List of all the scan templates integrated into our Nuclei scan engine.
In total, there are over 2,100 network-related templates configured. With the Nuclei Scan engine enabled in the default scan configuration (Deep), you can rest assured that the following vulnerabilities are tested for. If you’d like to explore more, check out this guide - How to Configure the Network Scanner.
| Name | Template |
| Ivanti EPMM - Authentication Bypass | cve/CVE-2023-35078.yaml |
| Metabase - Pre-authentication Remote Code Execution | cve/CVE-2023-38646.yaml |
| CasaOS - Authentication Bypass | cve/CVE-2023-37265.yaml, cve/CVE-2023-37266.yaml |
| Cloudpanel 2 - Remote Code Execution | cve/CVE-2023-35885.yaml |
| XWiki Platform - Remote Code Execution | cve/CVE-2023-37462.yaml |
| Adobe ColdFusion - Pre-Auth Remote Code Execution | cve/CVE-2023-29300.yaml |
| Adobe ColdFusion - Access Control Bypass | cve/CVE-2023-29298.yaml |
| MOVEit - SQL Injection | cve/CVE-2023-36934.yaml |
| Apache Log4j Server - Deserialization Command Execution | network/CVE-2017-5645.yaml |
| ClockWatch Enterprise - Remote Code Execution | network/clockwatch-enterprise-rce.yaml |
| Dropbear sshd CBC Mode Ciphers Detection | network/dropbear-cbc-ciphers.yaml |
| AddPac GSM VoIP Gateway Panel - Detect | network/detect-addpac-voip-gateway.yaml |
| SMB Detection | network/smb-detect.yaml |
| SAPRouter - Routing information leak | network/sap-router-info-leak.yaml |
| MSMQ (Microsoft Message Queuing Service) Remote - Detect | network/msmq-detect.yaml |
| Memcached stats disclosure | network/memcached-stats.yaml |
| EXPN Mail Server Detect | network/expn-mail-detect.yaml |
| FTP Anonymous Login | network/ftp-anonymous-login.yaml |
| RabbitMQ Detection | network/rabbitmq-detect.yaml |
| CQL Native Transport Detect | network/cql-native-transport.yaml |
| POP3 Protocol - Detect | network/pop3-detect.yaml |
| Exposed Android Debug Bridge | network/exposed-adb.yaml |
| Windows Remote Desktop Protocol - Detect | network/rdp-detect.yaml |
| MongoDB Service - Detect | network/mongodb-detect.yaml |
| Redis Server - Unauthenticated Access | network/exposed-redis.yaml |
| Microsoft FTP Service Detect | network/microsoft-ftp-service.yaml |
| PostgreSQL - User Enumeration | network/psql-user-enum.yaml |
| Dropbear sshd Weak Key Exchange Algorithms Enabled | network/dropbear-weakalgo.yaml |
| Ganglia XML Grid Monitor | network/ganglia-xml-grid-monitor.yaml |
| Kafka Topics Enumeration | network/kafka-topics-list.yaml |
| Xlight FTP Service Detect | network/xlight-ftp-service-detect.yaml |
| VSFTPD 2.3.4 - Backdoor Command Execution | network/vsftpd-backdoor.yaml |
| Unauthorized Printer Access | network/printers-info-leak.yaml |
| Microsoft .NET Remoting httpd - Detect | network/dotnet-remoting-service-detect.yaml |
| Docker Daemon Exposed | network/exposed-dockerd.yaml |
| Apache Rocketmq Broker - Unauthenticated Access | network/apache-rocketmq-broker-unauth.yaml |
| Jabber XMPP Protocol - Detect | network/detect-jabber-xmpp.yaml |
| STARTTLS Mail Server Detection | network/starttls-mail-detect.yaml |
| VNC Service Detection | network/vnc-service-detect.yaml |
| VMware Authentication Daemon Detection | network/vmware-authentication-daemon-detect.yaml |
| MikroTik RouterOS API - Detect | network/mikrotik-routeros-api.yaml |
| TiDB - Unauthenticated Access | network/tidb-unauth.yaml |
| Dropbear sshd Detection | network/sshd-dropbear-detect.yaml |
| Telnet Detection | network/telnet-detect.yaml |
| TeamSpeak 3 ServerQuery Detection | network/teamspeak3-detect.yaml |
| GNU Inetutils FTPd Detect | network/gnu-inetutils-ftpd-detect.yaml |
| Apache Airflow <=1.10.10 - Command Injection | network/CVE-2020-11981.yaml |
| Gopher Service - Detect | network/gopher-detect.yaml |
| ZTE Router Panel - Detect | network/backdoored-zte.yaml |
| Weblogic T3 Protocol Detection | network/weblogic-t3-detect.yaml |
| ProFTPD Server Detect | network/proftpd-server-detect.yaml |
| IMAP - Detect | network/imap-detect.yaml |
| ClamAV Server Detect | network/clamav-detect.yaml |
| Apache ZooKeeper - Unauthenticated Access | network/exposed-zookeeper.yaml |
| Rsyncd Service - Detect | network/rsyncd-service-detect.yaml |
| MySQL - Detect | network/mysql-detect.yaml |
| MongoDB Information - Detect | network/mongodb-info-enum.yaml |
| iPlanet Messaging Server IMAP Protocol - Detection | network/iplanet-imap-detect.yaml |
| ESMTP - Detect | network/esmtp-detect.yaml |
| Java Remote Method Invocation Protocol - Detect | network/java-rmi-detect.yaml |
| ActiveMQ OpenWire Transport Detection | network/activemq-openwire-transport-detect.yaml |
| Totemomail SMTP Server Detection | network/totemomail-smtp-detect.yaml |
| IBM DB2 Database Server - Detect | network/ibm-d2b-database-server.yaml |
| RTSP - Detect | network/rtsp-detect.yaml |
| MikroTik FTP server Detect | network/mikrotik-ftp-server-detect.yaml |
| OpenSSH Service - Detect | network/openssh-detect.yaml |
| Apache Dubbo - Unauthenticated Access | network/apache-dubbo-unauth.yaml |
| ClamAV Server - Unauthenticated Access | network/clamav-unauth.yaml |
| TiDB - Password Vulnerability | network/tidb-native-password.yaml |
| SMTP User Enumeration | network/smtp-user-enum.yaml |
| PostgreSQL Authentication - Detect | network/pgsql-detect.yaml |
| Niagara Fox Protocol Information Enumeration | network/niagara-fox-info-enum.yaml |
| Beanstalk Service - Detect | network/beanstalk-service.yaml |
| SMTP Commands Enumeration | network/smtp-commands-enum.yaml |
| LDAP Server NULL Bind Connection Information Disclosure | network/ldap-anonymous-login.yaml |
| SMTP Service Detection | network/smtp-detect.yaml |
| Riak Detection | network/riak-detect.yaml |
| PostgreSQL - Unauthenticated Access | network/unauth-psql.yaml |
| Weblogic IIOP Protocol Detection | network/weblogic-iiop-detect.yaml |
| Dropbear Weak MAC Algorithms Enabled | network/dropbear-weakmac.yaml |
| Finger Daemon Detection | network/finger-detect.yaml |
| Cisco Smart Install Endpoints Exposure | network/cisco-smi-exposure.yaml |
| Samba Service Detection | network/samba-detect.yaml |
| Redis Service - Detect | network/redis-detect.yaml |
| Axigen Mail Server Detection | network/axigen-mail-server-detect.yaml |
| MySQL - Password Vulnerability | network/mysql-native-password.yaml |
| FTP Service - Credential Weakness | network/ftp-weak-credentials.yaml |
| ClickHouse - Unauthorized Access | network/clickhouse-unauth.yaml |
| MongoDB - Unauthenticated Access | network/mongodb-unauth.yaml |
| Rpcbind Portmapper - Detect | network/rpcbind-portmapper-detect.yaml |
| SAPRouter Detection | network/sap-router.yaml |
| Apache ActiveMQ Detection | network/apache-activemq-detect.yaml |
| Cisco Finger Daemon Detection | network/cisco-finger-detect.yaml |
| Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information | cnvd/CNVD-2021-14536.yaml |
| ShopXO Download File Read (CNVD-2021-15822) | cnvd/CNVD-2021-15822.yaml |
| Metinfo - Local File Inclusion (CNVD-2018-13393) | cnvd/CNVD-2018-13393.yaml |
| Fanwei eMobile - OGNL Injection (CNVD-2017-03561) | cnvd/CNVD-2017-03561.yaml |
| H5S CONSOLE - Unauthorized Access (CNVD-2020-67113) | cnvd/CNVD-2020-67113.yaml |
| ThinkPHP Multi Languag - File Inc & Remote Code Execution (RCE) (CNVD-2022-86535) | cnvd/CNVD-2022-86535.yaml |
| EEA - Information Disclosure (CNVD-2021-10543) | cnvd/CNVD-2021-10543.yaml |
| Showdoc <2.8.6 - File Uploads (CNVD-2020-26585) | cnvd/CNVD-2020-26585.yaml |
| CatfishCMS RCE (CNVD-2019-06255) | cnvd/CNVD-2019-06255.yaml |
| jshERP - Information Disclosure (CNVD-2020-63964) | cnvd/CNVD-2020-63964.yaml |
| Xxunchi CMS - Local File Inclusion (CNVD-2020-23735) | cnvd/CNVD-2020-23735.yaml |
| WeiPHP 5.0 - Path Traversal (CNVD-2020-68596) | cnvd/CNVD-2020-68596.yaml |
| EmpireCMS DOM Cross Site-Scripting (CNVD-2021-15824) | cnvd/CNVD-2021-15824.yaml |
| Ruijie Smartweb Management System Password Information Disclosure (CNVD-2021-17369) | cnvd/CNVD-2021-17369.yaml |
| E-Cology V9 - SQL Injection (CNVD-2023-12632) | cnvd/CNVD-2023-12632.yaml |
| Fanwei e-cology <=9.0 - Remote Code Execution (CNVD-2019-32204) | cnvd/CNVD-2019-32204.yaml |
| eYouMail - Remote Code Execution (CNVD-2021-26422) | cnvd/CNVD-2021-26422.yaml |
| Ruijie Smartweb - Default Password (CNVD-2020-56167) | cnvd/CNVD-2020-56167.yaml |
| UFIDA NC BeanShell Remote Command Execution (CNVD-2021-30167) | cnvd/CNVD-2021-30167.yaml |
| ZenTao CMS - SQL Injection (CNVD-2022-42853) | cnvd/CNVD-2022-42853.yaml |
| Sunflower Simple and Personal - Remote Code Execution (CNVD-2022-03672) | cnvd/CNVD-2022-03672.yaml |
| Pan Micro E-office File Uploads (CNVD-2021-49104) | cnvd/CNVD-2021-49104.yaml |
| Ruoyi Management System - Local File Inclusion (CNVD-2021-01931) | cnvd/CNVD-2021-01931.yaml |
| Zhiyuan A8 - Remote Code Execution (CNVD-2019-19299) | cnvd/CNVD-2019-19299.yaml |
| Landray-OA - Local File Inclusion (CNVD-2021-28277) | cnvd/CNVD-2021-28277.yaml |
| Sangfor EDR - Remote Code Execution (CNVD-2020-46552) | cnvd/CNVD-2020-46552.yaml |
| Seeyon - Local File Inclusion (CNVD-2020-62422) | cnvd/CNVD-2020-62422.yaml |
| Ruijie Networks-EWEB Network Management System - Remote Code Execution (CNVD-2021-09650) | cnvd/CNVD-2021-09650.yaml |
| Xiuno BBS CNVD-2019-01348 (CNVD-2019-01348) | cnvd/CNVD-2019-01348.yaml |
| WAF Fuzzing | waf/waf-fuzz.yaml |
| WAF Detection | waf/waf-detect.yaml |
| Apache Tomcat Remote Command Execution (CVE-2020-9484) | cve/CVE-2020-9484.yaml |
| DataTaker DT80 dEX 1.50.012 - Information Disclosure (CVE-2017-11165) | cve/CVE-2017-11165.yaml |
| ZyXel USG - Hardcoded Credentials (CVE-2020-29583) | cve/CVE-2020-29583.yaml |
| Gitblit 1.9.3 - Local File Inclusion (CVE-2022-31268) | cve/CVE-2022-31268.yaml |
| Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution (CVE-2022-37042) | cve/CVE-2022-37042.yaml |
| WordPress Workreap - Remote Code Execution (CVE-2021-24499) | cve/CVE-2021-24499.yaml |
| DOMOS 5.5 - Local File Inclusion (CVE-2019-18665) | cve/CVE-2019-18665.yaml |
| Jolokia Agent - JNDI Code Injection (CVE-2018-1000130) | cve/CVE-2018-1000130.yaml |
| Hongdian H8922 3.0.5 Devices - Local File Inclusion (CVE-2021-28149) | cve/CVE-2021-28149.yaml |
| Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting (CVE-2021-26710) | cve/CVE-2021-26710.yaml |
| WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection (CVE-2021-25114) | cve/CVE-2021-25114.yaml |
| Pypiserver <1.2.5 - Carriage Return Line Feed Injection (CVE-2019-6802) | cve/CVE-2019-6802.yaml |
| QCube Cross-Site-Scripting (CVE-2020-24912) | cve/CVE-2020-24912.yaml |
| VMware Aria Operations for Logs - Unauthenticated Remote Code Execution (CVE-2023-20864) | cve/CVE-2023-20864.yaml |
| SaltStack <=3002 - Shell Injection (CVE-2020-16846) | cve/CVE-2020-16846.yaml |
| Cisco IOS 12.2(55)SE11 - Remote Code Execution (CVE-2017-3881) | cve/CVE-2017-3881.yaml |
| Apache Spark UI - Remote Command Injection (CVE-2022-33891) | cve/CVE-2022-33891.yaml |
| ManageEngine - Remote Command Execution (CVE-2022-47966) | cve/CVE-2022-47966.yaml |
| Hospital Management System 1.0 - SQL Injection (CVE-2022-32094) | cve/CVE-2022-32094.yaml |
| Yoast SEO 16.7-17.2 - Information Disclosure (CVE-2021-25118) | cve/CVE-2021-25118.yaml |
| Jira - Incorrect Authorization (CVE-2019-3403) | cve/CVE-2019-3403.yaml |
| VMware Aria Operations for Networks - Code Injection Information Disclosure | cve/CVE-2023-20889.yaml |
| WordPress heat-trackr 1.0 - Cross-Site Scripting (CVE-2016-1000136) | cve/CVE-2016-1000136.yaml |
| ECOA Building Automation System - Directory Traversal Content Disclosure (CVE-2021-41291) | cve/CVE-2021-41291.yaml |
| Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting (CVE-2023-2122) | cve/CVE-2023-2122.yaml |
| GeoServer OGC Filter - SQL Injection (CVE-2023-25157) | cve/CVE-2023-25157.yaml |
| Online Event Booking and Reservation System 2.3.0 - SQL Injection (CVE-2021-42667) | cve/CVE-2021-42667.yaml |
| Apache Unomi <1.5.2 - Remote Code Execution (CVE-2020-13942) | cve/CVE-2020-13942.yaml |
| WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting (CVE-2023-0948) | cve/CVE-2023-0948.yaml |
| ZEROF Web Server 1.0 - SQL Injection (CVE-2021-30175) | cve/CVE-2021-30175.yaml |
| Emby Server Server-Side Request Forgery (CVE-2020-26948) | cve/CVE-2020-26948.yaml |
| Atom CMS v2.0 - SQL Injection (CVE-2022-24223) | cve/CVE-2022-24223.yaml |
| Oracle Fusion - Directory Traversal/Local File Inclusion (CVE-2020-14864) | cve/CVE-2020-14864.yaml |
| i-Panel Administration System 2.0 - Cross-Site Scripting (CVE-2021-41878) | cve/CVE-2021-41878.yaml |
| SolarWinds Orion API - Auth Bypass (CVE-2020-10148) | cve/CVE-2020-10148.yaml |
| Free5gc 3.2.1 - Information Disclosure (CVE-2022-38870) | cve/CVE-2022-38870.yaml |
| Microweber < 1.2.12 - Stored Cross-Site Scripting (CVE-2022-0928) | cve/CVE-2022-0928.yaml |
| SuperWebmailer 7.21.0.01526 - Remote Code Execution (CVE-2020-11546) | cve/CVE-2020-11546.yaml |
| Joomla! Component JA Comment - Local File Inclusion (CVE-2010-1601) | cve/CVE-2010-1601.yaml |
| Trendnet AC2600 TEW-827DRU - Credentials Disclosure (CVE-2021-20150) | cve/CVE-2021-20150.yaml |
| WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection (CVE-2020-24589) | cve/CVE-2020-24589.yaml |
| Microsoft SharePoint - Remote Code Execution (CVE-2020-16952) | cve/CVE-2020-16952.yaml |
| OpenCATS 0.9.7 - Cross-Site Scripting (CVE-2022-48012) | cve/CVE-2022-48012.yaml |
| Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored) (CVE-2022-42096) | cve/CVE-2022-42096.yaml |
| Cisco HyperFlex HX Data Platform - Remote Command Execution (CVE-2021-1497) | cve/CVE-2021-1497.yaml |
| Simple Employee Records System 1.0 - Unrestricted File Upload (CVE-2019-20183) | cve/CVE-2019-20183.yaml |
| KindEditor 4.1.11 - Cross-Site Scripting (CVE-2019-7543) | cve/CVE-2019-7543.yaml |
| Oracle iPlanet Web Server 7.0.x - Authentication Bypass (CVE-2020-9315) | cve/CVE-2020-9315.yaml |
| Helmet Store Showroom - Cross Site Scripting (CVE-2022-46073) | cve/CVE-2022-46073.yaml |
| MOVEit Transfer - Remote Code Execution (CVE-2023-34362) | cve/CVE-2023-34362.yaml |
| Draytek VigorConnect 1.6.0-B - Local File Inclusion (CVE-2021-20123) | cve/CVE-2021-20123.yaml |
| Spring Cloud Netflix - Server-Side Request Forgery (CVE-2020-5412) | cve/CVE-2020-5412.yaml |
| F5 BIG-IP TMUI - Remote Code Execution (CVE-2020-5902) | cve/CVE-2020-5902.yaml |
| WordPress Tidio Gallery <=1.1 - Cross-Site Scripting (CVE-2016-1000153) | cve/CVE-2016-1000153.yaml |
| MCMS 5.2.5 - SQL Injection (CVE-2022-23898) | cve/CVE-2022-23898.yaml |
| Sympa version =>6.2.16 - Cross-Site Scripting (CVE-2018-1000671) | cve/CVE-2018-1000671.yaml |
| WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting (CVE-2012-1835) | cve/CVE-2012-1835.yaml |
| Navis DocumentCloud <0.1.1 - Cross-Site Scripting (CVE-2015-2807) | cve/CVE-2015-2807.yaml |
| Citrix XenMobile Server - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/xenmobile-server-log4j.yaml |
| FlightPath - Local File Inclusion (CVE-2019-13396) | cve/CVE-2019-13396.yaml |
| DomainMOD <=4.11.01 - Cross-Site Scripting (CVE-2018-19915) | cve/CVE-2018-19915.yaml |
| Magento Server Mass Importer - Cross-Site Scripting (CVE-2015-2068) | cve/CVE-2015-2068.yaml |
| SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting (CVE-2018-19386) | cve/CVE-2018-19386.yaml |
| MeterSphere < 2.5.0 SSRF (CVE-2022-23544) | cve/CVE-2022-23544.yaml |
| WordPress Super Socializer <7.13.30 - Cross-Site Scripting (CVE-2021-24987) | cve/CVE-2021-24987.yaml |
| HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access (CVE-2020-7136) | cve/CVE-2020-7136.yaml |
| Adobe AEM Dispatcher <4.15 - Rules Bypass (CVE-2016-0957) | cve/CVE-2016-0957.yaml |
| WordPress Plugin File Manager (wp-file-manager) Backup Disclosure (CVE-2020-24312) | cve/CVE-2020-24312.yaml |
| Atom CMS v2.0 - SQL Injection (CVE-2022-25488) | cve/CVE-2022-25488.yaml |
| Juniper Web Device Manager - Cross-Site Scripting (CVE-2022-22242) | cve/CVE-2022-22242.yaml |
| Netsweeper 4.0.5 - Default Weak Account (CVE-2014-9614) | cve/CVE-2014-9614.yaml |
| Reprise License Manager 14.2 - Cross-Site Scripting (CVE-2021-45422) | cve/CVE-2021-45422.yaml |
| WordPress Symposium <=15.8.1 - Cross-Site Scripting (CVE-2015-9414) | cve/CVE-2015-9414.yaml |
| Rocket.Chat <3.9.1 - Information Disclosure (CVE-2020-28208) | cve/CVE-2020-28208.yaml |
| Apache Tomcat JK Connect <=1.2.44 - Manager Access (CVE-2018-11759) | cve/CVE-2018-11759.yaml |
| Joomla! Component Music Manager - Local File Inclusion (CVE-2010-2857) | cve/CVE-2010-2857.yaml |
| SonarQube - Authentication Bypass (CVE-2020-27986) | cve/CVE-2020-27986.yaml |
| WordPress Yuzo <5.12.94 - Cross-Site Scripting (CVE-2019-11869) | cve/CVE-2019-11869.yaml |
| Primetek Primefaces 5.x - Remote Code Execution (CVE-2017-1000486) | cve/CVE-2017-1000486.yaml |
| Apache APISIX Dashboard <2.10.1 - API Unauthorized Access (CVE-2021-45232) | cve/CVE-2021-45232.yaml |
| WordPress Statistics <13.0.8 - Blind SQL Injection (CVE-2021-24340) | cve/CVE-2021-24340.yaml |
| SPIP - Remote Command Execution (CVE-2023-27372) | cve/CVE-2023-27372.yaml |
| Contentful <=2020-05-21 - Cross-Site Scripting (CVE-2020-13258) | cve/CVE-2020-13258.yaml |
| WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection (CVE-2021-24750) | cve/CVE-2021-24750.yaml |
| WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting (CVE-2022-4325) | cve/CVE-2022-4325.yaml |
| kkFileView 4.0.0 - Cross-Site Scripting (CVE-2022-29349) | cve/CVE-2022-29349.yaml |
| Klog Server <=2.41 - Unauthenticated Command Injection (CVE-2020-35729) | cve/CVE-2020-35729.yaml |
| WordPress Pie-Register <2.0.19 - Cross-Site Scripting (CVE-2015-7377) | cve/CVE-2015-7377.yaml |
| Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection (CVE-2022-25356) | cve/CVE-2022-25356.yaml |
| Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27319) | cve/CVE-2021-27319.yaml |
| Atom CMS v2.0 - Cross-Site Scripting (CVE-2022-25489) | cve/CVE-2022-25489.yaml |
| Apache Struts <=2.5.20 - Remote Code Execution (CVE-2019-0230) | cve/CVE-2019-0230.yaml |
| Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass | cve/CVE-2016-7552.yaml |
| Node.JS System Information Library <5.3.1 - Remote Command Injection (CVE-2021-21315) | cve/CVE-2021-21315.yaml |
| WordPress Transposh <=1.0.8.1 - Information Disclosure (CVE-2022-2462) | cve/CVE-2022-2462.yaml |
| Hoteldruid 3.0.5 - Cross-Site Scripting (CVE-2023-34537) | cve/CVE-2023-34537.yaml |
| Apache Axis2 Default Login (CVE-2010-0219) | cve/CVE-2010-0219.yaml |
| Advantech R-SeeNet 2.4.12 - Cross-Site Scripting (CVE-2021-21799) | cve/CVE-2021-21799.yaml |
| WordPress Newspaper <12 - Cross-Site Scripting (CVE-2022-2627) | cve/CVE-2022-2627.yaml |
| Imgproxy < 3.14.0 - Cross-site Scripting (XSS) (CVE-2023-1496) | cve/CVE-2023-1496.yaml |
| POS Codekop v2.0 - Cross-site Scripting (CVE-2023-30256) | cve/CVE-2023-36346.yaml |
| MinIO Operator Console Authentication Bypass (CVE-2021-41266) | cve/CVE-2021-41266.yaml |
| WP-FaceThumb 0.1 - Cross-Site Scripting (CVE-2012-2371) | cve/CVE-2012-2371.yaml |
| McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting (CVE-2020-7318) | cve/CVE-2020-7318.yaml |
| Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI (CVE-2010-2861) | cve/CVE-2010-2861.yaml |
| Apache Struts2 S2-053 - Remote Code Execution (CVE-2017-9791) | cve/CVE-2017-9791.yaml |
| Oracle WebLogic Server Local File Inclusion (CVE-2022-21371) | cve/CVE-2022-21371.yaml |
| cgit < 1.2.1 - Directory Traversal (CVE-2018-14912) | cve/CVE-2018-14912.yaml |
| WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting (CVE-2022-0208) | cve/CVE-2022-0208.yaml |
| WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting | cve/CVE-2022-1910.yaml |
| October CMS - Remote Code Execution (CVE-2022-21705) | cve/CVE-2022-21705.yaml |
| Rstudio Shiny Server <1.5.16 - Local File Inclusion (CVE-2021-3374) | cve/CVE-2021-3374.yaml |
| Novius OS 5.0.1-elche - Open Redirect (CVE-2015-5354) | cve/CVE-2015-5354.yaml |
| Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting (CVE-2020-9344) | cve/CVE-2020-9344.yaml |
| Ntopng Authentication Bypass (CVE-2021-28073) | cve/CVE-2021-28073.yaml |
| FUDForum 3.1.0 - Cross-Site Scripting (CVE-2021-27520) | cve/CVE-2021-27520.yaml |
| FHEM 6.0 - Local File Inclusion (CVE-2020-19360) | cve/CVE-2020-19360.yaml |
| Django - Open Redirect (CVE-2018-14574) | cve/CVE-2018-14574.yaml |
| Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting (CVE-2018-2791) | cve/CVE-2018-2791.yaml |
| OPNsense <=20.1.5 - Open Redirect (CVE-2020-23015) | cve/CVE-2020-23015.yaml |
| WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting (CVE-2022-0381) | cve/CVE-2022-0381.yaml |
| Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27314) | cve/CVE-2021-27314.yaml |
| Layer5 Meshery 0.5.2 - SQL Injection (CVE-2021-31856) | cve/CVE-2021-31856.yaml |
| TOTOLINK Realtek SD Routers - Remote Command Injection (CVE-2019-19824) | cve/CVE-2019-19824.yaml |
| WordPress Awin Data Feed <=1.6 - Cross-Site Scripting (CVE-2022-1937) | cve/CVE-2022-1937.yaml |
| BillQuick Web Suite SQL Injection (CVE-2021-42258) | cve/CVE-2021-42258.yaml |
| F5 BIG-IP iControl - REST Auth Bypass RCE (CVE-2022-1388) | cve/CVE-2022-1388.yaml |
| WordPress PHPMailer < 5.2.18 - Remote Code Execution (CVE-2016-10033) | cve/CVE-2016-10033.yaml |
| Netsweeper 4.0.4 - Cross-Site Scripting (CVE-2014-9615) | cve/CVE-2014-9615.yaml |
| Xinuo Openserver 5/6 - Cross-Site scripting (CVE-2020-25495) | cve/CVE-2020-25495.yaml |
| WordPress Domain Check <1.0.17 - Cross-Site Scripting (CVE-2021-24926) | cve/CVE-2021-24926.yaml |
| D-Link Central WifiManager - Server-Side Request Forgery (CVE-2018-15517) | cve/CVE-2018-15517.yaml |
| Atlassian Confluence <5.8.17 - Information Disclosure (CVE-2015-8399) | cve/CVE-2015-8399.yaml |
| Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure (CVE-2021-40150) | cve/CVE-2021-40150.yaml |
| Xibo 1.2.2/1.4.1 - Directory Traversal (CVE-2013-5979) | cve/CVE-2013-5979.yaml |
| elFinder <=2.1.60 - Local File Inclusion (CVE-2022-26960) | cve/CVE-2022-26960.yaml |
| Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27320) | cve/CVE-2021-27320.yaml |
| AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting (CVE-2012-4547) | cve/CVE-2012-4547.yaml |
| Pallets Werkzeug <0.15.5 - Local File Inclusion (CVE-2019-14322) | cve/CVE-2019-14322.yaml |
| Gitlab CE/EE 10.5 - Server-Side Request Forgery (CVE-2021-22214CVE-2021-39935CVE-2021-22175) | cve/CVE-2021-22214.yaml |
| Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (CVE-2013-2251) | cve/CVE-2013-2251.yaml |
| WordPress Visualizer <3.3.1 - Cross-Site Scripting (CVE-2019-16931) | cve/CVE-2019-16931.yaml |
| WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting (CVE-2016-1000137) | cve/CVE-2016-1000137.yaml |
| Visualizer <3.3.1 - Blind Server-Side Request Forgery (CVE-2019-16932) | cve/CVE-2019-16932.yaml |
| Jenkins <=2.196 - Cookie Exposure (CVE-2019-10405) | cve/CVE-2019-10405.yaml |
| Apache Struts 2 - Remote Command Execution (CVE-2017-5638) | cve/CVE-2017-5638.yaml |
| SysAid 20.4.74 - Cross-Site Scripting (CVE-2021-31862) | cve/CVE-2021-31862.yaml |
| Barco/AWIND OEM Presentation Platform - Remote Command Injection (CVE-2019-3929) | cve/CVE-2019-3929.yaml |
| Simple URLs < 115 - Cross Site Scripting (CVE-2023-0099) | cve/CVE-2023-0099.yaml |
| Cuppa CMS v1.0 - SQL injection (CVE-2022-27984) | cve/CVE-2022-27984.yaml |
| Kentico CMS Insecure Deserialization Remote Code Execution (CVE-2019-10068) | cve/CVE-2019-10068.yaml |
| WordPress Simple Membership <4.1.1 - Cross-Site Scripting (CVE-2022-1724) | cve/CVE-2022-1724.yaml |
| WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI) (CVE-2011-1669) | cve/CVE-2011-1669.yaml |
| Reprise License Manager 14.2 - Authentication Bypass (CVE-2021-44152) | cve/CVE-2021-44152.yaml |
| Citrix SD-WAN Center - Remote Command Injection (CVE-2019-12986) | cve/CVE-2019-12986.yaml |
| NETGEAR Routers - Remote Code Execution (CVE-2016-6277) | cve/CVE-2016-6277.yaml |
| Apache Code42 - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/code42-log4j-rce.yaml |
| Cisco HyperFlex HX Data Platform - Arbitrary File Upload (CVE-2021-1499) | cve/CVE-2021-1499.yaml |
| WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal (CVE-2015-4414) | cve/CVE-2015-4414.yaml |
| WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection (CVE-2023-23488) | cve/CVE-2023-23488.yaml |
| Login with Phone Number - Cross-Site Scripting (CVE-2023-23492) | cve/CVE-2023-23492.yaml |
| SonicWall SRA 4600 VPN - SQL Injection (CVE-2019-7481) | cve/CVE-2019-7481.yaml |
| WordPress User Post Gallery <=2.19 - Remote Code Execution (CVE-2022-4060) | cve/CVE-2022-4060.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-1000856) | cve/CVE-2018-1000856.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31976) | cve/CVE-2022-31976.yaml |
| Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete (CVE-2021-46424) | cve/CVE-2021-46424.yaml |
| Nordex NC2 - Cross-Site Scripting (CVE-2015-6477) | cve/CVE-2015-6477.yaml |
| ListSERV Maestro <= 9.0-8 RCE (CVE-2010-1870) | cve/CVE-2010-1870.yaml |
| WordPress Spider Calendar <=1.4.9 - SQL Injection (CVE-2015-2196) | cve/CVE-2015-2196.yaml |
| Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting (CVE-2021-41174) | cve/CVE-2021-41174.yaml |
| Studio-42 elFinder <2.1.60 - Arbitrary File Upload (CVE-2021-43421) | cve/CVE-2021-43421.yaml |
| GLPI 9.2/<9.5.6 - Information Disclosure (CVE-2021-39211) | cve/CVE-2021-39211.yaml |
| Artica Pandora FMS <=7.42 - Arbitrary File Read (CVE-2020-8497) | cve/CVE-2020-8497.yaml |
| WordPress Plugin WP Content Source Control - Directory Traversal (CVE-2014-5368) | cve/CVE-2014-5368.yaml |
| Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution (CVE-2020-7961) | cve/CVE-2020-7961.yaml |
| Pandora FMS 7.0NG - Remote Command Injection (CVE-2019-20224) | cve/CVE-2019-20224.yaml |
| CommScope Ruckus IoT Controller - Information Disclosure (CVE-2021-33221) | cve/CVE-2021-33221.yaml |
| Apache Solr <= 7.1 - XML Entity Injection (CVE-2017-12629) | cve/CVE-2017-12629.yaml |
| Cuppa CMS v1.0 - Arbitrary File Upload (CVE-2022-38296) | cve/CVE-2022-38296.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31978) | cve/CVE-2022-31978.yaml |
| Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access | cve/CVE-2021-35336.yaml |
| Garage Management System 1.0 - SQL Injection (CVE-2022-2467) | cve/CVE-2022-2467.yaml |
| Nodejs Squirrelly - Remote Code Execution (CVE-2021-32819) | cve/CVE-2021-32819.yaml |
| FortiLogger 4.4.2.2 - Arbitrary File Upload (CVE-2021-3378) | cve/CVE-2021-3378.yaml |
| WordPress JNews Theme <8.0.6 - Cross-Site Scripting (CVE-2021-24342) | cve/CVE-2021-24342.yaml |
| Jenkin Audit Trail <=3.2 - Cross-Site Scripting (CVE-2020-2140) | cve/CVE-2020-2140.yaml |
| WordPress WPQA <5.5 - Improper Access Control (CVE-2022-1598) | cve/CVE-2022-1598.yaml |
| QSAN Storage Manager <3.3.3 - Cross-Site Scripting (CVE-2021-37216) | cve/CVE-2021-37216.yaml |
| WordPress BadgeOS <=3.7.0 - SQL Injection (CVE-2022-0817) | cve/CVE-2022-0817.yaml |
| Jenkins Git <=4.11.3 - Missing Authorization (CVE-2022-36883) | cve/CVE-2022-36883.yaml |
| Trixbox 2.8.0 - Path Traversal (CVE-2017-14537) | cve/CVE-2017-14537.yaml |
| SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting (CVE-2022-29299) | cve/CVE-2022-29299.yaml |
| WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting (CVE-2021-20792) | cve/CVE-2021-20792.yaml |
| Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion (CVE-2018-6008) | cve/CVE-2018-6008.yaml |
| Apache OFBiz - JNDI Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/apache-ofbiz-log4j-rce.yaml |
| WordPress My Calendar <= 3.1.9 - Cross-Site Scripting (CVE-2019-15713) | cve/CVE-2019-15713.yaml |
| Microstrategy Web 7 - Cross-Site Scripting (CVE-2018-18775) | cve/CVE-2018-18775.yaml |
| WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting (CVE-2021-25075) | cve/CVE-2021-25075.yaml |
| Nacos <1.4.1 - Authentication Bypass (CVE-2021-29441) | cve/CVE-2021-29441.yaml |
| Chyrp 2.x - Local File Inclusion (CVE-2011-2780) | cve/CVE-2011-2780.yaml |
| Metinfo 7.0.0 beta - SQL Injection (CVE-2019-16996) | cve/CVE-2019-16996.yaml |
| Netsweeper 3.0.6 - Open Redirection (CVE-2014-9617) | cve/CVE-2014-9617.yaml |
| Backdrop CMS version 1.23.0 - Stored Cross Site Scripting (CVE-2022-42094) | cve/CVE-2022-42094.yaml |
| Zaver - Local File Inclusion (CVE-2022-38794) | cve/CVE-2022-38794.yaml |
| Royal Event - SQL Injection (CVE-2022-28080) | cve/CVE-2022-28080.yaml |
| Symfony - Authentication Bypass (CVE-2015-4050) | cve/CVE-2015-4050.yaml |
| Phoenix Framework - Open Redirect (CVE-2017-1000163) | cve/CVE-2017-1000163.yaml |
| College Management System 1.0 - SQL Injection (CVE-2022-28079) | cve/CVE-2022-28079.yaml |
| Carel pCOWeb <B1.2.4 - Cross-Site Scripting (CVE-2019-11370) | cve/CVE-2019-11370.yaml |
| Tenda 11N - Authentication Bypass (CVE-2022-42233) | cve/CVE-2022-42233.yaml |
| Jeesns 1.4.2 - Cross-Site Scripting (CVE-2020-19282) | cve/CVE-2020-19282.yaml |
| XStream <1.4.15 - Server-Side Request Forgery (CVE-2020-26258) | cve/CVE-2020-26258.yaml |
| Joomla! Component MS Comment 0.8.0b - Local File Inclusion (CVE-2010-2050) | cve/CVE-2010-2050.yaml |
| WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion (CVE-2018-16059) | cve/CVE-2018-16059.yaml |
| ChurchCRM 4.5.3 - Cross-Site Scripting (CVE-2023-25346) | cve/CVE-2023-25346.yaml |
| Swim Team <= v1.44.10777 - Local File Inclusion (CVE-2015-5471) | cve/CVE-2015-5471.yaml |
| ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion (CVE-2016-6601) | cve/CVE-2016-6601.yaml |
| VMware Aria Operations for Networks - Remote Code Execution (CVE-2023-20888) | cve/CVE-2023-20888.yaml |
| Wordpress Zedna eBook download <1.2 - Local File Inclusion (CVE-2016-10924) | cve/CVE-2016-10924.yaml |
| Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion (CVE-2018-8727) | cve/CVE-2018-8727.yaml |
| WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site | cve/CVE-2022-2599.yaml |
| MODx manager - Local File Inclusion (CVE-2010-5278) | cve/CVE-2010-5278.yaml |
| Jenkins <=2.218 - Information Disclosure (CVE-2020-2103) | cve/CVE-2020-2103.yaml |
| WordPress AJAX Random Post <=2.00 - Cross-Site Scripting (CVE-2016-1000127) | cve/CVE-2016-1000127.yaml |
| CSE Bookstore 1.0 - SQL Injection (CVE-2020-36112) | cve/CVE-2020-36112.yaml |
| FlatPress 1.2.1 - Stored Cross-Site Scripting (CVE-2021-41432) | cve/CVE-2021-41432.yaml |
| Fortinet FortiNAC - Arbitrary File Write (CVE-2022-39952) | cve/CVE-2022-39952.yaml |
| Geddy <13.0.8 - Local File Inclusion (CVE-2015-5688) | cve/CVE-2015-5688.yaml |
| D-Link DIR-615 - Unauthorized Access (CVE-2021-42627) | cve/CVE-2021-42627.yaml |
| Microstrategy Web 7 - Local File Inclusion (CVE-2018-18777) | cve/CVE-2018-18777.yaml |
| Purchase Order Management v1.0 - SQL Injection (CVE-2021-40908) | cve/CVE-2021-40908.yaml |
| Jfrog Artifactory <6.17.0 - Default Admin Password (CVE-2019-17444) | cve/CVE-2019-17444.yaml |
| FineCMS <5.0.9 - Open Redirect (CVE-2017-11586) | cve/CVE-2017-11586.yaml |
| Apache ActiveMQ <=5.15.5 - Cross-Site Scripting (CVE-2018-8006) | cve/CVE-2018-8006.yaml |
| IBM WebSphere Java Object Deserialization - Remote Code Execution (CVE-2015-7450) | cve/CVE-2015-7450.yaml |
| Sourcecodester Hotel and Lodge Management System 2.0 - SQL Injection (CVE-2020-21012) | cve/CVE-2020-21012.yaml |
| Cisco ASA - Local File Inclusion (CVE-2018-0296) | cve/CVE-2018-0296.yaml |
| Thruk 2.40-2 - Cross-Site Scripting (CVE-2021-35488) | cve/CVE-2021-35488.yaml |
| WordPress GTranslate <2.8.52 - Cross-Site Scripting (CVE-2020-11930) | cve/CVE-2020-11930.yaml |
| KMCIS CaseAware - Cross-Site Scripting (CVE-2017-5631) | cve/CVE-2017-5631.yaml |
| Users Ultra <= 3.1.0 - SQL Injection (CVE-2022-0769) | cve/CVE-2022-0769.yaml |
| GrandNode 4.40 - Local File Inclusion (CVE-2019-12276) | cve/CVE-2019-12276.yaml |
| vBulletin - Open Redirect (CVE-2018-6200) | cve/CVE-2018-6200.yaml |
| OpenEMR <5.0.2 - Local File Inclusion (CVE-2019-14530) | cve/CVE-2019-14530.yaml |
| Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun | cve/CVE-2021-20167.yaml |
| WordPress Cab fare calculator < 1.0.4 - Local File Inclusion (CVE-2022-1391) | cve/CVE-2022-1391.yaml |
| Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure (CVE-2020-27361) | cve/CVE-2020-27361.yaml |
| Joomla! Component JInventory 1.23.02 - Local File Inclusion (CVE-2010-1305) | cve/CVE-2010-1305.yaml |
| TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass (CVE-2021-42887) | cve/CVE-2021-42887.yaml |
| WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting (CVE-2016-1000129) | cve/CVE-2016-1000129.yaml |
| Featurific For WordPress 1.6.2 - Cross-Site Scripting (CVE-2011-5265) | cve/CVE-2011-5265.yaml |
| Sourcecodester Simple Client Management System 1.0 - SQL Injection (CVE-2021-43510) | cve/CVE-2021-43510.yaml |
| NewStatPress <=1.0.4 - Cross-Site Scripting (CVE-2015-9312) | cve/CVE-2015-9312.yaml |
| WebCTRL OEM <= 6.5 - Cross-Site Scripting (CVE-2021-31682) | cve/CVE-2021-31682.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44944) | cve/CVE-2022-44944.yaml |
| GitLab CE/EE - Remote Code Execution (CVE-2021-22205) | cve/CVE-2021-22205.yaml |
| WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection (CVE-2022-0948) | cve/CVE-2022-0948.yaml |
| WordPress WP Courses Plugin Information Disclosure (CVE-2020-26876) | cve/CVE-2020-26876.yaml |
| Noptin < 1.6.5 - Open Redirect (CVE-2021-25033) | cve/CVE-2021-25033.yaml |
| AlquistManager Local File Inclusion (CVE-2021-43495) | cve/CVE-2021-43495.yaml |
| Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass (CVE-2021-3297) | cve/CVE-2021-3297.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43167) | cve/CVE-2022-43167.yaml |
| ZZZCMS zzzphp 2.1.0 - Remote Code Execution (CVE-2022-23881) | cve/CVE-2022-23881.yaml |
| Joomla! Component Graphics 1.0.6 - Local File Inclusion (CVE-2010-1653) | cve/CVE-2010-1653.yaml |
| ManageEngine Firewall Analyzer <8.0 - Local File Inclusion (CVE-2015-7780) | cve/CVE-2015-7780.yaml |
| BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting (CVE-2018-16139) | cve/CVE-2018-16139.yaml |
| Joomla! Component redTWITTER 1.0 - Local File Inclusion (CVE-2010-1983) | cve/CVE-2010-1983.yaml |
| Cherokee HTTPD <=0.5 - Cross-Site Scripting (CVE-2006-1681) | cve/CVE-2006-1681.yaml |
| phpMyChat-Plus 1.98 - Cross-Site Scripting (CVE-2019-19908) | cve/CVE-2019-19908.yaml |
| VMware Workspace ONE Access - Server-Side Template Injection (CVE-2022-22954) | cve/CVE-2022-22954.yaml |
| Online Security Guards Hiring System - Cross-Site Scripting (CVE-2023-0527) | cve/CVE-2023-0527.yaml |
| WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection (CVE-2022-0412) | cve/CVE-2022-0412.yaml |
| Grav CMS <1.3.0 - Cross-Site Scripting (CVE-2018-5233) | cve/CVE-2018-5233.yaml |
| Cuppa CMS v1.0 - Authenticated Local File Inclusion (CVE-2022-37191) | cve/CVE-2022-37191.yaml |
| GateOne 1.1 - Local File Inclusion (CVE-2020-35736) | cve/CVE-2020-35736.yaml |
| WordPress Sensei LMS <4.5.0 - Information Disclosure (CVE-2022-2034) | cve/CVE-2022-2034.yaml |
| WordPress Accessibility Helper <0.6.0.7 - Cross-Site Scripting (CVE-2022-0150) | cve/CVE-2022-0150.yaml |
| Joomla! Component Shoutbox Pro - Local File Inclusion (CVE-2010-1534) | cve/CVE-2010-1534.yaml |
| WordPress Payeezy Pay <=2.97 - Local File Inclusion (CVE-2018-20985) | cve/CVE-2018-20985.yaml |
| VMware View Planner <4.6 SP1- Remote Code Execution (CVE-2021-21978) | cve/CVE-2021-21978.yaml |
| Agentejo Cockpit 0.10.2 - Cross-Site Scripting (CVE-2020-14408) | cve/CVE-2020-14408.yaml |
| SolarView Compact 6.00 - Local File Inclusion (CVE-2022-29298) | cve/CVE-2022-29298.yaml |
| Submitty <= 20.04.01 - Open Redirect (CVE-2020-13121) | cve/CVE-2020-13121.yaml |
| Draytek VigorConnect 6.0-B3 - Local File Inclusion (CVE-2021-20124) | cve/CVE-2021-20124.yaml |
| Craft CMS < 3.3.0 - Server-Side Template Injection (CVE-2020-9757) | cve/CVE-2020-9757.yaml |
| SupportCandy < 3.1.5 - Unauthenticated SQL Injection (CVE-2023-1730) | cve/CVE-2023-1730.yaml |
| WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting (CVE-2022-29455) | cve/CVE-2022-29455.yaml |
| OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43017) | cve/CVE-2022-43017.yaml |
| Casdoor 1.13.0 - Unauthenticated SQL Injection (CVE-2022-24124) | cve/CVE-2022-24124.yaml |
| VMware Operations Manager - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/vmware-operation-manager-log4j.yaml |
| Apache Tomcat Servers - Remote Code Execution (CVE-2017-12615) | cve/CVE-2017-12615.yaml |
| Purchase Order Management v1.0 - SQL Injection (CVE-2023-29622) | cve/CVE-2023-29622.yaml |
| ChurchCRM v4.5.3 - Cross-Site Scripting (CVE-2023-31548) | cve/CVE-2023-31548.yaml |
| WordPress Visitor Statistics <=5.7 - SQL Injection (CVE-2022-33965) | cve/CVE-2022-33965.yaml |
| WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection (CVE-2021-24666) | cve/CVE-2021-24666.yaml |
| Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion (CVE-2010-2045) | cve/CVE-2010-2045.yaml |
| Motorola Baby Monitors - Remote Command Execution (CVE-2021-3577) | cve/CVE-2021-3577.yaml |
| WordPress WooCommerce <1.13.22 - Cross-Site Scripting (CVE-2021-24300) | cve/CVE-2021-24300.yaml |
| WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access (CVE-2022-4140) | cve/CVE-2022-4140.yaml |
| Atlassian Confluence Server - Path Traversal (CVE-2019-3396) | cve/CVE-2019-3396.yaml |
| Complete Online Job Search System 1.0 - SQL Injection (CVE-2022-32018) | cve/CVE-2022-32018.yaml |
| Kibana Timelion - Arbitrary Code Execution (CVE-2019-7609) | cve/CVE-2019-7609.yaml |
| Joomla! Component Online Market 2.x - Local File Inclusion (CVE-2010-1722) | cve/CVE-2010-1722.yaml |
| RocketMQ <= 5.1.0 - Remote Code Execution (CVE-2023-33246) | cve/CVE-2023-33246.yaml |
| Jeecg Boot <= 2.4.5 - Information Disclosure (CVE-2021-37304) | cve/CVE-2021-37304.yaml |
| TerraMaster TOS < 4.2.30 Server Information Disclosure (CVE-2022-24990) | cve/CVE-2022-24990.yaml |
| Joomla! Component Jimtawl 1.0.2 - Local File Inclusion (CVE-2010-4769) | cve/CVE-2010-4769.yaml |
| phpMyAdmin <4.9.0 - Cross-Site Request Forgery (CVE-2019-12616) | cve/CVE-2019-12616.yaml |
| Crestron Device - Credentials Disclosure (CVE-2022-23178) | cve/CVE-2022-23178.yaml |
| PaperCut - Unauthenticated Remote Code Execution (CVE-2023-27350) | cve/CVE-2023-27350.yaml |
| EyouCMS 1.5.4 Open Redirect (CVE-2021-39501) | cve/CVE-2021-39501.yaml |
| PlaceOS 1.2109.1 - Open Redirection (CVE-2021-41826) | cve/CVE-2021-41826.yaml |
| Devalcms 1.4a - Cross-Site Scripting (CVE-2008-6982) | cve/CVE-2008-6982.yaml |
| Zeroshell 3.9.0 - Remote Command Execution (CVE-2019-12725) | cve/CVE-2019-12725.yaml |
| Adminimize 1.7.22 - Cross-Site Scripting (CVE-2011-4926) | cve/CVE-2011-4926.yaml |
| Diary Management System 1.0 - Cross-Site Scripting (CVE-2022-29004) | cve/CVE-2022-29004.yaml |
| CandidATS 3.0.0 - Cross-Site Scripting. (CVE-2022-42748) | cve/CVE-2022-42748.yaml |
| Hikvision - Authentication Bypass (CVE-2017-7921) | cve/CVE-2017-7921.yaml |
| Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27124) | cve/CVE-2021-27124.yaml |
| Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read (CVE-2020-8982) | cve/CVE-2020-8982.yaml |
| Dasan GPON Devices - Remote Code Execution (CVE-2018-10562) | cve/CVE-2018-10562.yaml |
| WordPress Ninja Job Board < 1.3.3 - Direct Request (CVE-2022-2544) | cve/CVE-2022-2544.yaml |
| WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting (CVE-2017-9288) | cve/CVE-2017-9288.yaml |
| Kae's File Manager <=1.4.7 - Cross-Site Scripting (CVE-2022-40359) | cve/CVE-2022-40359.yaml |
| WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting (CVE-2022-0212) | cve/CVE-2022-0212.yaml |
| Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion (CVE-2017-1000028) | cve/CVE-2017-1000028.yaml |
| Joomla! Component com_jashowcase - Directory Traversal (CVE-2010-0943) | cve/CVE-2010-0943.yaml |
| Cisco Small Business RV Series - OS Command Injection (CVE-2021-1472) | cve/CVE-2021-1472.yaml |
| elFinder 2.1.58 - Remote Code Execution (CVE-2021-32682) | cve/CVE-2021-32682.yaml |
| Mlflow <2.3.1 - Local File Inclusion Bypass (CVE-2023-2780) | cve/CVE-2023-2780.yaml |
| Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion (CVE-2008-4668) | cve/CVE-2008-4668.yaml |
| WordPress Tidio-form <=1.0 - Cross-Site Scripting (CVE-2016-1000152) | cve/CVE-2016-1000152.yaml |
| MetInfo 7.0.0 beta - SQL Injection (CVE-2019-17418) | cve/CVE-2019-17418.yaml |
| WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery (CVE-2021-24150) | cve/CVE-2021-24150.yaml |
| Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection (CVE-2019-10232) | cve/CVE-2019-10232.yaml |
| Koha 3.20.1 - Directory Traversal (CVE-2015-4632) | cve/CVE-2015-4632.yaml |
| AudioCode 420HD - Remote Code Execution (CVE-2018-10093) | cve/CVE-2018-10093.yaml |
| ASUS GT-AC2900 - Authentication Bypass (CVE-2021-32030) | cve/CVE-2021-32030.yaml |
| Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure | cve/CVE-2010-1429.yaml |
| WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting (CVE-2019-19134) | cve/CVE-2019-19134.yaml |
| GoAnywhere Managed File Transfer - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/goanywhere-mft-log4j-rce.yaml |
| HP Data Protector - Arbitrary Command Execution (CVE-2016-2004) | cve/CVE-2016-2004.yaml |
| WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting (CVE-2021-25055) | cve/CVE-2021-25055.yaml |
| Open Automation Software OAS Platform V16.00.0121 - Missing Authentication | cve/CVE-2022-26833.yaml |
| Joomla! Webservice - Password Disclosure (CVE-2023-23752) | cve/CVE-2023-23752.yaml |
| Cloudron 6.2 Cross-Site Scripting (CVE-2021-40868) | cve/CVE-2021-40868.yaml |
| Tiempo.com <= 0.1.2 - Cross-Site Scripting (CVE-2023-2272) | cve/CVE-2023-2272.yaml |
| Apache OFBiz <=16.11.07 - Cross-Site Scripting (CVE-2020-1943) | cve/CVE-2020-1943.yaml |
| Apache Log4j2 - Remote Code Injection (CVE-2021-45046) | cve/CVE-2021-45046.yaml |
| mongo-express Remote Code Execution (CVE-2019-10758) | cve/CVE-2019-10758.yaml |
| WordPress Simple Link Directory <7.7.2 - SQL injection (CVE-2022-0760) | cve/CVE-2022-0760.yaml |
| Apache Struts2 S2-012 RCE (CVE-2013-1965) | cve/CVE-2013-1965.yaml |
| WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting (CVE-2023-0968) | cve/CVE-2023-0968.yaml |
| Rukovoditel <= 3.2.1 - Cross-Site Scripting (CVE-2022-43169) | cve/CVE-2022-43169.yaml |
| Academy Learning Management System <5.9.1 - Cross-Site Scripting (CVE-2022-38553) | cve/CVE-2022-38553.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31977) | cve/CVE-2022-31977.yaml |
| Nimble Streamer <=3.5.4-9 - Local File Inclusion (CVE-2019-11013) | cve/CVE-2019-11013.yaml |
| WordPress Page Builder KingComposer <=2.9.6 - Open Redirect (CVE-2022-0165) | cve/CVE-2022-0165.yaml |
| WordPress InPost Gallery <2.1.4.1 - Local File Inclusion (CVE-2022-4063) | cve/CVE-2022-4063.yaml |
| Combodo iTop <2.2.0-2459 - Cross-Site Scripting (CVE-2015-6544) | cve/CVE-2015-6544.yaml |
| XStream <1.4.6/1.4.10 - Remote Code Execution (CVE-2013-7285) | cve/CVE-2013-7285.yaml |
| Zoho ManageEngine - Internal Hostname Disclosure (CVE-2022-23779) | cve/CVE-2022-23779.yaml |
| Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion (CVE-2010-1313) | cve/CVE-2010-1313.yaml |
| nweb2fax <=0.2.7 - Local File Inclusion (CVE-2008-6668) | cve/CVE-2008-6668.yaml |
| Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion (CVE-2009-2100) | cve/CVE-2009-2100.yaml |
| Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage (CVE-2015-2080) | cve/CVE-2015-2080.yaml |
| Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory | cve/CVE-2010-2307.yaml |
| Pulse Connect Secure SSL VPN Arbitrary File Read (CVE-2019-11510) | cve/CVE-2019-11510.yaml |
| Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect (CVE-2021-24358) | cve/CVE-2021-24358.yaml |
| WebGlimpse 2.18.7 - Directory Traversal (CVE-2009-5114) | cve/CVE-2009-5114.yaml |
| WordPress Car Seller - Auto Classifieds Script - SQL Injection (CVE-2021-24285) | cve/CVE-2021-24285.yaml |
| Kavita <0.5.4.1 - Server-Side Request Forgery (CVE-2022-2756) | cve/CVE-2022-2756.yaml |
| WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site | cve/CVE-2021-24169.yaml |
| WordPress <5.8.3 - SQL Injection (CVE-2022-21661) | cve/CVE-2022-21661.yaml |
| Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27315) | cve/CVE-2021-27315.yaml |
| WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL Injection | cve/CVE-2023-0261.yaml |
| Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion (CVE-2010-1953) | cve/CVE-2010-1953.yaml |
| TerraMaster TOS - Unauthenticated Remote Command Execution (CVE-2020-28188) | cve/CVE-2020-28188.yaml |
| nitely/spirit 0.12.3 - Open Redirect (CVE-2022-0869) | cve/CVE-2022-0869.yaml |
| Joomla! Component OrgChart 1.0.0 - Local File Inclusion (CVE-2010-1878) | cve/CVE-2010-1878.yaml |
| GitLab 16.0.0 - Path Traversal (CVE-2023-2825) | cve/CVE-2023-2825.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43166) | cve/CVE-2022-43166.yaml |
| Spring Cloud Config Server - Local File Inclusion (CVE-2019-3799) | cve/CVE-2019-3799.yaml |
| Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion (CVE-2022-32409) | cve/CVE-2022-32409.yaml |
| MCMS 5.2.4 - SQL Injection (CVE-2022-25125) | cve/CVE-2022-25125.yaml |
| Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion (CVE-2015-4074) | cve/CVE-2015-4074.yaml |
| Joomla! Component Magic Updater - Local File Inclusion (CVE-2010-1307) | cve/CVE-2010-1307.yaml |
| Autonomy Ultraseek - Open Redirect (CVE-2009-0347) | cve/CVE-2009-0347.yaml |
| TileServer GL <=3.0.0 - Cross-Site Scripting (CVE-2020-15500) | cve/CVE-2020-15500.yaml |
| Apache Struts2 S2-008 RCE (CVE-2012-0392) | cve/CVE-2012-0392.yaml |
| Apache Solr 7+ - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/apache-solr-log4j-rce.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43164) | cve/CVE-2022-43164.yaml |
| Mlflow <2.2.1 - Local File Inclusion (CVE-2023-1177) | cve/CVE-2023-1177.yaml |
| JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure (CVE-2020-2733) | cve/CVE-2020-2733.yaml |
| Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command | cve/CVE-2021-40539.yaml |
| exacqVision Web Service - Remote Code Execution (CVE-2020-9047) | cve/CVE-2020-9047.yaml |
| Tenda Router AC11 - Remote Command Injection (CVE-2021-31755) | cve/CVE-2021-31755.yaml |
| Jellyfin 10.7.2 - Server Side Request Forgery (CVE-2021-29490) | cve/CVE-2021-29490.yaml |
| Osclass Security Advisory 3.4.1 - Local File Inclusion (CVE-2014-6308) | cve/CVE-2014-6308.yaml |
| unilogies/bumsys < v2.0.2 - Clickjacking (CVE-2023-1362) | cve/CVE-2023-1362.yaml |
| Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting (CVE-2021-20323) | cve/CVE-2021-20323.yaml |
| WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting (CVE-2022-3506) | cve/CVE-2022-3506.yaml |
| WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting (CVE-2016-1000135) | cve/CVE-2016-1000135.yaml |
| shadoweb wdja v1.5.1 - Cross-Site Scripting (CVE-2020-20982) | cve/CVE-2020-20982.yaml |
| Traefik - Open Redirect (CVE-2020-15129) | cve/CVE-2020-15129.yaml |
| GitLab CE/EE - Remote Code Execution (CVE-2022-2185) | cve/CVE-2022-2185.yaml |
| Sourcecodester Multi Restaurant Table Reservation System 1.0 - SQL Injection | cve/CVE-2020-29284.yaml |
| WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection (CVE-2023-23489) | cve/CVE-2023-23489.yaml |
| Netsweeper 4.0.3 - Cross-Site Scripting (CVE-2014-9608) | cve/CVE-2014-9608.yaml |
| Sophos Mobile managed on-premises - XML External Entity Injection (CVE-2022-3980) | cve/CVE-2022-3980.yaml |
| Artica Proxy 4.30.000000 - Cross-Site Scripting (CVE-2022-37153) | cve/CVE-2022-37153.yaml |
| Tiki Wiki CMS Groupware 5.2 - Local File Inclusion (CVE-2010-4239) | cve/CVE-2010-4239.yaml |
| SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion (CVE-2016-2389) | cve/CVE-2016-2389.yaml |
| XML-RPC Server - Remote Code Execution (CVE-2017-11610) | cve/CVE-2017-11610.yaml |
| Tiny Java Web Server - Cross-Site Scripting (CVE-2021-37573) | cve/CVE-2021-37573.yaml |
| WordPress Feed Them Social <3.0.1 - Cross-Site Scripting (CVE-2022-2383) | cve/CVE-2022-2383.yaml |
| Joomla! Component redSHOP 1.0 - Local File Inclusion (CVE-2010-1531) | cve/CVE-2010-1531.yaml |
| Orchard 'ReturnUrl' Parameter URI - Open Redirect (CVE-2011-5252) | cve/CVE-2011-5252.yaml |
| Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40973) | cve/CVE-2021-40973.yaml |
| BOA Web Server 0.94.14 - Arbitrary File Access (CVE-2017-9833) | cve/CVE-2017-9833.yaml |
| Joomla! <3.7.1 - SQL Injection (CVE-2017-8917) | cve/CVE-2017-8917.yaml |
| OpenTSDB <=2.4.0 - Remote Code Execution (CVE-2020-35476) | cve/CVE-2020-35476.yaml |
| Linear eMerge E3-Series - Cross-Site Scripting (CVE-2022-46381) | cve/CVE-2022-46381.yaml |
| Sophos Web Appliance - Remote Code Execution (CVE-2023-1671) | cve/CVE-2023-1671.yaml |
| LISTSERV 17 - Cross-Site Scripting (CVE-2022-39195) | cve/CVE-2022-39195.yaml |
| DrayTek - Remote Code Execution (CVE-2020-8515) | cve/CVE-2020-8515.yaml |
| Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion (CVE-2010-1602) | cve/CVE-2010-1602.yaml |
| EpiServer Find <13.2.7 - Open Redirect (CVE-2020-24550) | cve/CVE-2020-24550.yaml |
| Bitrix24 <=20.0.0 - Cross-Site Scripting (CVE-2020-13483) | cve/CVE-2020-13483.yaml |
| Pie Register < 3.7.1.6 - SQL Injection (CVE-2021-24731) | cve/CVE-2021-24731.yaml |
| Adobe Coldfusion <=8.0.1 - Cross-Site Scripting (CVE-2009-1872) | cve/CVE-2009-1872.yaml |
| Zabbix Setup Configuration Authentication Bypass (CVE-2022-23134) | cve/CVE-2022-23134.yaml |
| Rocket.Chat <=3.13 - NoSQL Injection (CVE-2021-22911) | cve/CVE-2021-22911.yaml |
| WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting (CVE-2021-24298) | cve/CVE-2021-24298.yaml |
| WordPress AnyComment <0.3.5 - Open Redirect (CVE-2021-24838) | cve/CVE-2021-24838.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31975) | cve/CVE-2022-31975.yaml |
| Altenergy Power Control Software C1.2.5 - Remote Command Injection (CVE-2023-28343) | cve/CVE-2023-28343.yaml |
| WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting (CVE-2013-2287) | cve/CVE-2013-2287.yaml |
| WBCE CMS 1.5.2 - Cross-Site Scripting (CVE-2022-30073) | cve/CVE-2022-30073.yaml |
| eMerge E3 1.00-06 - Remote Code Execution (CVE-2019-7256) | cve/CVE-2019-7256.yaml |
| VMware vRealize Operations Tenant - JNDI Remote Code Execution (Apache Log4j) | cve/vrealize-operations-log4j-rce.yaml |
| WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting (CVE-2021-34640) | cve/CVE-2021-34640.yaml |
| ImpressCMS <1.4.3 - Incorrect Authorization (CVE-2021-26598) | cve/CVE-2021-26598.yaml |
| Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass (CVE-2023-2982) | cve/CVE-2023-2982.yaml |
| Zyxel - Cross-Site Scripting (CVE-2019-9955) | cve/CVE-2019-9955.yaml |
| Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager | cve/CVE-2019-1821.yaml |
| Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection (CVE-2020-8194) | cve/CVE-2020-8194.yaml |
| IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting (CVE-2020-8512) | cve/CVE-2020-8512.yaml |
| Apache httpd <=2.4.29 - Arbitrary File Upload (CVE-2017-15715) | cve/CVE-2017-15715.yaml |
| NETGEAR ProSafe SSL VPN firmware - SQL Injection (CVE-2022-29383) | cve/CVE-2022-29383.yaml |
| Lotus Domino R5 and R6 WebMail - Information Disclosure (CVE-2005-2428) | cve/CVE-2005-2428.yaml |
| ATutor < 2.2.1 - Cross Site Scripting (CVE-2023-27008) | cve/CVE-2023-27008.yaml |
| Formcraft3 <3.8.28 - Server-Side Request Forgery (CVE-2022-0591) | cve/CVE-2022-0591.yaml |
| WordPress zm-gallery plugin 1.0 SQL Injection (CVE-2016-10940) | cve/CVE-2016-10940.yaml |
| Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting | cve/CVE-2019-10092.yaml |
| Acrolinx Server <5.2.5 - Local File Inclusion (CVE-2018-7719) | cve/CVE-2018-7719.yaml |
| WordPress AcyMailing <7.5.0 - Open Redirect (CVE-2021-24288) | cve/CVE-2021-24288.yaml |
| Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting (CVE-2019-19368) | cve/CVE-2019-19368.yaml |
| WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL | cve/CVE-2021-24931.yaml |
| rConfig 3.9.4 - SQL Injection (CVE-2020-10548) | cve/CVE-2020-10548.yaml |
| GitLab CE/EE Unauthenticated RCE Using ExifTool (CVE-2021-22205) | cve/gitlab-rce.yaml |
| WordPress Duplicator <1.4.7 - Authentication Bypass (CVE-2022-2551) | cve/CVE-2022-2551.yaml |
| Apache S2-032 Struts - Remote Code Execution (CVE-2016-3081) | cve/CVE-2016-3081.yaml |
| LionWiki <3.2.12 - Local File Inclusion (CVE-2020-27191) | cve/CVE-2020-27191.yaml |
| Dell iDRAC7/8 Devices - Remote Code Injection (CVE-2018-1207) | cve/CVE-2018-1207.yaml |
| SAP Web Application Server 6.x/7.0 - Open Redirect (CVE-2005-3634) | cve/CVE-2005-3634.yaml |
| WordPress WPB Show Core - Cross-Site Scripting (CVE-2022-3484) | cve/CVE-2022-3484.yaml |
| Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure (CVE-2019-1653) | cve/CVE-2019-1653.yaml |
| PacsOne Server <7.1.1 - Cross-Site Scripting (CVE-2020-29164) | cve/CVE-2020-29164.yaml |
| WordPress Time Capsule < 1.21.16 - Authentication Bypass (CVE-2020-8771) | cve/CVE-2020-8771.yaml |
| VMware VCenter - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/vmware-vcenter-log4j-jndi-rce.yaml |
| GDidees CMS v3.9.1 - Arbitrary File Download (CVE-2023-27179) | cve/CVE-2023-27179.yaml |
| WordPress Guppy <=1.1 - Information Disclosure (CVE-2021-24997) | cve/CVE-2021-24997.yaml |
| PHPGurukul Hospital Management System - Cross-Site Scripting (CVE-2020-5191) | cve/CVE-2020-5191.yaml |
| WordPress Page Layout builder v1.9.3 - Cross-Site Scripting (CVE-2016-1000141) | cve/CVE-2016-1000141.yaml |
| Rails File Content Disclosure (CVE-2019-5418) | cve/CVE-2019-5418.yaml |
| rConfig 3.9.4 - SQL Injection (CVE-2020-10546) | cve/CVE-2020-10546.yaml |
| Joomla! JCK Editor SQL Injection (CVE-2018-17254) | cve/CVE-2018-17254.yaml |
| WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting (CVE-2016-1000133) | cve/CVE-2016-1000133.yaml |
| Elasticsearch - Local File Inclusion (CVE-2015-3337) | cve/CVE-2015-3337.yaml |
| WordPress Page Views Count <2.4.15 - SQL Injection (CVE-2022-0434) | cve/CVE-2022-0434.yaml |
| Seagate NAS OS 4.3.15.1 - Server Information Disclosure (CVE-2018-12296) | cve/CVE-2018-12296.yaml |
| Cuppa CMS v1.0 - Remote Code Execution (CVE-2022-37190) | cve/CVE-2022-37190.yaml |
| GitLab CE/EE - Hard-Coded Credentials (CVE-2022-1162) | cve/CVE-2022-1162.yaml |
| WordPress 15Zine <3.3.0 - Cross-Site Scripting (CVE-2020-36510) | cve/CVE-2020-36510.yaml |
| Zoho ManageEngine OpManger - Arbitrary File Read (CVE-2020-12116) | cve/CVE-2020-12116.yaml |
| IBM Maximo Asset Management Information Disclosure - XML External Entity Injection | cve/CVE-2020-4463.yaml |
| Jira - Local File Inclusion (CVE-2019-8442) | cve/CVE-2019-8442.yaml |
| MantisBT <=2.30 - Arbitrary Password Reset/Admin Access (CVE-2017-7615) | cve/CVE-2017-7615.yaml |
| IceWarp Mail Server <=10.4.4 - Local File Inclusion (CVE-2019-12593) | cve/CVE-2019-12593.yaml |
| AppWeb - Authentication Bypass (CVE-2018-8715) | cve/CVE-2018-8715.yaml |
| Tablesome < 1.0.9 - Cross-Site Scripting (CVE-2023-1890) | cve/CVE-2023-1890.yaml |
| SAS/Internet 9.4 1520 - Local File Inclusion (CVE-2021-41569) | cve/CVE-2021-41569.yaml |
| FUDForum 3.1.0 - Cross-Site Scripting (CVE-2021-27519) | cve/CVE-2021-27519.yaml |
| Puppet Server/PuppetDB - Sensitive Information Disclosure (CVE-2020-7943) | cve/CVE-2020-7943.yaml |
| Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection (CVE-2021-25297) | cve/CVE-2021-25297.yaml |
| Ivanti MobileIron (Log4j) - Remote Code Execution (CVE-2021-44228) | cve/mobileiron-log4j-jndi-rce.yaml |
| Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access | cve/CVE-2012-0896.yaml |
| WordPress PhastPress <1.111 - Open Redirect (CVE-2021-24210) | cve/CVE-2021-24210.yaml |
| Hitachi Pentaho Business Analytics Server - Remote Code Execution (CVE-2022-43769) | cve/CVE-2022-43769.yaml |
| Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability | cve/CVE-2016-4437.yaml |
| NocoDB version <= 0.106.1 - Arbitrary File Read (CVE-2023-35843) | cve/CVE-2023-35843.yaml |
| Apache Kylin - Exposed Configuration File (CVE-2020-13937) | cve/CVE-2020-13937.yaml |
| Etherpad Lite <1.6.4 - Admin Authentication Bypass (CVE-2018-9845) | cve/CVE-2018-9845.yaml |
| JustWriting - Cross-Site Scripting (CVE-2021-41467) | cve/CVE-2021-41467.yaml |
| WordPress True Ranker <2.2.4 - Local File Inclusion (CVE-2021-39312) | cve/CVE-2021-39312.yaml |
| Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution (CVE-2017-3506) | cve/CVE-2017-3506.yaml |
| WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site | cve/CVE-2021-24991.yaml |
| Netsweeper 4.0.4 - Cross-Site Scripting (CVE-2014-9607) | cve/CVE-2014-9607.yaml |
| Cuppa CMS v1.0 - Cross Site Scripting (CVE-2022-38295) | cve/CVE-2022-38295.yaml |
| EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution (CVE-2020-8654) | cve/CVE-2020-8654.yaml |
| Welcart eCommerce <=2.7.7 - Local File Inclusion (CVE-2022-41840) | cve/CVE-2022-41840.yaml |
| Directory Management System 1.0 - SQL Injection (CVE-2022-29006) | cve/CVE-2022-29006.yaml |
| Hospital Management System 4.0 - SQL Injection (CVE-2020-5192) | cve/CVE-2020-5192.yaml |
| Joomla! Component com_kp - 'Controller' Local File Inclusion (CVE-2011-4804) | cve/CVE-2011-4804.yaml |
| WordPress EasyCart <2.0.6 - Information Disclosure (CVE-2014-4942) | cve/CVE-2014-4942.yaml |
| Splunk <=7.0.1 - Information Disclosure (CVE-2018-11409) | cve/CVE-2018-11409.yaml |
| Joomla! Component jesectionfinder - Local File Inclusion (CVE-2010-2680) | cve/CVE-2010-2680.yaml |
| Documentor <= 1.5.3 - Unauthenticated SQL Injection (CVE-2022-0773) | cve/CVE-2022-0773.yaml |
| Skysa App Bar 1.04 - Cross-Site Scripting (CVE-2011-5179) | cve/CVE-2011-5179.yaml |
| Advantech R-SeeNet - Cross-Site Scripting (CVE-2021-21801) | cve/CVE-2021-21801.yaml |
| Commvault CommCell - Local File Inclusion (CVE-2020-25780) | cve/CVE-2020-25780.yaml |
| RaspAP <=2.6.5 - Remote Command Injection (CVE-2021-33357) | cve/CVE-2021-33357.yaml |
| CuppaCMS v1.0 - Local File Inclusion (CVE-2022-34121) | cve/CVE-2022-34121.yaml |
| Rukovoditel <= 2.7.2 - Cross-Site Scripting (CVE-2020-35987) | cve/CVE-2020-35987.yaml |
| playSMS <1.4.3 - Remote Code Execution (CVE-2020-8644) | cve/CVE-2020-8644.yaml |
| Roxy-WI <6.1.1.0 - Remote Code Execution (CVE-2022-31126) | cve/CVE-2022-31126.yaml |
| Apache Solr <=8.8.1 - Server-Side Request Forgery (CVE-2021-27905) | cve/CVE-2021-27905.yaml |
| PrismaWEB - Credentials Disclosure (CVE-2018-9161) | cve/CVE-2018-9161.yaml |
| NexusPHP <1.7.33 - Cross-Site Scripting (CVE-2022-46888) | cve/CVE-2022-46888.yaml |
| Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure | cve/CVE-2020-14179.yaml |
| ForgeRock OpenAM <7.0 - Remote Code Execution (CVE-2021-35464) | cve/CVE-2021-35464.yaml |
| phpIPAM - 1.6 - Cross-Site Scripting (CVE-2023-24657) | cve/CVE-2023-24657.yaml |
| VMware vSphere - Server-Side Request Forgery (CVE-2021-21973) | cve/CVE-2021-21973.yaml |
| Jira <8.4.0 - Server-Side Request Forgery (CVE-2019-8451) | cve/CVE-2019-8451.yaml |
| Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting | cve/CVE-2018-14013.yaml |
| WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution | cve/CVE-2019-15858.yaml |
| Appwrite <=1.2.1 - Server-Side Request Forgery (CVE-2023-27159) | cve/CVE-2023-27159.yaml |
| WordPress NewStatPress <1.3.6 - Cross-Site Scripting (CVE-2022-0206) | cve/CVE-2022-0206.yaml |
| Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection (CVE-2021-25296) | cve/CVE-2021-25296.yaml |
| Apache Tika <1.1.8- Header Command Injection (CVE-2018-1335) | cve/CVE-2018-1335.yaml |
| WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting (CVE-2022-1007) | cve/CVE-2022-1007.yaml |
| Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion | cve/CVE-2022-26233.yaml |
| WordPress MyPixs <=0.3 - Local File Inclusion (CVE-2015-1000012) | cve/CVE-2015-1000012.yaml |
| XStream <1.4.16 - Remote Code Execution (CVE-2021-21351) | cve/CVE-2021-21351.yaml |
| AvantFAX 3.3.3 - Cross-Site Scripting (CVE-2017-18024) | cve/CVE-2017-18024.yaml |
| ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting (CVE-2014-4513) | cve/CVE-2014-4513.yaml |
| Mlflow <2.3.0 - Local File Inclusion (CVE-2023-2356) | cve/CVE-2023-2356.yaml |
| WAVLINK WN535 G3 - Information Disclosure (CVE-2022-31846) | cve/CVE-2022-31846.yaml |
| WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read (CVE-2022-33901) | cve/CVE-2022-33901.yaml |
| Netsweeper - Authentication Bypass (CVE-2014-9618) | cve/CVE-2014-9618.yaml |
| npm ansi_up v4 - Cross-Site Scripting (CVE-2021-3377) | cve/CVE-2021-3377.yaml |
| SugarCRM 3.5.1 - Cross-Site Scripting (CVE-2018-5715) | cve/CVE-2018-5715.yaml |
| Redis Sandbox Escape - Remote Code Execution (CVE-2022-0543) | cve/CVE-2022-0543.yaml |
| Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution (CVE-2021-40870) | cve/CVE-2021-40870.yaml |
| SV3C HD Camera L Series - Open Redirect (CVE-2018-12675) | cve/CVE-2018-12675.yaml |
| GetSimple CMS 3.3.13 - Open Redirect (CVE-2019-9915) | cve/CVE-2019-9915.yaml |
| Atlassian Jira Server-Side Template Injection (CVE-2019-11581) | cve/CVE-2019-11581.yaml |
| Admidio - Cross-Site Scripting (CVE-2021-43810) | cve/CVE-2021-43810.yaml |
| kkFileView 4.1.0 - Server-Side Request Forgery (CVE-2022-43140) | cve/CVE-2022-43140.yaml |
| Shortcode Ninja <= 1.4 - Cross-Site Scripting (CVE-2014-4550) | cve/CVE-2014-4550.yaml |
| School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting | cve/CVE-2022-30513.yaml |
| Apache ShenYu Admin Unauth Access (CVE-2022-23944) | cve/CVE-2022-23944.yaml |
| CandidATS 3.0.0 - Cross-Site Scripting. (CVE-2022-42747) | cve/CVE-2022-42747.yaml |
| Ruby On Rails - Local File Inclusion (CVE-2018-3760) | cve/CVE-2018-3760.yaml |
| Jira Server and Data Center - Information Disclosure (CVE-2020-36289) | cve/CVE-2020-36289.yaml |
| Apache Flink - Local File Inclusion (CVE-2020-17519) | cve/CVE-2020-17519.yaml |
| Tarantella Enterprise <3.11 - Local File Inclusion (CVE-2018-19753) | cve/CVE-2018-19753.yaml |
| YeaLink DM 3.6.0.20 - Remote Command Injection (CVE-2021-27561) | cve/CVE-2021-27561.yaml |
| Apache <= 2.4.48 - Mod_Proxy SSRF (CVE-2021-40438) | cve/CVE-2021-40438.yaml |
| PHP-Fusion 9.03.50 - Remote Code Execution (CVE-2020-24949) | cve/CVE-2020-24949.yaml |
| Lucee Admin - Remote Code Execution (CVE-2021-21307) | cve/CVE-2021-21307.yaml |
| Clansphere CMS 2011.4 - Cross-Site Scripting (CVE-2021-27309) | cve/CVE-2021-27309.yaml |
| SearchBlox <9.2.2 - Local File Inclusion (CVE-2020-35580) | cve/CVE-2020-35580.yaml |
| WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion (CVE-2018-16283) | cve/CVE-2018-16283.yaml |
| SolarView Compact 6.00 - OS Command Injection (CVE-2023-23333) | cve/CVE-2023-23333.yaml |
| Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion (CVE-2023-29887) | cve/CVE-2023-29887.yaml |
| LG NAS Devices - Remote Code Execution (CVE-2018-10818) | cve/CVE-2018-10818.yaml |
| Smartstore <4.1.0 - Open Redirect (CVE-2020-36365) | cve/CVE-2020-36365.yaml |
| The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting (CVE-2021-25008) | cve/CVE-2021-25008.yaml |
| Grafana Snapshot - Authentication Bypass (CVE-2021-39226) | cve/CVE-2021-39226.yaml |
| Cisco Unified Communications - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/cisco-unified-communications-log4j.yaml |
| Complete Online Job Search System 1.0 - SQL Injection (CVE-2022-32007) | cve/CVE-2022-32007.yaml |
| Easy Social Feed < 6.2.7 - Cross-Site Scripting (CVE-2021-25120) | cve/CVE-2021-25120.yaml |
| Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal (CVE-2010-2035) | cve/CVE-2010-2035.yaml |
| Pascom CPS - Local File Inclusion (CVE-2021-45968) | cve/CVE-2021-45968.yaml |
| Oracle Content Server - Cross-Site Scripting (CVE-2017-10075) | cve/CVE-2017-10075.yaml |
| WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local | cve/CVE-2018-9118.yaml |
| Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting (CVE-2021-24495) | cve/CVE-2021-24495.yaml |
| Processwire CMS <2.7.1 - Local File Inclusion (CVE-2020-27467) | cve/CVE-2020-27467.yaml |
| Comodo Unified Threat Management Web Console - Remote Code Execution (CVE-2018-17431) | cve/CVE-2018-17431.yaml |
| Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation (CVE-2022-25369) | cve/CVE-2022-25369.yaml |
| WordPress JH 404 Logger <=1.1 - Cross-Site Scripting (CVE-2021-24176) | cve/CVE-2021-24176.yaml |
| VoipMonitor <24.61 - Remote Code Execution (CVE-2021-30461) | cve/CVE-2021-30461.yaml |
| Grafana & Zabbix Integration - Credentials Disclosure (CVE-2022-26148) | cve/CVE-2022-26148.yaml |
| Monitorr 1.7.6m - Unauthenticated Remote Code Execution (CVE-2020-28871) | cve/CVE-2020-28871.yaml |
| Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting (CVE-2014-4536) | cve/CVE-2014-4536.yaml |
| Grafana - Improper Access Control (CVE-2019-15043) | cve/CVE-2019-15043.yaml |
| WordPress WP Video Gallery <=1.7.1 - SQL Injection (CVE-2022-0826) | cve/CVE-2022-0826.yaml |
| Joomla! Component Archery Scores 1.0.6 - Local File Inclusion (CVE-2010-1718) | cve/CVE-2010-1718.yaml |
| Nacos <1.4.1 - Authentication Bypass (CVE-2021-29442) | cve/CVE-2021-29442.yaml |
| Member Hero <=1.0.9 - Remote Code Execution (CVE-2022-0885) | cve/CVE-2022-0885.yaml |
| Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored) (CVE-2022-42095) | cve/CVE-2022-42095.yaml |
| kkFileview v4.0.0 - Local File Inclusion (CVE-2021-43734) | cve/CVE-2021-43734.yaml |
| MasterStudy LMS <2.7.6 - Improper Access Control (CVE-2022-0441) | cve/CVE-2022-0441.yaml |
| Joomla! Component SVMap 1.1.1 - Local File Inclusion (CVE-2010-1308) | cve/CVE-2010-1308.yaml |
| WordPress Plugin Tera Charts - Local File Inclusion (CVE-2014-4940) | cve/CVE-2014-4940.yaml |
| Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting (CVE-2019-14696) | cve/CVE-2019-14696.yaml |
| WordPress anti-plagiarism <=3.60 - Cross-Site Scripting (CVE-2016-1000128) | cve/CVE-2016-1000128.yaml |
| Joomla! Component Highslide 1.5 - Local File Inclusion (CVE-2010-1314) | cve/CVE-2010-1314.yaml |
| Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting (CVE-2021-26812) | cve/CVE-2021-26812.yaml |
| Ninja Forms < 3.6.22 - Cross-Site Scripting (CVE-2023-1835) | cve/CVE-2023-1835.yaml |
| Apache Cassandra Load UDF RCE (CVE-2021-44521) | cve/CVE-2021-44521.yaml |
| Joomla! Component com_cartweberp - Local File Inclusion (CVE-2010-0982) | cve/CVE-2010-0982.yaml |
| Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion (CVE-2010-2920) | cve/CVE-2010-2920.yaml |
| PrestaShop SmartBlog <4.0.6- SQL Injection (CVE-2021-37538) | cve/CVE-2021-37538.yaml |
| Apache APISIX - Remote Code Execution (CVE-2022-24112) | cve/CVE-2022-24112.yaml |
| WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion (CVE-2022-0679) | cve/CVE-2022-0679.yaml |
| NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting (CVE-2022-33119) | cve/CVE-2022-33119.yaml |
| Grafana v8.x - Arbitrary File Read (CVE-2021-43798) | cve/CVE-2021-43798.yaml |
| PMB 7.4.6 - Cross-Site Scripting (CVE-2023-24733) | cve/CVE-2023-24733.yaml |
| WordPress Slider Revolution - Local File Disclosure (CVE-2015-1579) | cve/CVE-2015-1579.yaml |
| TBK DVR4104/DVR4216 Devices - Authentication Bypass (CVE-2018-9995) | cve/CVE-2018-9995.yaml |
| Lightdash version <= 0.510.3 Arbitrary File Read (CVE-2023-35844) | cve/CVE-2023-35844.yaml |
| Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery (CVE-2022-24129) | cve/CVE-2022-24129.yaml |
| WordPress Social Warfare <3.5.3 - Cross-Site Scripting (CVE-2019-9978) | cve/CVE-2019-9978.yaml |
| Joomla! Component Jstore - 'Controller' Local File Inclusion (CVE-2010-5286) | cve/CVE-2010-5286.yaml |
| Mongo-Express - Remote Code Execution (CVE-2020-24391) | cve/CVE-2020-24391.yaml |
| Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion (CVE-2010-1535) | cve/CVE-2010-1535.yaml |
| WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting (CVE-2022-0234) | cve/CVE-2022-0234.yaml |
| Drawio <18.1.2 - Server-Side Request Forgery (CVE-2022-1815) | cve/CVE-2022-1815.yaml |
| SolarView Compact 6.00 - Cross-Site Scripting (CVE-2022-31373) | cve/CVE-2022-31373.yaml |
| Cuppa CMS v1.0 - SQL injection (CVE-2022-24266) | cve/CVE-2022-24266.yaml |
| WordPress GN Publisher <1.5.6 - Cross-Site Scripting (CVE-2023-1080) | cve/CVE-2023-1080.yaml |
| phpShowtime 2.0 - Directory Traversal (CVE-2012-0981) | cve/CVE-2012-0981.yaml |
| WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection (CVE-2021-24554) | cve/CVE-2021-24554.yaml |
| Rukovoditel <= 3.2.1 - Cross-Site Scripting (CVE-2022-43185) | cve/CVE-2022-43185.yaml |
| D-Link DIR-600M - Authentication Bypass (CVE-2019-13101) | cve/CVE-2019-13101.yaml |
| D-Link DSL 2888a - Authentication Bypass/Remote Command Execution (CVE-2020-24579) | cve/CVE-2020-24579.yaml |
| OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43016) | cve/CVE-2022-43016.yaml |
| ServiceNow - Cross-Site Scripting (CVE-2022-38463) | cve/CVE-2022-38463.yaml |
| rConfig 3.9.2 - Remote Code Execution (CVE-2019-16662) | cve/CVE-2019-16662.yaml |
| WordPress Helloprint <1.4.7 - Cross-Site Scripting (CVE-2022-3908) | cve/CVE-2022-3908.yaml |
| WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting (CVE-2022-4301) | cve/CVE-2022-4301.yaml |
| WordPress ARPrice <3.6.1 - SQL Injection (CVE-2022-0867) | cve/CVE-2022-0867.yaml |
| Cacti <=1.2.22 - Remote Command Injection (CVE-2022-46169) | cve/CVE-2022-46169.yaml |
| Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting (CVE-2020-26153) | cve/CVE-2020-26153.yaml |
| Gitea <1.16.5 - Open Redirect (CVE-2022-1058) | cve/CVE-2022-1058.yaml |
| Cobub Razor 0.8.0 - Information Disclosure (CVE-2018-8770) | cve/CVE-2018-8770.yaml |
| WordPress RSVPMaker <=9.3.2 - SQL Injection (CVE-2022-1768) | cve/CVE-2022-1768.yaml |
| WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting (CVE-2021-36873) | cve/CVE-2021-36873.yaml |
| uDraw <3.3.3 - Local File Inclusion (CVE-2022-0656) | cve/CVE-2022-0656.yaml |
| Apache ActiveMQ Fileserver - Arbitrary File Write (CVE-2016-3088) | cve/CVE-2016-3088.yaml |
| The School Management < 9.9.7 - Remote Code Execution (CVE-2022-1609) | cve/CVE-2022-1609.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-20010) | cve/CVE-2018-20010.yaml |
| Infographic Maker iList < 4.3.8 - SQL Injection (CVE-2022-0747) | cve/CVE-2022-0747.yaml |
| Eclipse Jetty ConcatServlet - Information Disclosure (CVE-2021-28169) | cve/CVE-2021-28169.yaml |
| WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting (CVE-2018-11709) | cve/CVE-2018-11709.yaml |
| Redash Setup Configuration - Default Secrets Disclosure (CVE-2021-41192) | cve/CVE-2021-41192.yaml |
| Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injection (CVE-2021-36380) | cve/CVE-2021-36380.yaml |
| WordPress Canto 1.3.0 - Blind Server-Side Request Forgery (CVE-2020-28976) | cve/CVE-2020-28976.yaml |
| WordPress Visual Form Builder <3.0.8 - Cross-Site Scripting (CVE-2022-0140) | cve/CVE-2022-0140.yaml |
| Oracle Weblogic Server - Remote Command Execution (CVE-2020-14882) | cve/CVE-2020-14882.yaml |
| Microfinance Management System 1.0 - SQL Injection (CVE-2022-27927) | cve/CVE-2022-27927.yaml |
| Gryphon Tower - Cross-Site Scripting (CVE-2021-20137) | cve/CVE-2021-20137.yaml |
| Mida eFramework <=2.9.0 - Remote Command Execution (CVE-2020-15920) | cve/CVE-2020-15920.yaml |
| Joomla! Component Picasa 2.0 - Local File Inclusion (CVE-2010-1306) | cve/CVE-2010-1306.yaml |
| 74cms - ajax_street.php 'x' SQL Injection (CVE-2020-22210) | cve/CVE-2020-22208.yaml |
| Import Legacy Media <= 0.1 - Cross-Site Scripting (CVE-2014-4535) | cve/CVE-2014-4535.yaml |
| Ignite Realtime Openfire <4.42 - Local File Inclusion (CVE-2019-18393) | cve/CVE-2019-18393.yaml |
| Fonality trixbox - Local File Inclusion (CVE-2014-5111) | cve/CVE-2014-5111.yaml |
| Exchange Server - Remote Code Execution (CVE-2021-34473) | cve/CVE-2021-34473.yaml |
| Next.js <9.3.2 - Local File Inclusion (CVE-2020-5284) | cve/CVE-2020-5284.yaml |
| Joomla! Component com_rokdownloads - Local File Inclusion (CVE-2010-1056) | cve/CVE-2010-1056.yaml |
| Responsive filemanager 9.13.1 Server-Side Request Forgery (CVE-2018-14728) | cve/CVE-2018-14728.yaml |
| WordPress NotificationX <2.3.9 - SQL Injection (CVE-2022-0349) | cve/CVE-2022-0349.yaml |
| Clustering Local File Inclusion (CVE-2021-43496) | cve/CVE-2021-43496.yaml |
| Eventum <3.4.0 - Open Redirect (CVE-2018-16761) | cve/CVE-2018-16761.yaml |
| Bank Locker Management System - Cross-Site Scripting (CVE-2023-0563) | cve/CVE-2023-0563.yaml |
| Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting (CVE-2014-2908) | cve/CVE-2014-2908.yaml |
| WordPress Plugin DukaPress 2.5.2 - Directory Traversal (CVE-2014-8799) | cve/CVE-2014-8799.yaml |
| Netsweeper <=6.4.3 - Python Code Injection (CVE-2020-13167) | cve/CVE-2020-13167.yaml |
| LabKey Server Community Edition <18.3.0 - Cross-Site Scripting (CVE-2019-3911) | cve/CVE-2019-3911.yaml |
| OURPHP <= 7.2.0 - Cross Site Scripting (CVE-2023-30210) | cve/CVE-2023-30210.yaml |
| MinIO Browser API - Server-Side Request Forgery (CVE-2021-21287) | cve/CVE-2021-21287.yaml |
| Omnia MPX 1.5.0+r1 - Local File Inclusion (CVE-2022-36642) | cve/CVE-2022-36642.yaml |
| SPIP <3.1.2 - Cross-Site Scripting (CVE-2016-7981) | cve/CVE-2016-7981.yaml |
| VMware vSphere Client (HTML5) - Remote Code Execution (CVE-2021-21985) | cve/CVE-2021-21985.yaml |
| CirCarLife <4.3 - Improper Authentication (CVE-2018-16670) | cve/CVE-2018-16670.yaml |
| WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting (CVE-2015-2755) | cve/CVE-2015-2755.yaml |
| WordPress RSVP and Event Management <2.7.8 - Missing Authorization (CVE-2022-1054) | cve/CVE-2022-1054.yaml |
| u5cms v8.3.5 - Open Redirect (CVE-2022-32444) | cve/CVE-2022-32444.yaml |
| WordPress GDPR & CCPA <1.9.27 - Cross-Site Scripting (CVE-2022-0220) | cve/CVE-2022-0220.yaml |
| Nagios XI <5.8.5 - Open Redirect (CVE-2022-29272) | cve/CVE-2022-29272.yaml |
| Rukovoditel <= 3.2.1 - Cross-Site Scripting (CVE-2022-44948) | cve/CVE-2022-44948.yaml |
| Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting (CVE-2008-6465) | cve/CVE-2008-6465.yaml |
| ZEROF Web Server 2.0 - Cross-Site Scripting (CVE-2022-25323) | cve/CVE-2022-25323.yaml |
| WordPress DZS Zoomsounds <=6.50 - Local File Inclusion (CVE-2021-39316) | cve/CVE-2021-39316.yaml |
| AWStats < 6.95 - Open Redirect (CVE-2009-5020) | cve/CVE-2009-5020.yaml |
| MicroStrategy Library <11.1.3 - Cross-Site Scripting (CVE-2019-18957) | cve/CVE-2019-18957.yaml |
| Apache Airflow <=1.10.10 - Remote Code Execution (CVE-2020-11978) | cve/CVE-2020-11978.yaml |
| D-Link DIR850 ET850-1.08TRb03 - Open Redirect (CVE-2021-46379) | cve/CVE-2021-46379.yaml |
| Ruby on Rails Web Console - Remote Code Execution (CVE-2015-3224) | cve/CVE-2015-3224.yaml |
| AccessAlly <3.5.7 - Sensitive Information Leakage (CVE-2021-24226) | cve/CVE-2021-24226.yaml |
| TOTOLink - Unauthenticated Command Injection (CVE-2022-25082) | cve/CVE-2022-25082.yaml |
| Car Rental Management System 1.0 - SQL Injection (CVE-2022-32028) | cve/CVE-2022-32028.yaml |
| ElasticSearch - Remote Code Execution (CVE-2015-1427) | cve/CVE-2015-1427.yaml |
| Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect (CVE-2019-10098) | cve/CVE-2019-10098.yaml |
| Linear eMerge E3-Series - Information Disclosure (CVE-2022-31269) | cve/CVE-2022-31269.yaml |
| Joomla! Component com_jcollection - Directory Traversal (CVE-2010-0944) | cve/CVE-2010-0944.yaml |
| Buffalo WSR-2533DHPL2 - Configuration File Injection (CVE-2021-20091) | cve/CVE-2021-20091.yaml |
| Mautic <3.3.4 - Cross-Site Scripting (CVE-2021-27909) | cve/CVE-2021-27909.yaml |
| WordPress Ocean Extra <1.9.5 - Cross-Site Scripting (CVE-2021-25104) | cve/CVE-2021-25104.yaml |
| FAUST iServer 9.0.018.018.4 - Local File Inclusion (CVE-2021-34805) | cve/CVE-2021-34805.yaml |
| Advantech R-SeeNet - Cross-Site Scripting (CVE-2021-21803) | cve/CVE-2021-21803.yaml |
| Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion | cve/CVE-2010-1723.yaml |
| Webmin <1.997 - Authenticated Remote Code Execution (CVE-2022-36446) | cve/CVE-2022-36446.yaml |
| IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion (CVE-2018-10956) | cve/CVE-2018-10956.yaml |
| WordPress NewStatPress 0.9.8 - SQL Injection (CVE-2015-4062) | cve/CVE-2015-4062.yaml |
| ElasticSearch v1.1.1/1.2 RCE (CVE-2014-3120) | cve/CVE-2014-3120.yaml |
| WordPress Sell Media 2.4.1 - Cross-Site Scripting (CVE-2019-6112) | cve/CVE-2019-6112.yaml |
| HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery (CVE-2022-29153) | cve/CVE-2022-29153.yaml |
| Reprise License Manager 14.2 - Cross-Site Scripting (CVE-2022-28363) | cve/CVE-2022-28363.yaml |
| Joomla! Component Love Factory 1.3.4 - Local File Inclusion (CVE-2010-1957) | cve/CVE-2010-1957.yaml |
| Joomla! Component com_jresearch - 'Controller' Local File Inclusion (CVE-2010-1340) | cve/CVE-2010-1340.yaml |
| Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion (CVE-2010-1719) | cve/CVE-2010-1719.yaml |
| Void Aural Rec Monitor 9.0.0.1 - SQL Injection (CVE-2021-25899) | cve/CVE-2021-25899.yaml |
| Icinga Web 2 - Arbitrary File Disclosure (CVE-2022-24716) | cve/CVE-2022-24716.yaml |
| qdPM 9.1 - Cross-site Scripting (CVE-2020-19515) | cve/CVE-2020-19515.yaml |
| Gridx 1.3 - Remote Code Execution (CVE-2020-19625) | cve/CVE-2020-19625.yaml |
| WordPress Directorist <7.3.1 - Information Disclosure (CVE-2022-2376) | cve/CVE-2022-2376.yaml |
| Webmin <= 1.920 - Unauthenticated Remote Command Execution (CVE-2019-15107) | cve/CVE-2019-15107.yaml |
| WWBN AVideo 11.6 - Cross-Site Scripting (CVE-2022-32772) | cve/CVE-2022-32772.yaml |
| Citrix Gateway and Citrix ADC - Cross-Site Scripting (CVE-2023-24488) | cve/CVE-2023-24488.yaml |
| WordPress Under Construction <1.19 - Cross-Site Scripting (CVE-2021-39320) | cve/CVE-2021-39320.yaml |
| WordPress Admin Word Count Column 2.2 - Local File Inclusion (CVE-2022-1390) | cve/CVE-2022-1390.yaml |
| Monstra CMS 3.0.4 - Cross-Site Scripting (CVE-2020-23697) | cve/CVE-2020-23697.yaml |
| phpPgAdmin <=4.2.1 - Local File Inclusion (CVE-2008-5587) | cve/CVE-2008-5587.yaml |
| Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal (CVE-2021-44138) | cve/CVE-2021-44138.yaml |
| Apache Superset <=1.3.2 - Default Login (CVE-2021-44451) | cve/CVE-2021-44451.yaml |
| kkFileView 4.1.0 - Cross-Site Scripting (CVE-2022-40879) | cve/CVE-2022-40879.yaml |
| VSFTPD 2.3.4 - Backdoor Command Execution (CVE-2011-2523) | cve/CVE-2011-2523.yaml |
| Spring MVC Framework - Local File Inclusion (CVE-2018-1271) | cve/CVE-2018-1271.yaml |
| Joomla! Agora 3.0.0b - Local File Inclusion (CVE-2009-3053) | cve/CVE-2009-3053.yaml |
| vBulletin 5.0.0-5.5.4 - Remote Command Execution (CVE-2019-16759) | cve/CVE-2019-16759.yaml |
| GeoServer <1.2.2 - Remote Code Execution (CVE-2022-24816) | cve/CVE-2022-24816.yaml |
| Nextjs <2.4.1 - Local File Inclusion (CVE-2017-16877) | cve/CVE-2017-16877.yaml |
| WordPress WP Security Audit Log 3.1.1 - Information Disclosure (CVE-2018-8719) | cve/CVE-2018-8719.yaml |
| WordPress e-search <=1.0 - Cross-Site Scripting (CVE-2016-1000131) | cve/CVE-2016-1000131.yaml |
| ffay lanproxy Directory Traversal (CVE-2021-3019) | cve/CVE-2021-3019.yaml |
| Joomla! Component JA Voice 2.0 - Local File Inclusion (CVE-2010-1982) | cve/CVE-2010-1982.yaml |
| WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting (CVE-2020-12054) | cve/CVE-2020-12054.yaml |
| Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution (CVE-2019-7238) | cve/CVE-2019-7238.yaml |
| Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion (CVE-2010-2507) | cve/CVE-2010-2507.yaml |
| Revive Adserver <=5.0.3 - Cross-Site Scripting (CVE-2020-8115) | cve/CVE-2020-8115.yaml |
| Joomla! Component Sweetykeeper 1.5 - Local File Inclusion (CVE-2010-1474) | cve/CVE-2010-1474.yaml |
| Xsuite <=2.4.4.5 - Open Redirect (CVE-2015-4668) | cve/CVE-2015-4668.yaml |
| Atlassian Crowd and Crowd Data Center Unauthenticated Remote Code Execution | cve/CVE-2019-11580.yaml |
| Magento Server MAGMI - Directory Traversal (CVE-2015-2067) | cve/CVE-2015-2067.yaml |
| Zend Server <9.13 - Cross-Site Scripting (CVE-2018-10230) | cve/CVE-2018-10230.yaml |
| Hospital Management System 1.0 - SQL Injection (CVE-2022-38637) | cve/CVE-2022-38637.yaml |
| WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery (CVE-2022-1386) | cve/CVE-2022-1386.yaml |
| CirCarLife <4.3 - Improper Authentication (CVE-2018-16671) | cve/CVE-2018-16671.yaml |
| Car Rental Management System 1.0 - SQL Injection (CVE-2022-32024) | cve/CVE-2022-32024.yaml |
| Reprise License Manager 14.2 - Information Disclosure (CVE-2022-28365) | cve/CVE-2022-28365.yaml |
| Wavlink WN535K2/WN535K3 - OS Command Injection (CVE-2022-2488) | cve/CVE-2022-2488.yaml |
| WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting (CVE-2021-25063) | cve/CVE-2021-25063.yaml |
| Monstra CMS <=3.0.4 - Cross-Site Scripting (CVE-2018-11227) | cve/CVE-2018-11227.yaml |
| Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40972) | cve/CVE-2021-40972.yaml |
| Zabbix - SAML SSO Authentication Bypass (CVE-2022-23131) | cve/CVE-2022-23131.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-20009) | cve/CVE-2018-20009.yaml |
| HTTP File Server <2.3c - Remote Command Execution (CVE-2014-6287) | cve/CVE-2014-6287.yaml |
| Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting (CVE-2020-28351) | cve/CVE-2020-28351.yaml |
| Affiliates Manager < 2.9.0 - Cross Site Scripting (CVE-2021-25078) | cve/CVE-2021-25078.yaml |
| SaltStack Salt <3002.5 - Auth Bypass (CVE-2021-25281) | cve/CVE-2021-25281.yaml |
| WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting (CVE-2021-24746) | cve/CVE-2021-24746.yaml |
| Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure (CVE-2021-28937) | cve/CVE-2021-28937.yaml |
| CouchDB Erlang Distribution - Remote Command Execution (CVE-2022-24706) | cve/CVE-2022-24706.yaml |
| Laravel Filemanager v2.5.1 - Local File Inclusion (CVE-2022-40734) | cve/CVE-2022-40734.yaml |
| LimeSurvey 4.1.11 - Local File Inclusion (CVE-2020-11455) | cve/CVE-2020-11455.yaml |
| Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side | cve/CVE-2021-24472.yaml |
| WordPress Events Calendar <1.4.5 - Cross-Site Scripting (CVE-2022-4320) | cve/CVE-2022-4320.yaml |
| W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal | cve/CVE-2019-6715.yaml |
| Complete Online Job Search System 1.0 - Cross-Site Scripting | cve/eris-xss.yaml |
| ReQlogic v11.3 - Cross Site Scripting (CVE-2022-41441) | cve/CVE-2022-41441.yaml |
| Apache Struts - Multiple Open Redirection Vulnerabilities (CVE-2013-2248) | cve/CVE-2013-2248.yaml |
| SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting (CVE-2021-31537) | cve/CVE-2021-31537.yaml |
| WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection | cve/CVE-2022-0788.yaml |
| Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion (CVE-2017-1000029) | cve/CVE-2017-1000029.yaml |
| WordPress Tutor LMS <2.0.10 - Cross Site Scripting (CVE-2023-0236) | cve/CVE-2023-0236.yaml |
| Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery (CVE-2018-1000600) | cve/CVE-2018-1000600.yaml |
| Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection (CVE-2019-9670) | cve/CVE-2019-9670.yaml |
| ElasticSearch <1.6.1 - Local File Inclusion (CVE-2015-5531) | cve/CVE-2015-5531.yaml |
| Apache OFBiz 16.11.04 - XML Entity Injection (CVE-2018-8033) | cve/CVE-2018-8033.yaml |
| WAVLINK WN535 G3 - Information Disclosure (CVE-2022-31845) | cve/CVE-2022-31845.yaml |
| Plesk Obsidian <=18.0.49 - Open Redirect (CVE-2023-24044) | cve/CVE-2023-24044.yaml |
| WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting (CVE-2021-24891) | cve/CVE-2021-24891.yaml |
| Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change (CVE-2021-20158) | cve/CVE-2021-20158.yaml |
| vRealize Operations Manager API - Server-Side Request Forgery (CVE-2021-21975) | cve/CVE-2021-21975.yaml |
| Seagate BlackArmor NAS - Command Injection (CVE-2014-3206) | cve/CVE-2014-3206.yaml |
| OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43018) | cve/CVE-2022-43018.yaml |
| Dolibarr Unauthenticated Contacts Database Theft (CVE-2023-33568) | cve/CVE-2023-33568.yaml |
| XStream <1.4.14 - Remote Code Execution (CVE-2020-26217) | cve/CVE-2020-26217.yaml |
| Python Flask-Security - Open Redirect (CVE-2021-32618) | cve/CVE-2021-32618.yaml |
| Squirrelmail <=1.4.6 - Local File Inclusion (CVE-2006-2842) | cve/CVE-2006-2842.yaml |
| Responsive FileManager <9.13.4 - Local File Inclusion (CVE-2018-15535) | cve/CVE-2018-15535.yaml |
| WordPress Stop Spammers <2021.9 - Cross-Site Scripting (CVE-2021-24245) | cve/CVE-2021-24245.yaml |
| Cyberoam NetGenie Cross-Site Scripting (CVE-2021-38702) | cve/CVE-2021-38702.yaml |
| Galera WebTemplate 1.0 Directory Traversal (CVE-2021-40960) | cve/CVE-2021-40960.yaml |
| Optergy Proton/Enterprise Building Management System - Open Redirect (CVE-2019-7275) | cve/CVE-2019-7275.yaml |
| Atlassian Confluence Server - Local File Inclusion (CVE-2021-26085) | cve/CVE-2021-26085.yaml |
| Jira Server and Data Center - Information Disclosure (CVE-2020-14181) | cve/CVE-2020-14181.yaml |
| D-Link DIR-3040 1.13B03 - Information Disclosure (CVE-2021-21816) | cve/CVE-2021-21816.yaml |
| Graphite <=1.1.5 - Server-Side Request Forgery (CVE-2017-18638) | cve/CVE-2017-18638.yaml |
| Loytec LGATE-902 <6.4.2 - Local File Inclusion (CVE-2018-14916) | cve/CVE-2018-14916.yaml |
| 74cms - ajax_street.php 'key' SQL Injection (CVE-2020-22210) | cve/CVE-2020-22211.yaml |
| Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion (CVE-2021-24227) | cve/CVE-2021-24227.yaml |
| WordPress Ninja Forms <3.3.18 - Cross-Site Scripting (CVE-2018-19287) | cve/CVE-2018-19287.yaml |
| Artica Web Proxy 4.30 - OS Command Injection (CVE-2020-17505) | cve/CVE-2020-17505.yaml |
| Joomla! Component CCNewsLetter - Local File Inclusion (CVE-2010-0467) | cve/CVE-2010-0467.yaml |
| Payara Micro Community 5.2021.6 Directory Traversal (CVE-2021-41381) | cve/CVE-2021-41381.yaml |
| Joomla! Component LoginBox - Local File Inclusion (CVE-2010-1353) | cve/CVE-2010-1353.yaml |
| WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting (CVE-2013-3526) | cve/CVE-2013-3526.yaml |
| AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion (CVE-2022-23854) | cve/CVE-2022-23854.yaml |
| Metinfo 7.0.0 beta - SQL Injection (CVE-2019-16997) | cve/CVE-2019-16997.yaml |
| Jira Rainbow.Zen - Cross-Site Scripting (CVE-2007-0885) | cve/CVE-2007-0885.yaml |
| Joomla! ionFiles 4.4.2 - Local File Inclusion (CVE-2008-6080) | cve/CVE-2008-6080.yaml |
| WordPress Chop Slider 3 - Blind SQL Injection (CVE-2020-11530) | cve/CVE-2020-11530.yaml |
| Landing Page Builder < 1.4.9.6 - Cross-Site Scripting (CVE-2021-25067) | cve/CVE-2021-25067.yaml |
| PrestaShop Product Comments <4.2.0 - SQL Injection (CVE-2020-26248) | cve/CVE-2020-26248.yaml |
| Good Layers LMS Plugin <= 2.1.4 - SQL Injection (CVE-2020-27481) | cve/CVE-2020-27481.yaml |
| Microsoft Open Management Infrastructure - Remote Code Execution (CVE-2021-38647) | cve/CVE-2021-38647.yaml |
| Joomla! Component Jw_allVideos - Arbitrary File Retrieval (CVE-2010-0696) | cve/CVE-2010-0696.yaml |
| XStream <1.4.16 - Remote Code Execution (CVE-2021-21345) | cve/CVE-2021-21345.yaml |
| LogonTracer <=1.2.0 - Remote Command Injection (CVE-2018-16167) | cve/CVE-2018-16167.yaml |
| NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure (CVE-2016-5649) | cve/CVE-2016-5649.yaml |
| ScoreMe Theme - Cross-Site Scripting (CVE-2016-10993) | cve/CVE-2016-10993.yaml |
| WordPress Site Editor <=1.1.1 - Local File Inclusion (CVE-2018-7422) | cve/CVE-2018-7422.yaml |
| Oracle WebLogic Server - Remote Command Execution (CVE-2020-14750) | cve/CVE-2020-14750.yaml |
| Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion (CVE-2013-7091) | cve/CVE-2013-7091.yaml |
| Majordomo2 - SMTP/HTTP Directory Traversal (CVE-2011-0049) | cve/CVE-2011-0049.yaml |
| WordPress Transposh Translation <1.0.8 - Cross-Site Scripting (CVE-2021-24910) | cve/CVE-2021-24910.yaml |
| karma-runner DOM-based Cross-Site Scripting (CVE-2022-0437) | cve/CVE-2022-0437.yaml |
| Kong Admin <=2.03 - Admin API Access (CVE-2020-11710) | cve/CVE-2020-11710.yaml |
| CHIYU TCP/IP Converter - Carriage Return Line Feed Injection (CVE-2021-31249) | cve/CVE-2021-31249.yaml |
| MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution | cve/CVE-2020-15505.yaml |
| WordPress WPSOLR <=8.6 - Cross-Site Scripting (CVE-2016-1000155) | cve/CVE-2016-1000155.yaml |
| Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload (CVE-2021-45428) | cve/CVE-2021-45428.yaml |
| SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution (CVE-2020-17456) | cve/CVE-2020-17456.yaml |
| EPrints 3.4.2 - Cross-Site Scripting (CVE-2021-26475) | cve/CVE-2021-26475.yaml |
| Pega Infinity - Authentication Bypass (CVE-2021-27651) | cve/CVE-2021-27651.yaml |
| Cacti v1.2.8 - Remote Code Execution (CVE-2020-8813) | cve/CVE-2020-8813.yaml |
| AppServ Open Project <=2.5.10 - Cross-Site Scripting (CVE-2008-2398) | cve/CVE-2008-2398.yaml |
| Microsoft Exchange Server SSRF Vulnerability (CVE-2021-26855) | cve/CVE-2021-26855.yaml |
| CirCarLife Scada <4.3 - System Log Exposure (CVE-2018-12634) | cve/CVE-2018-12634.yaml |
| Polarisft Intellect Core Banking Software Version 9.7.1 - Open Redirect (CVE-2018-14931) | cve/CVE-2018-14931.yaml |
| Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion (CVE-2010-1217) | cve/CVE-2010-1217.yaml |
| Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure (CVE-2021-40149) | cve/CVE-2021-40149.yaml |
| WordPress Shareaholic <9.7.6 - Information Disclosure (CVE-2022-0594) | cve/CVE-2022-0594.yaml |
| Joomla! Component WMI 1.5.0 - Local File Inclusion (CVE-2010-1607) | cve/CVE-2010-1607.yaml |
| WordPress Easy Student Results <=2.2.8 - Improper Authorization (CVE-2022-2379) | cve/CVE-2022-2379.yaml |
| SugarCRM Enterprise 9.0.0 - Cross-Site Scripting (CVE-2019-14974) | cve/CVE-2019-14974.yaml |
| Joomla! Component VJDEO 1.0 - Local File Inclusion (CVE-2010-1354) | cve/CVE-2010-1354.yaml |
| Intel Active Management - Authentication Bypass (CVE-2017-5689) | cve/CVE-2017-5689.yaml |
| WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation (CVE-2021-24278) | cve/CVE-2021-24278.yaml |
| WordPress Admin Font Editor <=1.8 - Cross-Site Scripting (CVE-2016-1000126) | cve/CVE-2016-1000126.yaml |
| WordPress Checklist <1.1.9 - Cross-Site Scripting (CVE-2019-16525) | cve/CVE-2019-16525.yaml |
| Quixplorer <=2.4.1 - Cross-Site Scripting (CVE-2020-24902) | cve/CVE-2020-24902.yaml |
| Zeit Next.js <4.2.3 - Local File Inclusion (CVE-2018-6184) | cve/CVE-2018-6184.yaml |
| PHP CGI v5.3.12/5.4.2 Remote Code Execution (CVE-2012-1823) | cve/CVE-2012-1823.yaml |
| Joomla! Component com_biblestudy - Local File Inclusion (CVE-2010-0157) | cve/CVE-2010-0157.yaml |
| All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery (CVE-2022-2633) | cve/CVE-2022-2633.yaml |
| SonicWall SMA1000 LFI (CVE-2023-0126) | cve/CVE-2023-0126.yaml |
| XOOPS Core 2.5.8 - Open Redirect (CVE-2017-12138) | cve/CVE-2017-12138.yaml |
| Websvn <2.6.1 - Remote Code Execution (CVE-2021-32305) | cve/CVE-2021-32305.yaml |
| Atom CMS v2.0 - Remote Code Execution (CVE-2022-25487) | cve/CVE-2022-25487.yaml |
| PuneethReddyHC action.php SQL Injection (CVE-2021-41648) | cve/CVE-2021-41648.yaml |
| Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion (CVE-2010-1956) | cve/CVE-2010-1956.yaml |
| WAVLINK - Access Control (CVE-2020-10973) | cve/CVE-2020-10973.yaml |
| Apache APISIX - Insufficiently Protected Credentials (CVE-2020-13945) | cve/CVE-2020-13945.yaml |
| WordPress Button Generator <2.3.3 - Remote File Inclusion (CVE-2021-25052) | cve/CVE-2021-25052.yaml |
| Gogs 0.5.5 - 0.12.2 - Remote Code Execution (CVE-2020-15867) | cve/CVE-2020-15867.yaml |
| Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting (CVE-2020-29395) | cve/CVE-2020-29395.yaml |
| WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution (CVE-2020-12800) | cve/CVE-2020-12800.yaml |
| WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting (CVE-2021-24291) | cve/CVE-2021-24291.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19752) | cve/CVE-2018-19752.yaml |
| WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting | cve/CVE-2021-24287.yaml |
| vBulletin SQL Injection (CVE-2020-12720) | cve/CVE-2020-12720.yaml |
| Open edX <2022-06-06 - Cross-Site Scripting (CVE-2022-32195) | cve/CVE-2022-32195.yaml |
| PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE) (CVE-2023-0297) | cve/CVE-2023-0297.yaml |
| Apache Druid Kafka Connect - Remote Code Execution (CVE-2023-25194) | cve/apache-druid-kafka-connect-rce.yaml |
| WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting (CVE-2020-17453) | cve/CVE-2020-17453.yaml |
| Apache Airflow OS Command Injection (CVE-2022-24288) | cve/CVE-2022-24288.yaml |
| WordPress Ninja Forms <3.4.34 - Open Redirect (CVE-2021-24165) | cve/CVE-2021-24165.yaml |
| OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43014) | cve/CVE-2022-43014.yaml |
| Joomla! Component Photo Battle 1.0.1 - Local File Inclusion (CVE-2010-1461) | cve/CVE-2010-1461.yaml |
| WordPress RobotCPA 5 - Directory Traversal (CVE-2015-9480) | cve/CVE-2015-9480.yaml |
| Microweber <1.2.12 - Stored Cross-Site Scripting (CVE-2022-0963) | cve/CVE-2022-0963.yaml |
| Alerta < 8.1.0 - Authentication Bypass (CVE-2020-26214) | cve/CVE-2020-26214.yaml |
| Bank Locker Management System v1.0 - SQL Injection (CVE-2023-0562) | cve/CVE-2023-0562.yaml |
| Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27316) | cve/CVE-2021-27316.yaml |
| Cuppa CMS v1.0 - SQL injection (CVE-2022-27985) | cve/CVE-2022-27985.yaml |
| Joomla! Component TweetLA 1.0.1 - Local File Inclusion (CVE-2010-1533) | cve/CVE-2010-1533.yaml |
| rConfig <3.9.4 - Sensitive Information Disclosure (CVE-2020-9425) | cve/CVE-2020-9425.yaml |
| Spring Boot - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/springboot-log4j-rce.yaml |
| Microweber <1.2.15 - Cross-Site Scripting (CVE-2022-1439) | cve/CVE-2022-1439.yaml |
| WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion (CVE-2015-5469) | cve/CVE-2015-5469.yaml |
| Joomla! Component JotLoader 2.2.1 - Local File Inclusion (CVE-2010-4617) | cve/CVE-2010-4617.yaml |
| Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting (CVE-2011-4336) | cve/CVE-2011-4336.yaml |
| Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection (CVE-2023-1020) | cve/CVE-2023-1020.yaml |
| WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting | cve/CVE-2011-5106.yaml |
| VMware vSphere Client (HTML5) - Remote Code Execution (CVE-2021-21972) | cve/CVE-2021-21972.yaml |
| Spring Cloud Config Server - Local File Inclusion (CVE-2020-5410) | cve/CVE-2020-5410.yaml |
| Joomla! Component Jfeedback 1.2 - Local File Inclusion (CVE-2010-1478) | cve/CVE-2010-1478.yaml |
| FineCMS <=5.0.10 - Cross-Site Scripting (CVE-2017-11629) | cve/CVE-2017-11629.yaml |
| Rukovoditel <= 2.7.2 - Cross Site Scripting (CVE-2020-35986) | cve/CVE-2020-35986.yaml |
| Joomla! Portfolio Nexus - Remote File Inclusion (CVE-2009-4679) | cve/CVE-2009-4679.yaml |
| MindPalette NateMail 3.0.15 - Cross-Site Scripting (CVE-2019-13392) | cve/CVE-2019-13392.yaml |
| Nette Framework - Remote Code Execution (CVE-2020-15227) | cve/CVE-2020-15227.yaml |
| Cisco IOS HTTP Configuration - Authentication Bypass (CVE-2001-0537) | cve/CVE-2001-0537.yaml |
| SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request | cve/CVE-2020-6308.yaml |
| PrestaShop 1.7.7.0 - SQL Injection (CVE-2021-3110) | cve/CVE-2021-3110.yaml |
| Xiaomi Mi WiFi R3G Routers - Local file Inclusion (CVE-2019-18371) | cve/CVE-2019-18371.yaml |
| AppCMS - Cross-Site Scripting (CVE-2021-45380) | cve/CVE-2021-45380.yaml |
| WordPress Country Selector <1.6.6 - Cross-Site Scripting (CVE-2022-28290) | cve/CVE-2022-28290.yaml |
| Hue Magic 3.0.0 - Local File Inclusion (CVE-2021-25864) | cve/CVE-2021-25864.yaml |
| Apache Druid - Local File Inclusion (CVE-2021-36749) | cve/CVE-2021-36749.yaml |
| Eaton Intelligent Power Manager 1.6 - Directory Traversal (CVE-2018-12031) | cve/CVE-2018-12031.yaml |
| Grafana 3.0.1-7.0.1 - Server-Side Request Forgery (CVE-2020-13379) | cve/CVE-2020-13379.yaml |
| Magento Mass Importer <0.7.24 - Remote Auth Bypass (CVE-2020-5777) | cve/CVE-2020-5777.yaml |
| Cisco RV132W/RV134W Router - Information Disclosure (CVE-2018-0127) | cve/CVE-2018-0127.yaml |
| Oracle WebLogic Server - Remote Code Execution (CVE-2018-2894) | cve/CVE-2018-2894.yaml |
| XStream <1.4.18 - Server-Side Request Forgery (CVE-2021-39152) | cve/CVE-2021-39152.yaml |
| Alert Before Your Post <= 0.1.1 - Cross-Site Scripting (CVE-2011-5107) | cve/CVE-2011-5107.yaml |
| Jira <8.4.0 - Information Disclosure (CVE-2019-8449) | cve/CVE-2019-8449.yaml |
| Seo Panel 4.8.0 - Cross-Site Scripting (CVE-2021-3002) | cve/CVE-2021-3002.yaml |
| WordPress Daily Prayer Time <2022.03.01 - SQL Injection (CVE-2022-0785) | cve/CVE-2022-0785.yaml |
| kkFileView 4.1.0 - Cross-Site Scripting (CVE-2022-35151) | cve/CVE-2022-35151.yaml |
| Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion (CVE-2010-1659) | cve/CVE-2010-1659.yaml |
| Kramer VIAware - Remote Code Execution (CVE-2021-36356) | cve/CVE-2021-36356.yaml |
| Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40971) | cve/CVE-2021-40971.yaml |
| KubeView <=0.1.31 - Information Disclosure (CVE-2022-45933) | cve/CVE-2022-45933.yaml |
| WBCE CMS v1.5.4 - Remote Code Execution (CVE-2022-46020) | cve/CVE-2022-46020.yaml |
| Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass (CVE-2018-3810) | cve/CVE-2018-3810.yaml |
| Cacti - Cross-Site Scripting (CVE-2021-26247) | cve/CVE-2021-26247.yaml |
| MAGMI - Cross-Site Request Forgery (CVE-2020-5776) | cve/CVE-2020-5776.yaml |
| WordPress WooCommerce <3.1.2 - Arbitrary Function Call (CVE-2022-1020) | cve/CVE-2022-1020.yaml |
| Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution (CVE-2020-11853) | cve/CVE-2020-11853.yaml |
| SAP NetWeaver Application Server Java 7.5 - Local File Inclusion (CVE-2017-12637) | cve/CVE-2017-12637.yaml |
| WordPress Sniplets 1.1.2 - Local File Inclusion (CVE-2008-1059) | cve/CVE-2008-1059.yaml |
| Zoho ManageEngine ServiceDesk Plus - Remote Code Execution (CVE-2021-44077) | cve/CVE-2021-44077.yaml |
| Ghost CMS <=4.32 - Cross-Site Scripting (CVE-2021-29484) | cve/CVE-2021-29484.yaml |
| 74cms - ajax_common.php SQL Injection (CVE-2020-22210) | cve/CVE-2020-22209.yaml |
| IBAX - SQL Injection (CVE-2022-3800) | cve/CVE-2022-3800.yaml |
| rConfig 3.9.4 - SQL Injection (CVE-2020-10547) | cve/CVE-2020-10547.yaml |
| D-Link DIR-816L 2.x - Cross-Site Scripting (CVE-2020-15895) | cve/CVE-2020-15895.yaml |
| WordPress Contact Form 7 - Unrestricted File Upload (CVE-2020-35489) | cve/CVE-2020-35489.yaml |
| HD-Network Realtime Monitoring System 2.0 - Local File Inclusion (CVE-2021-45043) | cve/CVE-2021-45043.yaml |
| Express-handlebars - Local File Inclusion (CVE-2021-32820) | cve/CVE-2021-32820.yaml |
| CRM Perks Forms < 1.1.1 - Cross Site Scripting (CVE-2022-38467) | cve/CVE-2022-38467.yaml |
| cPanel - Cross-Site Scripting (CVE-2023-29489) | cve/CVE-2023-29489.yaml |
| LiveZilla Server 8.0.1.0 - Cross-Site Scripting (CVE-2019-12962) | cve/CVE-2019-12962.yaml |
| Joomla! Component com_jvideodirect - Directory Traversal (CVE-2010-0942) | cve/CVE-2010-0942.yaml |
| Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting (CVE-2021-27330) | cve/CVE-2021-27330.yaml |
| Apache ShenYu Admin JWT - Authentication Bypass (CVE-2021-37580) | cve/CVE-2021-37580.yaml |
| H3C SSL VPN <=2022-07-10 - Cross-Site Scripting (CVE-2022-35416) | cve/CVE-2022-35416.yaml |
| WordPress Core <4.7.1 - Username Enumeration (CVE-2017-5487) | cve/CVE-2017-5487.yaml |
| Apache Cocoon 2.1.12 - XML Injection (CVE-2020-11991) | cve/CVE-2020-11991.yaml |
| Securepoint UTM - Leaking Remote Memory Contents (CVE-2023-22897) | cve/CVE-2023-22897.yaml |
| Hotel Druid 3.0.2 - Cross-Site Scripting (CVE-2021-37833) | cve/CVE-2021-37833.yaml |
| Unyson < 2.7.27 - Cross Site Scripting (CVE-2022-2219) | cve/CVE-2022-2219.yaml |
| Podcast Channels < 0.28 - Cross-Site Scripting (CVE-2014-4544) | cve/CVE-2014-4544.yaml |
| WordPress WPQA <5.4 - Cross-Site Scripting (CVE-2022-1597) | cve/CVE-2022-1597.yaml |
| Joomla! Component Horoscope 1.5.0 - Local File Inclusion (CVE-2010-1472) | cve/CVE-2010-1472.yaml |
| Ghost CMS < 5.42.1 - Path Traversal (CVE-2023-32235) | cve/CVE-2023-32235.yaml |
| Car Rental Management System 1.0 - Local File Inclusion (CVE-2020-29227) | cve/CVE-2020-29227.yaml |
| WordPress Best Books <=2.6.3 - SQL Injection (CVE-2022-0827) | cve/CVE-2022-0827.yaml |
| WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion (CVE-2020-11738) | cve/CVE-2020-11738.yaml |
| phpfastcache - phpinfo Resource Exposure (CVE-2021-37704) | cve/CVE-2021-37704.yaml |
| FUEL CMS 1.4.1 - Remote Code Execution (CVE-2018-16763) | cve/CVE-2018-16763.yaml |
| Drupal - Remote Code Execution (CVE-2018-7602) | cve/CVE-2018-7602.yaml |
| D-Link - Unauthenticated Remote Code Execution (CVE-2018-6530) | cve/CVE-2018-6530.yaml |
| Jiangnan Online Judge 0.8.0 - Local File Inclusion (CVE-2019-17538) | cve/CVE-2019-17538.yaml |
| Microweber <1.2.11 - Stored Cross-Site Scripting (CVE-2022-0954) | cve/CVE-2022-0954.yaml |
| VMware VRealize Network Insight - Remote Code Execution (CVE-2023-20887) | cve/CVE-2023-20887.yaml |
| Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection (CVE-2020-17506) | cve/CVE-2020-17506.yaml |
| Citrix SD-WAN Center - Remote Command Injection (CVE-2019-12988) | cve/CVE-2019-12988.yaml |
| Nova Lite < 1.3.9 - Cross-Site Scripting (CVE-2020-17362) | cve/CVE-2020-17362.yaml |
| Telaen => v1.3.1 - Open Redirect (CVE-2013-2621) | cve/CVE-2013-2621.yaml |
| Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion (CVE-2010-1977) | cve/CVE-2010-1977.yaml |
| Ellucian Ethos Identity CAS - Cross-Site Scripting (CVE-2023-2822) | cve/CVE-2023-2822.yaml |
| Spring - Remote Code Execution (CVE-2022-22965) | cve/CVE-2022-22965.yaml |
| Thinfinity VirtualUI User Enumeration (CVE-2021-44848) | cve/CVE-2021-44848.yaml |
| WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting (CVE-2022-0595) | cve/CVE-2022-0595.yaml |
| WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting (CVE-2022-4306) | cve/CVE-2022-4306.yaml |
| NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution (CVE-2020-26919) | cve/CVE-2020-26919.yaml |
| Deltek Maconomy 2.2.5 - Local File Inclusion (CVE-2019-12314) | cve/CVE-2019-12314.yaml |
| Unauthenticated File Read Adobe ColdFusion (CVE-2023-26360) | cve/CVE-2023-26360.yaml |
| WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting (CVE-2021-24274) | cve/CVE-2021-24274.yaml |
| Traggo Server - Local File Inclusion (CVE-2023-34843) | cve/CVE-2023-34843.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44951) | cve/CVE-2022-44951.yaml |
| WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote | cve/CVE-2022-0346.yaml |
| Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability (CVE-2020-1938) | cve/CVE-2020-1938.yaml |
| GitLab GraphQL API User Enumeration (CVE-2021-4191) | cve/CVE-2021-4191.yaml |
| JeecgBoot 3.5.0 - SQL Injection (CVE-2023-34659) | cve/CVE-2023-34659.yaml |
| Atlassian Bitbucket - Remote Command Injection (CVE-2022-36804) | cve/CVE-2022-36804.yaml |
| Node.js Embedded JavaScript 3.1.6 - Template Injection (CVE-2022-29078) | cve/CVE-2022-29078.yaml |
| Odoo - Cross-Site Scripting (CVE-2023-1434) | cve/CVE-2023-1434.yaml |
| ARMember < 3.4.8 - Unauthenticated Admin Account Takeover (CVE-2022-1903) | cve/CVE-2022-1903.yaml |
| Wavlink WN535K2/WN535K3 - OS Command Injection (CVE-2022-2487) | cve/CVE-2022-2487.yaml |
| WordPress Google Maps <7.11.18 - SQL Injection (CVE-2019-10692) | cve/CVE-2019-10692.yaml |
| WBCE CMS v1.5.4 - Cross Site Scripting (Stored) (CVE-2022-45038) | cve/CVE-2022-45038.yaml |
| Sonatype Nexus Repository Manager 3 - Remote Code Execution (CVE-2020-10199) | cve/CVE-2020-10199.yaml |
| WordPress Asgaros Forum <1.15.13 - SQL Injection (CVE-2021-24827) | cve/CVE-2021-24827.yaml |
| WordPress Qards - Cross-Site Scripting (CVE-2017-18598) | cve/CVE-2017-18598.yaml |
| Jeesns 1.4.2 - Cross-Site Scripting (CVE-2020-19283) | cve/CVE-2020-19283.yaml |
| OpenSIS 7.3 - SQL Injection (CVE-2020-6637) | cve/CVE-2020-6637.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31983) | cve/CVE-2022-31983.yaml |
| LDAP Injection In OpenAM (CVE-2021-29156) | cve/CVE-2021-29156.yaml |
| Apache Flink 1.5.1 - Local File Inclusion (CVE-2020-17518) | cve/CVE-2020-17518.yaml |
| WordPress JSmol2WP <=1.07 - Local File Inclusion (CVE-2018-20463) | cve/CVE-2018-20463.yaml |
| Joomla! Core SQL Injection (CVE-2015-7297) | cve/CVE-2015-7297.yaml |
| NETGEAR - Authentication Bypass (CVE-2020-27866) | cve/CVE-2020-27866.yaml |
| VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication | cve/CVE-2022-22972.yaml |
| DomainMOD 4.13.0 - Cross-Site Scripting (CVE-2020-20988) | cve/CVE-2020-20988.yaml |
| Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution (CVE-2021-42013) | cve/CVE-2021-42013.yaml |
| Anchor CMS 0.12.3 - Error Log Exposure (CVE-2018-7251) | cve/CVE-2018-7251.yaml |
| BlogEngine.NET 3.3.7.0 - Local File Inclusion (CVE-2019-10717) | cve/CVE-2019-10717.yaml |
| Kibana - Local File Inclusion (CVE-2018-17246) | cve/CVE-2018-17246.yaml |
| Apache Druid - Remote Code Execution (CVE-2021-25646) | cve/CVE-2021-25646.yaml |
| ILIAS eLearning <7.16 - Open Redirect (CVE-2022-45917) | cve/CVE-2022-45917.yaml |
| BIQS IT Biqs-drive v1.83 Local File Inclusion (CVE-2021-39433) | cve/CVE-2021-39433.yaml |
| Clansphere CMS 2011.4 - Cross-Site Scripting (CVE-2021-27310) | cve/CVE-2021-27310.yaml |
| Cobbler <3.3.0 - Remote Code Execution (CVE-2021-40323) | cve/CVE-2021-40323.yaml |
| Prometheus - Open Redirect (CVE-2021-29622) | cve/CVE-2021-29622.yaml |
| Webkul QloApps 1.6.0 - Cross-site Scripting (CVE-2023-36289) | cve/CVE-2023-36289.yaml |
| Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal (CVE-2010-2037) | cve/CVE-2010-2037.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19914) | cve/CVE-2018-19914.yaml |
| WordPress Simple Image Manipulator < 1.0 - Local File Inclusion (CVE-2015-1000010) | cve/CVE-2015-1000010.yaml |
| Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution (CVE-2021-22053) | cve/CVE-2021-22053.yaml |
| BackupBuddy - Local File Inclusion (CVE-2022-31474) | cve/CVE-2022-31474.yaml |
| pfSense - Arbitrary File Write (CVE-2021-41282) | cve/CVE-2021-41282.yaml |
| Php-mod/curl Library <2.3.2 - Cross-Site Scripting (CVE-2021-30134) | cve/CVE-2021-30134.yaml |
| Agentejo Cockpit < 0.11.2 - NoSQL Injection (CVE-2020-35846) | cve/CVE-2020-35846.yaml |
| WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery (CVE-2022-45362) | cve/CVE-2022-45362.yaml |
| ResourceSpace - Local File inclusion (CVE-2015-3648) | cve/CVE-2015-3648.yaml |
| Zyxel NAS Firmware 5.21- Remote Code Execution (CVE-2020-9054) | cve/CVE-2020-9054.yaml |
| ZTE Cable Modem Web Shell (CVE-2014-2321) | cve/CVE-2014-2321.yaml |
| WordPress Integrator 1.32 - Cross-Site Scripting (CVE-2012-5913) | cve/CVE-2012-5913.yaml |
| Open Redirect in Host Authorization Middleware (CVE-2021-44528) | cve/CVE-2021-44528.yaml |
| Advanced Comment System 1.0 - Local File Inclusion (CVE-2020-35598) | cve/CVE-2020-35598.yaml |
| Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval (CVE-2010-2122) | cve/CVE-2010-2122.yaml |
| Gurock TestRail Application files.md5 Exposure (CVE-2021-40875) | cve/CVE-2021-40875.yaml |
| Zoho ManageEngine - Remote Code Execution (CVE-2022-35405) | cve/CVE-2022-35405.yaml |
| TerraMaster TOS <.1.29 - Remote Code Execution (CVE-2020-15568) | cve/CVE-2020-15568.yaml |
| Eclipse Jetty - Information Disclosure (CVE-2021-34429) | cve/CVE-2021-34429.yaml |
| Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code | cve/CVE-2020-14883.yaml |
| WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting (CVE-2017-14651) | cve/CVE-2017-14651.yaml |
| YouSayToo auto-publishing 1.0 - Cross-Site Scripting (CVE-2012-0901) | cve/CVE-2012-0901.yaml |
| WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting (CVE-2016-1000142) | cve/CVE-2016-1000142.yaml |
| Dolibarr <7.0.2 - Cross-Site Scripting (CVE-2018-10095) | cve/CVE-2018-10095.yaml |
| Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion (CVE-2010-0972) | cve/CVE-2010-0972.yaml |
| CouchCMS <= 2.0 - Path Disclosure (CVE-2018-7662) | cve/CVE-2018-7662.yaml |
| Wavlink - Improper Access Control (CVE-2022-48165) | cve/CVE-2022-48165.yaml |
| WordPress wSecure Lite < 2.4 - Remote Code Execution (CVE-2016-10960) | cve/CVE-2016-10960.yaml |
| Bonita BPM Portal <6.5.3 - Local File Inclusion (CVE-2015-3897) | cve/CVE-2015-3897.yaml |
| WordPress Candidate Application Form <= 1.3 - Local File Inclusion (CVE-2015-1000005) | cve/CVE-2015-1000005.yaml |
| WordPress Simple File List <3.2.8 - Local File Inclusion (CVE-2022-1119) | cve/CVE-2022-1119.yaml |
| WordPress Church Admin <0.810 - Cross-Site Scripting (CVE-2015-4127) | cve/CVE-2015-4127.yaml |
| Adobe Experience Manager - XML External Entity Injection (CVE-2019-8086) | cve/CVE-2019-8086.yaml |
| Shirne CMS 1.2.0 - Local File Inclusion (CVE-2022-37299) | cve/CVE-2022-37299.yaml |
| Maian Cart <=3.8 - Remote Code Execution (CVE-2021-32172) | cve/CVE-2021-32172.yaml |
| Oracle WebLogic Server Java Object Deserialization - Remote Code Execution | cve/CVE-2016-3510.yaml |
| Cartadis Gespage 8.2.1 - Directory Traversal (CVE-2021-33807) | cve/CVE-2021-33807.yaml |
| WordPress Gallery <2.0.0 - Cross-Site Scripting (CVE-2022-1946) | cve/CVE-2022-1946.yaml |
| ZTE MF971R - Referer authentication bypass (CVE-2021-21745) | cve/CVE-2021-21745.yaml |
| WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting (CVE-2021-24498) | cve/CVE-2021-24498.yaml |
| Wavlink WN-533A8 - Cross-Site Scripting (CVE-2022-34048) | cve/CVE-2022-34048.yaml |
| PuneethReddyHC Online Shopping System homeaction.php SQL Injection (CVE-2021-41649) | cve/CVE-2021-41649.yaml |
| SysAid Technologies 20.3.64 b14 - Cross-Site Scripting (CVE-2021-30049) | cve/CVE-2021-30049.yaml |
| Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion (CVE-2009-1558) | cve/CVE-2009-1558.yaml |
| Spring Cloud Config - Local File Inclusion (CVE-2020-5405) | cve/CVE-2020-5405.yaml |
| WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting (CVE-2013-4117) | cve/CVE-2013-4117.yaml |
| WordPress GraceMedia Media Player 1.0 - Local File Inclusion (CVE-2019-9618) | cve/CVE-2019-9618.yaml |
| Adminer <=4.8.0 - Cross-Site Scripting (CVE-2021-29625) | cve/CVE-2021-29625.yaml |
| WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting (CVE-2021-24940) | cve/CVE-2021-24940.yaml |
| Citrix SD-WAN Center - Remote Command Injection (CVE-2019-12985) | cve/CVE-2019-12985.yaml |
| PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting (CVE-2022-24181) | cve/CVE-2022-24181.yaml |
| WordPress Mailster <=1.5.4 - Cross-Site Scripting (CVE-2017-17451) | cve/CVE-2017-17451.yaml |
| WAVLINK WN530HG4 - Improper Access Control (CVE-2022-34047) | cve/CVE-2022-34047.yaml |
| ChurchCRM 4.5.3 - Cross-Site Scripting (CVE-2023-26842) | cve/CVE-2023-26842.yaml |
| Apache Struts <2.3.1.1 - Remote Code Execution (CVE-2012-0394) | cve/CVE-2012-0394.yaml |
| Chyrp 2.x - Local File Inclusion (CVE-2011-2744) | cve/CVE-2011-2744.yaml |
| WordPress Metform <=2.1.3 - Information Disclosure (CVE-2022-1442) | cve/CVE-2022-1442.yaml |
| Citrix - Local File Inclusion (CVE-2020-8193) | cve/CVE-2020-8193.yaml |
| WordPress API Bearer Auth <20190907 - Cross-Site Scripting (CVE-2019-16332) | cve/CVE-2019-16332.yaml |
| Accela Civic Platform <=21.1 - Cross-Site Scripting (CVE-2021-34370) | cve/CVE-2021-34370.yaml |
| SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting (CVE-2002-1131) | cve/CVE-2002-1131.yaml |
| WordPress Sitemap by click5 <1.0.36 - Missing Authorization (CVE-2022-0952) | cve/CVE-2022-0952.yaml |
| WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion (CVE-2021-24970) | cve/CVE-2021-24970.yaml |
| XStream 1.4.18 - Remote Code Execution (CVE-2021-39141) | cve/CVE-2021-39141.yaml |
| SDT-CW3B1 1.1.0 - OS Command Injection (CVE-2021-46422) | cve/CVE-2021-46422.yaml |
| WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting (CVE-2016-1000149) | cve/CVE-2016-1000149.yaml |
| VMware NSX - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/vmware-nsx-log4j.yaml |
| Apache OFBiz <17.12.06 - Arbitrary Code Execution (CVE-2021-26295) | cve/CVE-2021-26295.yaml |
| Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (CVE-2021-46387) | cve/CVE-2021-46387.yaml |
| Subrion CMS <4.1.5.10 - SQL Injection (CVE-2017-11444) | cve/CVE-2017-11444.yaml |
| Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation (CVE-2017-12635) | cve/CVE-2017-12635.yaml |
| Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion (CVE-2010-1476) | cve/CVE-2010-1476.yaml |
| Kentico - Installer Privilege Escalation (CVE-2017-17736) | cve/CVE-2017-17736.yaml |
| Joomla! Component News Portal 1.5.x - Local File Inclusion (CVE-2010-1312) | cve/CVE-2010-1312.yaml |
| WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting (CVE-2021-24387) | cve/CVE-2021-24387.yaml |
| WordPress CTHthemes - Cross-Site Scripting (CVE-2019-20210) | cve/CVE-2019-20210.yaml |
| Sercomm VD625 Smart Modems - CRLF Injection (CVE-2021-27132) | cve/CVE-2021-27132.yaml |
| WordPress FoodBakery <2.2 - Cross-Site Scripting (CVE-2021-24389) | cve/CVE-2021-24389.yaml |
| Apache Struts2 S2-062 - Remote Code Execution (CVE-2021-31805) | cve/CVE-2021-31805.yaml |
| Homematic CCU3 - Local File Inclusion (CVE-2019-9726) | cve/CVE-2019-9726.yaml |
| Adminer <4.7.9 - Server-Side Request Forgery (CVE-2021-21311) | cve/CVE-2021-21311.yaml |
| WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure (CVE-2022-1595) | cve/CVE-2022-1595.yaml |
| Joomla! Component com_janews - Local File Inclusion (CVE-2010-1219) | cve/CVE-2010-1219.yaml |
| Wavlink Multiple AP - Remote Command Injection (CVE-2020-13117) | cve/CVE-2020-13117.yaml |
| Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion (CVE-2017-15363) | cve/CVE-2017-15363.yaml |
| Spring Cloud Gateway Code Injection (CVE-2022-22947) | cve/CVE-2022-22947.yaml |
| Repetier Server - Directory Traversal (CVE-2023-31059) | cve/CVE-2023-31059.yaml |
| WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting (CVE-2022-2187) | cve/CVE-2022-2187.yaml |
| MSNSwitch Firmware MNT.2408 - Authentication Bypass (CVE-2022-32429) | cve/CVE-2022-32429.yaml |
| Axigen Mail Server Filename Directory Traversal (CVE-2012-4940) | cve/CVE-2012-4940.yaml |
| Apache 2.4.49 - Path Traversal and Remote Code Execution (CVE-2021-41773) | cve/CVE-2021-41773.yaml |
| WordPress Stop Bad Bots <6.930 - SQL Injection (CVE-2022-0949) | cve/CVE-2022-0949.yaml |
| WordPress InfiniteWP <1.9.4.5 - Authorization Bypass (CVE-2020-8772) | cve/CVE-2020-8772.yaml |
| MKdocs 1.2.2 - Directory Traversal (CVE-2021-40978) | cve/CVE-2021-40978.yaml |
| Trilium <0.52.4 - Cross-Site Scripting (CVE-2022-2290) | cve/CVE-2022-2290.yaml |
| Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting (CVE-2018-19877) | cve/CVE-2018-19877.yaml |
| Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery (CVE-2019-8982) | cve/CVE-2019-8982.yaml |
| DotCMS < 5.0.2 - Open Redirect (CVE-2018-17422) | cve/CVE-2018-17422.yaml |
| Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection (CVE-2023-0630) | cve/CVE-2023-0630.yaml |
| FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting | cve/CVE-2021-39350.yaml |
| Dairy Farm Shop Management System 1.0 - SQL Injection (CVE-2022-29007) | cve/CVE-2022-29007.yaml |
| IncomCMS 2.0 - Arbitrary File Upload (CVE-2020-29597) | cve/CVE-2020-29597.yaml |
| SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution (CVE-2021-20038) | cve/CVE-2021-20038.yaml |
| JamF Pro - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/jamf-pro-log4j-rce.yaml |
| WordPress S3 Video <=0.983 - Cross-Site Scripting (CVE-2016-1000148) | cve/CVE-2016-1000148.yaml |
| QNAP QTS Photo Station External Reference - Local File Inclusion (CVE-2022-27593) | cve/CVE-2022-27593.yaml |
| Joomla! Component Cookex Agency CKForms - Local File Inclusion (CVE-2010-1345) | cve/CVE-2010-1345.yaml |
| Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF META-INF) (CVE-2020-29453) | cve/CVE-2020-29453.yaml |
| WSO2 Management - Arbitrary File Upload & Remote Code Execution (CVE-2022-29464) | cve/CVE-2022-29464.yaml |
| WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting | cve/CVE-2018-5316.yaml |
| Citrix ADC and Gateway - Directory Traversal (CVE-2019-19781) | cve/CVE-2019-19781.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31984) | cve/CVE-2022-31984.yaml |
| WooCommerce Payments - Unauthorized Admin Access (CVE-2023-28121) | cve/CVE-2023-28121.yaml |
| Openfire Administration Console - Authentication Bypass (CVE-2023-32315) | cve/CVE-2023-32315.yaml |
| Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting (CVE-2014-4561) | cve/CVE-2014-4561.yaml |
| OpenEMR 4.1 - Local File Inclusion (CVE-2012-0991) | cve/CVE-2012-0991.yaml |
| WordPress Photoxhibit 2.1.8 - Cross-Site Scripting (CVE-2016-1000143) | cve/CVE-2016-1000143.yaml |
| WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site | cve/CVE-2022-0147.yaml |
| Kubernetes Dashboard <1.10.1 - Authentication Bypass (CVE-2018-18264) | cve/CVE-2018-18264.yaml |
| SquirrelMail 1.4.x - Folder Name Cross-Site Scripting (CVE-2004-0519) | cve/CVE-2004-0519.yaml |
| Cuppa CMS v1.0 - Local File Inclusion (CVE-2022-25497) | cve/CVE-2022-25497.yaml |
| Spotweb <= 1.5.1 - Cross Site Scripting (Reflected) (CVE-2021-40969) | cve/CVE-2021-40969.yaml |
| WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting | cve/CVE-2021-24214.yaml |
| SAP Internet Graphics Server (IGS) - XML External Entity Injection (CVE-2018-2392) | cve/CVE-2018-2392.yaml |
| Odoo 8.0/9.0/10.0 - Local File Inclusion (CVE-2017-9416) | cve/CVE-2017-9416.yaml |
| Yaws 1.91 - Local File Inclusion (CVE-2017-10974) | cve/CVE-2017-10974.yaml |
| Joomla! Component Percha Image Attach 1.1 - Directory Traversal (CVE-2010-2034) | cve/CVE-2010-2034.yaml |
| WWBN AVideo 11.6 - Cross-Site Scripting (CVE-2022-32770) | cve/CVE-2022-32770.yaml |
| Purchase Order Management v1.0 - SQL Injection (CVE-2023-2130) | cve/CVE-2023-2130.yaml |
| DomainMOD <=4.13.0 - Cross-Site Scripting (CVE-2019-15811) | cve/CVE-2019-15811.yaml |
| Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion (CVE-2018-13980) | cve/CVE-2018-13980.yaml |
| Aruba Airwave <8.2.3.1 - Cross-Site Scripting (CVE-2016-8527) | cve/CVE-2016-8527.yaml |
| WordPress Imagements <=1.2.5 - Arbitrary File Upload (CVE-2021-24236) | cve/CVE-2021-24236.yaml |
| uWSGI PHP Plugin Local File Inclusion (CVE-2018-7490) | cve/CVE-2018-7490.yaml |
| Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40968) | cve/CVE-2021-40968.yaml |
| Opsview Monitor Pro - Local File Inclusion (CVE-2016-10367) | cve/CVE-2016-10367.yaml |
| SolarView 6.00 - Remote Command Execution (CVE-2022-40881) | cve/CVE-2022-40881.yaml |
| Trixbox - 2.8.0.4 OS Command Injection (CVE-2017-14535) | cve/CVE-2017-14535.yaml |
| WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure (CVE-2022-31847) | cve/CVE-2022-31847.yaml |
| WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload (CVE-2021-24370) | cve/CVE-2021-24370.yaml |
| Atlassian Questions For Confluence - Hardcoded Credentials (CVE-2022-26138) | cve/CVE-2022-26138.yaml |
| Oracle WebLogic Server - Remote Code Execution (CVE-2018-2893) | cve/CVE-2018-2893.yaml |
| WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion (CVE-2019-14205) | cve/CVE-2019-14205.yaml |
| WAVLINK WN530HG4 - Improper Access Control (CVE-2022-34045) | cve/CVE-2022-34045.yaml |
| Custom 404 Pro < 3.2.8 - Cross-Site Scripting (CVE-2019-14789) | cve/CVE-2019-14789.yaml |
| Joomla! Component GMapFP 3.5 - Arbitrary File Upload (CVE-2020-23972) | cve/CVE-2020-23972.yaml |
| Micro Focus UCMDB - Remote Code Execution (CVE-2020-11854) | cve/CVE-2020-11854.yaml |
| Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting (CVE-2021-37416) | cve/CVE-2021-37416.yaml |
| Netsweeper 4.0.8 - Cross-Site Scripting (CVE-2014-9606) | cve/CVE-2014-9606.yaml |
| Thinkphp Lang - Local File Inclusion (CVE-2022-47945) | cve/CVE-2022-47945.yaml |
| RPCMS 3.0.2 - Cross-Site Scripting (CVE-2022-41473) | cve/CVE-2022-41473.yaml |
| Gogs (Go Git Service) 0.11.66 - Remote Code Execution (CVE-2018-18925) | cve/CVE-2018-18925.yaml |
| b2evolution CMS <6.11.6 - Open Redirect (CVE-2020-22840) | cve/CVE-2020-22840.yaml |
| Advantech R-SeeNet 2.4.12 - Cross-Site Scripting (CVE-2021-21800) | cve/CVE-2021-21800.yaml |
| Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting (CVE-2018-20824) | cve/CVE-2018-20824.yaml |
| Advantech R-SeeNet 2.4.12 - OS Command Injection (CVE-2021-21805) | cve/CVE-2021-21805.yaml |
| Apache Kylin 3.0.1 - Command Injection Vulnerability (CVE-2020-1956) | cve/CVE-2020-1956.yaml |
| nostromo 1.9.6 - Remote Code Execution (CVE-2019-16278) | cve/CVE-2019-16278.yaml |
| Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting (CVE-2020-2096) | cve/CVE-2020-2096.yaml |
| muhttpd <=1.1.5 - Local Inclusion (CVE-2022-31793) | cve/CVE-2022-31793.yaml |
| Xceedium Xsuite <=2.4.4.5 - Local File Inclusion (CVE-2015-4666) | cve/CVE-2015-4666.yaml |
| PMB v7.4.6 - Cross-Site Scripting (CVE-2023-24737) | cve/CVE-2023-24737.yaml |
| Argus Surveillance DVR 4.0.0.0 - Local File Inclusion (CVE-2018-15745) | cve/CVE-2018-15745.yaml |
| WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure (CVE-2020-12127) | cve/CVE-2020-12127.yaml |
| School Dormitory Management System 1.0 - SQL Injection (CVE-2022-30512) | cve/CVE-2022-30512.yaml |
| kkFileView 4.1.0 - Cross-Site Scripting (CVE-2022-46934) | cve/CVE-2022-46934.yaml |
| F5 iControl REST - Remote Command Execution (CVE-2021-22986) | cve/CVE-2021-22986.yaml |
| AxxonSoft Axxon Next - Local File Inclusion (CVE-2018-7467) | cve/CVE-2018-7467.yaml |
| Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS (CVE-2004-1965) | cve/CVE-2004-1965.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31981) | cve/CVE-2022-31981.yaml |
| Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local | cve/CVE-2020-3452.yaml |
| SolarView Compact 6.00 - 'pow' Cross-Site Scripting (CVE-2022-29301) | cve/CVE-2022-29301.yaml |
| Ivanti Avalanche 6.3.2 - Local File Inclusion (CVE-2021-30497) | cve/CVE-2021-30497.yaml |
| LG SuperSign EZ CMS 2.5 - Local File Inclusion (CVE-2018-16288) | cve/CVE-2018-16288.yaml |
| PhpMyAdmin <4.8.2 - Local File Inclusion (CVE-2018-12613) | cve/CVE-2018-12613.yaml |
| Netsweeper 4.0.8 - Directory Traversal (CVE-2014-9609) | cve/CVE-2014-9609.yaml |
| TikiWiki CMS Groupware v8.3 - Open Redirect (CVE-2012-5321) | cve/CVE-2012-5321.yaml |
| Node.js <8.6.0 - Directory Traversal (CVE-2017-14849) | cve/CVE-2017-14849.yaml |
| WordPress DZS-VideoGallery Plugin Cross-Site Scripting (CVE-2014-9094) | cve/CVE-2014-9094.yaml |
| WordPress VR Calendar <=2.3.2 - Remote Code Execution (CVE-2022-2314) | cve/CVE-2022-2314.yaml |
| WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting (CVE-2016-1000146) | cve/CVE-2016-1000146.yaml |
| Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection (CVE-2021-25298) | cve/CVE-2021-25298.yaml |
| Lighttpd 1.4.34 SQL Injection and Path Traversal (CVE-2014-2323) | cve/CVE-2014-2323.yaml |
| phpMyAdmin <4.8.5 - Local File Inclusion (CVE-2019-6799) | cve/CVE-2019-6799.yaml |
| TeamPass 2.1.27.36 - Improper Authentication (CVE-2020-12478) | cve/CVE-2020-12478.yaml |
| WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure (CVE-2022-2373) | cve/CVE-2022-2373.yaml |
| OpenDreambox 2.0.0 - Remote Code Execution (CVE-2017-14135) | cve/CVE-2017-14135.yaml |
| Citrix ADC/Gateway - Cross-Site Scripting (CVE-2020-8191) | cve/CVE-2020-8191.yaml |
| SolarView Compact 6.00 - OS Command Injection (CVE-2022-29303) | cve/CVE-2022-29303.yaml |
| Jeesns 1.4.2 - Cross-Site Scripting (CVE-2020-19295) | cve/CVE-2020-19295.yaml |
| HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting (CVE-2020-25864) | cve/CVE-2020-25864.yaml |
| SpeakOut Email Petitions < 2.14.15.1 - SQL Injection (CVE-2022-0846) | cve/CVE-2022-0846.yaml |
| Joomla! Plugin Core Design Scriptegrator - Local File Inclusion (CVE-2010-0759) | cve/CVE-2010-0759.yaml |
| Cuppa CMS v1.0 - Local File Inclusion (CVE-2022-25485) | cve/CVE-2022-25485.yaml |
| WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting (CVE-2022-0148) | cve/CVE-2022-0148.yaml |
| Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion (CVE-2010-1954) | cve/CVE-2010-1954.yaml |
| WordPress Fontsy <=1.8.6 - SQL Injection (CVE-2022-4447) | cve/CVE-2022-4447.yaml |
| TVT NVMS 1000 - Local File Inclusion (CVE-2019-20085) | cve/CVE-2019-20085.yaml |
| Joomla! Component webERPcustomer - Local File Inclusion (CVE-2010-1315) | cve/CVE-2010-1315.yaml |
| WordPress Download Manager <2.9.94 - Cross-Site Scripting (CVE-2019-15889) | cve/CVE-2019-15889.yaml |
| Joomla! Cmimarketplace 0.1 - Local File Inclusion (CVE-2009-1496) | cve/CVE-2009-1496.yaml |
| Zyxel Firewall - OS Command Injection (CVE-2022-30525) | cve/CVE-2022-30525.yaml |
| Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion (CVE-2018-9205) | cve/CVE-2018-9205.yaml |
| WordPress Mail Masta 1.0 - Local File Inclusion (CVE-2016-10956) | cve/CVE-2016-10956.yaml |
| WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload (CVE-2021-24284) | cve/CVE-2021-24284.yaml |
| UC Gateway Investment SiteEngine v5.0 - Open Redirect (CVE-2008-7269) | cve/CVE-2008-7269.yaml |
| Apache mod_userdir CRLF injection (CVE-2016-4975) | cve/CVE-2016-4975.yaml |
| Timesheet Next Gen <=1.5.3 - Cross-Site Scripting (CVE-2019-1010287) | cve/CVE-2019-1010287.yaml |
| Embedthis GoAhead <3.6.5 - Remote Code Execution (CVE-2017-17562) | cve/CVE-2017-17562.yaml |
| Confluence - Remote Code Execution (CVE-2022-26134) | cve/CVE-2022-26134.yaml |
| L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting (CVE-2019-15501) | cve/CVE-2019-15501.yaml |
| Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion | cve/CVE-2010-2918.yaml |
| Joomla! Component Property - Local File Inclusion (CVE-2010-1875) | cve/CVE-2010-1875.yaml |
| Hongdian H8922 3.0.5 - Information Disclosure (CVE-2021-28150) | cve/CVE-2021-28150.yaml |
| Car Rental Management System 1.0 - SQL Injection (CVE-2022-32028) | cve/CVE-2022-32026.yaml |
| ehicle Service Management System 1.0 - Cross-Site Scripting (CVE-2021-46071) | cve/CVE-2021-46071.yaml |
| Javafaces LFI (CVE-2013-3827) | cve/CVE-2013-3827.yaml |
| Atmail 6.5.0 - Cross-Site Scripting (CVE-2022-30776) | cve/CVE-2022-30776.yaml |
| WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting (CVE-2018-18069) | cve/CVE-2018-18069.yaml |
| WordPress BackupBuddy <8.8.3 - Cross Site Scripting (CVE-2022-4897) | cve/CVE-2022-4897.yaml |
| Pascom CPS Server-Side Request Forgery (CVE-2021-45967) | cve/CVE-2021-45967.yaml |
| FlatnuX CMS - Directory Traversal (CVE-2012-4878) | cve/CVE-2012-4878.yaml |
| Sidekiq <=6.2.0 - Cross-Site Scripting (CVE-2021-30151) | cve/CVE-2021-30151.yaml |
| TCExam <= 14.8.1 - Sensitive Information Exposure (CVE-2021-20114) | cve/CVE-2021-20114.yaml |
| PowerJob <=4.3.2 - Unauthenticated Access (CVE-2023-29923) | cve/CVE-2023-29923.yaml |
| WordPress WPSmartContracts <1.3.12 - SQL Injection (CVE-2022-3768) | cve/CVE-2022-3768.yaml |
| Dompdf < v0.6.0 - Local File Inclusion (CVE-2014-2383) | cve/CVE-2014-2383.yaml |
| Cisco CUCM UCCX and Unified IP-IVR- Directory Traversal (CVE-2011-3315) | cve/CVE-2011-3315.yaml |
| MStore API <= 3.9.2 - Authentication Bypass (CVE-2023-2732) | cve/CVE-2023-2732.yaml |
| Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion (CVE-2022-29014) | cve/CVE-2022-29014.yaml |
| Atom CMS v2.0 - SQL Injection (CVE-2022-28032) | cve/CVE-2022-28032.yaml |
| Joomla! Component SmartSite 1.0.0 - Local File Inclusion (CVE-2010-1657) | cve/CVE-2010-1657.yaml |
| Knowage Suite 7.3 - Cross-Site Scripting (CVE-2021-30213) | cve/CVE-2021-30213.yaml |
| Car Rental Management System 1.0 - SQL Injection (CVE-2022-32025) | cve/CVE-2022-32025.yaml |
| Hongdian H8922 3.0.5 - Remote Command Injection (CVE-2021-28151) | cve/CVE-2021-28151.yaml |
| Tyto Sahi pro 7.x/8.x - Local File Inclusion (CVE-2018-20470) | cve/CVE-2018-20470.yaml |
| WordPress New Year Firework <=1.1.9 - Cross-Site Scripting (CVE-2016-1000140) | cve/CVE-2016-1000140.yaml |
| Mara CMS 7.5 - Cross-Site Scripting (CVE-2020-24223) | cve/CVE-2020-24223.yaml |
| Z-Blog <=1.5.2 - Open Redirect (CVE-2020-18268) | cve/CVE-2020-18268.yaml |
| VMware - Local File Inclusion (CVE-2022-31656) | cve/CVE-2022-31656.yaml |
| Oracle WebLogic Server - Remote Command Execution (CVE-2017-10271) | cve/CVE-2017-10271.yaml |
| Custom 404 Pro < 3.7.3 - Cross-Site Scripting (CVE-2023-2023) | cve/CVE-2023-2023.yaml |
| HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting (CVE-2022-26564) | cve/CVE-2022-26564.yaml |
| Agentejo Cockpit <0.12.0 - NoSQL Injection (CVE-2020-35848) | cve/CVE-2020-35848.yaml |
| Seagate NAS OS 4.3.15.1 - Open Redirect (CVE-2018-12300) | cve/CVE-2018-12300.yaml |
| Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting (CVE-2019-12581) | cve/CVE-2019-12581.yaml |
| Joomla! Component com_blog - Directory Traversal (CVE-2010-1540) | cve/CVE-2010-1540.yaml |
| Allied Telesis AT-GS950/8 - Local File Inclusion (CVE-2019-18922) | cve/CVE-2019-18922.yaml |
| Purchase Order Management v1.0 - SQL Injection (CVE-2022-28022) | cve/CVE-2022-28022.yaml |
| Microweber <1.2.11 - Cross-Site Scripting (CVE-2022-0678) | cve/CVE-2022-0678.yaml |
| Nortek Linear eMerge E3-Series - Cross-Site Scripting (CVE-2022-31798) | cve/CVE-2022-31798.yaml |
| 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting (CVE-2012-4273) | cve/CVE-2012-4273.yaml |
| Dreambox WebControl 2.0.0 - Cross-Site Scripting (CVE-2017-15287) | cve/CVE-2017-15287.yaml |
| Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery (CVE-2019-18394) | cve/CVE-2019-18394.yaml |
| WordPress wpCentral <1.5.1 - Information Disclosure (CVE-2020-9043) | cve/CVE-2020-9043.yaml |
| Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution (CVE-2022-21587) | cve/CVE-2022-21587.yaml |
| Advanced Custom Fields < 6.1.6 - Cross-Site Scripting (CVE-2023-30777) | cve/CVE-2023-30777.yaml |
| UniFi Network Application - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/unifi-network-log4j-rce.yaml |
| Rukovoditel <= 2.7.2 - Cross Site Scripting (CVE-2020-35984) | cve/CVE-2020-35984.yaml |
| Dahua IPC/VTH/VTO - Authentication Bypass (CVE-2021-33044) | cve/CVE-2021-33044.yaml |
| Citrix SD-WAN Center - Remote Command Injection (CVE-2019-12987) | cve/CVE-2019-12987.yaml |
| WordPress wpDiscuz <=7.0.4 - Remote Code Execution (CVE-2020-24186) | cve/CVE-2020-24186.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44947) | cve/CVE-2022-44947.yaml |
| VICIdial Sensitive Information Disclosure (CVE-2021-28854) | cve/CVE-2021-28854.yaml |
| Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection (CVE-2019-2579) | cve/CVE-2019-2579.yaml |
| Gogs <0.12.5 - Server-Side Request Forgery (CVE-2022-0870) | cve/CVE-2022-0870.yaml |
| Ruby on Rails <5.0.1 - Remote Code Execution (CVE-2020-8163) | cve/CVE-2020-8163.yaml |
| Wavlink WN535K2/WN535K3 - OS Command Injection (CVE-2022-2486) | cve/CVE-2022-2486.yaml |
| Joomla! Component SMEStorage - Local File Inclusion (CVE-2010-1858) | cve/CVE-2010-1858.yaml |
| WordPress DB Backup <=4.5 - Local File Inclusion (CVE-2014-9119) | cve/CVE-2014-9119.yaml |
| WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload | cve/CVE-2021-24347.yaml |
| Cyber Cafe Management System 1.0 - SQL Injection (CVE-2022-29009) | cve/CVE-2022-29009.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19892) | cve/CVE-2018-19892.yaml |
| Accela Civic Platform <=21.1 - Cross-Site Scripting (CVE-2021-33904) | cve/CVE-2021-33904.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31980) | cve/CVE-2022-31980.yaml |
| Buffalo WSR-2533DHPL2 - Path Traversal (CVE-2021-20090) | cve/CVE-2021-20090.yaml |
| MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion (CVE-2021-23241) | cve/CVE-2021-23241.yaml |
| Joomla! Component Online Exam 1.5.0 - Local File Inclusion (CVE-2010-1715) | cve/CVE-2010-1715.yaml |
| ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting (CVE-2012-4889) | cve/CVE-2012-4889.yaml |
| Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure (CVE-2020-26413) | cve/CVE-2020-26413.yaml |
| GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability. (CVE-2021-43778) | cve/CVE-2021-43778.yaml |
| openSIS Student Information System 8.0 SQL Injection (CVE-2021-41691) | cve/CVE-2021-41691.yaml |
| D-Link Routers - Remote Code Execution (CVE-2019-16920) | cve/CVE-2019-16920.yaml |
| WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload (CVE-2022-4328) | cve/CVE-2022-4328.yaml |
| Grafana <= 6.7.1 - Cross-Site Scripting (CVE-2020-11110) | cve/CVE-2020-11110.yaml |
| Powertek Firmware <3.30.30 - Authorization Bypass (CVE-2022-33174) | cve/CVE-2022-33174.yaml |
| Centos Web Panel 0.9.8.480 - Local File Inclusion (CVE-2018-18323) | cve/CVE-2018-18323.yaml |
| DomPHP 0.83 - Directory Traversal (CVE-2014-10037) | cve/CVE-2014-10037.yaml |
| LinuxKI Toolset <= 6.01 - Remote Command Execution (CVE-2020-7209) | cve/CVE-2020-7209.yaml |
| HPE System Management - Cross-Site Scripting (CVE-2017-12544) | cve/CVE-2017-12544.yaml |
| CLink Office 2.0 - Cross-Site Scripting (CVE-2020-6171) | cve/CVE-2020-6171.yaml |
| Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure (CVE-2021-37305) | cve/CVE-2021-37305.yaml |
| PowerJob V4.3.1 - Authentication Bypass (CVE-2023-29922) | cve/CVE-2023-29922.yaml |
| Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting | cve/CVE-2018-19439.yaml |
| Purchase Order Management v1.0 - Cross Site Scripting (Reflected) (CVE-2023-29623) | cve/CVE-2023-29623.yaml |
| WordPress White Label CMS <2.2.9 - Cross-Site Scripting (CVE-2022-0422) | cve/CVE-2022-0422.yaml |
| WordPress wpForo Forum < 1.9.7 - Open Redirect (CVE-2021-24406) | cve/CVE-2021-24406.yaml |
| NeDi 1.9C - Cross-Site Scripting (CVE-2020-14413) | cve/CVE-2020-14413.yaml |
| Aptana Jaxer 1.0.3.4547 - Local File inclusion (CVE-2019-14312) | cve/CVE-2019-14312.yaml |
| Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection (CVE-2008-1547) | cve/CVE-2008-1547.yaml |
| Microweber Cross-Site Scripting (CVE-2022-0378) | cve/CVE-2022-0378.yaml |
| Atlassian Jira Confluence - Cross-Site Scripting (CVE-2018-5230) | cve/CVE-2018-5230.yaml |
| WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection (CVE-2021-24862) | cve/CVE-2021-24862.yaml |
| Apache Solr DataImportHandler <8.2.0 - Remote Code Execution (CVE-2019-0193) | cve/CVE-2019-0193.yaml |
| OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect (CVE-2017-14524) | cve/CVE-2017-14524.yaml |
| WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval | cve/CVE-2019-19985.yaml |
| WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting (CVE-2019-20141) | cve/CVE-2019-20141.yaml |
| Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection (CVE-2022-31499) | cve/CVE-2022-31499.yaml |
| Gitea 1.1.0 - 1.12.5 - Remote Code Execution (CVE-2020-14144) | cve/CVE-2020-14144.yaml |
| Atlassian Jira Seraph - Authentication Bypass (CVE-2022-0540) | cve/CVE-2022-0540.yaml |
| Metabase Local File Inclusion (CVE-2021-41277) | cve/CVE-2021-41277.yaml |
| Joomla! Component Advertising 0.25 - Local File Inclusion (CVE-2010-1473) | cve/CVE-2010-1473.yaml |
| Joomla! Component JProject Manager 1.0 - Local File Inclusion (CVE-2010-1469) | cve/CVE-2010-1469.yaml |
| Joomla! Component Address Book 1.5.0 - Local File Inclusion (CVE-2010-1471) | cve/CVE-2010-1471.yaml |
| Vehicle Service Management System 1.0 - Stored Cross Site Scripting (CVE-2021-46072) | cve/CVE-2021-46072.yaml |
| Monstra CMS 3.0.4 - Cross-Site Scripting (CVE-2018-11473) | cve/CVE-2018-11473.yaml |
| DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution (CVE-2017-9822) | cve/CVE-2017-9822.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19136) | cve/CVE-2018-19136.yaml |
| Elasticsearch 7.10.0-7.13.3 - Information Disclosure (CVE-2021-22145) | cve/CVE-2021-22145.yaml |
| Roxy Fileman 1.4.5 - Unrestricted File Upload (CVE-2018-20526) | cve/CVE-2018-20526.yaml |
| Zabbix <=4.4 - Authentication Bypass (CVE-2019-17382) | cve/CVE-2019-17382.yaml |
| Oracle E-Business Suite - Blind SSRF (CVE-2018-3167) | cve/CVE-2018-3167.yaml |
| Intelbras WIN 300/WRN 342 - Credentials Disclosure (CVE-2021-3017) | cve/CVE-2021-3017.yaml |
| Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution | cve/CVE-2022-28219.yaml |
| Airflow Experimental <1.10.11 - REST API Auth Bypass (CVE-2020-13927) | cve/CVE-2020-13927.yaml |
| WordPress Pie Register <3.8.2.3 - Open Redirect (CVE-2023-0552) | cve/CVE-2023-0552.yaml |
| Ametys CMS Information Disclosure (CVE-2022-26159) | cve/CVE-2022-26159.yaml |
| WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting (CVE-2022-0189) | cve/CVE-2022-0189.yaml |
| SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command Execution (CVE-2022-34753) | cve/CVE-2022-34753.yaml |
| Drupal - Remote Code Execution (CVE-2019-6340) | cve/CVE-2019-6340.yaml |
| WordPress GiveWP <2.17.3 - Cross-Site Scripting (CVE-2021-25099) | cve/CVE-2021-25099.yaml |
| Lansweeper Unauthenticated SQL Injection (CVE-2019-13462) | cve/CVE-2019-13462.yaml |
| WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting (CVE-2023-0942) | cve/CVE-2023-0942.yaml |
| Wordpress Profile Builder Plugin Cross-Site Scripting (CVE-2022-0653) | cve/CVE-2022-0653.yaml |
| Deprecated SSHv1 Protocol Detection (CVE-2001-1473) | cve/CVE-2001-1473.yaml |
| WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting (CVE-2021-24435) | cve/CVE-2021-24435.yaml |
| ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting (CVE-2022-24681) | cve/CVE-2022-24681.yaml |
| Socomec DIRIS A-40 Devices Password Disclosure (CVE-2019-15859) | cve/CVE-2019-15859.yaml |
| WordPress ProfileGrid <5.1.1 - Cross-Site Scripting (CVE-2022-3578) | cve/CVE-2022-3578.yaml |
| Rubedo CMS <=3.4.0 - Directory Traversal (CVE-2018-16836) | cve/CVE-2018-16836.yaml |
| Gogs (Go Git Service) - SQL Injection (CVE-2014-8682) | cve/CVE-2014-8682.yaml |
| Apache Log4j2 Remote Code Injection (CVE-2021-44228) | cve/CVE-2021-44228.yaml |
| ProFTPd - Remote Code Execution (CVE-2015-3306) | cve/CVE-2015-3306.yaml |
| Joomla! Component Fabrik 2.0 - Local File Inclusion (CVE-2010-1981) | cve/CVE-2010-1981.yaml |
| WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting (CVE-2022-1904) | cve/CVE-2022-1904.yaml |
| ClinicCases 7.3.3 Cross-Site Scripting (CVE-2021-38704) | cve/CVE-2021-38704.yaml |
| Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection (CVE-2021-21881) | cve/CVE-2021-21881.yaml |
| Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion (CVE-2010-1980) | cve/CVE-2010-1980.yaml |
| PilusCart <=1.4.1 - Local File Inclusion (CVE-2019-16123) | cve/CVE-2019-16123.yaml |
| ReadToMyShoe - Generation of Error Message Containing Sensitive Information | cve/CVE-2023-27587.yaml |
| OEcms 3.1 - Cross-Site Scripting (CVE-2018-12095) | cve/CVE-2018-12095.yaml |
| Jeedom <=4.0.38 - Cross-Site Scripting (CVE-2020-9036) | cve/CVE-2020-9036.yaml |
| WBCE CMS v1.5.4 - Cross Site Scripting (Stored) (CVE-2022-45037) | cve/CVE-2022-45037.yaml |
| Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion (CVE-2010-2128) | cve/CVE-2010-2128.yaml |
| Microweber Information Disclosure (CVE-2022-0281) | cve/CVE-2022-0281.yaml |
| Mura CMS <10.0.580 - Authentication Bypass (CVE-2022-47003) | cve/CVE-2022-47003.yaml |
| WordPress E2Pdf <1.16.45 - Cross-Site Scripting (CVE-2022-0535) | cve/CVE-2022-0535.yaml |
| Laravel <5.5.21 - Information Disclosure (CVE-2017-16894) | cve/CVE-2017-16894.yaml |
| Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (CVE-2010-2682) | cve/CVE-2010-2682.yaml |
| Monstra CMS 3.0.4 - HTTP Header Injection (CVE-2018-16979) | cve/CVE-2018-16979.yaml |
| ExponentCMS <= 2.6 - Host Header Injection (CVE-2021-38751) | cve/CVE-2021-38751.yaml |
| Joomla! Component MMS Blog 2.3.0 - Local File Inclusion (CVE-2010-1491) | cve/CVE-2010-1491.yaml |
| Apache Struts2 S2-057 - Remote Code Execution (CVE-2018-11776) | cve/CVE-2018-11776.yaml |
| Cute Editor for ASP.NET 6.4 - Cross-Site Scripting (CVE-2020-24903) | cve/CVE-2020-24903.yaml |
| SourceBans <2.0 - Cross-Site Scripting (CVE-2015-8349) | cve/CVE-2015-8349.yaml |
| WordPress BulletProof Security 5.1 Information Disclosure (CVE-2021-39327) | cve/CVE-2021-39327.yaml |
| MinIO Cluster Deployment - Information Disclosure (CVE-2023-28432) | cve/CVE-2023-28432.yaml |
| Car Rental Management System 1.0 - SQL Injection (CVE-2022-32022) | cve/CVE-2022-32022.yaml |
| Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting (CVE-2016-10973) | cve/CVE-2016-10973.yaml |
| WordPress Gift Voucher <4.1.8 - Blind SQL Injection (CVE-2018-16159) | cve/CVE-2018-16159.yaml |
| MicroStrategy Web 10.4 - Information Disclosure (CVE-2020-11450) | cve/CVE-2020-11450.yaml |
| D-Link DIR-610 Devices - Information Disclosure (CVE-2020-9376) | cve/CVE-2020-9376.yaml |
| HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass (CVE-2017-12542) | cve/CVE-2017-12542.yaml |
| PMB 7.3.10 - Cross-Site Scripting (CVE-2022-34328) | cve/CVE-2022-34328.yaml |
| Zoho ManageEngine Desktop Central - Remote Code Execution (CVE-2021-44515) | cve/CVE-2021-44515.yaml |
| DokuWiki - Cross-Site Scripting (CVE-2017-12583) | cve/CVE-2017-12583.yaml |
| Zoho manageengine - Cross-Site Scripting (CVE-2018-12998) | cve/CVE-2018-12998.yaml |
| Kentico CMS 8.2 - Open Redirect (CVE-2015-7823) | cve/CVE-2015-7823.yaml |
| WordPress Pie Register <3.7.0.1 - Cross-Site Scripting (CVE-2021-24239) | cve/CVE-2021-24239.yaml |
| Sophos UTM Preauth - Remote Code Execution (CVE-2020-25223) | cve/CVE-2020-25223.yaml |
| WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution (CVE-2021-25003) | cve/CVE-2021-25003.yaml |
| WordPress Customize Login Image <3.5.3 - Cross-Site Scripting (CVE-2021-33851) | cve/CVE-2021-33851.yaml |
| WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting (CVE-2016-1000132) | cve/CVE-2016-1000132.yaml |
| Metabase - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/metabase-log4j.yaml |
| McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting (CVE-2017-4011) | cve/CVE-2017-4011.yaml |
| Easy!Appointments <1.4.3 - Broken Access Control (CVE-2022-0482) | cve/CVE-2022-0482.yaml |
| WordPress UserPro 4.9.32 - Cross-Site Scripting (CVE-2019-14470) | cve/CVE-2019-14470.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44952) | cve/CVE-2022-44952.yaml |
| Graylog (Log4j) - Remote Code Execution (CVE-2021-44228) | cve/graylog-log4j.yaml |
| Eclipse Jetty - Information Disclosure (CVE-2021-28164) | cve/CVE-2021-28164.yaml |
| Apache OFBiz <17.12.07 - Arbitrary Code Execution (CVE-2021-30128) | cve/CVE-2021-30128.yaml |
| WordPress e-search <=1.0 - Cross-Site Scripting (CVE-2016-1000130) | cve/CVE-2016-1000130.yaml |
| WordPress KiviCare <2.3.9 - SQL Injection (CVE-2022-0786) | cve/CVE-2022-0786.yaml |
| SonicWall SonicOS 7.0 - Open Redirect (CVE-2021-20031) | cve/CVE-2021-20031.yaml |
| WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting (CVE-2021-24316) | cve/CVE-2021-24316.yaml |
| Yii 2 < 2.0.38 - Remote Code Execution (CVE-2020-15148) | cve/CVE-2020-15148.yaml |
| Parallels H-Sphere 3.6.1713 - Cross-Site Scripting (CVE-2022-30777) | cve/CVE-2022-30777.yaml |
| Thinfinity Iframe Injection (CVE-2021-45092) | cve/CVE-2021-45092.yaml |
| vBulletin 5.5.4 - 5.6.2- Remote Command Execution (CVE-2020-17496) | cve/CVE-2020-17496.yaml |
| Citrix SD-WAN Center - Local File Inclusion (CVE-2019-12990) | cve/CVE-2019-12990.yaml |
| Squidex <7.4.0 - Cross-Site Scripting (CVE-2023-24278) | cve/CVE-2023-24278.yaml |
| Terraboard <2.2.0 - SQL Injection (CVE-2022-1883) | cve/CVE-2022-1883.yaml |
| Yachtcontrol Webapplication 1.0 - Remote Command Injection (CVE-2019-17270) | cve/CVE-2019-17270.yaml |
| FiberHome Routers - Local File Inclusion (CVE-2017-15647) | cve/CVE-2017-15647.yaml |
| Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site | cve/CVE-2021-42663.yaml |
| Rudloff alltube prior to 3.0.1 - Open Redirect (CVE-2022-0692) | cve/CVE-2022-0692.yaml |
| Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File | cve/CVE-2021-46417.yaml |
| SEO Panel 4.8.0 - Blind SQL Injection (CVE-2021-28419) | cve/CVE-2021-28419.yaml |
| ChurchCRM 4.5.3 - Cross-Site Scripting (CVE-2023-26843) | cve/CVE-2023-26843.yaml |
| Vehicle Service Management System - Stored Cross-Site Scripting (CVE-2021-46068) | cve/CVE-2021-46068.yaml |
| KR-Web <=1.1b2 - Remote File Inclusion (CVE-2009-4223) | cve/CVE-2009-4223.yaml |
| Purchase Order Management v1.0 - SQL Injection (CVE-2022-28023) | cve/CVE-2022-28023.yaml |
| WordPress FlatPM <3.0.13 - Cross-Site Scripting (CVE-2022-3934) | cve/CVE-2022-3934.yaml |
| Faculty Evaluation System v1.0 - SQL Injection (CVE-2023-33439) | cve/CVE-2023-33439.yaml |
| XStream 1.4.18 - Remote Code Execution (CVE-2021-39144) | cve/CVE-2021-39144.yaml |
| WAVLINK WN533A8 - Improper Access Control (CVE-2022-34046) | cve/CVE-2022-34046.yaml |
| KONGA 0.14.9 - Privilege Escalation (CVE-2021-42192) | cve/CVE-2021-42192.yaml |
| Hospital Management System 1.0 - SQL Injection (CVE-2022-34590) | cve/CVE-2022-34590.yaml |
| Advanced Text Widget < 2.0.2 - Cross-Site Scripting (CVE-2011-4618) | cve/CVE-2011-4618.yaml |
| CandidATS 3.0.0 - Cross-Site Scripting. (CVE-2022-42746) | cve/CVE-2022-42746.yaml |
| Ruckus Wireless Admin - Remote Code Execution (CVE-2023-25717) | cve/CVE-2023-25717.yaml |
| WordPress Simple Job Board <2.9.4 - Local File Inclusion (CVE-2020-35749) | cve/CVE-2020-35749.yaml |
| WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting (CVE-2016-1000139) | cve/CVE-2016-1000139.yaml |
| WordPress Videos sync PDF <=1.7.4 - Local File Inclusion (CVE-2022-1392) | cve/CVE-2022-1392.yaml |
| CandidATS 3.0.0 - Cross-Site Scripting (CVE-2022-42749) | cve/CVE-2022-42749.yaml |
| Debug Endpoint pprof - Exposure Detection (CVE-2019-11248) | cve/CVE-2019-11248.yaml |
| UnRaid <=6.80 - Remote Code Execution (CVE-2020-5847) | cve/CVE-2020-5847.yaml |
| Fortinet FortiOS <=5.2.3 - Cross-Site Scripting (CVE-2015-1880) | cve/CVE-2015-1880.yaml |
| School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting | cve/CVE-2022-30514.yaml |
| WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting (CVE-2017-17043) | cve/CVE-2017-17043.yaml |
| Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting (CVE-2021-41349) | cve/CVE-2021-41349.yaml |
| WAVLINK WN535 G3 - Improper Access Control (CVE-2022-34576) | cve/CVE-2022-34576.yaml |
| Complete Online Job Search System 1.0 - SQL Injection (CVE-2022-32015) | cve/CVE-2022-32015.yaml |
| WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting (CVE-2012-4242) | cve/CVE-2012-4242.yaml |
| UpdraftPlus < 1.22.9 - Cross-Site Scripting (CVE-2022-0864) | cve/CVE-2022-0864.yaml |
| PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection (CVE-2020-5307) | cve/CVE-2020-5307.yaml |
| WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting (CVE-2021-24276) | cve/CVE-2021-24276.yaml |
| Joomla! Roland Breedveld Album 1.14 - Local File Inclusion (CVE-2009-3318) | cve/CVE-2009-3318.yaml |
| Webkul QloApps 1.6.0 - Cross-site Scripting (CVE-2023-36287) | cve/CVE-2023-36287.yaml |
| Babel - Open Redirect (CVE-2019-1010290) | cve/CVE-2019-1010290.yaml |
| qdPM 9.1 - Cross-site Scripting (CVE-2019-8390) | cve/CVE-2019-8390.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31879) | cve/CVE-2022-31879.yaml |
| NETGEAR Routers - Authentication Bypass (CVE-2017-5521) | cve/CVE-2017-5521.yaml |
| LOYTEC LGATE-902 6.3.2 - Local File Inclusion (CVE-2018-14918) | cve/CVE-2018-14918.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31982) | cve/CVE-2022-31982.yaml |
| Joomla! Component Matamko 1.01 - Local File Inclusion (CVE-2010-1495) | cve/CVE-2010-1495.yaml |
| Jira Netic Group Export <1.0.3 - Missing Authorization (CVE-2022-39960) | cve/CVE-2022-39960.yaml |
| DotCMS - Arbitrary File Upload (CVE-2022-26352) | cve/CVE-2022-26352.yaml |
| Kodi 17.1 - Local File Inclusion (CVE-2017-5982) | cve/CVE-2017-5982.yaml |
| Oracle WebLogic Server Deserialization - Remote Code Execution (CVE-2018-2628) | cve/CVE-2018-2628.yaml |
| Gogs <0.12.6 - Remote Command Execution (CVE-2022-0415) | cve/CVE-2022-0415.yaml |
| Joomla! Component iF surfALERT 1.2 - Local File Inclusion (CVE-2010-1717) | cve/CVE-2010-1717.yaml |
| Fortinet FortiMail 7.0.1 - Cross-Site Scripting (CVE-2021-43062) | cve/CVE-2021-43062.yaml |
| WordPress Ad Inserter <2.7.10 - Cross-Site Scripting (CVE-2022-0288) | cve/CVE-2022-0288.yaml |
| WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting (CVE-2022-2546) | cve/CVE-2022-2546.yaml |
| eShop 3.0.4 - Cross-Site Scripting (CVE-2022-35493) | cve/CVE-2022-35493.yaml |
| CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution (CVE-2022-44877) | cve/CVE-2022-44877.yaml |
| Codoforum 5.1 - Arbitrary File Upload (CVE-2022-31854) | cve/CVE-2022-31854.yaml |
| Rukovoditel <= 2.7.2 - Cross Site Scripting (CVE-2020-35985) | cve/CVE-2020-35985.yaml |
| WordPress WP JobSearch <1.5.1 - Cross-Site Scripting (CVE-2022-1168) | cve/CVE-2022-1168.yaml |
| Kirona Dynamic Resource Scheduler - Information Disclosure (CVE-2019-17503) | cve/CVE-2019-17503.yaml |
| IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution (CVE-2022-47986) | cve/CVE-2022-47986.yaml |
| WordPress Jannah Theme <5.4.4 - Cross-Site Scripting (CVE-2021-24364) | cve/CVE-2021-24364.yaml |
| WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect | cve/CVE-2021-25074.yaml |
| ManageEngine ADManager Plus - Command Injection (CVE-2023-29084) | cve/CVE-2023-29084.yaml |
| Joomla! Component ZiMBCore 0.1 - Local File Inclusion (CVE-2010-1603) | cve/CVE-2010-1603.yaml |
| WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting (CVE-2021-24510) | cve/CVE-2021-24510.yaml |
| WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting (CVE-2021-24436) | cve/CVE-2021-24436.yaml |
| WordPress Admin Font Editor <=1.8 - Cross-Site Scripting (CVE-2016-1000138) | cve/CVE-2016-1000138.yaml |
| Citrix XenMobile Server - Local File Inclusion (CVE-2020-8209) | cve/CVE-2020-8209.yaml |
| Apache Struts 2.0.0-2.5.25 - Remote Code Execution (CVE-2020-17530) | cve/CVE-2020-17530.yaml |
| Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login (CVE-2021-24647) | cve/CVE-2021-24647.yaml |
| NETGEAR WNAP320 Access Point Firmware - Remote Command Injection (CVE-2016-1555) | cve/CVE-2016-1555.yaml |
| WordPress Nirweb Support <2.8.2 - SQL Injection (CVE-2022-0781) | cve/CVE-2022-0781.yaml |
| Jellyfin <10.7.0 - Local File Inclusion (CVE-2021-21402) | cve/CVE-2021-21402.yaml |
| WordPress Realteo <=1.2.3 - Cross-Site Scripting (CVE-2021-24237) | cve/CVE-2021-24237.yaml |
| WordPress Perfect Survey<1.5.2 - SQL Injection (CVE-2021-24762) | cve/CVE-2021-24762.yaml |
| Agentejo Cockpit <0.11.2 - NoSQL Injection (CVE-2020-35847) | cve/CVE-2020-35847.yaml |
| Atlassian Confluence Download Attachments - Remote Code Execution (CVE-2019-3398) | cve/CVE-2019-3398.yaml |
| Rosario Student Information System Unauthenticated SQL Injection (CVE-2021-44427) | cve/CVE-2021-44427.yaml |
| Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution (CVE-2021-3129) | cve/CVE-2021-3129.yaml |
| Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery | cve/CVE-2020-24148.yaml |
| WordPress Spreadsheet - Cross-Site Scripting (CVE-2013-6281) | cve/CVE-2013-6281.yaml |
| Joomla! Component BeeHeard 1.0 - Local File Inclusion (CVE-2010-1952) | cve/CVE-2010-1952.yaml |
| WordPress IWS Geo Form Fields <=1.0 - SQL Injection (CVE-2022-4117) | cve/CVE-2022-4117.yaml |
| Joomla! Component com_bfsurvey - Local File Inclusion (CVE-2010-2259) | cve/CVE-2010-2259.yaml |
| HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting (CVE-2022-0218) | cve/CVE-2022-0218.yaml |
| ShellShock - Remote Code Execution (CVE-2014-6271) | cve/CVE-2014-6271.yaml |
| Webkul QloApps 1.5.2 - Cross-site Scripting (CVE-2023-30256) | cve/CVE-2023-30256.yaml |
| ThinkAdmin 6 - Local File Inclusion (CVE-2020-25540) | cve/CVE-2020-25540.yaml |
| WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting (CVE-2015-6920) | cve/CVE-2015-6920.yaml |
| Gibbon v25.0.0 - Local File Inclusion (CVE-2023-34598) | cve/CVE-2023-34598.yaml |
| Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion (CVE-2009-4202) | cve/CVE-2009-4202.yaml |
| Home Assistant Supervisor - Authentication Bypass (CVE-2023-27482) | cve/CVE-2023-27482.yaml |
| Revive Adserver 4.2 - Remote Code Execution (CVE-2019-5434) | cve/CVE-2019-5434.yaml |
| WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting (CVE-2021-24235) | cve/CVE-2021-24235.yaml |
| Oracle Business Intelligence/XML Publisher - XML External Entity Injection | cve/CVE-2019-2616.yaml |
| Joomla! ChronoForums 2.0.11 - Local File Inclusion (CVE-2021-28377) | cve/CVE-2021-28377.yaml |
| ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval (CVE-2017-11512) | cve/CVE-2017-11512.yaml |
| Joomla! Component Juke Box 1.7 - Local File Inclusion (CVE-2010-1352) | cve/CVE-2010-1352.yaml |
| WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting (CVE-2020-7107) | cve/CVE-2020-7107.yaml |
| Hikvision IP camera/NVR - Remote Command Execution (CVE-2021-36260) | cve/CVE-2021-36260.yaml |
| Harbor <=1.82.0 - Privilege Escalation (CVE-2019-16097) | cve/CVE-2019-16097.yaml |
| Linear eMerge E3 - Cross-Site Scripting (CVE-2019-7255) | cve/CVE-2019-7255.yaml |
| Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion (CVE-2010-1532) | cve/CVE-2010-1532.yaml |
| PHPUnit - Remote Code Execution (CVE-2017-9841) | cve/CVE-2017-9841.yaml |
| Rundeck - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/rundeck-log4j.yaml |
| DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery (CVE-2017-0929) | cve/CVE-2017-0929.yaml |
| Node RED Dashboard <2.26.2 - Local File Inclusion (CVE-2021-3223) | cve/CVE-2021-3223.yaml |
| WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload (CVE-2021-24155) | cve/CVE-2021-24155.yaml |
| Jboss Application Server - Remote Code Execution (CVE-2017-12149) | cve/CVE-2017-12149.yaml |
| Geoserver - Server-Side Request Forgery (CVE-2021-40822) | cve/CVE-2021-40822.yaml |
| Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities | cve/CVE-2012-1226.yaml |
| Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting (CVE-2020-2036) | cve/CVE-2020-2036.yaml |
| Wavlink WN-535G3 - Cross-Site Scripting (CVE-2022-30489) | cve/CVE-2022-30489.yaml |
| PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection (CVE-2021-36748) | cve/CVE-2021-36748.yaml |
| Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect (CVE-2017-3528) | cve/CVE-2017-3528.yaml |
| Horde Groupware Unauthenticated Admin Access (CVE-2005-3344) | cve/CVE-2005-3344.yaml |
| Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor (CVE-2021-40859) | cve/CVE-2021-40859.yaml |
| Symmetricom SyncServer Unauthenticated - Remote Command Execution (CVE-2022-40022) | cve/CVE-2022-40022.yaml |
| D-Link DVG-N5402SP - Local File Inclusion (CVE-2015-7245) | cve/CVE-2015-7245.yaml |
| Oracle Weblogic - SSRF in SearchPublicRegistries.jsp (CVE-2014-4210) | cve/CVE-2014-4210.yaml |
| WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting (CVE-2017-17059) | cve/CVE-2017-17059.yaml |
| Akkadian Provisioning Manager - Information Disclosure (CVE-2021-31581) | cve/CVE-2021-31581.yaml |
| Umbraco <7.4.0- Server-Side Request Forgery (CVE-2015-8813) | cve/CVE-2015-8813.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44949) | cve/CVE-2022-44949.yaml |
| Cuppa CMS v1.0 - SQL injection (CVE-2022-24265) | cve/CVE-2022-24265.yaml |
| Zabbix - SQL Injection (CVE-2016-10134) | cve/CVE-2016-10134.yaml |
| WordPress WHIZZ <=1.0.7 - Cross-Site Scripting (CVE-2016-1000154) | cve/CVE-2016-1000154.yaml |
| Simple Online Planning Tool <1.3.2 - Local File Inclusion (CVE-2014-8676) | cve/CVE-2014-8676.yaml |
| Nova noVNC - Open Redirect (CVE-2021-3654) | cve/CVE-2021-3654.yaml |
| SolarWinds Serv-U 15.3 - Directory Traversal (CVE-2021-35250) | cve/CVE-2021-35250.yaml |
| LumisXP <10.0.0 - Blind XML External Entity Attack (CVE-2021-27931) | cve/CVE-2021-27931.yaml |
| NetBiblio WebOPAC - Cross-Site Scripting (CVE-2021-42551) | cve/CVE-2021-42551.yaml |
| Reflected XSS - Telerik Reporting Module (CVE-2017-9140) | cve/CVE-2017-9140.yaml |
| MaxSite CMS Cross-Site Scripting (CVE-2021-35265) | cve/CVE-2021-35265.yaml |
| D-Link DNS-320 - Unauthenticated Remote Code Execution (CVE-2020-25506) | cve/CVE-2020-25506.yaml |
| Cisco CloudCenter Suite (Log4j) - Remote Code Execution (CVE-2021-44228) | cve/cisco-cloudcenter-suite-log4j-rce.yaml |
| Revive Adserver <5.1.0 - Open Redirect (CVE-2021-22873) | cve/CVE-2021-22873.yaml |
| Netmask NPM Package - Server-Side Request Forgery (CVE-2021-28918) | cve/CVE-2021-28918.yaml |
| Vehicle Service Management System 1.0 - Stored Cross Site Scripting (CVE-2021-46069) | cve/CVE-2021-46069.yaml |
| Temenos T24 R20 - Cross-Site Scripting (CVE-2023-24367) | cve/CVE-2023-24367.yaml |
| Joomla! Component AWDwall 1.5.4 - Local File Inclusion (CVE-2010-1494) | cve/CVE-2010-1494.yaml |
| OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43015) | cve/CVE-2022-43015.yaml |
| Jeecg P3 Biz Chat - Local File Inclusion (CVE-2023-33510) | cve/CVE-2023-33510.yaml |
| NexusDB <4.50.23 - Local File Inclusion (CVE-2020-24571) | cve/CVE-2020-24571.yaml |
| WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read (CVE-2021-24947) | cve/CVE-2021-24947.yaml |
| IceWarp WebMail 11.4.5.0 - Cross-Site Scripting (CVE-2020-27982) | cve/CVE-2020-27982.yaml |
| Sitecore Experience Platform Pre-Auth RCE (CVE-2021-42237) | cve/CVE-2021-42237.yaml |
| Joomla! Component com_abbrev - Local File Inclusion (CVE-2010-0985) | cve/CVE-2010-0985.yaml |
| Erxes <0.23.0 - Cross-Site Scripting (CVE-2021-32853) | cve/CVE-2021-32853.yaml |
| Alfresco Share - Open Redirect (CVE-2019-14223) | cve/CVE-2019-14223.yaml |
| PHP Proxy 3.0.3 - Local File Inclusion (CVE-2018-19458) | cve/CVE-2018-19458.yaml |
| Sophos Firewall <=18.5 MR3 - Remote Code Execution (CVE-2022-1040) | cve/CVE-2022-1040.yaml |
| GitLab CE/EE - Information Disclosure (CVE-2022-0735) | cve/CVE-2022-0735.yaml |
| Totaljs <3.2.3 - Local File Inclusion (CVE-2019-8903) | cve/CVE-2019-8903.yaml |
| Advantech R-SeeNet - Cross-Site Scripting (CVE-2021-21802) | cve/CVE-2021-21802.yaml |
| DedeCMS 5.7 - Path Disclosure (CVE-2018-6910) | cve/CVE-2018-6910.yaml |
| Apache Struts2 S2-052 - Remote Code Execution (CVE-2017-9805) | cve/CVE-2017-9805.yaml |
| Pre-Auth Takeover of Build Pipelines in GoCD (CVE-2021-43287) | cve/CVE-2021-43287.yaml |
| Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion (CVE-2018-16133) | cve/CVE-2018-16133.yaml |
| Opencart Divido - Sql Injection (CVE-2018-11231) | cve/CVE-2018-11231.yaml |
| Microsoft FrontPage Extensions Check (shtml.dll) (CVE-2000-0114) | cve/CVE-2000-0114.yaml |
| Caddy 2.4.6 - Open Redirect (CVE-2022-28923) | cve/CVE-2022-28923.yaml |
| Schools Alert Management Script - Arbitrary File Read (CVE-2018-12054) | cve/CVE-2018-12054.yaml |
| VelotiSmart Wifi - Directory Traversal (CVE-2018-14064) | cve/CVE-2018-14064.yaml |
| YouPHPTube Encoder 2.3 - Remote Command Injection (CVE-2019-5127) | cve/CVE-2019-5127.yaml |
| Masa CMS - Authentication Bypass (CVE-2022-47002) | cve/CVE-2022-47002.yaml |
| WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference (CVE-2020-13700) | cve/CVE-2020-13700.yaml |
| iSpy 7.2.2.0 - Authentication Bypass (CVE-2022-29775) | cve/CVE-2022-29775.yaml |
| Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion (CVE-2010-1081) | cve/CVE-2010-1081.yaml |
| rConfig <=3.9.4 - SQL Injection (CVE-2020-10549) | cve/CVE-2020-10549.yaml |
| NCBI ToolBox - Directory Traversal (CVE-2018-16716) | cve/CVE-2018-16716.yaml |
| BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting (CVE-2021-31589) | cve/CVE-2021-31589.yaml |
| phpPgAdmin <=4.1.1 - Cross-Site Scripting (CVE-2007-5728) | cve/CVE-2007-5728.yaml |
| Popup by Supsystic <1.10.5 - Cross-Site scripting (CVE-2021-24275) | cve/CVE-2021-24275.yaml |
| WordPress Copyright Proof <=4.16 - Cross-Site-Scripting (CVE-2022-1906) | cve/CVE-2022-1906.yaml |
| Yonyou U8 13.0 - Cross-Site Scripting (CVE-2022-26263) | cve/CVE-2022-26263.yaml |
| Zimbra Collaboration (ZCS) - Cross Site Scripting (CVE-2022-27926) | cve/CVE-2022-27926.yaml |
| WordPress PayPal Pro <1.1.65 - SQL Injection (CVE-2020-14092) | cve/CVE-2020-14092.yaml |
| D-Link Routers - Local File Inclusion (CVE-2018-10822) | cve/CVE-2018-10822.yaml |
| Cisco HyperFlex HX Data Platform - Remote Command Execution (CVE-2021-1498) | cve/CVE-2021-1498.yaml |
| Oracle Access Manager - Remote Code Execution (CVE-2021-35587) | cve/CVE-2021-35587.yaml |
| Apereo CAS Cross-Site Scripting (CVE-2021-42567) | cve/CVE-2021-42567.yaml |
| Nuxeo <10.3 - Remote Code Execution (CVE-2018-16341) | cve/CVE-2018-16341.yaml |
| SolarView Compact <= 6.00 - Local File Inclusion (CVE-2023-29919) | cve/CVE-2023-29919.yaml |
| Confluence Server - Remote Code Execution (CVE-2021-26084) | cve/CVE-2021-26084.yaml |
| XStream 1.4.18 - Arbitrary Code Execution (CVE-2021-39146) | cve/CVE-2021-39146.yaml |
| Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection | cve/CVE-2020-35338.yaml |
| RevealJS postMessage <4.3.0 - Cross-Site Scripting (CVE-2022-0776) | cve/CVE-2022-0776.yaml |
| Magmi 0.7.22 - Cross-Site Scripting (CVE-2017-7391) | cve/CVE-2017-7391.yaml |
| Horde/Horde Groupware - Local File Inclusion (CVE-2009-0932) | cve/CVE-2009-0932.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19749) | cve/CVE-2018-19749.yaml |
| PDF Generator for WordPress < 1.1.2 - Cross Site Scripting (CVE-2022-4321) | cve/CVE-2022-4321.yaml |
| Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting | cve/CVE-2018-3238.yaml |
| Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting (CVE-2019-7219) | cve/CVE-2019-7219.yaml |
| Django Debug Page - Cross-Site Scripting (CVE-2017-12794) | cve/CVE-2017-12794.yaml |
| Jolokia 1.3.7 - Cross-Site Scripting (CVE-2018-1000129) | cve/CVE-2018-1000129.yaml |
| Adobe ColdFusion - Unrestricted File Upload Remote Code Execution (CVE-2018-15961) | cve/CVE-2018-15961.yaml |
| ifw8 Router ROM v4.31 - Credential Discovery (CVE-2019-16313) | cve/CVE-2019-16313.yaml |
| Cachet <=2.3.18 - SQL Injection (CVE-2021-39165) | cve/CVE-2021-39165.yaml |
| HotelDruid 2.3.0 - Cross-Site Scripting (CVE-2019-8937) | cve/CVE-2019-8937.yaml |
| strapi CMS <3.0.0-beta.17.5 - Admin Password Reset (CVE-2019-18818) | cve/CVE-2019-18818.yaml |
| GenieACS => 1.2.8 - OS Command Injection (CVE-2021-46704) | cve/CVE-2021-46704.yaml |
| Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion (CVE-2010-3426) | cve/CVE-2010-3426.yaml |
| Django SQL Injection (CVE-2020-9402) | cve/CVE-2020-9402.yaml |
| Fortinet - Authentication Bypass (CVE-2022-40684) | cve/CVE-2022-40684.yaml |
| Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass (CVE-2021-40856) | cve/CVE-2021-40856.yaml |
| ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure (CVE-2015-0554) | cve/CVE-2015-0554.yaml |
| WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion | cve/CVE-2017-1000170.yaml |
| Spotweb <= 1.5.1 - Cross Site Scripting (Reflected) (CVE-2021-43725) | cve/CVE-2021-43725.yaml |
| WordPress English Admin <1.5.2 - Open Redirect (CVE-2021-25111) | cve/CVE-2021-25111.yaml |
| Joomla! Harmis Messenger 1.2.2 - Local File Inclusion (CVE-2019-9922) | cve/CVE-2019-9922.yaml |
| TP-Link - OS Command Injection (CVE-2021-41653) | cve/CVE-2021-41653.yaml |
| LabKey Server Community Edition <18.3.0 - Open Redirect (CVE-2019-3912) | cve/CVE-2019-3912.yaml |
| Ruby Dragonfly <1.4.0 - Remote Code Execution (CVE-2021-33564) | cve/CVE-2021-33564.yaml |
| WordPress JoomSport <5.2.8 - SQL Injection (CVE-2022-4050) | cve/CVE-2022-4050.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-20011) | cve/CVE-2018-20011.yaml |
| WordPress Personal Dictionary <1.3.4 - Blind SQL Injection (CVE-2022-1013) | cve/CVE-2022-1013.yaml |
| Apache Airflow - Unauthenticated Variable Import (CVE-2021-38540) | cve/CVE-2021-38540.yaml |
| Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion (CVE-2010-1955) | cve/CVE-2010-1955.yaml |
| Apache OFBiz 17.12.03 - Cross-Site Scripting (CVE-2020-9496) | cve/CVE-2020-9496.yaml |
| WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting (CVE-2021-24320) | cve/CVE-2021-24320.yaml |
| HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass (CVE-2021-29203) | cve/CVE-2021-29203.yaml |
| Oracle Business Intelligence Publisher - XML External Entity Injection (CVE-2019-2767) | cve/CVE-2019-2767.yaml |
| IBM WebSphere HCL Digital Experience - Server-Side Request Forgery (CVE-2021-27748) | cve/CVE-2021-27748.yaml |
| Navigate CMS 2.9.4 - Server-Side Request Forgery (CVE-2022-28117) | cve/CVE-2022-28117.yaml |
| Micro Focus Operations Bridge Reporter - Remote Code Execution (CVE-2021-22502) | cve/CVE-2021-22502.yaml |
| Joomla! Component Web TV 1.0 - Local File Inclusion (CVE-2010-1470) | cve/CVE-2010-1470.yaml |
| SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition (CVE-2020-6287) | cve/CVE-2020-6287.yaml |
| WordPress Localize My Post 1.0 - Local File Inclusion (CVE-2018-16299) | cve/CVE-2018-16299.yaml |
| WWBN AVideo 11.6 - Cross-Site Scripting (CVE-2022-32771) | cve/CVE-2022-32771.yaml |
| Forescout CounterACT 6.3.4.1 - Open Redirect (CVE-2012-4982) | cve/CVE-2012-4982.yaml |
| Drupal - Remote Code Execution (CVE-2018-7600) | cve/CVE-2018-7600.yaml |
| IceWarp Mail Server <11.1.1 - Directory Traversal (CVE-2015-1503) | cve/CVE-2015-1503.yaml |
| Oracle E-Business Suite <=12.2 - Authentication Bypass (CVE-2022-21500) | cve/CVE-2022-21500.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19137) | cve/CVE-2018-19137.yaml |
| WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting (CVE-2021-24452) | cve/CVE-2021-24452.yaml |
| Fortinet FortiOS - Open Redirect/Cross-Site Scripting (CVE-2016-3978) | cve/CVE-2016-3978.yaml |
| Joomla! Component Arcade Games 1.0 - Local File Inclusion (CVE-2010-1714) | cve/CVE-2010-1714.yaml |
| WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File | cve/CVE-2021-24145.yaml |
| WordPress CDI <5.1.9 - Cross Site Scripting (CVE-2022-1933) | cve/CVE-2022-1933.yaml |
| vBulletin <= 4.2.3 - SQL Injection (CVE-2016-6195) | cve/CVE-2016-6195.yaml |
| Cisco SD-WAN vManage Software - Local File Inclusion (CVE-2020-26073) | cve/CVE-2020-26073.yaml |
| FortiWeb - Cross-Site Scripting (CVE-2021-22122) | cve/CVE-2021-22122.yaml |
| Cuppa CMS v1.0 - SQL injection (CVE-2022-24264) | cve/CVE-2022-24264.yaml |
| Fortinet FortiOS - Credentials Disclosure (CVE-2018-13379) | cve/CVE-2018-13379.yaml |
| Cisco ASA/FTD Software - Cross-Site Scripting (CVE-2020-3580) | cve/CVE-2020-3580.yaml |
| WordPress WPS Hide Login <1.9.1 - Information Disclosure (CVE-2021-24917) | cve/CVE-2021-24917.yaml |
| Joomla! RSfiles <=1.0.2 - Local File Inclusion (CVE-2007-4504) | cve/CVE-2007-4504.yaml |
| IND780 - Local File Inclusion (CVE-2021-40661) | cve/CVE-2021-40661.yaml |
| Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery | cve/CVE-2017-9506.yaml |
| WOOF WordPress plugin - Cross-Site Scripting (CVE-2021-25085) | cve/CVE-2021-25085.yaml |
| WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting | cve/CVE-2022-1916.yaml |
| Onkyo TX-NR585 Web Interface - Directory Traversal (CVE-2020-12447) | cve/CVE-2020-12447.yaml |
| OpenNMS - JNDI Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/opennms-log4j-jndi-rce.yaml |
| T24 Web Server - Local File Inclusion (CVE-2019-14251) | cve/CVE-2019-14251.yaml |
| VMware Horizon - JNDI Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/vmware-horizon-log4j-jndi-rce.yaml |
| Ulterius Server < 1.9.5.0 - Directory Traversal (CVE-2017-16806) | cve/CVE-2017-16806.yaml |
| Movies <= 0.6 - Cross-Site Scripting (CVE-2014-4539) | cve/CVE-2014-4539.yaml |
| Joomla! MooFAQ 1.0 - Local File Inclusion (CVE-2009-2015) | cve/CVE-2009-2015.yaml |
| Drawio <18.0.4 - Server-Side Request Forgery (CVE-2022-1713) | cve/CVE-2022-1713.yaml |
| Drupal SQL Injection (CVE-2014-3704) | cve/CVE-2014-3704.yaml |
| webEdition 6.3.8.0 - Directory Traversal (CVE-2014-5258) | cve/CVE-2014-5258.yaml |
| Suprema BioStar <2.8.2 - Local File Inclusion (CVE-2020-15050) | cve/CVE-2020-15050.yaml |
| Apache Tomcat - Cross-Site Scripting (CVE-2019-0221) | cve/CVE-2019-0221.yaml |
| WordPress Sniplets <=1.2.2 - Cross-Site Scripting (CVE-2008-1061) | cve/CVE-2008-1061.yaml |
| 11in1 CMS 1.2.1 - Local File Inclusion (LFI) (CVE-2012-0996) | cve/CVE-2012-0996.yaml |
| MovableType - Remote Command Injection (CVE-2021-20837) | cve/CVE-2021-20837.yaml |
| WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection (CVE-2021-32789) | cve/CVE-2021-32789.yaml |
| Gibbon v25.0.0 - Cross-Site Scripting (CVE-2023-34599) | cve/CVE-2023-34599.yaml |
| WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection (CVE-2022-45805) | cve/CVE-2022-45805.yaml |
| WordPress Permalink Manager <2.2.15 - Cross-Site Scripting (CVE-2022-0201) | cve/CVE-2022-0201.yaml |
| Apache Tomcat - Remote Code Execution (CVE-2017-12617) | cve/CVE-2017-12617.yaml |
| Buffalo WSR-2533DHPL2 - Improper Access Control (CVE-2021-20092) | cve/CVE-2021-20092.yaml |
| WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting (CVE-2016-1000134) | cve/CVE-2016-1000134.yaml |
| FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting (CVE-2017-14186) | cve/CVE-2017-14186.yaml |
| ACME mini_httpd <1.30 - Local File Inclusion (CVE-2018-18778) | cve/CVE-2018-18778.yaml |
| STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion (CVE-2023-26255) | cve/CVE-2023-26255.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43170) | cve/CVE-2022-43170.yaml |
| Cisco Unified Communications Manager 7/8/9 - Directory Traversal (CVE-2013-5528) | cve/CVE-2013-5528.yaml |
| Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control | cve/CVE-2019-2578.yaml |
| myfactory FMS - Cross-Site Scripting (CVE-2021-42565) | cve/CVE-2021-42565.yaml |
| Spring Boot Actuator Logview Directory Traversal (CVE-2021-21234) | cve/CVE-2021-21234.yaml |
| WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval (CVE-2015-4694) | cve/CVE-2015-4694.yaml |
| WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting (CVE-2021-34643) | cve/CVE-2021-34643.yaml |
| Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense | cve/CVE-2020-3187.yaml |
| Cisco vManage (Log4j) - Remote Code Execution (CVE-2021-44228) | cve/cisco-vmanage-log4j.yaml |
| Apache Solr <=8.3.1 - Remote Code Execution (CVE-2019-17558) | cve/CVE-2019-17558.yaml |
| Joomla! Component Canteen 1.0 - Local File Inclusion (CVE-2010-4977) | cve/CVE-2010-4977.yaml |
| BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution (CVE-2021-21389) | cve/CVE-2021-21389.yaml |
| External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request | cve/CVE-2022-1398.yaml |
| Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF) | cve/CVE-2020-10770.yaml |
| BigAnt Server v5.6.06 - Local File Inclusion (CVE-2022-23347) | cve/CVE-2022-23347.yaml |
| Ncomputing vSPace Pro 10 and 11 - Directory Traversal (CVE-2018-10201) | cve/CVE-2018-10201.yaml |
| phpMyAdmin < 5.1.2 - Cross-Site Scripting (CVE-2022-23808) | cve/CVE-2022-23808.yaml |
| WAVLINK WN530HG4 - Improper Access Control (CVE-2022-34049) | cve/CVE-2022-34049.yaml |
| IceWarp Mail Server - Open Redirect (CVE-2021-36580) | cve/CVE-2021-36580.yaml |
| WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting | cve/CVE-2021-24335.yaml |
| Simple File List < 4.4.12 - Cross Site Scripting (CVE-2022-3062) | cve/CVE-2022-3062.yaml |
| VMware HCX - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/vmware-hcx-log4j.yaml |
| WP Planet <= 0.1 - Cross-Site Scripting (CVE-2014-4592) | cve/CVE-2014-4592.yaml |
| 74cms - ajax_officebuilding.php SQL Injection (CVE-2020-22210) | cve/CVE-2020-22210.yaml |
| Ivanti EPM Cloud Services Appliance Code Injection (CVE-2021-44529) | cve/CVE-2021-44529.yaml |
| SCIMono <0.0.19 - Remote Code Execution (CVE-2021-21479) | cve/CVE-2021-21479.yaml |
| Contao <4.13.3 - Cross-Site Scripting (CVE-2022-24899) | cve/CVE-2022-24899.yaml |
| DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution (CVE-2018-7700) | cve/CVE-2018-7700.yaml |
| OpenSymphony XWork/Apache Struts2 - Remote Code Execution (CVE-2007-4556) | cve/CVE-2007-4556.yaml |
| DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19751) | cve/CVE-2018-19751.yaml |
| Apache Superset - Authentication Bypass (CVE-2023-27524) | cve/CVE-2023-27524.yaml |
| CData RSB Connect v22.0.8336 - Server Side Request Forgery (CVE-2023-24243) | cve/CVE-2023-24243.yaml |
| WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal (CVE-2013-7240) | cve/CVE-2013-7240.yaml |
| WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery | cve/CVE-2022-45835.yaml |
| myfactory FMS - Cross-Site Scripting (CVE-2021-42566) | cve/CVE-2021-42566.yaml |
| Vehicle Service Management System 1.0 - Cross Site Scripting (CVE-2021-46073) | cve/CVE-2021-46073.yaml |
| WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting (CVE-2021-39322) | cve/CVE-2021-39322.yaml |
| Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal (CVE-2018-19365) | cve/CVE-2018-19365.yaml |
| XStream <1.4.17 - Remote Code Execution (CVE-2021-29505) | cve/CVE-2021-29505.yaml |
| GLPI <9.4.6 - Open Redirect (CVE-2020-11034) | cve/CVE-2020-11034.yaml |
| Webmin <1.990 - Improper Access Control (CVE-2022-0824) | cve/CVE-2022-0824.yaml |
| OpenCATS - Open Redirect (CVE-2023-27292) | cve/CVE-2023-27292.yaml |
| twitter-server Cross-Site Scripting (CVE-2020-35774) | cve/CVE-2020-35774.yaml |
| Fortra GoAnywhere MFT - Remote Code Execution (CVE-2023-0669) | cve/CVE-2023-0669.yaml |
| D-Link DAP-1620 - Local File Inclusion (CVE-2021-46381) | cve/CVE-2021-46381.yaml |
| Apache Struts2 S2-053 - Remote Code Execution (CVE-2017-12611) | cve/CVE-2017-12611.yaml |
| BigAnt Server 5.6.06 - Improper Access Control (CVE-2022-23348) | cve/CVE-2022-23348.yaml |
| Openemr < 7.0.0.1 - Cross-Site Scripting (CVE-2022-2733) | cve/CVE-2022-2733.yaml |
| WSO2 - Cross-Site Scripting (CVE-2022-29548) | cve/CVE-2022-29548.yaml |
| WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability | cve/CVE-2022-27849.yaml |
| Microweber <1.1.20 - Information Disclosure (CVE-2020-13405) | cve/CVE-2020-13405.yaml |
| Microweber <1.2.12 - Integer Overflow (CVE-2022-0968) | cve/CVE-2022-0968.yaml |
| HP System Management Homepage (SMH) v2.x.x.x - Open Redirect (CVE-2010-1586) | cve/CVE-2010-1586.yaml |
| Belkin N150 Router 1.00.08/1.00.09 - Path Traversal (CVE-2014-2962) | cve/CVE-2014-2962.yaml |
| DVDFab 12 Player/PlayerFab - Local File Inclusion (CVE-2022-25216) | cve/CVE-2022-25216.yaml |
| WordPress Post Grid <2.1.8 - Cross-Site Scripting (CVE-2021-24488) | cve/CVE-2021-24488.yaml |
| Inspur ClusterEngine 4.0 - Remote Code Execution (CVE-2020-21224) | cve/CVE-2020-21224.yaml |
| ZZcms - Cross-Site Scripting (CVE-2020-20285) | cve/CVE-2020-20285.yaml |
| WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting | cve/CVE-2022-0599.yaml |
| Jira Improper Authorization (CVE-2019-8446) | cve/CVE-2019-8446.yaml |
| Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion (CVE-2018-19326) | cve/CVE-2018-19326.yaml |
| WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials (CVE-2022-35413) | cve/CVE-2022-35413.yaml |
| pfSense pfBlockerNG <=2.1..4_26 - OS Command Injection (CVE-2022-31814) | cve/CVE-2022-31814.yaml |
| WordPress Jannah Theme <5.4.5 - Cross-Site Scripting (CVE-2021-24407) | cve/CVE-2021-24407.yaml |
| Orange Forum 1.4.0 - Open Redirect (CVE-2018-14474) | cve/CVE-2018-14474.yaml |
| WordPress Booking Calendar <3.2.2 - Arbitrary File Upload (CVE-2022-3982) | cve/CVE-2022-3982.yaml |
| Elasticsearch 5 - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/elasticsearch5-log4j-rce.yaml |
| Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting (CVE-2018-10141) | cve/CVE-2018-10141.yaml |
| Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting | cve/CVE-2021-46005.yaml |
| JFrog Artifactory 6.7.3 - Admin Login Bypass (CVE-2019-9733) | cve/CVE-2019-9733.yaml |
| Joomla! Component PicSell 1.0 - Arbitrary File Retrieval (CVE-2010-3203) | cve/CVE-2010-3203.yaml |
| Jeecg-boot 3.5.0 qurestSql - SQL Injection (CVE-2023-1454) | cve/CVE-2023-1454.yaml |
| WordPress StageShow <5.0.9 - Open Redirect (CVE-2015-5461) | cve/CVE-2015-5461.yaml |
| Joomla! ProDesk 1.0/1.2 - Local File Inclusion (CVE-2008-6222) | cve/CVE-2008-6222.yaml |
| SkyWalking SQLI (CVE-2020-9483) | cve/CVE-2020-9483.yaml |
| Ericsson Drutt MSDP - Local File Inclusion (CVE-2015-2166) | cve/CVE-2015-2166.yaml |
| Joomla! Component Percha Fields Attach 1.0 - Directory Traversal (CVE-2010-2036) | cve/CVE-2010-2036.yaml |
| Directorist < 7.5.4 - Local File Inclusion (CVE-2023-2252) | cve/CVE-2023-2252.yaml |
| LearnPress <4.1.6 - Cross-Site Scripting (CVE-2022-0271) | cve/CVE-2022-0271.yaml |
| PhpColl 2.5.1 Arbitrary File Upload (CVE-2017-6090) | cve/CVE-2017-6090.yaml |
| Joomla! Component DW Graph - Local File Inclusion (CVE-2010-1302) | cve/CVE-2010-1302.yaml |
| MOVEit Transfer - SQL Injection (CVE-2023-36934) | cve/CVE-2023-36934.yaml |
| WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload (CVE-2022-1952) | cve/CVE-2022-1952.yaml |
| eMerge E3 1.00-06 - Local File Inclusion (CVE-2019-7254) | cve/CVE-2019-7254.yaml |
| Nagios XI 5.7.5 - Cross-Site Scripting (CVE-2021-25299) | cve/CVE-2021-25299.yaml |
| DedeCMS 5.7 SP2 - Cross-Site Scripting (CVE-2018-18608) | cve/CVE-2018-18608.yaml |
| WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness (CVE-2021-34621) | cve/CVE-2021-34621.yaml |
| Apache Airflow <1.10.14 - Authentication Bypass (CVE-2020-17526) | cve/CVE-2020-17526.yaml |
| Atlassian Jira Limited - Local File Inclusion (CVE-2021-26086) | cve/CVE-2021-26086.yaml |
| Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass | cve/CVE-2021-31602.yaml |
| Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion | cve/CVE-2010-1475.yaml |
| CMSimple 3.1 - Local File Inclusion (CVE-2008-2650) | cve/CVE-2008-2650.yaml |
| Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion (CVE-2020-35951) | cve/CVE-2020-35951.yaml |
| Flyte Console <0.52.0 - Server-Side Request Forgery (CVE-2022-24856) | cve/CVE-2022-24856.yaml |
| Grafana Unauthenticated Snapshot Creation (CVE-2021-27358) | cve/CVE-2021-27358.yaml |
| Spring Data Commons - Remote Code Execution (CVE-2018-1273) | cve/CVE-2018-1273.yaml |
| WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset (CVE-2023-32243) | cve/CVE-2023-32243.yaml |
| VMware Site Recovery Manager - Remote Code Execution (Apache Log4j) (CVE-2021-44228) | cve/vmware-siterecovery-log4j-rce.yaml |
| Geutebruck - Remote Command Injection (CVE-2021-33544) | cve/CVE-2021-33544.yaml |
| Apache Tomcat - Open Redirect (CVE-2018-11784) | cve/CVE-2018-11784.yaml |
| WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting (CVE-2022-4260) | cve/CVE-2022-4260.yaml |
| phpShowtime 2.0 - Directory Traversal (CVE-2010-4282) | cve/CVE-2010-4282.yaml |
| WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting | cve/CVE-2022-3933.yaml |
| CirCarLife <4.3 - Improper Authentication (CVE-2018-16668) | cve/CVE-2018-16668.yaml |
| Cisco Small Business 200300 and 500 Series Switches - Open Redirect (CVE-2019-1943) | cve/CVE-2019-1943.yaml |
| Virtua Software Cobranca <12R - Blind SQL Injection (CVE-2021-37589) | cve/CVE-2021-37589.yaml |
| Joomla! Component User Status - Local File Inclusion (CVE-2010-1304) | cve/CVE-2010-1304.yaml |
| Cisco Unified IP Conference Station 7937G - Denial-of-Service (CVE-2020-16139) | cve/CVE-2020-16139.yaml |
| Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection (CVE-2021-42071) | cve/CVE-2021-42071.yaml |
| STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion (CVE-2023-26256) | cve/CVE-2023-26256.yaml |
| WordPress Plugin Age Verification v0.4 - Open Redirect (CVE-2012-6499) | cve/CVE-2012-6499.yaml |
| Zyxel ZyWall UAG/USG - Account Creation Access (CVE-2019-12583) | cve/CVE-2019-12583.yaml |
| Resourcespace - Cross-Site Scripting (CVE-2021-41951) | cve/CVE-2021-41951.yaml |
| Jenkins build-metrics 1.3 - Cross-Site Scripting (CVE-2019-10475) | cve/CVE-2019-10475.yaml |
| vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution (CVE-2023-25135) | cve/CVE-2023-25135.yaml |
| Oracle WebLogic Server Administration Console - Remote Code Execution (CVE-2019-2729) | cve/CVE-2019-2729.yaml |
| Grav <1.7 - Open Redirect (CVE-2020-11529) | cve/CVE-2020-11529.yaml |
| D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure (CVE-2020-25078) | cve/CVE-2020-25078.yaml |
| Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion (CVE-2010-1979) | cve/CVE-2010-1979.yaml |
| Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting (CVE-2021-36450) | cve/CVE-2021-36450.yaml |
| Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery | cve/CVE-2020-7796.yaml |
| OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution (CVE-2020-7247) | cve/CVE-2020-7247.yaml |
| WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting (CVE-2022-1221) | cve/CVE-2022-1221.yaml |
| ZK Framework - Information Disclosure (CVE-2022-36537) | cve/CVE-2022-36537.yaml |
| Genie Access WIP3BVAF IP Camera - Local File Inclusion (CVE-2019-7315) | cve/CVE-2019-7315.yaml |
| Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery (CVE-2020-5775) | cve/CVE-2020-5775.yaml |
| Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization (CVE-2019-3401) | cve/CVE-2019-3401.yaml |
| Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution (CVE-2020-7980) | cve/CVE-2020-7980.yaml |
| SysAid Help Desk <15.2 - Local File Inclusion (CVE-2015-2996) | cve/CVE-2015-2996.yaml |
| Planon <Live Build 41 - Cross-Site Scripting (CVE-2018-18570) | cve/CVE-2018-18570.yaml |
| GRAND FlAGallery 1.57 - Cross-Site Scripting (CVE-2011-4624) | cve/CVE-2011-4624.yaml |
| Microsoft SQL Server Reporting Services - Remote Code Execution (CVE-2020-0618) | cve/CVE-2020-0618.yaml |
| GLPI <=10.0.2 - Remote Command Execution (CVE-2022-35914) | cve/CVE-2022-35914.yaml |
| Jenzabar 9.2x-9.2.2 - Cross-Site Scripting (CVE-2021-26723) | cve/CVE-2021-26723.yaml |
| Joomla! Percha Categories Tree 0.6 - Local File Inclusion (CVE-2010-2033) | cve/CVE-2010-2033.yaml |
| Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution (CVE-2020-35713) | cve/CVE-2020-35713.yaml |
| Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40970) | cve/CVE-2021-40970.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43165) | cve/CVE-2022-43165.yaml |
| WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting (CVE-2021-24351) | cve/CVE-2021-24351.yaml |
| ZZZCMS 1.6.1 - Remote Code Execution (CVE-2019-9041) | cve/CVE-2019-9041.yaml |
| WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting (CVE-2014-4558) | cve/CVE-2014-4558.yaml |
| Palo Alto Network PAN-OS - Remote Code Execution (CVE-2017-15944) | cve/CVE-2017-15944.yaml |
| CHIYU TCP/IP Converter - Cross-Site Scripting (CVE-2021-31250) | cve/CVE-2021-31250.yaml |
| Kaseya Virtual System Administrator - Open Redirect (CVE-2015-2863) | cve/CVE-2015-2863.yaml |
| WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting | cve/CVE-2022-0149.yaml |
| WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting (CVE-2013-4625) | cve/CVE-2013-4625.yaml |
| WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure | cve/CVE-2021-24146.yaml |
| TermTalk Server 3.24.0.2 - Local File Inclusion (CVE-2021-35380) | cve/CVE-2021-35380.yaml |
| Opsview Monitor Pro - Open Redirect (CVE-2016-10368) | cve/CVE-2016-10368.yaml |
| Haraj 3.7 - Cross-Site Scripting (CVE-2022-31299) | cve/CVE-2022-31299.yaml |
| WordPress Title Experiments Free <9.0.1 - SQL Injection (CVE-2022-0784) | cve/CVE-2022-0784.yaml |
| Cobbler - Authentication Bypass (CVE-2018-1000226) | cve/CVE-2018-1000226.yaml |
| Piano LED Visualizer 1.3 - Local File Inclusion (CVE-2022-24900) | cve/CVE-2022-24900.yaml |
| TP-LINK - Local File Inclusion (CVE-2015-3035) | cve/CVE-2015-3035.yaml |
| Elementor Website Builder - Remote Code Execution (CVE-2022-1329) | cve/CVE-2022-1329.yaml |
| D-Link Routers - Remote Command Injection (CVE-2018-10823) | cve/CVE-2018-10823.yaml |
| SecurePoint UTM 12.x Session ID Leak (CVE-2023-22620) | cve/CVE-2023-22620.yaml |
| Aryanic HighMail (High CMS) - Cross-Site Scripting (CVE-2020-23517) | cve/CVE-2020-23517.yaml |
| SAP Solution Manager 7.2 - Remote Command Execution (CVE-2020-6207) | cve/CVE-2020-6207.yaml |
| EPrints 3.4.2 - Cross-Site Scripting (CVE-2021-26702) | cve/CVE-2021-26702.yaml |
| WordPress HTML2WP <=1.0.0 - Arbitrary File Upload (CVE-2022-1574) | cve/CVE-2022-1574.yaml |
| Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control (CVE-2022-38817) | cve/CVE-2022-38817.yaml |
| PMB 7.4.6 - Open Redirect (CVE-2023-24735) | cve/CVE-2023-24735.yaml |
| ThinkPHP 5.0.24 - Information Disclosure (CVE-2022-25481) | cve/CVE-2022-25481.yaml |
| D-Link DIR-816L - Improper Access Control (CVE-2022-28955) | cve/CVE-2022-28955.yaml |
| Mastodon Prototype Pollution Vulnerability (CVE-2022-0432) | cve/CVE-2022-0432.yaml |
| PhpMyAdmin Scripts - Remote Code Execution (CVE-2009-1151) | cve/CVE-2009-1151.yaml |
| Joomla! Component JE Job 1.0 - Local File Inclusion (CVE-2010-5028) | cve/CVE-2010-5028.yaml |
| WordPress WPvivid Backup <0.9.76 - Local File Inclusion (CVE-2022-2863) | cve/CVE-2022-2863.yaml |
| PRTG Network Monitor <20.1.57.1745 - Information Disclosure (CVE-2020-11547) | cve/CVE-2020-11547.yaml |
| Membership Database <= 1.0 - Cross-Site Scripting (CVE-2023-0514) | cve/CVE-2023-0514.yaml |
| Apache Tapestry - Remote Code Execution (CVE-2021-27850) | cve/CVE-2021-27850.yaml |
| ZeroShell <= 1.0beta11 Remote Code Execution (CVE-2009-0545) | cve/CVE-2009-0545.yaml |
| Kyocera Printer d-COPIA253MF - Directory Traversal (CVE-2020-23575) | cve/CVE-2020-23575.yaml |
| Rukovoditel <= 3.2.1 - Cross-Site Scripting (CVE-2022-44946) | cve/CVE-2022-44946.yaml |
| Extreme Management Center 8.4.1.24 - Cross-Site Scripting (CVE-2020-13820) | cve/CVE-2020-13820.yaml |
| SMTP WP Plugin Directory Listing (CVE-2020-35234) | cve/CVE-2020-35234.yaml |
| Microweber <1.2.11 - Information Disclosure (CVE-2022-0660) | cve/CVE-2022-0660.yaml |
| Joomla! Component JRadio - Local File Inclusion (CVE-2010-4719) | cve/CVE-2010-4719.yaml |
| Windows Server 2003 & IIS 6.0 - Remote Code Execution (CVE-2017-7269) | cve/CVE-2017-7269.yaml |
| WordPress Redux Framework <=4.2.11 - Information Disclosure (CVE-2021-38314) | cve/CVE-2021-38314.yaml |
| node-srv - Local File Inclusion (CVE-2018-3714) | cve/CVE-2018-3714.yaml |
| Show all comments < 7.0.1 - Cross-Site Scripting (CVE-2022-4295) | cve/CVE-2022-4295.yaml |
| Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44950) | cve/CVE-2022-44950.yaml |
| emlog 5.3.1 Path Disclosure (CVE-2021-3293) | cve/CVE-2021-3293.yaml |
| WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection (CVE-2021-24946) | cve/CVE-2021-24946.yaml |
| Frontend Uploader <= 0.9.2 - Cross-Site Scripting (CVE-2014-9444) | cve/CVE-2014-9444.yaml |
| ECOA Building Automation System - Arbitrary File Retrieval (CVE-2021-41293) | cve/CVE-2021-41293.yaml |
| WordPress Master Elements <=8.0 - SQL Injection (CVE-2022-0693) | cve/CVE-2022-0693.yaml |
| Jenkins - Remote Command Injection (CVE-2018-1000861) | cve/CVE-2018-1000861.yaml |
| JamF (Log4j) - Remote Code Execution (CVE-2021-44228) | cve/jamf-log4j-jndi-rce.yaml |
| WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting (CVE-2021-24875) | cve/CVE-2021-24875.yaml |
| Camtron CMNC-200 IP Camera - Directory Traversal (CVE-2010-4231) | cve/CVE-2010-4231.yaml |
| Spring Cloud - Remote Code Execution (CVE-2022-22963) | cve/CVE-2022-22963.yaml |
| MySQLDumper 1.24.4 - Directory Traversal (CVE-2012-4253) | cve/CVE-2012-4253.yaml |
| OURPHP <= 7.2.0 - Cross Site Scripting (CVE-2023-30212) | cve/CVE-2023-30212.yaml |
| WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting (CVE-2012-4768) | cve/CVE-2012-4768.yaml |
| WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection (CVE-2022-1057) | cve/CVE-2022-1057.yaml |
| Fortinet FortiOS - Cross-Site Scripting (CVE-2018-13380) | cve/CVE-2018-13380.yaml |
| Node.js st module Directory Traversal (CVE-2014-3744) | cve/CVE-2014-3744.yaml |
| LG-Ericsson iPECS NMS 30M - Local File Inclusion (CVE-2018-15138) | cve/CVE-2018-15138.yaml |
| Cuppa CMS v1.0 - Local File Inclusion (CVE-2022-25486) | cve/CVE-2022-25486.yaml |
| Joomla! Component NoticeBoard 1.3 - Local File Inclusion (CVE-2010-1658) | cve/CVE-2010-1658.yaml |
| D-Link DIR-868L/817LW - Information Disclosure (CVE-2019-17506) | cve/CVE-2019-17506.yaml |
| Labstack Echo 4.8.0 - Open Redirect (CVE-2022-40083) | cve/CVE-2022-40083.yaml |
| WordPress File Manager Plugin - Remote Code Execution (CVE-2020-25213) | cve/CVE-2020-25213.yaml |
| Opensis-Classic 8.0 - Cross-Site Scripting (CVE-2021-40542) | cve/CVE-2021-40542.yaml |
| Wing FTP 6.4.4 - Cross-Site Scripting (CVE-2020-27735) | cve/CVE-2020-27735.yaml |
| Jira < 8.1.1 - Cross-Site Scripting (CVE-2019-3402) | cve/CVE-2019-3402.yaml |
| Oracle WebLogic Server - Remote Code Execution (CVE-2020-2551) | cve/CVE-2020-2551.yaml |
| ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting (CVE-2011-5181) | cve/CVE-2011-5181.yaml |
| Lotus Core CMS 1.0.1 - Local File Inclusion (CVE-2020-8641) | cve/CVE-2020-8641.yaml |
| SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting (CVE-2021-42063) | cve/CVE-2021-42063.yaml |
| NewStatPress <0.9.9 - Cross-Site Scripting (CVE-2015-4063) | cve/CVE-2015-4063.yaml |
| VoipMonitor - Pre-Auth SQL Injection (CVE-2022-24260) | cve/CVE-2022-24260.yaml |
| Online Birth Certificate System 1.2 - Stored Cross-Site Scripting (CVE-2022-29005) | cve/CVE-2022-29005.yaml |
| Spring Security OAuth2 Remote Command Execution (CVE-2016-4977) | cve/CVE-2016-4977.yaml |
| Cofax <=2.0RC3 - Cross-Site Scripting (CVE-2005-4385) | cve/CVE-2005-4385.yaml |
| Apache ShardingSphere ElasticJob-UI privilege escalation (CVE-2022-22733) | cve/CVE-2022-22733.yaml |
| Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31974) | cve/CVE-2022-31974.yaml |
| WordPress Event Tickets < 5.2.2 - Open Redirect (CVE-2021-25028) | cve/CVE-2021-25028.yaml |
| Imgproxy <= 3.14.0 - Server-side request forgery (SSRF) (CVE-2023-30019) | cve/CVE-2023-30019.yaml |
| GitList < 0.6.0 Remote Code Execution (CVE-2018-1000533) | cve/CVE-2018-1000533.yaml |
| VMware vCenter Server - Arbitrary File Upload (CVE-2021-22005) | cve/CVE-2021-22005.yaml |
| Oracle Business Intelligence - Path Traversal (CVE-2019-2588) | cve/CVE-2019-2588.yaml |
| Artica Proxy Community Edition <4.30.000000 - Local File Inclusion (CVE-2020-13158) | cve/CVE-2020-13158.yaml |
| Joomla! Component RWCards 3.0.11 - Local File Inclusion (CVE-2008-6172) | cve/CVE-2008-6172.yaml |
| Atmail 6.5.0 - Cross-Site Scripting (CVE-2021-43574) | cve/CVE-2021-43574.yaml |
| WebPort 1.19.1 - Cross-Site Scripting (CVE-2019-12461) | cve/CVE-2019-12461.yaml |
| Oracle WebLogic Server - Remote Command Execution (CVE-2019-2725) | cve/CVE-2019-2725.yaml |
| WordPress JSmol2WP <=1.07 - Cross-Site Scripting (CVE-2018-20462) | cve/CVE-2018-20462.yaml |
| Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) (CVE-2012-3153) | cve/CVE-2012-3153.yaml |
| Joomla! <=2.0.0 RC2 - Local File Inclusion (CVE-2008-4764) | cve/CVE-2008-4764.yaml |
| VMWare Workspace ONE UEM - Server-Side Request Forgery (CVE-2021-22054) | cve/CVE-2021-22054.yaml |
| WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting (CVE-2017-18536) | cve/CVE-2017-18536.yaml |
| SAP Memory Pipes (MPI) Desynchronization (CVE-2022-22536) | cve/CVE-2022-22536.yaml |
| Detect SSL Certificate Issuer | ssl/metasploit-c2.yaml |
| Covenant C2 SSL - Detect | ssl/covenant-c2-ssl.yaml |
| ShadowPad C2 Infrastructure - Detect | ssl/shadowpad-c2.yaml |
| Kubernetes Fake Ingress Certificate - Detect | ssl/kubernetes-fake-certificate.yaml |
| Expired SSL Certificate | ssl/expired-ssl.yaml |
| TLS Version - Detect | ssl/tls-version.yaml |
| Weak Cipher Suites Detection | ssl/weak-cipher-suites.yaml |
| Cobalt Strike C2 - Detect | ssl/cobalt-strike-c2.yaml |
| AsyncRAT C2 - Detect | ssl/asyncrat-c2.yaml |
| Revoked SSL Certificate - Detect | ssl/revoked-ssl-certificate.yaml |
| OrcusRAT - Detect | ssl/orcus-rat-c2.yaml |
| Untrusted Root Certificate - Detect | ssl/untrusted-root-certificate.yaml |
| Gozi Malware - Detect | ssl/gozi-malware.yaml |
| Self Signed SSL Certificate | ssl/self-signed-ssl.yaml |
| DcRat Server C2 - Detect | ssl/dcrat-server-c2.yaml |
| Posh C2 - Detect | ssl/posh-c2.yaml |
| Quasar RAT C2 SSL Certificate - Detect | ssl/quasar-rat-c2.yaml |
| IcedID Infrastructure - Detect | ssl/icedid.yaml |
| Deprecated TLS Detection (TLS 1.1 or SSLv3) | ssl/deprecated-tls.yaml |
| Insecure Cipher Suite Detection | ssl/insecure-cipher-suite-detect.yaml |
| Bitrat C2 - Detect | ssl/bitrat-c2.yaml |
| CNAME Detect Dangling | dns/detect-dangling-cname.yaml |
| DNS WAF Detection | dns/dns-waf-detect.yaml |
| CNAME Service Detection | dns/cname-service.yaml |
| DNS TXT Record Detected | dns/txt-fingerprint.yaml |
| Detect DNS over HTTPS | dns/detect-dns-over-https.yaml |
| AWS EC2 Detection | dns/ec2-detection.yaml |
| CNAME Fingerprint | dns/cname-fingerprint.yaml |
| CAA Record | dns/caa-fingerprint.yaml |
| NS Record Detection | dns/nameserver-fingerprint.yaml |
| Worksites.net Service Detection | dns/worksites-detection.yaml |
| Microsoft Azure Takeover Detection | dns/azure-takeover-detection.yaml |
| Email Service Detector | dns/mx-service-detector.yaml |
| DNS DMARC - Detect | dns/dmarc-detect.yaml |
| PTR Detected | dns/ptr-fingerprint.yaml |
| DNSSEC Detection | dns/dnssec-detection.yaml |
| MX Record Detection | dns/mx-fingerprint.yaml |
| DNS Servfail Host Finder | dns/servfail-refused-hosts.yaml |
| ElasticBeanTalk Subdomain Takeover Detection | dns/elasticbeantalk-takeover.yaml |
| Spoofable SPF Records with PTR Mechanism | dns/spoofable-spf-records-ptr.yaml |