1.0 - Multiple Vulnerabilities	WebApps	PHP
2021-08-18	crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow	Remote	Linux
2021-08-18	COVID19 Testing Management System 1.0 - 'Multiple' SQL Injections	WebApps	PHP
2021-08-18	Simple Image Gallery 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-08-18	Crime records Management System 1.0 - 'Multiple' SQL Injection (Authenticated)	WebApps	PHP
2021-08-17	SonicWall NetExtender 10.2.0.300 - Unquoted Service Path	Local	Windows
2021-08-17	GeoVision Geowebserver 5.3.3 - LFI / XSS / HHI / RCE	WebApps	Hardware
2021-08-16	COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure	WebApps	Hardware
2021-08-16	COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Config Write / DoS (Unauthenticated)	WebApps	Hardware
2021-08-16	COMMAX Smart Home Ruvie CCTV Bridge DVR Service - RTSP Credentials Disclosure	WebApps	Hardware
2021-08-16	COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass	WebApps	Hardware
2021-08-16	COMMAX Biometric Access Control System 1.0.0 - Authentication Bypass	WebApps	Hardware
2021-08-16	Simple Water Refilling Station Management System 1.0 - Remote Code Execution (RCE) through File Upload	WebApps	PHP
2021-08-16	Simple Water Refilling Station Management System 1.0 - Authentication Bypass	WebApps	PHP
2021-08-16	NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)	WebApps	Hardware
2021-08-16	CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting (XSS)	WebApps	Linux
2021-08-13	RATES SYSTEM 1.0 - Authentication Bypass	WebApps	PHP
2021-08-13	Simple Image Gallery System 1.0 - 'id' SQL Injection	WebApps	PHP
2021-08-13	Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS	WebApps	PHP
2021-08-13	Police Crime Record Management System 1.0 - 'casedetails' SQL Injection	WebApps	PHP
2021-08-13	Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-08-13	easy-mock 1.6.0 - Remote Code Execution (RCE) (Authenticated)	WebApps	Windows
2021-08-13	4images 1.8 - 'limitnumber' SQL Injection (Authenticated)	WebApps	PHP
2021-08-12	RATES SYSTEM 1.0 - 'Multiple' SQL Injections	WebApps	PHP
2021-08-12	Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)	WebApps	Multiple
2021-08-12	COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection	WebApps	PHP
2021-08-10	Simple Library Management System 1.0 - 'rollno' SQL Injection	WebApps	PHP
2021-08-10	Xiaomi browser 10.2.4.g - Browser Search History Disclosure	Local	Android
2021-08-10	WordPress Plugin Picture Gallery 1.4.2 - 'Edit Content URL' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-08-10	WordPress Plugin LifterLMS 4.21.1 - Access Other Student Grades/Answers via IDOR	WebApps	PHP
2021-08-10	Cockpit CMS 0.11.1 - 'Username Enumeration & Password Reset' NoSQL Injection	WebApps	Multiple
2021-08-10	Amica Prodigy 1.7 - Privilege Escalation	Local	Windows
2021-08-10	IPCop 2.1.9 - Remote Code Execution (RCE) (Authenticated)	WebApps	CGI
2021-08-05	GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated)	WebApps	Multiple
2021-08-05	Moodle 3.9 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-08-05	CMSuno 1.7 - 'tgo' Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2021-08-04	ApacheOfBiz 17.12.01 - Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments	WebApps	Java
2021-08-04	Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)	WebApps	PHP
2021-08-04	qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)	WebApps	PHP
2021-08-04	qdPM 9.1 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-08-04	WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-08-03	Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)	WebApps	PHP
2021-08-02	Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF	WebApps	Hardware
2021-08-02	Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)	WebApps	PHP
2021-08-02	Neo4j 3.4.18 - RMI based Remote Code Execution (RCE)	Remote	Java
2021-08-02	Men Salon Management System 1.0 - SQL Injection Authentication Bypass	WebApps	PHP
2021-07-29	Oracle Fatwire 6.3 - Multiple Vulnerabilities	WebApps	Multiple
2021-07-29	CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)	WebApps	Java
2021-07-29	Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection	WebApps	PHP
2021-07-29	IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration	WebApps	ASPX
2021-07-29	Longjing Technology BEMS API 1.21 - Remote Arbitrary File Download	WebApps	Hardware
2021-07-29	Denver IP Camera SHO-110 - Unauthenticated Snapshot	WebApps	Hardware
2021-07-28	TripSpark VEO Transportation - Blind SQL Injection	WebApps	Windows
2021-07-28	Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE)	Remote	Hardware
2021-07-28	Event Registration System with QR Code 1.0 - Authentication Bypass & RCE	WebApps	PHP
2021-07-27	Customer Relationship Management System (CRM) 1.0 - Sql Injection Authentication Bypass	WebApps	PHP
2021-07-27	PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection	WebApps	PHP
2021-07-26	XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)	WebApps	PHP
2021-07-26	NoteBurner 2.35 - Denial Of Service (DoS) (PoC)	WebApps	Windows
2021-07-26	Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC)	DoS	Windows
2021-07-26	Elasticsearch ECE 7.13.3 - Anonymous Database Dump	WebApps	Multiple
2021-07-23	Microsoft SharePoint Server 2019 - Remote Code Execution (2)	WebApps	ASPX
2021-07-23	WordPress Plugin Simple Post 1.1 - 'Text field' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-07-23	ElasticSearch 7.13.3 - Memory disclosure	WebApps	Multiple
2021-07-21	CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion	WebApps	PHP
2021-07-21	KevinLAB BEMS 1.0 - File Path Traversal Information Disclosure (Authenticated)	WebApps	Hardware
2021-07-21	KevinLAB BEMS 1.0 - Unauthenticated SQL Injection / Authentication Bypass	WebApps	Hardware
2021-07-21	KevinLAB BEMS 1.0 - Undocumented Backdoor Account	Remote	Hardware
2021-07-20	Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery (CSRF)	WebApps	Linux
2021-07-20	WordPress Plugin KN Fix Your Title 1.0.1 - 'Separator' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-07-19	PEEL Shopping 9.3.0 - 'id' Time-based SQL Injection	WebApps	PHP
2021-07-19	Dolibarr ERP/CRM 10.0.6 - Login Brute Force	WebApps	PHP
2021-07-19	WordPress Plugin Mimetic Books 0.2.13 - 'Default Publisher ID field' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-07-19	WordPress Plugin LearnPress 3.2.6.8 - Privilege Escalation	WebApps	PHP
2021-07-19	WordPress Plugin LearnPress 3.2.6.7 - 'current_items' SQL Injection (Authenticated)	WebApps	PHP
2021-07-15	Aruba Instant (IAP) - Remote Code Execution	Remote	CGI
2021-07-15	Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation	Local	Linux
2021-07-16	Aruba Instant 8.7.1.0 - Arbitrary File Modification	Remote	Hardware
2021-07-16	Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection	WebApps	Hardware
2021-07-16	ForgeRock Access Manager/OpenAM 14.6.3 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	Java
2021-07-16	Argus Surveillance DVR 4.0 - Weak Password Encryption	Local	Windows
2021-07-15	WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-07-15	osCommerce 2.3.4.1 - Remote Code Execution (2)	WebApps	PHP
2021-07-14	WordPress Plugin Current Book 1.0.1 - 'Book Title and Author field' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-07-14	Webmin 1.973 - 'save_user.cgi' Cross-Site Request Forgery (CSRF)	WebApps	Linux
2021-07-13	Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload	WebApps	PHP
2021-07-13	OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated) (2)	WebApps	PHP
2021-07-13	Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-07-13	WordPress Plugin WPFront Notification Bar 1.9.1.04012 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-07-13	Apache Tomcat 9.0.0.M1 - Cross-Site Scripting (XSS)	WebApps	Multiple
2021-07-13	Apache Tomcat 9.0.0.M1 - Open Redirect	WebApps	Multiple
2021-07-09	Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS)	WebApps	PHP
2021-07-09	Church Management System 1.0 - SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE	WebApps	PHP
2021-07-08	Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2021-07-08	Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-07-08	Wyomind Help Desk 1.3.6 - Remote Code Execution (RCE)	WebApps	Multiple
2021-07-08	Employee Record Management System 1.2 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-07-08	Exam Hall Management System 1.0 - Unrestricted File Upload + RCE (Unauthenticated)	WebApps	PHP
2021-07-07	WordPress Plugin Plainview Activity Monitor 20161228 - Remote Code Execution (RCE) (Authenticated) (2)	WebApps	PHP
2021-07-07	Online Covid Vaccination Scheduler System 1.0 - 'username' time-based blind SQL Injection	WebApps	PHP
2021-07-07	Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated) (2)	WebApps	Linux
2021-07-06	WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 - Directory Traversal	WebApps	PHP
2021-07-06	Phone Shop Sales Managements System 1.0 - 'Multiple' Arbitrary File Upload to Remote Code Execution	WebApps	PHP
2021-07-06	Phone Shop Sales Managements System 1.0 - Authentication Bypass (SQLi)	WebApps	PHP
2021-07-06	Visual Tools DVR VX16 4.2.28 - Local Privilege Escalation	WebApps	Hardware
2021-07-06	Exam Hall Management System 1.0 - Unrestricted File Upload (Unauthenticated)	WebApps	PHP
2021-07-06	Billing System Project 1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-07-06	Pallets Werkzeug 0.15.4 - Path Traversal	WebApps	Python
2021-07-06	Black Box Kvm Extender 3.4.31307 - Local File Inclusion	WebApps	Hardware
2021-07-06	Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated)	WebApps	Hardware
2021-07-06	Visual Tools DVR VX16 4.2.28.0 - OS Command Injection (Unauthenticated)	WebApps	Multiple
2021-07-06	perfexcrm 1.10 - 'State' Stored Cross-site scripting (XSS)	WebApps	Multiple
2021-07-05	Ricon Industrial Cellular Router S9922XL - Remote Command Execution (RCE)	WebApps	Hardware
2021-07-05	TextPattern CMS 4.9.0-dev - Remote Command Execution (RCE) (Authenticated)	WebApps	PHP
2021-07-05	Simple Client Management System 1.0 - Remote Code Execution (RCE)	WebApps	PHP
2021-07-05	Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-07-05	Church Management System 1.0 - 'password' SQL Injection (Authentication Bypass)	WebApps	PHP
2021-07-01	Vianeos OctoPUS 5 - 'login_user' SQLi	WebApps	Multiple
2021-07-01	Wordpress Plugin XCloner 4.2.12 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-07-01	Online Voting System 1.0 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-07-01	Online Voting System 1.0 - Authentication Bypass (SQLi)	WebApps	PHP
2021-06-30	Doctors Patients Management System 1.0 - SQL Injection (Authentication Bypass)	WebApps	PHP
2021-06-30	Simple Traffic Offense System 1.0 - Stored Cross Site Scripting (XSS)	WebApps	Multiple
2021-06-30	Apache Superset 1.1.0 - Time-Based Account Enumeration	WebApps	Multiple
2021-06-30	phpAbook 0.9i - SQL Injection	WebApps	PHP
2021-06-28	Netgear WNAP320 2.0.3 - 'macAddress' Remote Code Execution (RCE) (Unauthenticated)	WebApps	Hardware
2021-06-28	Atlassian Jira Server/Data Center 8.16.0 - Reflected Cross-Site Scripting (XSS)	WebApps	macOS
2021-06-28	WordPress Plugin YOP Polls 6.2.7 - Stored Cross Site Scripting (XSS)	WebApps	PHP
2021-06-25	Lightweight facebook-styled blog 1.3 - Remote Code Execution (RCE) (Authenticated) (Metasploit)	WebApps	PHP
2021-06-25	Simple Client Management System 1.0 - 'uemail' SQL Injection (Unauthenticated)	WebApps	PHP
2021-06-25	Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated)	WebApps	PHP
2021-06-24	TP-Link TL-WR841N - Command Injection	WebApps	Hardware
2021-06-24	Adobe ColdFusion 8 - Remote Command Execution (RCE)	WebApps	CFM
2021-06-24	VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	Multiple
2021-06-23	Simple CRM 3.0 - 'email' SQL injection (Authentication Bypass)	WebApps	PHP
2021-06-23	Online Library Management System 1.0 - Arbitrary File Upload Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-06-23	Online Library Management System 1.0 - 'Search' SQL Injection	WebApps	PHP
2021-06-23	WordPress Plugin Poll, Survey, Questionnaire and Voting system 1.5.2 - 'date_answers' Blind SQL Injection	WebApps	PHP
2021-06-23	WordPress Plugin WP Google Maps 8.1.11 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-06-22	Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR)	WebApps	PHP
2021-06-22	Responsive Tourism Website 3.1 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2021-06-21	Customer Relationship Management System (CRM) 1.0 - Remote Code Execution	WebApps	PHP
2021-06-21	Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)	WebApps	PHP
2021-06-21	Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF)	WebApps	PHP
2021-06-21	Websvn 2.6.0 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-06-21	OpenEMR 5.0.1.7 - 'fileName' Path Traversal (Authenticated)	WebApps	PHP
2021-06-18	Node.JS - 'node-serialize' Remote Code Execution (3)	WebApps	NodeJS
2021-06-18	ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-06-18	ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF)	WebApps	PHP
2021-06-18	ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation	WebApps	PHP
2021-06-17	Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-06-17	Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration	WebApps	Java
2021-06-17	Unified Office Total Connect Now 1.0 - 'data' SQL Injection	WebApps	PHP
2021-06-16	CKEditor 3 - Server-Side Request Forgery (SSRF)	WebApps	PHP
2021-06-16	Teachers Record Management System 1.0 - 'email' Stored Cross-site Scripting (XSS)	WebApps	PHP
2021-06-16	Teachers Record Management System 1.0 - 'Multiple' SQL Injection (Authenticated)	WebApps	PHP
2021-06-16	OpenEMR 5.0.1.3 - '/portal/account/register.php' Authentication Bypass	WebApps	PHP
2021-06-16	Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting	WebApps	PHP
2021-06-15	Client Management System 1.1 - 'Search' SQL Injection	WebApps	Tru64
2021-06-15	Client Management System 1.1 - 'username' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-06-14	OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)	WebApps	PHP
2021-06-14	TextPattern CMS 4.8.7 - Remote Command Execution (Authenticated)	WebApps	PHP
2021-06-14	Small CRM 3.0 - 'Authentication Bypass' SQL Injection	WebApps	PHP
2021-06-14	Stock Management System 1.0 - 'user_id' Blind SQL injection (Authenticated)	WebApps	PHP
2021-06-14	COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS)	WebApps	PHP
2021-06-14	GLPI 9.4.5 - Remote Code Execution (RCE)	WebApps	PHP
2021-06-14	Accela Civic Platform 21.1 - 'contactSeqNumber' Insecure Direct Object References (IDOR)	WebApps	Multiple
2021-06-14	Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS)	WebApps	Multiple
2021-06-11	WoWonder Social Network Platform 3.1 - Authentication Bypass	WebApps	PHP
2021-06-11	Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated)	WebApps	PHP
2021-06-11	Solar-Log 500 2.8.2 - Unprotected Storage of Credentials	WebApps	Multiple
2021-06-11	Solar-Log 500 2.8.2 - Incorrect Access Control	WebApps	Multiple
2021-06-11	Grocery crud 1.6.4 - 'order_by' SQL Injection	WebApps	Multiple
2021-06-11	WordPress Plugin Database Backups 1.2.2.6 - 'Database Backup Download' CSRF	WebApps	PHP
2021-06-11	OpenEMR 5.0.0 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-06-11	Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery (SSRF)	WebApps	Windows
2021-06-11	Cerberus FTP Web Service 11 - 'svg' Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2021-06-11	Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)	WebApps	Multiple
2021-06-10	TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-06-10	Student Result Management System 1.0 - 'class' SQL Injection	WebApps	PHP
2021-06-09	GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)	WebApps	PHP
2021-06-09	WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-06-09	OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting	WebApps	PHP
2021-06-09	OpenCart 3.0.3.7 - 'Change Password' Cross-Site Request Forgery (CSRF)	WebApps	PHP
2021-06-09	Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF)	WebApps	Hardware
2021-06-08	WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-06-07	Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)	WebApps	PHP
2021-06-07	Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated)	WebApps	PHP
2021-06-07	Rocket.Chat 3.12.1 - NoSQL Injection to RCE (Unauthenticated)	WebApps	Linux
2021-06-07	WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-06-07	OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 - Remote Code Execution (Authenticated)	WebApps	Hardware
2021-06-04	Gitlab 13.10.2 - Remote Code Execution (Authenticated)	WebApps	Ruby
2021-06-04	Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-06-03	4Images 1.8 - 'redirect' Reflected XSS	WebApps	PHP
2021-06-03	Gitlab 13.9.3 - Remote Code Execution (Authenticated)	WebApps	Ruby
2021-06-03	FUDForum 3.1.0 - 'author' Reflected XSS	WebApps	PHP
2021-06-03	FUDForum 3.1.0 - 'srch' Reflected XSS	WebApps	PHP
2021-06-03	CHIYU IoT Devices - Denial of Service (DoS)	WebApps	Hardware
2021-06-03	Seo Panel 4.8.0 - 'from_time' Reflected XSS	WebApps	PHP
2021-06-03	PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution	WebApps	PHP
2021-06-02	Seo Panel 4.8.0 - 'category' Reflected XSS	WebApps	PHP
2021-06-02	Seo Panel 4.8.0 - 'search_name' Reflected XSS	WebApps	PHP
2021-06-02	Products.PluggableAuthService 2.6.0 - Open Redirect	WebApps	Python
2021-06-02	GetSimple CMS 3.3.4 - Information Disclosure	WebApps	PHP
2021-06-02	Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution	WebApps	Multiple
2021-06-02	Thecus N4800Eco Nas Server Control Panel - Comand Injection	WebApps	Hardware
2021-06-01	Atlassian Jira 8.15.0 - Information Disclosure (Username Enumeration)	WebApps	Multiple
2021-06-01	CHIYU TCP/IP Converter devices - CRLF injection	WebApps	CGI
2021-06-01	CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS)	WebApps	CGI
2021-06-01	WordPress Plugin WP Prayer version 1.6.1 - 'prayer_messages' Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2021-06-01	Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF)	WebApps	Hardware
2021-06-01	ProjeQtOr Project Management 9.1.4 - Remote Code Execution	WebApps	PHP
2021-06-01	LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated)	WebApps	Multiple
2021-05-28	Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)	WebApps	Linux
2021-05-28	Trixbox 2.8.0.4 - 'lang' Path Traversal	WebApps	PHP
2021-05-28	Trixbox 2.8.0.4 - 'lang' Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-05-28	WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-05-28	PHPFusion 9.03.50 - Remote Code Execution	WebApps	PHP
2021-05-27	Postbird 0.8.4 - Javascript Injection	WebApps	Multiple
2021-05-26	Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)	WebApps	PHP
2021-05-26	Codiad 2.8.4 - Remote Code Execution (Authenticated) (3)	WebApps	Multiple
2021-05-25	WordPress Plugin Cookie Law Bar 1.2.1 - 'clb_bar_msg' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-05-25	Gadget Works Online Ordering System 1.0 - 'Category' Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-05-24	WordPress Plugin ReDi Restaurant Reservation 21.0307 - 'Comment' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-05-24	Codiad 2.8.4 - Remote Code Execution (Authenticated) (2)	WebApps	Multiple
2021-05-24	Shopizer 2.16.0 - 'Multiple' Cross-Site Scripting (XSS)	WebApps	Java
2021-05-24	Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE (Authenticated)	WebApps	Multiple
2021-05-21	Microsoft Exchange 2019 - Unauthenticated Email Download (Metasploit)	WebApps	Windows
2021-05-21	WordPress Plugin WP Statistics 13.0.7 - Time-Based Blind SQL Injection (Unauthenticated)	WebApps	PHP
2021-05-21	Spotweb 1.4.9 - DOM Based Cross-Site Scripting (XSS)	WebApps	Multiple
2021-05-19	COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)	WebApps	PHP
2021-05-19	COVID19 Testing Management System 1.0 - SQL Injection (Auth Bypass)	WebApps	PHP
2021-05-19	ManageEngine ADSelfService Plus 6.1 - CSV Injection	WebApps	Multiple
2021-05-19	In4Suit ERP 3.2.74.1370 - 'txtLoginId' SQL injection	WebApps	Multiple
2021-05-19	WordPress Plugin Stop Spammers 2021.8 - 'log' Reflected Cross-site Scripting (XSS)	WebApps	PHP
2021-05-18	Microsoft Exchange 2019 - Unauthenticated Email Download	WebApps	Windows
2021-05-18	EgavilanMedia PHPCRUD 1.0 - 'First Name' SQL Injection	WebApps	PHP
2021-05-17	Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload	WebApps	PHP
2021-05-17	Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated)	WebApps	PHP
2021-05-17	Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-05-17	Billing Management System 2.0 - Union based SQL injection (Authenticated)	WebApps	PHP
2021-05-17	Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting	WebApps	PHP
2021-05-17	Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin)	WebApps	PHP
2021-05-17	Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated)	WebApps	PHP
2021-05-17	IPFire 2.25 - Remote Code Execution (Authenticated)	WebApps	CGI
2021-05-17	Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting	WebApps	PHP
2021-05-14	Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-05-14	Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-05-14	Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (Authenticated)	WebApps	PHP
2021-05-13	ZeroShell 3.9.0 - Remote Command Execution	WebApps	Linux
2021-05-13	Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection (Authenticated)	WebApps	PHP
2021-05-13	Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (SQLi)	WebApps	PHP
2021-05-12	Chevereto 3.17.1 - Cross Site Scripting (Stored)	WebApps	Multiple
2021-05-10	Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-05-10	Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)	WebApps	PHP
2021-05-10	PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)	WebApps	PHP
2021-05-07	PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection	WebApps	PHP
2021-05-07	Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-05-07	Voting System 1.0 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-05-07	Voting System 1.0 - Authentication Bypass (SQLI)	WebApps	PHP
2021-05-06	b2evolution 7-2-2 - 'cf_name' SQL Injection	WebApps	PHP
2021-05-06	Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload	WebApps	PHP
2021-05-06	Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)	WebApps	Multiple
2021-05-06	Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)	WebApps	Multiple
2021-05-05	Anote 1.0 - XSS to RCE	WebApps	Multiple
2021-05-05	Markdownify 1.2.0 - XSS to RCE	WebApps	Multiple
2021-05-05	Markright 1.0 - XSS to RCE	WebApps	Multiple
2021-05-05	Freeter 1.2.1 - XSS to RCE	WebApps	Multiple
2021-05-05	StudyMD 0.3.2 - XSS to RCE	WebApps	Multiple
2021-05-05	Marky 0.0.1 - XSS to RCE	WebApps	Multiple
2021-05-05	Moeditor 0.2.0 - XSS to RCE	WebApps	Multiple
2021-05-05	SnipCommand 0.1.0 - XSS to RCE	WebApps	Multiple
2021-05-05	Tagstoo 2.0.1 - Stored XSS to RCE	WebApps	Multiple
2021-05-05	Xmind 2020 - XSS to RCE	WebApps	Multiple
2021-05-05	Markdown Explorer 0.1.1 - XSS to RCE	WebApps	Multiple
2021-05-05	Savsoft Quiz 5 - 'User Account Settings' Persistent Cross-Site Scripting	WebApps	PHP
2021-05-04	Internship Portal Management System 1.0 - Remote Code Execution Via File Upload (Unauthenticated)	WebApps	PHP
2021-05-03	GitLab Community Edition (CE) 13.10.3 - 'Sign_Up' User Enumeration	WebApps	Ruby
2021-05-03	GitLab Community Edition (CE) 13.10.3 - User Enumeration	WebApps	Ruby
2021-05-03	Piwigo 11.3.0 - 'language' SQL	WebApps	PHP
2021-05-03	Voting System 1.0 - Time based SQLI (Unauthenticated SQL injection)	WebApps	PHP
2021-05-03	GetSimple CMS Custom JS 0.1 - CSRF to XSS to RCE	WebApps	PHP
2021-04-30	Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-04-29	NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write	WebApps	Multiple
2021-04-29	FOGProject 1.5.9 - File Upload RCE (Authenticated)	WebApps	PHP
2021-04-29	Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution	WebApps	PHP
2021-04-28	Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS)	WebApps	PHP
2021-04-27	Montiorr 1.7.6m - File Upload to XSS	WebApps	PHP
2021-04-27	Kimai 1.14 - CSV Injection	WebApps	PHP
2021-04-26	SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2)	WebApps	PHP
2021-04-26	OpenPLC 3 - Remote Code Execution (Authenticated)	WebApps	Python
2021-04-26	Hasura GraphQL 1.3.3 - Remote Code Execution	WebApps	Multiple
2021-04-23	Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)	WebApps	Hardware
2021-04-23	Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS)	WebApps	Hardware
2021-04-23	DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)	WebApps	Multiple
2021-04-23	GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE	WebApps	PHP
2021-04-23	Moodle 3.10.3 - 'url' Persistent Cross Site Scripting	WebApps	PHP
2021-04-22	RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-04-22	OTRS 6.0.1 - Remote Command Execution (2)	WebApps	Perl
2021-04-22	CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)	WebApps	PHP
2021-04-21	Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)	WebApps	Multiple
2021-04-21	Hasura GraphQL 1.3.3 - Local File Read	WebApps	Multiple
2021-04-21	GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit)	WebApps	PHP
2021-04-21	Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration	WebApps	Hardware
2021-04-21	Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS)	WebApps	Hardware
2021-04-21	Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS)	WebApps	Hardware
2021-04-21	OpenEMR 5.0.2.1 - Remote Code Execution	WebApps	PHP
2021-04-21	rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2)	WebApps	PHP
2021-04-21	RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS)	WebApps	PHP
2021-04-21	Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass	WebApps	Multiple
2021-04-21	BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-04-21	WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-04-21	Fast PHP Chat 1.3 - 'my_item_search' SQL Injection	WebApps	PHP
2021-04-21	Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)	WebApps	Hardware
2021-04-16	GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF to RCE	WebApps	PHP
2021-04-15	htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2021-04-15	Tileserver-gl 3.0.0 - 'key' Reflected Cross-Site Scripting (XSS)	WebApps	Multiple
2021-04-15	Horde Groupware Webmail 5.2.22 - Stored XSS	WebApps	Multiple
2021-04-14	jQuery 1.0.3 - Cross-Site Scripting (XSS)	WebApps	Multiple
2021-04-14	jQuery 1.2 - Cross-Site Scripting (XSS)	WebApps	Multiple
2021-04-14	Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - RCE	WebApps	Hardware
2021-04-14	CITSmart ITSM 9.1.2.27 - 'query' Time-based Blind SQL Injection (Authenticated)	WebApps	Java
2021-04-14	CITSmart ITSM 9.1.2.22 - LDAP Injection	WebApps	Java
2021-04-14	Digital Crime Report Management System 1.0 - SQL Injection (Authentication Bypass)	WebApps	PHP
2021-04-13	ExpressVPN VPN Router 1.0 - Router Login Panel's Integer Overflow	WebApps	Multiple
2021-04-13	Blitar Tourism 1.0 - Authentication Bypass SQLi	WebApps	Multiple
2021-04-13	Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)	WebApps	PHP
2021-04-09	PrestaShop 1.7.6.7 - 'location' Blind Sql Injection	WebApps	PHP
2021-04-08	Composr 10.0.36 - Remote Code Execution	WebApps	PHP
2021-04-08	DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)	WebApps	Multiple
2021-04-08	CMSimple 5.2 - 'External' Stored XSS	WebApps	PHP
2021-04-07	Dell OpenManage Server Administrator 9.4.0.0 - Arbitrary File Read	WebApps	Windows
2021-04-07	Composr CMS 10.0.36 - Cross Site Scripting	WebApps	PHP
2021-04-07	Atlassian Jira Service Desk 4.9.1 - Unrestricted File Upload to XSS	WebApps	Multiple
2021-04-06	Mini Mouse 9.3.0 - Local File inclusion / Path Traversal	WebApps	iOS
2021-04-05	Mini Mouse 9.2.0 - Path Traversal	WebApps	Windows
2021-04-05	Mini Mouse 9.2.0 - Remote Code Execution	WebApps	Windows
2021-04-05	OpenEMR 4.1.0 - 'u' SQL Injection	WebApps	PHP
2021-04-05	Basic Shopping Cart 1.0 - Authentication Bypass	WebApps	PHP
2021-04-05	Simple Food Website 1.0 - Authentication Bypass	WebApps	PHP
2021-04-02	F5 BIG-IP 16.0.x - iControl REST Remote Code Execution (Unauthenticated)	WebApps	Hardware
2021-04-02	ZBL EPON ONU Broadband Router 1.0 - Remote Privilege Escalation	WebApps	Hardware
2021-04-01	phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)	WebApps	Multiple
2021-04-01	ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)	WebApps	Linux
2021-04-01	ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)	WebApps	Windows
2021-04-01	Latrix 0.6.0 - 'txtaccesscode' SQL Injection	WebApps	Multiple
2021-03-31	CourseMS 2.1 - 'name' Stored XSS	WebApps	Multiple
2021-03-31	Zabbix 3.4.7 - Stored XSS	WebApps	PHP
2021-03-30	Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting	WebApps	Multiple
2021-03-30	GetSimple CMS 3.3.16 - Reflected XSS to RCE	WebApps	PHP
2021-03-29	SyncBreeze 10.1.16 - XML Parsing Stack-based Buffer Overflow	WebApps	Windows
2021-03-29	Novel Boutique House-plus 3.5.1 - Arbitrary File Download	WebApps	Java
2021-03-29	Budget Management System 1.0 - 'Budget title' Stored XSS	WebApps	PHP
2021-03-29	Equipment Inventory System 1.0 - 'multiple' Stored XSS	WebApps	PHP
2021-03-29	Concrete5 8.5.4 - 'name' Stored XSS	WebApps	PHP
2021-03-29	TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)	WebApps	Hardware
2021-03-29	WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-03-26	Moodle 3.10.3 - 'label' Persistent Cross Site Scripting	WebApps	PHP
2021-03-26	Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS	WebApps	PHP
2021-03-26	GetSimple CMS Custom JS Plugin 0.1 - CSRF to Persistent XSS	WebApps	PHP
2021-03-25	Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)	WebApps	PHP
2021-03-25	Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting	WebApps	Hardware
2021-03-19	Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-03-19	Boonex Dolphin 7.4.2 - 'width' Stored XSS	WebApps	PHP
2021-03-19	LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS	WebApps	PHP
2021-03-19	Plone CMS 5.2.3 - 'Title' Stored XSS	WebApps	Multiple
2021-03-18	Hestia Control Panel 1.3.2 - Arbitrary File Write	WebApps	PHP
2021-03-18	SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (1)	WebApps	PHP
2021-03-18	rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)	WebApps	PHP
2021-03-18	VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS	WebApps	Multiple
2021-03-17	VestaCP 0.9.8 - File Upload CSRF	WebApps	Multiple
2021-03-17	WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection	WebApps	PHP
2021-03-16	Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution (File Upload + SQL injection)	WebApps	PHP
2021-03-15	SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit)	WebApps	Multiple
2021-03-15	Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure	WebApps	Multiple
2021-03-15	openMAINT openMAINT 2.1-3.3-b - 'Multiple' Persistent Cross-Site Scripting	WebApps	Multiple
2021-03-15	rConfig 3.9.6 - 'path' Local File Inclusion (Authenticated)	WebApps	PHP
2021-03-15	MagpieRSS 0.72 - 'url' Command Injection and Server Side Request Forgery	WebApps	PHP
2021-03-15	Zenario CMS 8.8.53370 - 'id' Blind SQL Injection	WebApps	PHP
2021-03-12	Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)	WebApps	PHP
2021-03-12	Monitoring System (Dashboard) 1.0 - 'uname' SQL Injection	WebApps	PHP
2021-03-11	Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon)	WebApps	Windows
2021-03-11	MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting	WebApps	PHP
2021-03-11	NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation	WebApps	Hardware
2021-03-10	Atlassian JIRA 8.11.1 - User Enumeration	WebApps	Multiple
2021-03-08	GLPI 9.5.3 - 'fromtype' Unsafe Reflection	WebApps	PHP
2021-03-08	Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)	WebApps	PHP
2021-03-08	Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-03-05	Fluig 1.7.0 - Path Traversal	WebApps	Multiple
2021-03-04	Textpattern 4.8.3 - Remote code execution (Authenticated) (2)	WebApps	PHP
2021-03-04	Web Based Quiz System 1.0 - 'eid' Union Based Sql Injection (Authenticated)	WebApps	PHP
2021-03-04	Online Ordering System 1.0 - Blind SQL Injection (Unauthenticated)	WebApps	PHP
2021-03-04	Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-03-04	Textpattern CMS 4.8.4 - 'Comments' Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-03-04	Online Ordering System 1.0 - Arbitrary File Upload to Remote Code Execution	WebApps	PHP
2021-03-04	e107 CMS 2.3.0 - CSRF	WebApps	PHP
2021-03-03	Local Services Search Engine Management System (LSSMES) 1.0 - Blind & Error based SQL injection (Authenticated)	WebApps	PHP
2021-03-03	Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-03-02	Zen Cart 1.5.7b - Remote Code Execution (Authenticated)	WebApps	PHP
2021-03-02	Web Based Quiz System 1.0 - 'name' Persistent/Stored Cross-Site Scripting	WebApps	PHP
2021-03-02	Tiny Tiny RSS - Remote Code Execution	WebApps	PHP
2021-03-02	Web Based Quiz System 1.0 - 'MCQ options' Persistent/Stored Cross-Site Scripting	WebApps	PHP
2021-03-01	Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-03-01	Online Catering Reservation System 1.0 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-03-01	VMware vCenter Server 7.0 - Unauthenticated File Upload	WebApps	Multiple
2021-03-01	FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)	WebApps	Multiple
2021-02-26	LightCMS 1.3.4 - 'exclusive' Stored XSS	WebApps	Multiple
2021-02-26	Triconsole 3.75 - Reflected XSS	WebApps	PHP
2021-02-26	Simple Employee Records System 1.0 - File Upload RCE (Unauthenticated)	WebApps	PHP
2021-02-25	Vehicle Parking Management System 1.0 - 'catename' Persistent Cross-Site Scripting (XSS)	WebApps	PHP
2021-02-24	LayerBB 1.1.4 - 'search_query' SQL Injection	WebApps	PHP
2021-02-23	Batflat CMS 1.3.6 - 'multiple' Stored XSS	WebApps	PHP
2021-02-23	Monica 2.19.1 - 'last_name' Stored XSS	WebApps	Multiple
2021-02-19	Beauty Parlour Management System 1.0 - 'sername' SQL Injection	WebApps	PHP
2021-02-19	OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting	WebApps	Multiple
2021-02-19	Online Exam System With Timer 1.0 - 'email' SQL injection Auth Bypass	WebApps	PHP
2021-02-19	Comment System 1.0 - 'multiple' Stored Cross-Site Scripting	WebApps	PHP
2021-02-19	PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting	WebApps	PHP
2021-02-18	Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-02-18	Gitea 1.12.5 - Remote Code Execution (Authenticated)	WebApps	Multiple
2021-02-17	Billing Management System 2.0 - 'email' SQL injection Auth Bypass	WebApps	PHP
2021-02-17	Faulty Evaluation System 1.0 - 'multiple' Stored Cross-Site Scripting	WebApps	PHP
2021-02-16	BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)	WebApps	PHP
2021-02-16	Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass	WebApps	PHP
2021-02-15	Teachers Record Management System 1.0 - 'searchteacher' SQL Injection	WebApps	PHP
2021-02-15	TestLink 1.9.20 - Unrestricted File Upload (Authenticated)	WebApps	PHP
2021-02-12	School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting	WebApps	PHP
2021-02-12	School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting	WebApps	PHP
2021-02-11	Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)	WebApps	PHP
2021-02-11	Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2)	WebApps	Multiple
2021-02-11	b2evolution 6.11.6 - 'tab3' Reflected XSS	WebApps	PHP
2021-02-11	b2evolution 6.11.6 - 'redirect_to' Open Redirect	WebApps	PHP
2021-02-11	PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting	WebApps	PHP
2021-02-10	Node.JS - 'node-serialize' Remote Code Execution (2)	WebApps	NodeJS
2021-02-10	b2evolution 6.11.6 - 'plugin name' Stored XSS	WebApps	PHP
2021-02-09	Adobe Connect 10 - Username Disclosure	WebApps	Multiple
2021-02-09	Online Car Rental System 1.0 - Stored Cross Site Scripting	WebApps	PHP
2021-02-08	WordPress Plugin Supsystic Backup 2.3.9 - Local File Inclusion	WebApps	PHP
2021-02-08	WordPress Plugin Supsystic Contact Form 1.7.5 - Multiple Vulnerabilities	WebApps	PHP
2021-02-08	WordPress Plugin Supsystic Data Tables Generator 1.9.96 - Multiple Vulnerabilities	WebApps	PHP
2021-02-08	WordPress Plugin Supsystic Digital Publications 1.6.9 - Multiple Vulnerabilities	WebApps	PHP
2021-02-08	WordPress Plugin Supsystic Membership 1.4.7 - 'sidx' SQL injection	WebApps	PHP
2021-02-08	WordPress Plugin Supsystic Newsletter 1.5.5 - 'sidx' SQL injection	WebApps	PHP
2021-02-08	Alt-N MDaemon webmail 20.0.0 - 'file name' Stored Cross Site Scripting (XSS)	WebApps	Windows
2021-02-08	Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting (XSS)	WebApps	Windows
2021-02-08	YetiShare File Hosting Script 5.1.0 - 'url' Server-Side Request Forgery	WebApps	PHP
2021-02-08	WordPress Plugin Supsystic Pricing Table 1.8.7 - Multiple Vulnerabilities	WebApps	PHP
2021-02-08	WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection	WebApps	PHP
2021-02-08	WordPress Plugin Welcart e-Commerce 2.0.0 - 'search[order_column][0]' SQL injection	WebApps	PHP
2021-02-08	Jenzabar 9.2.2 - 'query' Reflected XSS.	WebApps	Multiple
2021-02-08	SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS	WebApps	Multiple
2021-02-05	SEO Panel 4.6.0 - Remote Code Execution (2)	WebApps	PHP
2021-02-05	PhreeBooks 5.2.3 ERP - Remote Code Execution (2)	WebApps	PHP
2021-02-05	LiteSpeed Web Server Enterprise 5.4.11 - Command Injection (Authenticated)	WebApps	PHP
2021-02-03	Car Rental Project 2.0 - Arbitrary File Upload to Remote Code Execution	WebApps	PHP
2021-02-03	Pixelimity 1.0 - 'password' Cross-Site Request Forgery	WebApps	Multiple
2021-02-02	Student Record System 4.0 - 'cid' SQL Injection	WebApps	PHP
2021-02-01	WordPress 5.0.0 - Image Remote Code Execution	WebApps	PHP
2021-02-01	Klog Server 2.4.1 - Command Injection (Authenticated)	WebApps	PHP
2021-02-01	Roundcube Webmail 1.2 - File Disclosure	WebApps	PHP
2021-02-01	Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting	WebApps	PHP
2021-02-01	H8 SSRMS - 'id' IDOR	WebApps	ASPX
2021-02-01	bloofoxCMS 0.5.2.1 - CSRF (Add user)	WebApps	PHP
2021-02-01	MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting	WebApps	PHP
2021-02-01	MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting	WebApps	PHP
2021-02-01	Park Ticketing Management System 1.0 - 'viewid' SQL Injection	WebApps	PHP
2021-02-01	User Management System 1.0 - 'uid' SQL Injection	WebApps	PHP
2021-02-01	Zoo Management System 1.0 - 'anid' SQL Injection	WebApps	PHP
2021-02-01	MyBB Delete Account Plugin 1.4 - Cross-Site Scripting	WebApps	PHP
2021-01-29	SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)	WebApps	Hardware
2021-01-29	Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting	WebApps	PHP
2021-01-29	Simple Public Chat Room 1.0 - Authentication Bypass SQLi	WebApps	PHP
2021-01-29	MyBB Hide Thread Content Plugin 1.0 - Information Disclosure	WebApps	PHP
2021-01-29	Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover	WebApps	Python
2021-01-29	Quick.CMS 6.7 - Remote Code Execution (Authenticated)	WebApps	PHP
2021-01-29	Online Grading System 1.0 - 'uname' SQL Injection	WebApps	PHP
2021-01-29	BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting	WebApps	PHP
2021-01-28	WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution	WebApps	PHP
2021-01-28	Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)	WebApps	ASPX
2021-01-28	Fuel CMS 1.4.1 - Remote Code Execution (2)	WebApps	PHP
2021-01-28	OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)	WebApps	PHP
2021-01-28	CMSUno 1.6.2 - 'lang/user' Remote Code Execution (Authenticated)	WebApps	PHP
2021-01-28	EgavilanMedia PHPCRUD 1.0 - 'Full Name' Stored Cross Site Scripting	WebApps	PHP
2021-01-27	Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)	WebApps	Multiple
2021-01-27	STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)	WebApps	Ruby
2021-01-27	STVS ProVision 5.9.10 - File Disclosure (Authenticated)	WebApps	Ruby
2021-01-26	Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)	WebApps	Java
2021-01-26	Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting	WebApps	Hardware
2021-01-26	Simple College Website 1.0 - 'full' Stored Cross Site Scripting	WebApps	PHP
2021-01-26	Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)	WebApps	PHP
2021-01-26	Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)	WebApps	PHP
2021-01-25	Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)	WebApps	PHP
2021-01-25	Library System 1.0 - 'category' SQL Injection	WebApps	PHP
2021-01-25	CASAP Automated Enrollment System 1.0 - 'route' Stored XSS	WebApps	PHP
2021-01-25	CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS	WebApps	PHP
2021-01-25	Collabtive 3.1 - 'address' Persistent Cross-Site Scripting	WebApps	PHP
2021-01-25	MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF	WebApps	PHP
2021-01-22	Atlassian Confluence Widget Connector Macro - SSTI	WebApps	Multiple
2021-01-22	ERPNext 12.14.0 - SQL Injection (Authenticated)	WebApps	Multiple
2021-01-22	CASAP Automated Enrollment System 1.0 - Authentication Bypass	WebApps	PHP
2021-01-22	Library System 1.0 - Authentication Bypass Via SQL Injection	WebApps	PHP
2021-01-22	Oracle WebLogic Server 14.1.1.0 - RCE (Authenticated)	WebApps	Java
2021-01-22	Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution (Unauthenticated)	WebApps	Hardware
2021-01-22	Selea Targa IP OCR-ANPR Camera - RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)	WebApps	Hardware
2021-01-22	Selea Targa IP OCR-ANPR Camera - CSRF Add Admin	WebApps	Hardware
2021-01-22	Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)	WebApps	Hardware
2021-01-22	Selea Targa IP OCR-ANPR Camera - Directory Traversal File Disclosure (Unauthenticated)	WebApps	Hardware
2021-01-22	Selea Targa IP OCR-ANPR Camera - Developer Backdoor Config Overwrite	WebApps	Hardware
2021-01-22	Selea Targa IP OCR-ANPR Camera - 'files_list' Remote Stored XSS	WebApps	Hardware
2021-01-22	Selea CarPlateServer (CPS) 4.0.1.6 - Remote Program Execution	WebApps	Multiple
2021-01-21	Anchor CMS 0.12.7 - CSRF (Delete user)	WebApps	Multiple
2021-01-21	Wordpress Plugin Simple Job Board 2.9.3 - Authenticated File Read (Metasploit)	WebApps	PHP
2021-01-21	Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting	WebApps	PHP
2021-01-21	Apartment Visitors Management System 1.0 - 'email' SQL Injection	WebApps	PHP
2021-01-21	Online Documents Sharing Platform 1.0 - 'user' SQL Injection	WebApps	PHP
2021-01-20	Voting System 1.0 - File Upload RCE (Authenticated Remote Code Execution)	WebApps	PHP
2021-01-20	Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS	WebApps	Multiple
2021-01-20	ChurchRota 2.6.4 - RCE (Authenticated)	WebApps	Multiple
2021-01-19	osTicket 1.14.2 - SSRF	WebApps	PHP
2021-01-18	Life Insurance Management System 1.0 - File Upload RCE (Authenticated)	WebApps	PHP
2021-01-18	Life Insurance Management System 1.0 - 'client_id' SQL Injection	WebApps	PHP
2021-01-18	Inteno IOPSYS 3.16.4 - root filesystem access via sambashare (Authenticated)	WebApps	Hardware
2021-01-18	Xwiki CMS 12.10.2 - Cross Site Scripting (XSS)	WebApps	Multiple
2021-01-18	Cisco UCS Manager 2.2(1d) - Remote Command Execution	WebApps	Hardware
2021-01-15	Netsia SEBA+ 0.16.1 - Authentication Bypass and Add Root User (Metasploit)	WebApps	Multiple
2021-01-15	E-Learning System 1.0 - Authentication Bypass & RCE POC	WebApps	PHP
2021-01-15	Alumni Management System 1.0 - "Last Name field in Registration page" Stored XSS	WebApps	PHP
2021-01-15	EyesOfNetwork 5.3 - File Upload Remote Code Execution	WebApps	Multiple
2021-01-15	Online Hotel Reservation System 1.0 - 'person' time-based SQL Injection	WebApps	PHP
2021-01-15	Online Hotel Reservation System 1.0 - Cross-site request forgery (CSRF)	WebApps	PHP
2021-01-15	Online Hotel Reservation System 1.0 - 'id' Time-based SQL Injection	WebApps	PHP
2021-01-15	Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting	WebApps	PHP
2021-01-15	WordPress Plugin Easy Contact Form 1.1.7 - 'Name' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-01-15	PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message)	WebApps	PHP
2021-01-14	Cisco RV110W 1.2.1.7 - 'vpn_account' Denial of Service (PoC)	WebApps	Hardware
2021-01-14	Laravel 8.4.2 debug mode - Remote code execution	WebApps	PHP
2021-01-14	Online Shopping Cart System 1.0 - 'id' SQL Injection	WebApps	PHP
2021-01-14	Nagios XI 5.7.X - Remote Code Execution RCE (Authenticated)	WebApps	PHP
2021-01-14	Online Movie Streaming 1.0 - Admin Authentication Bypass	WebApps	PHP
2021-01-13	Online Hotel Reservation System 1.0 - Admin Authentication Bypass	WebApps	PHP
2021-01-12	SmartAgent 3.1.0 - Privilege Escalation	WebApps	Multiple
2021-01-12	Cemetry Mapping and Information System 1.0 - Multiple SQL Injections	WebApps	PHP
2021-01-12	Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2021-01-11	Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection	WebApps	PHP
2021-01-11	OpenCart 3.0.36 - ATO via Cross Site Request Forgery	WebApps	PHP
2021-01-11	WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)	WebApps	PHP
2021-01-11	Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting	WebApps	PHP
2021-01-11	EyesOfNetwork 5.3 - LFI	WebApps	Multiple
2021-01-11	Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting	WebApps	Multiple
2021-01-11	EyesOfNetwork 5.3 - RCE & PrivEsc	WebApps	Multiple
2021-01-08	Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)	WebApps	PHP
2021-01-08	WordPress Plugin Autoptimize 2.7.6 - Authenticated Arbitrary File Upload (Metasploit)	WebApps	PHP
2021-01-08	Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)	WebApps	Java
2021-01-08	Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)	WebApps	Multiple
2021-01-08	Online Doctor Appointment System 1.0 - Multiple Stored XSS	WebApps	PHP
2021-01-08	Life Insurance Management System 1.0 - Multiple Stored XSS	WebApps	PHP
2021-01-07	CRUD Operation 1.0 - Multiple Stored XSS	WebApps	PHP
2021-01-07	ECSIMAGING PACS 6.21.5 - SQL injection	WebApps	PHP
2021-01-07	Curfew e-Pass Management System 1.0 - Stored XSS	WebApps	PHP
2021-01-07	Cockpit CMS 0.6.1 - Remote Code Execution	WebApps	PHP
2021-01-07	Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution	WebApps	PHP
2021-01-07	ECSIMAGING PACS 6.21.5 - Remote code execution	WebApps	PHP
2021-01-07	iBall-Baton WRA150N Rom-0 Backup - File Disclosure (Sensitive Information)	WebApps	Hardware
2021-01-06	Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)	WebApps	Java
2021-01-06	Gitea 1.7.5 - Remote Code Execution	WebApps	Multiple
2021-01-06	Resumes Management and Job Application Website 1.0 - Multiple Stored XSS	WebApps	PHP
2021-01-06	Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated)	WebApps	PHP
2021-01-06	Newgen Correspondence Management System (corms) eGov 12.0 - IDOR	WebApps	Multiple
2021-01-06	WordPress Plugin WP24 Domain Check 1.6.2 - 'fieldnameDomain' Stored Cross Site Scripting	WebApps	PHP
2021-01-06	Responsive E-Learning System 1.0 - Stored Cross Site Scripting	WebApps	PHP
2021-01-06	Responsive E-Learning System 1.0 - Unrestricted File Upload to RCE	WebApps	PHP
2021-01-06	WordPress Plugin litespeed cache 3.6 - 'server_ip' Cross-Site Scripting	WebApps	PHP
2021-01-06	Expense Tracker 1.0 - 'Expense Name' Stored Cross-Site Scripting	WebApps	PHP
2021-01-06	IPeakCMS 3.5 - Boolean-based blind SQLi	WebApps	Multiple
2021-01-06	Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)	WebApps	PHP
2021-01-05	EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Multiple Stored Cross-Site Scripting	WebApps	Multiple
2021-01-05	Klog Server 2.4.1 - Command Injection (Unauthenticated)	WebApps	PHP
2021-01-05	Online Learning Management System 1.0 - RCE (Authenticated)	WebApps	PHP
2021-01-05	CSZ CMS 1.2.9 - Multiple Cross-Site Scripting	WebApps	PHP
2021-01-05	House Rental and Property Listing 1.0 - Multiple Stored XSS	WebApps	PHP
2021-01-05	IncomCMS 2.0 - Insecure File Upload	WebApps	Multiple
2021-01-04	Arteco Web Client DVR/NVR - 'SessionId' Brute Force	WebApps	Windows
2021-01-04	Click2Magic 1.1.5 - Stored Cross-Site Scripting	WebApps	Multiple
2021-01-04	Subrion CMS 4.2.1 - 'avatar[path]' XSS	WebApps	PHP
2021-01-04	CMS Made Simple 2.2.15 - RCE (Authenticated)	WebApps	PHP
2021-01-04	sar2html 3.2.1 - 'plot' Remote Code Execution	WebApps	PHP
2021-01-04	Advanced Comment System 1.0 - 'ACS_path' Path Traversal	WebApps	PHP
2021-01-04	Mantis Bug Tracker 2.24.3 - 'access' SQL Injection	WebApps	PHP
2021-01-04	4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting	WebApps	PHP
2021-01-04	Wordpress Core 5.2.2 - 'post previews' XSS	WebApps	PHP