Web Applications

Exploit Web Applications (495) -

Web Applications H 2023 2022 2021 2020 2019 2018

2024-03-11	Sitecore - Remote Code Execution v8.2	WebApps	ASPX
2024-03-11	Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read	WebApps	Multiple
2024-03-11	WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover	WebApps	PHP
2024-03-11	Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR	WebApps	Hardware
2024-03-10	Hide My WP < 6.2.9 - Unauthenticated SQLi	WebApps	PHP
2024-03-10	Akaunting < 3.1.3 - RCE	WebApps	PHP
2024-03-10	Ladder v0.0.21 - Server-side request forgery (SSRF)	WebApps	Go
2024-03-10	DataCube3 v1.0 - Unrestricted file upload 'RCE'	WebApps	PHP
2024-03-10	Numbas < v7.3 - Remote Code Execution	WebApps	NodeJS
2024-03-10	TP-Link TL-WR740N - Buffer Overflow 'DOS'	WebApps	Hardware
2024-03-06	GLiNet - Router Authentication Bypass	WebApps	Hardware
2024-03-06	elFinder Web file manager Version - 2.1.53 Remote Command Execution	WebApps	PHP
2024-03-06	CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution	WebApps	PHP
2024-03-06	CVE-2023-50071 - Multiple SQL Injection	WebApps	PHP
2024-03-06	Lot Reservation Management System - Unauthenticated File Disclosure	WebApps	PHP
2024-03-06	Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution	WebApps	PHP
2024-03-05	kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition	WebApps	PHP
2024-03-05	Neontext Wordpress Plugin - Stored XSS	WebApps	PHP
2024-03-05	Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS	WebApps	Hardware
2024-03-03	Easywall 0.3.1 - Authenticated Remote Command Execution	WebApps	Multiple
2024-03-03	Boss Mini 1.4.0 - local file inclusion	WebApps	PHP
2024-03-03	Magento ver. 2.4.6 - XSLT Server Side Injection	WebApps	Multiple
2024-02-28	WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection	WebApps	PHP
2024-02-28	Blood Bank v1.0 - Multiple SQL Injection	WebApps	PHP
2024-02-28	WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)	WebApps	PHP
2024-02-28	WP Rocket < 2.10.3 - Local File Inclusion (LFI)	WebApps	PHP
2024-02-27	Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)	WebApps	Multiple
2024-02-27	Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)	WebApps	PHP
2024-02-27	Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin	WebApps	PHP
2024-02-27	Automatic-Systems SOC FL9600 FastLine - Directory Transversal	WebApps	PHP
2024-02-27	SuperStoreFinder - Multiple Vulnerabilities	WebApps	PHP
2024-02-27	Moodle 4.3 - Insecure Direct Object Reference	WebApps	PHP
2024-02-27	Zoo Management System 1.0 - Unauthenticated RCE	WebApps	PHP
2024-02-27	dawa-pharma 1.0-2022 - Multiple-SQLi	WebApps	PHP
2024-02-26	Online Shopping System Advanced - Sql Injection	WebApps	PHP
2024-02-26	taskhub 2.8.7 - SQL Injection	WebApps	PHP
2024-02-26	comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset	WebApps	PHP
2024-02-21	WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)	WebApps	PHP
2024-02-19	JFrog Artifactory < 7.25.4 - Blind SQL Injection	WebApps	PHP
2024-02-19	Wondercms 4.3.2 - XSS to RCE	WebApps	Multiple
2024-02-19	SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration	WebApps	Multiple
2024-02-19	Employee Management System v1 - 'email' SQL Injection	WebApps	PHP
2024-02-19	phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit	WebApps	PHP
2024-02-15	Metabase 0.46.6 - Pre-Auth Remote Code Execution	WebApps	Linux
2024-02-15	SISQUALWFM 7.1.319.103 - Host Header Injection	WebApps	Multiple
2024-02-13	Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over	WebApps	PHP
2024-02-13	ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure	WebApps	Windows
2024-02-13	Splunk 9.0.4 - Information Disclosure	WebApps	Multiple
2024-02-09	Online Nurse Hiring System 1.0 - Time-Based SQL Injection	WebApps	PHP
2024-02-09	Rail Pass Management System 1.0 - Time-Based SQL Injection	WebApps	PHP
2024-02-09	Wordpress Seotheme - Remote Code Execution Unauthenticated	WebApps	PHP
2024-02-09	Wordpress Augmented-Reality - Remote Code Execution Unauthenticated	WebApps	PHP
2024-02-09	Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2024-02-05	WhatsUp Gold 2022 (22.1.0 Build 39) - XSS	WebApps	Multiple
2024-02-05	MISP 2.4.171 - Stored XSS	WebApps	PHP
2024-02-05	Clinic's Patient Management System 1.0 - Unauthenticated RCE	WebApps	PHP
2024-02-05	Curfew e-Pass Management System 1.0 - FromDate SQL Injection	WebApps	PHP
2024-02-05	GYM MS - GYM Management System - Cross Site Scripting (Stored)	WebApps	PHP
2024-02-02	Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)	WebApps	PHP
2024-02-02	Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution	WebApps	Hardware
2024-02-02	Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal	WebApps	Hardware
2024-02-02	Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass	WebApps	Hardware
2024-02-02	Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure	WebApps	Hardware
2024-02-02	Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure	WebApps	Hardware
2024-02-02	TP-LINK TL-WR740N - Multiple HTML Injection	WebApps	Hardware
2024-02-02	TP-Link TL-WR740N - UnAuthenticated Directory Transversal	WebApps	Hardware
2024-01-31	GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities	WebApps	Multiple
2024-01-31	Grocy <=4.0.2 - CSRF	WebApps	PHP
2024-01-31	101 News 1.0 - Multiple-SQLi	WebApps	PHP
2024-01-31	Academy LMS 6.2 - SQL Injection	WebApps	PHP
2024-01-29	PHP Shopping Cart 4.2 - Multiple-SQLi	WebApps	PHP
2024-01-29	Fundraising Script 1.0 - SQLi	WebApps	PHP
2024-01-29	Bank Locker Management System - SQL Injection	WebApps	PHP
2023-10-09	Splunk 9.0.5 - admin account take over	WebApps	Multiple
2023-10-09	Shuttle-Booking-Software v1.0 - Multiple-SQLi	WebApps	PHP
2023-10-09	Limo Booking Software v1.0 - CORS	WebApps	PHP
2023-10-09	Webedition CMS v2.9.8.8 - Blind SSRF	WebApps	PHP
2023-10-09	BoidCMS v2.0.0 - authenticated file upload vulnerability	WebApps	PHP
2023-10-09	Cacti 1.2.24 - Authenticated command injection when using SNMP options	WebApps	PHP
2023-10-09	Wordpress Sonaar Music Plugin 4.7 - Stored XSS	WebApps	PHP
2023-10-09	Coppermine Gallery 1.6.25 - RCE	WebApps	PHP
2023-10-09	Media Library Assistant Wordpress Plugin - RCE and LFI	WebApps	PHP
2023-10-09	WEBIGniter v28.7.23 File Upload - Remote Code Execution	WebApps	PHP
2023-10-09	Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation	WebApps	PHP
2023-10-09	Minio 2022-07-29T19-40-48Z - Path traversal	WebApps	Go
2023-10-09	Clcknshop 1.0.0 - SQL Injection	WebApps	PHP
2023-10-09	Online ID Generator 1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-10-09	Limo Booking Software v1.0 - CORS	WebApps	PHP
2023-10-09	GLPI GZIP(Py3) 9.4.5 - RCE	WebApps	PHP
2023-10-09	Online ID Generator 1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-10-09	Clcknshop 1.0.0 - SQL Injection	WebApps	PHP
2023-10-09	Minio 2022-07-29T19-40-48Z - Path traversal	WebApps	Go
2023-10-09	Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation	WebApps	PHP
2023-10-09	WEBIGniter v28.7.23 File Upload - Remote Code Execution	WebApps	PHP
2023-10-09	Media Library Assistant Wordpress Plugin - RCE and LFI	WebApps	PHP
2023-10-09	Coppermine Gallery 1.6.25 - RCE	WebApps	PHP
2023-10-09	Wordpress Sonaar Music Plugin 4.7 - Stored XSS	WebApps	PHP
2023-10-09	Cacti 1.2.24 - Authenticated command injection when using SNMP options	WebApps	PHP
2023-10-09	BoidCMS v2.0.0 - authenticated file upload vulnerability	WebApps	PHP
2023-10-09	Webedition CMS v2.9.8.8 - Blind SSRF	WebApps	PHP
2023-10-09	Shuttle-Booking-Software v1.0 - Multiple-SQLi	WebApps	PHP
2023-10-09	Splunk 9.0.5 - admin account take over	WebApps	Multiple
2023-09-08	Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure	WebApps	PHP
2023-09-08	SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection	WebApps	PHP
2023-09-08	Wordpress Plugin Elementor 3.5.5 - Iframe Injection	WebApps	PHP
2023-09-08	Wp2Fac - OS Command Injection	WebApps	PHP
2023-09-08	soosyze 2.0.0 - File Upload	WebApps	PHP
2023-09-08	Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS	WebApps	Multiple
2023-09-08	Drupal 10.1.2 - web-cache-poisoning-External-service-interaction	WebApps	PHP
2023-09-04	Blood Donor Management System v1.0 - Stored XSS	WebApps	PHP
2023-09-04	Hyip Rio 2.1 - Arbitrary File Upload	WebApps	PHP
2023-09-04	Credit Lite 1.5.4 - SQL Injection	WebApps	PHP
2023-09-04	Academy LMS 6.1 - Arbitrary File Upload	WebApps	PHP
2023-09-04	CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )	WebApps	PHP
2023-09-04	CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')	WebApps	PHP
2023-09-04	AdminLTE PiHole 5.18 - Broken Access Control	WebApps	PHP
2023-09-04	FileMage Gateway 1.10.9 - Local File Inclusion	WebApps	Multiple
2023-09-04	DLINK DPH-400SE - Exposure of Sensitive Information	WebApps	Hardware
2023-09-04	Member Login Script 3.3 - Client-side desync	WebApps	PHP
2023-09-04	WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)	WebApps	PHP
2023-09-04	Bus Reservation System 1.1 - Multiple-SQLi	WebApps	PHP
2023-09-04	SPA-Cart eCommerce CMS 1.9.0.3 - Reflected XSS	WebApps	PHP
2023-08-24	User Registration & Login and User Management System v3.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-08-24	User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)	WebApps	PHP
2023-08-24	Uvdesk 1.1.4 - Stored XSS (Authenticated)	WebApps	PHP
2023-08-21	Dolibarr Version 17.0.1 - Stored XSS	WebApps	PHP
2023-08-21	PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities	WebApps	PHP
2023-08-21	Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)	WebApps	PHP
2023-08-21	Color Prediction Game v1.0 - SQL Injection	WebApps	PHP
2023-08-21	Global - Multi School Management System Express v1.0- SQL Injection	WebApps	PHP
2023-08-21	OVOO Movie Portal CMS v3.3.3 - SQL Injection	WebApps	PHP
2023-08-21	Taskhub CRM Tool 2.8.6 - SQL Injection	WebApps	PHP
2023-08-08	Adlisting Classified Ads 2.14.0 - WebPage Content Information Disclosure	WebApps	PHP
2023-08-08	Lucee 5.4.2.17 - Authenticated Reflected XSS	WebApps	Multiple
2023-08-08	Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)	WebApps	Python
2023-08-08	mooSocial 3.1.8 - Reflected XSS	WebApps	PHP
2023-08-08	Social-Commerce 3.1.6 - Reflected XSS	WebApps	PHP
2023-08-08	PHPJabbers Vacation Rental Script 4.0 - CSRF	WebApps	PHP
2023-08-08	Emagic Data Center Management Suite v6.0 - OS Command Injection	WebApps	PHP
2023-08-04	Adiscon LogAnalyzer v.4.1.13 - Cross Site Scripting	WebApps	PHP
2023-08-04	WordPress Plugin Ninja Forms 3.6.25 - Reflected XSS	WebApps	PHP
2023-08-04	Joomla JLex Review 6.0.1 - Reflected XSS	WebApps	PHP
2023-08-04	Ozeki SMS Gateway 10.3.208 - Arbitrary File Read (Unauthenticated)	WebApps	Multiple
2023-08-04	JLex GuestBook 1.6.4 - Reflected XSS	WebApps	PHP
2023-08-04	PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS	WebApps	PHP
2023-08-04	PHPJabbers Service Booking Script 1.0 - Reflected XSS	WebApps	PHP
2023-08-04	PHPJabbers Night Club Booking 1.0 - Reflected XSS	WebApps	PHP
2023-08-04	PHPJabbers Cleaning Business 1.0 - Reflected XSS	WebApps	PHP
2023-08-04	PHPJabbers Taxi Booking 2.0 - Reflected XSS	WebApps	PHP
2023-08-04	PHPJabbers Rental Property Booking 2.0 - Reflected XSS	WebApps	PHP
2023-08-04	Academy LMS 6.0 - Reflected XSS	WebApps	PHP
2023-08-04	WordPress adivaha Travel Plugin 2.3 - SQL Injection	WebApps	PHP
2023-08-04	Campcodes Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload	WebApps	PHP
2023-08-04	Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access	WebApps	PHP
2023-08-04	Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR	WebApps	PHP
2023-08-04	Webutler v3.2 - Remote Code Execution (RCE)	WebApps	PHP
2023-08-04	Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)	WebApps	PHP
2023-08-04	Webedition CMS v2.9.8.8 - Stored XSS	WebApps	PHP
2023-08-04	WordPress adivaha Travel Plugin 2.3 - Reflected XSS	WebApps	PHP
2023-08-04	WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution	WebApps	PHP
2023-07-31	Joomla Solidres 2.13.3 - Reflected XSS	WebApps	PHP
2023-07-31	Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-07-31	Joomla iProperty Real Estate 4.1.1 - Reflected XSS	WebApps	PHP
2023-07-28	RosarioSIS 10.8.4 - CSV Injection	WebApps	PHP
2023-07-28	zomplog 3.9 - Remote Code Execution (RCE)	WebApps	PHP
2023-07-28	Zomplog 3.9 - Cross-site scripting (XSS)	WebApps	PHP
2023-07-28	Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)	WebApps	PHP
2023-07-28	Perch v3.2 - Persistent Cross Site Scripting (XSS)	WebApps	PHP
2023-07-28	mooDating 1.2 - Reflected Cross-site scripting (XSS)	WebApps	PHP
2023-07-28	Joomla HikaShop 4.7.4 - Reflected XSS	WebApps	PHP
2023-07-28	October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-07-28	Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS	WebApps	PHP
2023-07-28	WordPress Plugin AN_Gradebook 5.0.1 - SQLi	WebApps	PHP
2023-07-28	copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)	WebApps	Python
2023-07-28	copyparty 1.8.2 - Directory Traversal	WebApps	Python
2023-07-21	Perch v3.2 - Remote Code Execution (RCE)	WebApps	PHP
2023-07-21	Perch v3.2 - Stored XSS	WebApps	PHP
2023-07-20	pfSense v2.7.0 - OS Command Injection	WebApps	PHP
2023-07-20	Wifi Soft Unibox Administration 3.0 & 3.1 - SQL Injection	WebApps	PHP
2023-07-20	Boom CMS v8.0.7 - Cross Site Scripting	WebApps	PHP
2023-07-20	Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities	WebApps	PHP
2023-07-20	PaulPrinting CMS - (Search Delivery) Cross Site Scripting	WebApps	PHP
2023-07-20	Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities	WebApps	PHP
2023-07-20	Webile v1.0.1 - Multiple Cross Site Scripting	WebApps	PHP
2023-07-20	Aures Booking & POS Terminal - Local Privilege Escalation	WebApps	PHP
2023-07-20	PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities	WebApps	PHP
2023-07-20	RWS WorldServer 11.7.3 - Session Token Enumeration	WebApps	Multiple
2023-07-19	PimpMyLog v1.7.14 - Improper access control	WebApps	PHP
2023-07-19	phpfm v1.7.9 - Authentication type juggling	WebApps	PHP
2023-07-19	Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration)	WebApps	PHP
2023-07-19	Vaidya-Mitra 1.0 - Multiple SQLi	WebApps	PHP
2023-07-19	Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-07-19	Online Piggery Management System v1.0 - unauthenticated file upload vulnerability	WebApps	PHP
2023-07-19	CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI)	WebApps	PHP
2023-07-19	CmsMadeSimple v2.2.17 - Remote Code Execution (RCE)	WebApps	PHP
2023-07-19	CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-07-19	Statamic 4.7.0 - File-Inclusion	WebApps	PHP
2023-07-19	ABB FlowX v4.00 - Exposure of Sensitive Information	WebApps	Hardware
2023-07-19	Blackcat Cms v1.4 - Stored XSS	WebApps	PHP
2023-07-19	Blackcat Cms v1.4 - Remote Code Execution (RCE)	WebApps	PHP
2023-07-19	TP-Link TL-WR740N - Authenticated Directory Transversal	WebApps	Hardware
2023-07-15	Icinga Web 2.10 - Authenticated Remote Code Execution	WebApps	PHP
2023-07-15	News Portal v4.0 - SQL Injection (Unauthorized)	WebApps	PHP
2023-07-15	ProjeQtOr Project Management System v10.4.1 - Multiple XSS	WebApps	PHP
2023-07-15	Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass	WebApps	Hardware
2023-07-15	Admidio v4.2.10 - Remote Code Execution (RCE)	WebApps	PHP
2023-07-15	WinterCMS < 1.2.3 - Persistent Cross-Site Scripting	WebApps	PHP
2023-07-15	Pluck v4.7.18 - Remote Code Execution (RCE)	WebApps	PHP
2023-07-11	Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS)	WebApps	Java
2023-07-11	Spring Cloud 3.2.2 - Remote Command Execution (RCE)	WebApps	Java
2023-07-11	Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated)	WebApps	Python
2023-07-11	BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2023-07-11	Ateme TITAN File 3.9 - SSRF File Enumeration	WebApps	Hardware
2023-07-07	Faculty Evaluation System v1.0 - SQL Injection	WebApps	PHP
2023-07-06	Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-07-06	Lost and Found Information System v1.0 - SQL Injection	WebApps	PHP
2023-07-06	Piwigo v13.7.0 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-07-04	Car Rental Script 1.8 - Stored Cross-site scripting (XSS)	WebApps	PHP
2023-07-04	Beauty Salon Management System v1.0 - SQLi	WebApps	PHP
2023-07-03	Rukovoditel 3.4.1 - Multiple Stored XSS	WebApps	PHP
2023-07-03	Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)	WebApps	PHP
2023-07-03	FuguHub 8.1 - Remote Code Execution	WebApps	Multiple
2023-07-03	POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)	WebApps	PHP
2023-07-03	WebsiteBaker v2.13.3 - Stored XSS	WebApps	PHP
2023-07-03	WebsiteBaker v2.13.3 - Directory Traversal	WebApps	PHP
2023-07-03	D-Link DAP-1325 - Broken Access Control	WebApps	Hardware
2023-07-03	spip v4.1.10 - Spoofing Admin account	WebApps	PHP
2023-07-03	Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-07-03	GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-07-03	WP AutoComplete 1.0.4 - Unauthenticated SQLi	WebApps	PHP
2023-07-03	Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-07-03	Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)	WebApps	Java
2023-07-03	Prestashop 8.0.4 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-07-03	PodcastGenerator 3.2.9 - Blind SSRF via XML Injection	WebApps	PHP
2023-07-03	WBCE CMS 1.6.1 - Open Redirect & CSRF	WebApps	PHP
2023-06-26	Microsoft SharePoint Enterprise Server 2016 - Spoofing	WebApps	Multiple
2023-06-26	PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory	WebApps	PHP
2023-06-26	Xenforo Version 2.2.13 - Authenticated Stored XSS	WebApps	PHP
2023-06-26	PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory	WebApps	PHP
2023-06-26	Microsoft SharePoint Enterprise Server 2016 - Spoofing	WebApps	Multiple
2023-06-23	MCL-Net 4.3.5.8788 - Information Disclosure	WebApps	Hardware
2023-06-23	Bludit < 3.13.1 Backup Plugin - Arbitrary File Download (Authenticated)	WebApps	PHP
2023-06-22	Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)	WebApps	ASPX
2023-06-21	HiSecOS 04.0.01 - Privilege Escalation	WebApps	Hardware
2023-06-20	SPIP v4.2.0 - Remote Code Execution (Unauthenticated)	WebApps	PHP
2023-06-20	Super Socializer 7.13.52 - Reflected XSS	WebApps	PHP
2023-06-20	WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-06-14	PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)	WebApps	Python
2023-06-19	WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password	WebApps	PHP
2023-06-19	Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)	WebApps	Hardware
2023-06-19	Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2023-06-19	Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-06-19	Jobpilot v2.61 - SQL Injection	WebApps	PHP
2023-06-19	Groomify v1.0 - SQL Injection	WebApps	PHP
2023-06-19	The Shop v2.5 - SQL Injection	WebApps	PHP
2023-06-15	Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)	WebApps	PHP
2023-06-14	Textpattern CMS v4.8.8 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-06-14	Online Thesis Archiving System v1.0 - Multiple-SQLi	WebApps	PHP
2023-06-14	Xoops CMS 2.5.10 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-06-14	Monstra 3.0.4 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-06-14	projectSend r1605 - Stored XSS	WebApps	PHP
2023-06-14	projectSend r1605 - CSV injection	WebApps	PHP
2023-06-13	Sales Tracker Management System v1.0 - Multiple Vulnerabilities	WebApps	PHP
2023-06-13	Teachers Record Management System 1.0 - File Upload Type Validation	WebApps	PHP
2023-06-13	Online Examination System Project 1.0 - Cross-site request forgery (CSRF)	WebApps	PHP
2023-06-09	WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution	WebApps	PHP
2023-06-09	Thruk Monitoring Web Interface 3.06 - Path Traversal	WebApps	Perl
2023-06-06	Tree Page View Plugin 1.6.7 - Cross Site Scripting (XSS)	WebApps	PHP
2023-06-04	File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)	WebApps	PHP
2023-06-04	MotoCMS Version 3.4.3 - SQL Injection	WebApps	PHP
2023-06-04	STARFACE 7.3.0.10 - Authentication with Password Hash Possible	WebApps	JSP
2023-06-04	Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-06-04	Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)	WebApps	PHP
2023-06-04	Total CMS 1.7.4 - Remote Code Execution (RCE)	WebApps	PHP
2023-05-31	MotoCMS Version 3.4.3 - Server-Side Template Injection (SSTI)	WebApps	Multiple
2023-05-31	Pydio Cells 4.1.2 - Server-Side Request Forgery	WebApps	Go
2023-05-31	Pydio Cells 4.1.2 - Cross-Site Scripting (XSS) via File Download	WebApps	Go
2023-05-31	Pydio Cells 4.1.2 - Unauthorised Role Assignments	WebApps	Go
2023-05-31	Faculty Evaluation System 1.0 - Unauthenticated File Upload	WebApps	PHP
2023-05-31	Online Security Guards Hiring System 1.0 - Reflected XSS	WebApps	PHP
2023-05-31	unilogies/bumsys v1.0.3 beta - Unrestricted File Upload	WebApps	PHP
2023-05-31	SCRMS 2023-05-27 1.0 - Multiple SQL Injection	WebApps	PHP
2023-05-31	Rukovoditel 3.3.1 - CSV injection	WebApps	PHP
2023-05-26	Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)	WebApps	Ruby
2023-05-25	SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)	WebApps	Multiple
2023-05-25	Ulicms 2023.1 - create admin user via mass assignment	WebApps	PHP
2023-05-25	Zenphoto 1.6 - Multiple stored XSS	WebApps	PHP
2023-05-25	WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-24	Service Provider Management System v1.0 - SQL Injection	WebApps	PHP
2023-05-24	Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute	WebApps	PHP
2023-05-23	FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)	WebApps	Multiple
2023-05-23	CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)	WebApps	PHP
2023-05-23	ChurchCRM v4.5.4 - Reflected XSS via Image (Authenticated)	WebApps	PHP
2023-05-23	Bludit CMS v3.14.1 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-05-23	GetSimple CMS v3.3.16 - Remote Code Execution (RCE)	WebApps	PHP
2023-05-23	Quicklancer v1.0 - SQL Injection	WebApps	PHP
2023-05-23	Stackposts Social Marketing Tool v1.0 - SQL Injection	WebApps	PHP
2023-05-23	Smart School v1.0 - SQL Injection	WebApps	PHP
2023-05-23	LeadPro CRM v1.0 - SQL Injection	WebApps	PHP
2023-05-23	Affiliate Me Version 5.0.1 - SQL Injection	WebApps	PHP
2023-05-23	eScan Management Console 14.0.1400.2281 - Cross Site Scripting	WebApps	Windows
2023-05-23	eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)	WebApps	Windows
2023-05-23	Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-23	SitemagicCMS 4.4.3 - Remote Code Execution (RCE)	WebApps	PHP
2023-05-23	Prestashop 8.0.4 - CSV injection	WebApps	PHP
2023-05-23	Best POS Management System v1.0 - Unauthenticated Remote Code Execution	WebApps	PHP
2023-05-23	PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-23	PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)	WebApps	Multiple
2023-05-23	WBiz Desk 1.2 - SQL Injection	WebApps	PHP
2023-05-23	thrsrossi Millhouse-Project 1.414 - Remote Code Execution	WebApps	PHP
2023-05-23	e107 v2.3.2 - Reflected XSS	WebApps	PHP
2023-05-23	PnPSCADA v2.x - Unauthenticated PostgreSQL Injection	WebApps	Hardware
2023-05-23	Apache Superset 2.0.0 - Authentication Bypass	WebApps	Multiple
2023-05-23	Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title	WebApps	Ruby
2023-05-23	WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup	WebApps	PHP
2023-05-23	TinyWebGallery v2.5 - Remote Code Execution (RCE)	WebApps	PHP
2023-05-13	TinyWebGallery v2.5 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-13	Job Portal 1.0 - File Upload Restriction Bypass	WebApps	PHP
2023-05-13	Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-13	RockMongo 1.1.7 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-05	File Thingie 2.5.7 - Remote Code Execution (RCE)	WebApps	PHP
2023-05-05	Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-05	Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE)	WebApps	PHP
2023-05-05	Ulicms-2023.1-sniffing-vicuna - Privilege escalation	WebApps	PHP
2023-05-05	Online Pizza Ordering System v1.0 - Unauthenticated File Upload	WebApps	PHP
2023-05-05	EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal)	WebApps	PHP
2023-05-05	Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks	WebApps	PHP
2023-05-05	Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls	WebApps	PHP
2023-05-05	Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts	WebApps	PHP
2023-05-05	Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path	WebApps	PHP
2023-05-05	Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module	WebApps	PHP
2023-05-05	Jedox 2022.4.2 - Remote Code Execution via Directory Traversal	WebApps	PHP
2023-05-05	Jedox 2022.4.2 - Code Execution via RPC Interfaces	WebApps	PHP
2023-05-05	Cmaps v8.0 - SQL injection	WebApps	PHP
2023-05-05	Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)	WebApps	PHP
2023-05-05	pluck v4.7.18 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-05	KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE)	WebApps	PHP
2023-05-02	GLPI 9.5.7 - Username Enumeration	WebApps	PHP
2023-05-02	Companymaps v8.0 - Stored Cross Site Scripting (XSS)	WebApps	PHP
2023-05-02	PHPJabbers Simple CMS 5.0 - SQL Injection	WebApps	PHP
2023-05-02	PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-02	OpenEMR v7.0.1 - Authentication credentials brute force	WebApps	PHP
2023-05-02	PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-02	SoftExpert (SE) Suite v2.1.3 - Local File Inclusion	WebApps	PHP
2023-05-02	Serendipity 2.4.0 - File Inclusion RCE	WebApps	PHP
2023-05-02	admidio v4.2.5 - CSV Injection	WebApps	PHP
2023-05-02	revive-adserver v5.4.1 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-05-02	projectSend r1605 - Private file download	WebApps	PHP
2023-05-02	phpMyFAQ v3.1.12 - CSV Injection	WebApps	PHP
2023-05-02	PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting	WebApps	PHP
2023-04-27	ChurchCRM v4.5.3 - Authenticated SQL Injection	WebApps	PHP
2023-04-25	Sophos Web Appliance 4.3.10.4 - Pre-auth command injection	WebApps	PHP
2023-04-25	Multi-Vendor Online Groceries Management System 1.0 - Remote Code Execution	WebApps	PHP
2023-04-25	Mars Stealer 8.3 - Admin Account Takeover	WebApps	PHP
2023-04-25	PaperCut NG/MG 22.0.4 - Authentication Bypass	WebApps	Multiple
2023-04-25	KodExplorer 4.49 - CSRF to Arbitrary File Upload	WebApps	PHP
2023-04-20	ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-20	Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-20	FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)	WebApps	TypeScript
2023-04-20	Chitor-CMS v1.1.2 - Pre-Auth SQL Injection	WebApps	PHP
2023-04-20	GDidees CMS 3.9.1 - Local File Disclosure	WebApps	PHP
2023-04-20	Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information	WebApps	JSON
2023-04-20	Bang Resto v1.0 - 'Multiple' SQL Injection	WebApps	PHP
2023-04-20	Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-20	Lilac-Reloaded for Nagios 2.0.8 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-20	Serendipity 2.4.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-20	Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP	WebApps	Hardware
2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure	WebApps	Hardware
2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation	WebApps	Hardware
2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset	WebApps	Hardware
2023-04-14	Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit	WebApps	Hardware
2023-04-14	Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password	WebApps	Hardware
2023-04-14	Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery	WebApps	Hardware
2023-04-14	Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking	WebApps	Hardware
2023-04-14	InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload / Directory Traversal	WebApps	ASP
2023-04-14	Bludit 4.0.0-rc-2 - Account takeover	WebApps	PHP
2023-04-10	Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-10	BrainyCP V1.0 - Remote Code Execution	WebApps	PHP
2023-04-10	Roxy Fileman 1.4.5 - Arbitrary File Upload	WebApps	ASHX
2023-04-10	ever gauzy v0.281.9 - JWT weak HMAC secret	WebApps	TypeScript
2023-04-08	dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-04-08	pfsenseCE v2.6.0 - Anti-brute force protection bypass	WebApps	PHP
2023-04-08	Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	JSP
2023-04-08	WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-08	ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS)	WebApps	CGI
2023-04-08	X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-04-08	X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
2023-04-08	Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-08	Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-08	Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-08	Suprema BioStar 2 v2.8.16 - SQL Injection	WebApps	Multiple
2023-04-08	Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)	WebApps	Java
2023-04-08	Medicine Tracker System v1.0 - Sql Injection	WebApps	PHP
2023-04-08	Online Appointment System V1.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-08	ENTAB ERP 1.0 - Username PII leak	WebApps	ASP
2023-04-08	Joomla! v4.2.8 - Unauthenticated information disclosure	WebApps	PHP
2023-04-08	Restaurant Management System 1.0 - SQL Injection	WebApps	PHP
2023-04-08	Icinga Web 2.10 - Arbitrary File Disclosure	WebApps	PHP
2023-04-08	Adobe Connect 11.4.5 - Local File Disclosure	WebApps	Multiple
2023-04-08	Altenergy Power Control Software C1.2.5 - OS command injection	WebApps	Hardware
2023-04-07	Snitz Forum v1.0 - Blind SQL Injection	WebApps	ASP
2023-04-07	Rukovoditel 3.3.1 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-07	ChurchCRM 4.5.1 - Authenticated SQL Injection	WebApps	PHP
2023-04-07	NotrinosERP 0.7 - Authenticated Blind SQL Injection	WebApps	PHP
2023-04-07	MAC 1200R - Directory Traversal	WebApps	Hardware
2023-04-06	craftercms 4.x.x - CORS	WebApps	Multiple
2023-04-06	Purchase Order Management-1.0 - Local File Inclusion	WebApps	PHP
2023-04-06	Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI	WebApps	CGI
2023-04-06	Agilebio Lab Collector Electronic Lab Notebook v4.234 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-06	ChurchCRM v4.5.3-121fcc1 - SQL Injection	WebApps	PHP
2023-04-06	flatnux 2021-03.25 - Remote Code Execution (Authenticated)	WebApps	PHP
2023-04-06	Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-06	Music Gallery Site v1.0 - SQL Injection on page Master.php	WebApps	PHP
2023-04-06	Music Gallery Site v1.0 - SQL Injection on page view_music_details.php	WebApps	PHP
2023-04-06	Music Gallery Site v1.0 - Broken Access Control	WebApps	PHP
2023-04-06	Music Gallery Site v1.0 - SQL Injection on music_list.php	WebApps	PHP
2023-04-06	Employee Task Management System v1.0 - SQL Injection on edit-task.php	WebApps	PHP
2023-04-06	Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)	WebApps	PHP
2023-04-06	Employee Task Management System v1.0 - Broken Authentication	WebApps	PHP
2023-04-06	Auto Dealer Management System v1.0 - SQL Injection on manage_user.php	WebApps	PHP
2023-04-06	Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php	WebApps	PHP
2023-04-06	Auto Dealer Management System v1.0 - SQL Injection	WebApps	PHP
2023-04-06	Auto Dealer Management System 1.0 - Broken Access Control Exploit	WebApps	PHP
2023-04-06	Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload	WebApps	PHP
2023-04-06	Best pos Management System v1.0 - SQL Injection	WebApps	PHP
2023-04-06	Kimai-1.30.10 - SameSite Cookie-Vulnerability session hijacking	WebApps	PHP
2023-04-06	POLR URL 2.3.0 - Shortener Admin Takeover	WebApps	PHP
2023-04-06	modoboa 2.0.4 - Admin TakeOver	WebApps	Python
2023-04-06	LDAP Tool Box Self Service Password v1.5.2 - Account takeover	WebApps	PHP
2023-04-06	Intern Record System v1.0 - SQL Injection (Unauthenticated)	WebApps	PHP
2023-04-06	Simple Task Managing System v1.0 - SQL Injection (Unauthenticated)	WebApps	PHP
2023-04-06	Art Gallery Management System Project in PHP v 1.0 - SQL injection	WebApps	PHP
2023-04-06	atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE	WebApps	PHP
2023-04-06	Dompdf 1.2.1 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-06	EasyNas 1.1.0 - OS Command Injection	WebApps	Perl
2023-04-05	Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)	WebApps	Multiple
2023-04-05	Froxlor 2.0.3 Stable - Remote Code Execution (RCE)	WebApps	PHP
2023-04-05	ImageMagick 7.1.0-49 - Arbitrary File Read	WebApps	PHP
2023-04-05	CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	Answerdev 1.0.3 - Account Takeover	WebApps	Go
2023-04-05	ERPNext 12.29 - Cross-Site Scripting (XSS)	WebApps	Java
2023-04-05	BTCPay Server v1.7.4 - HTML Injection.	WebApps	Multiple
2023-04-05	itech TrainSmart r1044 - SQL injection	WebApps	PHP
2023-04-05	Responsive FileManager 9.9.5 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-05	Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-05	Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated)	WebApps	PHP
2023-04-05	bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	Liferay Portal 6.2.5 - Insecure Permissions	WebApps	Java
2023-04-05	Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	zstore 6.6.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-05	projectSend r1605 - Remote Code Exectution RCE	WebApps	PHP
2023-04-05	Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-05	PhotoShow 3.0 - Remote Code Execution	WebApps	PHP
2023-04-03	Paid Memberships Pro v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection	WebApps	PHP
2023-04-03	GLPI Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)	WebApps	PHP
2023-04-03	GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)	WebApps	PHP
2023-04-03	GLPI Activity v3.1.0 - Authenticated Local File Inclusion on Activity plugin	WebApps	PHP
2023-04-03	GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion	WebApps	PHP
2023-04-03	GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin	WebApps	PHP
2023-04-03	Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload	WebApps	Python
2023-04-03	Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)	WebApps	Python
2023-04-03	Roxy WI v6.1.0.0 - Improper Authentication Control	WebApps	Python
2023-04-03	WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE	WebApps	PHP
2023-04-03	ManageEngin AMP 4.3.0 - File-path-traversal	WebApps	Multiple
2023-04-03	Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-03	ERPGo SaaS 3.9 - CSV Injection	WebApps	PHP
2023-04-03	AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)	WebApps	PHP
2023-04-03	SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)	WebApps	Multiple
2023-04-03	Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated	WebApps	PHP
2023-04-03	Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated	WebApps	PHP
2023-04-03	Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-03	MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-04-03	SLIMSV 9.5.2 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-03	Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-03	Nacos 2.0.3 - Access Control vulnerability	WebApps	Java
2023-04-03	Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-04-03	ChiKoi v1.0 - SQL Injection	WebApps	PHP
2023-04-03	pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute	WebApps	PHP
2023-04-01	ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS)	WebApps	ASPX
2023-04-01	Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)	WebApps	PHP
2023-04-01	Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE)	WebApps	Linux
2023-04-01	Apache 2.4.x - Buffer Overflow	WebApps	Multiple
2023-04-01	Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS)	WebApps	Windows
2023-04-01	SugarCRM 12.2.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-04-01	perfSONAR v4.4.5 - Partial Blind CSRF	WebApps	Multiple
2023-04-01	Prizm Content Connect v10.5.1030.8315 - XXE	WebApps	PHP
2023-04-01	XCMS v1.83 - Remote Command Execution (RCE)	WebApps	PHP
2023-04-01	GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)	WebApps	Ruby
2023-04-01	GeoVision Camera GV-ADR2701 - Authentication Bypass	WebApps	Hardware
2023-03-31	Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-03-31	Bangresto 1.0 - SQL Injection	WebApps	PHP
2023-03-31	Cacti v1.2.22 - Remote Command Execution (RCE)	WebApps	PHP
2023-03-31	Judging Management System v1.0 - Authentication Bypass	WebApps	PHP
2023-03-31	Judging Management System v1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-31	rconfig 3.9.7 - Sql Injection (Authenticated)	WebApps	PHP
2023-03-31	Spitfire CMS 1.0.475 - PHP Object Injection	WebApps	PHP
2023-03-31	Senayan Library Management System v9.0.0 - SQL Injection	WebApps	PHP
2023-03-31	Bludit 3-14-1 Plugin 'UploadPlugin' - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-03-31	WooCommerce v7.1.0 - Remote Code Execution(RCE)	WebApps	PHP
2023-03-31	EQ Enterprise management system v2.2.0 - SQL Injection	WebApps	ASP
2023-03-30	Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	WPForms 1.7.8 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	Shoplazza 1.1 - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
2023-03-30	LISTSERV 17 - Insecure Direct Object Reference (IDOR)	WebApps	CGI
2023-03-30	LISTSERV 17 - Reflected Cross Site Scripting (XSS)	WebApps	CGI
2023-03-30	4images 1.9 - Remote Command Execution (RCE)	WebApps	PHP
2023-03-30	Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-30	Concrete5 CME v9.1.3 - Xpath injection	WebApps	PHP
2023-03-30	Virtual Reception v1.0 - Web Server Directory Traversal	WebApps	Multiple
2023-03-30	Covenant v0.5 - Remote Code Execution (RCE)	WebApps	Multiple
2023-03-30	Ecommerse v1.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	Boa Web Server v0.94.14 - Authentication Bypass	WebApps	Linux
2023-03-30	myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	ClicShopping v3.402 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-30	Dreamer CMS v4.0.0 - SQL Injection	WebApps	Multiple
2023-03-29	Revenue Collection System v1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-29	Helmet Store Showroom v1.0 - SQL Injection	WebApps	PHP
2023-03-29	Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)	WebApps	Hardware
2023-03-29	Human Resource Management System 1.0 - SQL Injection (unauthenticated)	WebApps	PHP
2023-03-29	Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-29	WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
2023-03-28	rukovoditel 3.2.1 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-28	Senayan Library Management System v9.5.0 - SQL Injection	WebApps	PHP
2023-03-28	iBooking v1.0.8 - Arbitrary File Upload	WebApps	PHP
2023-03-28	ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)	WebApps	ASPX
2023-03-28	Social-Share-Buttons v2.2.3 - SQL Injection	WebApps	PHP
2023-03-28	Moodle LMS 4.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-28	OPSWAT Metadefender Core - Privilege Escalation	WebApps	Multiple
2023-03-28	ZKTeco ZEM/ZMM 8.88 - Missing Authentication	WebApps	JSP
2023-03-28	Subrion CMS 4.2.1 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-28	Label Studio 1.5.0 - Authenticated Server Side Request Forgery (SSRF)	WebApps	Python
2023-03-28	BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-28	Jetpack 11.4 - Cross Site Scripting (XSS)	WebApps	PHP
2023-03-28	Online shopping system advanced 1.0 - Multiple Vulnerabilities	WebApps	PHP
2023-03-28	YouPHPTube<= 7.8 - Multiple Vulnerabilities	WebApps	PHP
2023-03-28	Pega Platform 8.1.0 - Remote Code Execution (RCE)	WebApps	Multiple
2023-03-28	Beauty-salon v1.0 - Remote Code Execution (RCE)	WebApps	PHP
2023-03-27	FortiOS, FortiProxy, FortiSwitchManager v7.2.1 - Authentication Bypass	WebApps	Multiple
2023-03-27	WebTareas 2.4 - RCE (Authorized)	WebApps	PHP
2023-03-27	WebTareas 2.4 - Reflected XSS (Unauthorised)	WebApps	PHP
2023-03-27	WebTareas 2.4 - SQL Injection (Unauthorised)	WebApps	PHP
2023-03-27	Atom CMS v2.0 - SQL Injection (no auth)	WebApps	PHP
2023-03-27	Aero CMS v0.0.1 - PHP Code Injection (auth)	WebApps	PHP
2023-03-27	Aero CMS v0.0.1 - SQL Injection (no auth)	WebApps	PHP
2023-03-27	Desktop Central 9.1.0 - Multiple Vulnerabilities	WebApps	JSP
2023-03-27	WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities	WebApps	PHP
2023-03-27	Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE)	WebApps	PHP
2023-03-27	Grafana <=6.2.4 - HTML Injection	WebApps	TypeScript
2023-03-27	Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass	WebApps	PHP
2023-03-27	Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-27	Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)	WebApps	PHP
2023-03-27	FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-27	eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)	WebApps	PHP
2023-03-27	Canteen-Management v1.0 - SQL Injection	WebApps	PHP
2023-03-27	Canteen-Management v1.0 - XSS-Reflected	WebApps	PHP
2023-03-25	PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS	WebApps	PHP
2023-03-25	Composr-CMS Version <=10.0.39 - Authenticated Remote Code Execution	WebApps	PHP
2023-03-25	MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution	WebApps	PHP
2023-03-25	Abantecart v1.3.2 - Authenticated Remote Code Execution	WebApps	PHP
2023-03-25	SimpleMachinesForum v2.1.1 - Authenticated Remote Code Execution	WebApps	PHP
2023-03-25	ImpressCMS v1.4.3 - Authenticated SQL Injection	WebApps	PHP
2023-03-25	Password Manager for IIS v2.0 - XSS	WebApps	ASP
2023-03-25	Bus Pass Management System 1.0 - Cross-Site Scripting (XSS)	WebApps	PHP
2023-03-25	GuppY CMS v6.00.10 - Remote Code Execution	WebApps	PHP
2023-03-25	Lavalite v9.0.0 - XSRF-TOKEN cookie File path traversal	WebApps	PHP
2023-03-25	Employee Performance Evaluation System v1.0 - File Inclusion and RCE	WebApps	PHP
2023-03-25	Yoga Class Registration System v1.0 - Multiple SQLi	WebApps	PHP
2023-03-25	Human Resources Management System v1.0 - Multiple SQLi	WebApps	PHP
2023-03-25	Online Diagnostic Lab Management System v1.0 - Remote Code Execution (RCE) (Unauthenticated)	WebApps	PHP
2023-03-25	Translatepress Multilinugal WordPress plugin < 2.3.3 - Authenticated SQL Injection	WebApps	PHP
2023-03-25	NEX-Forms WordPress plugin < 7.9.7 - Authenticated SQLi	WebApps	PHP
2023-03-25	"camp" Raspberry Pi camera server 1.0 - Authentication Bypass	WebApps	Python
2023-03-23	Bitbucket v7.0.0 - RCE	WebApps	Python
2023-03-23	wkhtmltopdf 0.12.6 - Server Side Request Forgery	WebApps	ASP
2023-03-23	WorkOrder CMS 0.1.0 - SQL Injection	WebApps	PHP
2023-03-23	MAN-EAM-0003 V3.2.4 - XXE	WebApps	XML
2023-03-23	Owlfiles File Manager 12.0.1 - Multiple Vulnerabilities	WebApps	iOS
2023-03-22	Linksys AX3200 V1.1.00 - Command Injection	WebApps	Hardware
2023-03-22	VIAVIWEB Wallpaper Admin 1.0 - Multiple Vulnerabilities	WebApps	PHP
2023-02-20	pfBlockerNG 2.1.4_26 - Remote Code Execution (RCE)	WebApps	PHP