Nuclei templates used in Network Vulnerability Scanner (part 1)

Written by Engineering Team
Updated 9 months ago

This is the first part of the network-related Nuclei templates used in our Network Vulnerability Scanner.

For the second part of the list, access this link.

In total, there are over 2100 network-related templates configured.

Name Template
Ivanti EPMM - Authentication Bypass cve/CVE-2023-35078.yaml
Metabase - Pre-authentication Remote Code Execution cve/CVE-2023-38646.yaml
CasaOS - Authentication Bypass cve/CVE-2023-37265.yaml, cve/CVE-2023-37266.yaml
Cloudpanel 2 - Remote Code Execution cve/CVE-2023-35885.yaml
XWiki Platform - Remote Code Execution cve/CVE-2023-37462.yaml
Adobe ColdFusion - Pre-Auth Remote Code Execution cve/CVE-2023-29300.yaml
Adobe ColdFusion - Access Control Bypass cve/CVE-2023-29298.yaml
MOVEit - SQL Injection cve/CVE-2023-36934.yaml
Apache Log4j Server - Deserialization Command Execution network/CVE-2017-5645.yaml
ClockWatch Enterprise - Remote Code Execution network/clockwatch-enterprise-rce.yaml
Dropbear sshd CBC Mode Ciphers Detection network/dropbear-cbc-ciphers.yaml
AddPac GSM VoIP Gateway Panel - Detect network/detect-addpac-voip-gateway.yaml
SMB Detection network/smb-detect.yaml
SAPRouter - Routing information leak network/sap-router-info-leak.yaml
MSMQ (Microsoft Message Queuing Service) Remote - Detect network/msmq-detect.yaml
Memcached stats disclosure network/memcached-stats.yaml
EXPN Mail Server Detect network/expn-mail-detect.yaml
FTP Anonymous Login network/ftp-anonymous-login.yaml
RabbitMQ Detection network/rabbitmq-detect.yaml
CQL Native Transport Detect network/cql-native-transport.yaml
POP3 Protocol - Detect network/pop3-detect.yaml
Exposed Android Debug Bridge network/exposed-adb.yaml
Windows Remote Desktop Protocol - Detect network/rdp-detect.yaml
MongoDB Service - Detect network/mongodb-detect.yaml
Redis Server - Unauthenticated Access network/exposed-redis.yaml
Microsoft FTP Service Detect network/microsoft-ftp-service.yaml
PostgreSQL - User Enumeration network/psql-user-enum.yaml
Dropbear sshd Weak Key Exchange Algorithms Enabled network/dropbear-weakalgo.yaml
Ganglia XML Grid Monitor network/ganglia-xml-grid-monitor.yaml
Kafka Topics Enumeration network/kafka-topics-list.yaml
Xlight FTP Service Detect network/xlight-ftp-service-detect.yaml
VSFTPD 2.3.4 - Backdoor Command Execution network/vsftpd-backdoor.yaml
Unauthorized Printer Access network/printers-info-leak.yaml
Microsoft .NET Remoting httpd - Detect network/dotnet-remoting-service-detect.yaml
Docker Daemon Exposed network/exposed-dockerd.yaml
Apache Rocketmq Broker - Unauthenticated Access network/apache-rocketmq-broker-unauth.yaml
Jabber XMPP Protocol - Detect network/detect-jabber-xmpp.yaml
STARTTLS Mail Server Detection network/starttls-mail-detect.yaml
VNC Service Detection network/vnc-service-detect.yaml
VMware Authentication Daemon Detection network/vmware-authentication-daemon-detect.yaml
MikroTik RouterOS API - Detect network/mikrotik-routeros-api.yaml
TiDB - Unauthenticated Access network/tidb-unauth.yaml
Dropbear sshd Detection network/sshd-dropbear-detect.yaml
Telnet Detection network/telnet-detect.yaml
TeamSpeak 3 ServerQuery Detection network/teamspeak3-detect.yaml
GNU Inetutils FTPd Detect network/gnu-inetutils-ftpd-detect.yaml
Apache Airflow <=1.10.10 - Command Injection network/CVE-2020-11981.yaml
Gopher Service - Detect network/gopher-detect.yaml
ZTE Router Panel - Detect network/backdoored-zte.yaml
Weblogic T3 Protocol Detection network/weblogic-t3-detect.yaml
ProFTPD Server Detect network/proftpd-server-detect.yaml
IMAP - Detect network/imap-detect.yaml
ClamAV Server Detect network/clamav-detect.yaml
Apache ZooKeeper - Unauthenticated Access network/exposed-zookeeper.yaml
Rsyncd Service - Detect network/rsyncd-service-detect.yaml
MySQL - Detect network/mysql-detect.yaml
MongoDB Information - Detect network/mongodb-info-enum.yaml
iPlanet Messaging Server IMAP Protocol - Detection network/iplanet-imap-detect.yaml
ESMTP - Detect network/esmtp-detect.yaml
Java Remote Method Invocation Protocol - Detect network/java-rmi-detect.yaml
ActiveMQ OpenWire Transport Detection network/activemq-openwire-transport-detect.yaml
Totemomail SMTP Server Detection network/totemomail-smtp-detect.yaml
IBM DB2 Database Server - Detect network/ibm-d2b-database-server.yaml
RTSP - Detect network/rtsp-detect.yaml
MikroTik FTP server Detect network/mikrotik-ftp-server-detect.yaml
OpenSSH Service - Detect network/openssh-detect.yaml
Apache Dubbo - Unauthenticated Access network/apache-dubbo-unauth.yaml
ClamAV Server - Unauthenticated Access network/clamav-unauth.yaml
TiDB - Password Vulnerability network/tidb-native-password.yaml
SMTP User Enumeration network/smtp-user-enum.yaml
PostgreSQL Authentication - Detect network/pgsql-detect.yaml
Niagara Fox Protocol Information Enumeration network/niagara-fox-info-enum.yaml
Beanstalk Service - Detect network/beanstalk-service.yaml
SMTP Commands Enumeration network/smtp-commands-enum.yaml
LDAP Server NULL Bind Connection Information Disclosure network/ldap-anonymous-login.yaml
SMTP Service Detection network/smtp-detect.yaml
Riak Detection network/riak-detect.yaml
PostgreSQL - Unauthenticated Access network/unauth-psql.yaml
Weblogic IIOP Protocol Detection network/weblogic-iiop-detect.yaml
Dropbear Weak MAC Algorithms Enabled network/dropbear-weakmac.yaml
Finger Daemon Detection network/finger-detect.yaml
Cisco Smart Install Endpoints Exposure network/cisco-smi-exposure.yaml
Samba Service Detection network/samba-detect.yaml
Redis Service - Detect network/redis-detect.yaml
Axigen Mail Server Detection network/axigen-mail-server-detect.yaml
MySQL - Password Vulnerability network/mysql-native-password.yaml
FTP Service - Credential Weakness network/ftp-weak-credentials.yaml
ClickHouse - Unauthorized Access network/clickhouse-unauth.yaml
MongoDB - Unauthenticated Access network/mongodb-unauth.yaml
Rpcbind Portmapper - Detect network/rpcbind-portmapper-detect.yaml
SAPRouter Detection network/sap-router.yaml
Apache ActiveMQ Detection network/apache-activemq-detect.yaml
Cisco Finger Daemon Detection network/cisco-finger-detect.yaml
Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information cnvd/CNVD-2021-14536.yaml
ShopXO Download File Read (CNVD-2021-15822) cnvd/CNVD-2021-15822.yaml
Metinfo - Local File Inclusion (CNVD-2018-13393) cnvd/CNVD-2018-13393.yaml
Fanwei eMobile - OGNL Injection (CNVD-2017-03561) cnvd/CNVD-2017-03561.yaml
H5S CONSOLE - Unauthorized Access (CNVD-2020-67113) cnvd/CNVD-2020-67113.yaml
ThinkPHP Multi Languag - File Inc & Remote Code Execution (RCE) (CNVD-2022-86535) cnvd/CNVD-2022-86535.yaml
EEA - Information Disclosure (CNVD-2021-10543) cnvd/CNVD-2021-10543.yaml
Showdoc <2.8.6 - File Uploads (CNVD-2020-26585) cnvd/CNVD-2020-26585.yaml
CatfishCMS RCE (CNVD-2019-06255) cnvd/CNVD-2019-06255.yaml
jshERP - Information Disclosure (CNVD-2020-63964) cnvd/CNVD-2020-63964.yaml
Xxunchi CMS - Local File Inclusion (CNVD-2020-23735) cnvd/CNVD-2020-23735.yaml
WeiPHP 5.0 - Path Traversal (CNVD-2020-68596) cnvd/CNVD-2020-68596.yaml
EmpireCMS DOM Cross Site-Scripting (CNVD-2021-15824) cnvd/CNVD-2021-15824.yaml
Ruijie Smartweb Management System Password Information Disclosure (CNVD-2021-17369) cnvd/CNVD-2021-17369.yaml
E-Cology V9 - SQL Injection (CNVD-2023-12632) cnvd/CNVD-2023-12632.yaml
Fanwei e-cology <=9.0 - Remote Code Execution (CNVD-2019-32204) cnvd/CNVD-2019-32204.yaml
eYouMail - Remote Code Execution (CNVD-2021-26422) cnvd/CNVD-2021-26422.yaml
Ruijie Smartweb - Default Password (CNVD-2020-56167) cnvd/CNVD-2020-56167.yaml
UFIDA NC BeanShell Remote Command Execution (CNVD-2021-30167) cnvd/CNVD-2021-30167.yaml
ZenTao CMS - SQL Injection (CNVD-2022-42853) cnvd/CNVD-2022-42853.yaml
Sunflower Simple and Personal - Remote Code Execution (CNVD-2022-03672) cnvd/CNVD-2022-03672.yaml
Pan Micro E-office File Uploads (CNVD-2021-49104) cnvd/CNVD-2021-49104.yaml
Ruoyi Management System - Local File Inclusion (CNVD-2021-01931) cnvd/CNVD-2021-01931.yaml
Zhiyuan A8 - Remote Code Execution (CNVD-2019-19299) cnvd/CNVD-2019-19299.yaml
Landray-OA - Local File Inclusion (CNVD-2021-28277) cnvd/CNVD-2021-28277.yaml
Sangfor EDR - Remote Code Execution (CNVD-2020-46552) cnvd/CNVD-2020-46552.yaml
Seeyon - Local File Inclusion (CNVD-2020-62422) cnvd/CNVD-2020-62422.yaml
Ruijie Networks-EWEB Network Management System - Remote Code Execution (CNVD-2021-09650) cnvd/CNVD-2021-09650.yaml
Xiuno BBS CNVD-2019-01348 (CNVD-2019-01348) cnvd/CNVD-2019-01348.yaml
WAF Fuzzing waf/waf-fuzz.yaml
WAF Detection waf/waf-detect.yaml
Apache Tomcat Remote Command Execution (CVE-2020-9484) cve/CVE-2020-9484.yaml
DataTaker DT80 dEX 1.50.012 - Information Disclosure (CVE-2017-11165) cve/CVE-2017-11165.yaml
ZyXel USG - Hardcoded Credentials (CVE-2020-29583) cve/CVE-2020-29583.yaml
Gitblit 1.9.3 - Local File Inclusion (CVE-2022-31268) cve/CVE-2022-31268.yaml
Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution (CVE-2022-37042) cve/CVE-2022-37042.yaml
WordPress Workreap - Remote Code Execution (CVE-2021-24499) cve/CVE-2021-24499.yaml
DOMOS 5.5 - Local File Inclusion (CVE-2019-18665) cve/CVE-2019-18665.yaml
Jolokia Agent - JNDI Code Injection (CVE-2018-1000130) cve/CVE-2018-1000130.yaml
Hongdian H8922 3.0.5 Devices - Local File Inclusion (CVE-2021-28149) cve/CVE-2021-28149.yaml
Redwood Report2Web & 4.5.3 - Cross-Site Scripting (CVE-2021-26710) cve/CVE-2021-26710.yaml
WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection (CVE-2021-25114) cve/CVE-2021-25114.yaml
Pypiserver <1.2.5 - Carriage Return Line Feed Injection (CVE-2019-6802) cve/CVE-2019-6802.yaml
QCube Cross-Site-Scripting (CVE-2020-24912) cve/CVE-2020-24912.yaml
VMware Aria Operations for Logs - Unauthenticated Remote Code Execution (CVE-2023-20864) cve/CVE-2023-20864.yaml
SaltStack <=3002 - Shell Injection (CVE-2020-16846) cve/CVE-2020-16846.yaml
Cisco IOS 12.2(55)SE11 - Remote Code Execution (CVE-2017-3881) cve/CVE-2017-3881.yaml
Apache Spark UI - Remote Command Injection (CVE-2022-33891) cve/CVE-2022-33891.yaml
ManageEngine - Remote Command Execution (CVE-2022-47966) cve/CVE-2022-47966.yaml
Hospital Management System 1.0 - SQL Injection (CVE-2022-32094) cve/CVE-2022-32094.yaml
Yoast SEO 16.7-17.2 - Information Disclosure (CVE-2021-25118) cve/CVE-2021-25118.yaml
Jira - Incorrect Authorization (CVE-2019-3403) cve/CVE-2019-3403.yaml
VMware Aria Operations for Networks - Code Injection Information Disclosure cve/CVE-2023-20889.yaml
WordPress heat-trackr 1.0 - Cross-Site Scripting (CVE-2016-1000136) cve/CVE-2016-1000136.yaml
ECOA Building Automation System - Directory Traversal Content Disclosure (CVE-2021-41291) cve/CVE-2021-41291.yaml
Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting (CVE-2023-2122) cve/CVE-2023-2122.yaml
GeoServer OGC Filter - SQL Injection (CVE-2023-25157) cve/CVE-2023-25157.yaml
Online Event Booking and Reservation System 2.3.0 - SQL Injection (CVE-2021-42667) cve/CVE-2021-42667.yaml
Apache Unomi <1.5.2 - Remote Code Execution (CVE-2020-13942) cve/CVE-2020-13942.yaml
WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting (CVE-2023-0948) cve/CVE-2023-0948.yaml
ZEROF Web Server 1.0 - SQL Injection (CVE-2021-30175) cve/CVE-2021-30175.yaml
Emby Server Server-Side Request Forgery (CVE-2020-26948) cve/CVE-2020-26948.yaml
Atom CMS v2.0 - SQL Injection (CVE-2022-24223) cve/CVE-2022-24223.yaml
Oracle Fusion - Directory Traversal/Local File Inclusion (CVE-2020-14864) cve/CVE-2020-14864.yaml
i-Panel Administration System 2.0 - Cross-Site Scripting (CVE-2021-41878) cve/CVE-2021-41878.yaml
SolarWinds Orion API - Auth Bypass (CVE-2020-10148) cve/CVE-2020-10148.yaml
Free5gc 3.2.1 - Information Disclosure (CVE-2022-38870) cve/CVE-2022-38870.yaml
Microweber < 1.2.12 - Stored Cross-Site Scripting (CVE-2022-0928) cve/CVE-2022-0928.yaml
SuperWebmailer - Remote Code Execution (CVE-2020-11546) cve/CVE-2020-11546.yaml
Joomla! Component JA Comment - Local File Inclusion (CVE-2010-1601) cve/CVE-2010-1601.yaml
Trendnet AC2600 TEW-827DRU - Credentials Disclosure (CVE-2021-20150) cve/CVE-2021-20150.yaml
WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection (CVE-2020-24589) cve/CVE-2020-24589.yaml
Microsoft SharePoint - Remote Code Execution (CVE-2020-16952) cve/CVE-2020-16952.yaml
OpenCATS 0.9.7 - Cross-Site Scripting (CVE-2022-48012) cve/CVE-2022-48012.yaml
Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored) (CVE-2022-42096) cve/CVE-2022-42096.yaml
Cisco HyperFlex HX Data Platform - Remote Command Execution (CVE-2021-1497) cve/CVE-2021-1497.yaml
Simple Employee Records System 1.0 - Unrestricted File Upload (CVE-2019-20183) cve/CVE-2019-20183.yaml
KindEditor 4.1.11 - Cross-Site Scripting (CVE-2019-7543) cve/CVE-2019-7543.yaml
Oracle iPlanet Web Server 7.0.x - Authentication Bypass (CVE-2020-9315) cve/CVE-2020-9315.yaml
Helmet Store Showroom - Cross Site Scripting (CVE-2022-46073) cve/CVE-2022-46073.yaml
MOVEit Transfer - Remote Code Execution (CVE-2023-34362) cve/CVE-2023-34362.yaml
Draytek VigorConnect 1.6.0-B - Local File Inclusion (CVE-2021-20123) cve/CVE-2021-20123.yaml
Spring Cloud Netflix - Server-Side Request Forgery (CVE-2020-5412) cve/CVE-2020-5412.yaml
F5 BIG-IP TMUI - Remote Code Execution (CVE-2020-5902) cve/CVE-2020-5902.yaml
WordPress Tidio Gallery <=1.1 - Cross-Site Scripting (CVE-2016-1000153) cve/CVE-2016-1000153.yaml
MCMS 5.2.5 - SQL Injection (CVE-2022-23898) cve/CVE-2022-23898.yaml
Sympa version =>6.2.16 - Cross-Site Scripting (CVE-2018-1000671) cve/CVE-2018-1000671.yaml
WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting (CVE-2012-1835) cve/CVE-2012-1835.yaml
Navis DocumentCloud <0.1.1 - Cross-Site Scripting (CVE-2015-2807) cve/CVE-2015-2807.yaml
Citrix XenMobile Server - Remote Code Execution (Apache Log4j) (CVE-2021-44228) cve/xenmobile-server-log4j.yaml
FlightPath - Local File Inclusion (CVE-2019-13396) cve/CVE-2019-13396.yaml
DomainMOD <=4.11.01 - Cross-Site Scripting (CVE-2018-19915) cve/CVE-2018-19915.yaml
Magento Server Mass Importer - Cross-Site Scripting (CVE-2015-2068) cve/CVE-2015-2068.yaml
SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting (CVE-2018-19386) cve/CVE-2018-19386.yaml
MeterSphere < 2.5.0 SSRF (CVE-2022-23544) cve/CVE-2022-23544.yaml
WordPress Super Socializer <7.13.30 - Cross-Site Scripting (CVE-2021-24987) cve/CVE-2021-24987.yaml
HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access (CVE-2020-7136) cve/CVE-2020-7136.yaml
Adobe AEM Dispatcher <4.15 - Rules Bypass (CVE-2016-0957) cve/CVE-2016-0957.yaml
WordPress Plugin File Manager (wp-file-manager) Backup Disclosure (CVE-2020-24312) cve/CVE-2020-24312.yaml
Atom CMS v2.0 - SQL Injection (CVE-2022-25488) cve/CVE-2022-25488.yaml
Juniper Web Device Manager - Cross-Site Scripting (CVE-2022-22242) cve/CVE-2022-22242.yaml
Netsweeper 4.0.5 - Default Weak Account (CVE-2014-9614) cve/CVE-2014-9614.yaml
Reprise License Manager 14.2 - Cross-Site Scripting (CVE-2021-45422) cve/CVE-2021-45422.yaml
WordPress Symposium <=15.8.1 - Cross-Site Scripting (CVE-2015-9414) cve/CVE-2015-9414.yaml
Rocket.Chat <3.9.1 - Information Disclosure (CVE-2020-28208) cve/CVE-2020-28208.yaml
Apache Tomcat JK Connect <=1.2.44 - Manager Access (CVE-2018-11759) cve/CVE-2018-11759.yaml
Joomla! Component Music Manager - Local File Inclusion (CVE-2010-2857) cve/CVE-2010-2857.yaml
SonarQube - Authentication Bypass (CVE-2020-27986) cve/CVE-2020-27986.yaml
WordPress Yuzo <5.12.94 - Cross-Site Scripting (CVE-2019-11869) cve/CVE-2019-11869.yaml
Primetek Primefaces 5.x - Remote Code Execution (CVE-2017-1000486) cve/CVE-2017-1000486.yaml
Apache APISIX Dashboard <2.10.1 - API Unauthorized Access (CVE-2021-45232) cve/CVE-2021-45232.yaml
WordPress Statistics <13.0.8 - Blind SQL Injection (CVE-2021-24340) cve/CVE-2021-24340.yaml
SPIP - Remote Command Execution (CVE-2023-27372) cve/CVE-2023-27372.yaml
Contentful <=2020-05-21 - Cross-Site Scripting (CVE-2020-13258) cve/CVE-2020-13258.yaml
WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection (CVE-2021-24750) cve/CVE-2021-24750.yaml
WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting (CVE-2022-4325) cve/CVE-2022-4325.yaml
kkFileView 4.0.0 - Cross-Site Scripting (CVE-2022-29349) cve/CVE-2022-29349.yaml
Klog Server <=2.41 - Unauthenticated Command Injection (CVE-2020-35729) cve/CVE-2020-35729.yaml
WordPress Pie-Register <2.0.19 - Cross-Site Scripting (CVE-2015-7377) cve/CVE-2015-7377.yaml
Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection (CVE-2022-25356) cve/CVE-2022-25356.yaml
Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27319) cve/CVE-2021-27319.yaml
Atom CMS v2.0 - Cross-Site Scripting (CVE-2022-25489) cve/CVE-2022-25489.yaml
Apache Struts <=2.5.20 - Remote Code Execution (CVE-2019-0230) cve/CVE-2019-0230.yaml
Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass cve/CVE-2016-7552.yaml
Node.JS System Information Library <5.3.1 - Remote Command Injection (CVE-2021-21315) cve/CVE-2021-21315.yaml
WordPress Transposh <= - Information Disclosure (CVE-2022-2462) cve/CVE-2022-2462.yaml
Hoteldruid 3.0.5 - Cross-Site Scripting (CVE-2023-34537) cve/CVE-2023-34537.yaml
Apache Axis2 Default Login (CVE-2010-0219) cve/CVE-2010-0219.yaml
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting (CVE-2021-21799) cve/CVE-2021-21799.yaml
WordPress Newspaper <12 - Cross-Site Scripting (CVE-2022-2627) cve/CVE-2022-2627.yaml
Imgproxy < 3.14.0 - Cross-site Scripting (XSS) (CVE-2023-1496) cve/CVE-2023-1496.yaml
POS Codekop v2.0 - Cross-site Scripting (CVE-2023-30256) cve/CVE-2023-36346.yaml
MinIO Operator Console Authentication Bypass (CVE-2021-41266) cve/CVE-2021-41266.yaml
WP-FaceThumb 0.1 - Cross-Site Scripting (CVE-2012-2371) cve/CVE-2012-2371.yaml
McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting (CVE-2020-7318) cve/CVE-2020-7318.yaml
Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI (CVE-2010-2861) cve/CVE-2010-2861.yaml
Apache Struts2 S2-053 - Remote Code Execution (CVE-2017-9791) cve/CVE-2017-9791.yaml
Oracle WebLogic Server Local File Inclusion (CVE-2022-21371) cve/CVE-2022-21371.yaml
cgit < 1.2.1 - Directory Traversal (CVE-2018-14912) cve/CVE-2018-14912.yaml
WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting (CVE-2022-0208) cve/CVE-2022-0208.yaml
WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting cve/CVE-2022-1910.yaml
October CMS - Remote Code Execution (CVE-2022-21705) cve/CVE-2022-21705.yaml
Rstudio Shiny Server <1.5.16 - Local File Inclusion (CVE-2021-3374) cve/CVE-2021-3374.yaml
Novius OS 5.0.1-elche - Open Redirect (CVE-2015-5354) cve/CVE-2015-5354.yaml
Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting (CVE-2020-9344) cve/CVE-2020-9344.yaml
Ntopng Authentication Bypass (CVE-2021-28073) cve/CVE-2021-28073.yaml
FUDForum 3.1.0 - Cross-Site Scripting (CVE-2021-27520) cve/CVE-2021-27520.yaml
FHEM 6.0 - Local File Inclusion (CVE-2020-19360) cve/CVE-2020-19360.yaml
Django - Open Redirect (CVE-2018-14574) cve/CVE-2018-14574.yaml
Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting (CVE-2018-2791) cve/CVE-2018-2791.yaml
OPNsense <=20.1.5 - Open Redirect (CVE-2020-23015) cve/CVE-2020-23015.yaml
WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting (CVE-2022-0381) cve/CVE-2022-0381.yaml
Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27314) cve/CVE-2021-27314.yaml
Layer5 Meshery 0.5.2 - SQL Injection (CVE-2021-31856) cve/CVE-2021-31856.yaml
TOTOLINK Realtek SD Routers - Remote Command Injection (CVE-2019-19824) cve/CVE-2019-19824.yaml
WordPress Awin Data Feed <=1.6 - Cross-Site Scripting (CVE-2022-1937) cve/CVE-2022-1937.yaml
BillQuick Web Suite SQL Injection (CVE-2021-42258) cve/CVE-2021-42258.yaml
F5 BIG-IP iControl - REST Auth Bypass RCE (CVE-2022-1388) cve/CVE-2022-1388.yaml
WordPress PHPMailer < 5.2.18 - Remote Code Execution (CVE-2016-10033) cve/CVE-2016-10033.yaml
Netsweeper 4.0.4 - Cross-Site Scripting (CVE-2014-9615) cve/CVE-2014-9615.yaml
Xinuo Openserver 5/6 - Cross-Site scripting (CVE-2020-25495) cve/CVE-2020-25495.yaml
WordPress Domain Check <1.0.17 - Cross-Site Scripting (CVE-2021-24926) cve/CVE-2021-24926.yaml
D-Link Central WifiManager - Server-Side Request Forgery (CVE-2018-15517) cve/CVE-2018-15517.yaml
Atlassian Confluence <5.8.17 - Information Disclosure (CVE-2015-8399) cve/CVE-2015-8399.yaml
Reolink E1 Zoom Camera <= - Information Disclosure (CVE-2021-40150) cve/CVE-2021-40150.yaml
Xibo 1.2.2/1.4.1 - Directory Traversal (CVE-2013-5979) cve/CVE-2013-5979.yaml
elFinder <=2.1.60 - Local File Inclusion (CVE-2022-26960) cve/CVE-2022-26960.yaml
Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27320) cve/CVE-2021-27320.yaml
AWStats 6.95/7.0 - '' Cross-Site Scripting (CVE-2012-4547) cve/CVE-2012-4547.yaml
Pallets Werkzeug <0.15.5 - Local File Inclusion (CVE-2019-14322) cve/CVE-2019-14322.yaml
Gitlab CE/EE 10.5 - Server-Side Request Forgery (CVE-2021-22214CVE-2021-39935CVE-2021-22175) cve/CVE-2021-22214.yaml
Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (CVE-2013-2251) cve/CVE-2013-2251.yaml
WordPress Visualizer <3.3.1 - Cross-Site Scripting (CVE-2019-16931) cve/CVE-2019-16931.yaml
WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting (CVE-2016-1000137) cve/CVE-2016-1000137.yaml
Visualizer <3.3.1 - Blind Server-Side Request Forgery (CVE-2019-16932) cve/CVE-2019-16932.yaml
Jenkins <=2.196 - Cookie Exposure (CVE-2019-10405) cve/CVE-2019-10405.yaml
Apache Struts 2 - Remote Command Execution (CVE-2017-5638) cve/CVE-2017-5638.yaml
SysAid 20.4.74 - Cross-Site Scripting (CVE-2021-31862) cve/CVE-2021-31862.yaml
Barco/AWIND OEM Presentation Platform - Remote Command Injection (CVE-2019-3929) cve/CVE-2019-3929.yaml
Simple URLs < 115 - Cross Site Scripting (CVE-2023-0099) cve/CVE-2023-0099.yaml
Cuppa CMS v1.0 - SQL injection (CVE-2022-27984) cve/CVE-2022-27984.yaml
Kentico CMS Insecure Deserialization Remote Code Execution (CVE-2019-10068) cve/CVE-2019-10068.yaml
WordPress Simple Membership <4.1.1 - Cross-Site Scripting (CVE-2022-1724) cve/CVE-2022-1724.yaml
WP Custom Pages - Local File Inclusion (LFI) (CVE-2011-1669) cve/CVE-2011-1669.yaml
Reprise License Manager 14.2 - Authentication Bypass (CVE-2021-44152) cve/CVE-2021-44152.yaml
Citrix SD-WAN Center - Remote Command Injection (CVE-2019-12986) cve/CVE-2019-12986.yaml
NETGEAR Routers - Remote Code Execution (CVE-2016-6277) cve/CVE-2016-6277.yaml
Apache Code42 - Remote Code Execution (Apache Log4j) (CVE-2021-44228) cve/code42-log4j-rce.yaml
Cisco HyperFlex HX Data Platform - Arbitrary File Upload (CVE-2021-1499) cve/CVE-2021-1499.yaml
WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal (CVE-2015-4414) cve/CVE-2015-4414.yaml
WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection (CVE-2023-23488) cve/CVE-2023-23488.yaml
Login with Phone Number - Cross-Site Scripting (CVE-2023-23492) cve/CVE-2023-23492.yaml
SonicWall SRA 4600 VPN - SQL Injection (CVE-2019-7481) cve/CVE-2019-7481.yaml
WordPress User Post Gallery <=2.19 - Remote Code Execution (CVE-2022-4060) cve/CVE-2022-4060.yaml
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-1000856) cve/CVE-2018-1000856.yaml
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31976) cve/CVE-2022-31976.yaml
Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete (CVE-2021-46424) cve/CVE-2021-46424.yaml
Nordex NC2 - Cross-Site Scripting (CVE-2015-6477) cve/CVE-2015-6477.yaml
ListSERV Maestro <= 9.0-8 RCE (CVE-2010-1870) cve/CVE-2010-1870.yaml
WordPress Spider Calendar <=1.4.9 - SQL Injection (CVE-2015-2196) cve/CVE-2015-2196.yaml
Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting (CVE-2021-41174) cve/CVE-2021-41174.yaml
Studio-42 elFinder <2.1.60 - Arbitrary File Upload (CVE-2021-43421) cve/CVE-2021-43421.yaml
GLPI 9.2/<9.5.6 - Information Disclosure (CVE-2021-39211) cve/CVE-2021-39211.yaml
Artica Pandora FMS <=7.42 - Arbitrary File Read (CVE-2020-8497) cve/CVE-2020-8497.yaml
WordPress Plugin WP Content Source Control - Directory Traversal (CVE-2014-5368) cve/CVE-2014-5368.yaml
Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution (CVE-2020-7961) cve/CVE-2020-7961.yaml
Pandora FMS 7.0NG - Remote Command Injection (CVE-2019-20224) cve/CVE-2019-20224.yaml
CommScope Ruckus IoT Controller - Information Disclosure (CVE-2021-33221) cve/CVE-2021-33221.yaml
Apache Solr <= 7.1 - XML Entity Injection (CVE-2017-12629) cve/CVE-2017-12629.yaml
Cuppa CMS v1.0 - Arbitrary File Upload (CVE-2022-38296) cve/CVE-2022-38296.yaml
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31978) cve/CVE-2022-31978.yaml
Tieline IP Audio Gateway <= - Unauthorized Remote Admin Panel Access cve/CVE-2021-35336.yaml
Garage Management System 1.0 - SQL Injection (CVE-2022-2467) cve/CVE-2022-2467.yaml
Nodejs Squirrelly - Remote Code Execution (CVE-2021-32819) cve/CVE-2021-32819.yaml
FortiLogger - Arbitrary File Upload (CVE-2021-3378) cve/CVE-2021-3378.yaml
WordPress JNews Theme <8.0.6 - Cross-Site Scripting (CVE-2021-24342) cve/CVE-2021-24342.yaml
Jenkin Audit Trail <=3.2 - Cross-Site Scripting (CVE-2020-2140) cve/CVE-2020-2140.yaml
WordPress WPQA <5.5 - Improper Access Control (CVE-2022-1598) cve/CVE-2022-1598.yaml
QSAN Storage Manager <3.3.3 - Cross-Site Scripting (CVE-2021-37216) cve/CVE-2021-37216.yaml
WordPress BadgeOS <=3.7.0 - SQL Injection (CVE-2022-0817) cve/CVE-2022-0817.yaml
Jenkins Git <=4.11.3 - Missing Authorization (CVE-2022-36883) cve/CVE-2022-36883.yaml
Trixbox 2.8.0 - Path Traversal (CVE-2017-14537) cve/CVE-2017-14537.yaml
SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting (CVE-2022-29299) cve/CVE-2022-29299.yaml
WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting (CVE-2021-20792) cve/CVE-2021-20792.yaml
Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion (CVE-2018-6008) cve/CVE-2018-6008.yaml
Apache OFBiz - JNDI Remote Code Execution (Apache Log4j) (CVE-2021-44228) cve/apache-ofbiz-log4j-rce.yaml
WordPress My Calendar <= 3.1.9 - Cross-Site Scripting (CVE-2019-15713) cve/CVE-2019-15713.yaml
Microstrategy Web 7 - Cross-Site Scripting (CVE-2018-18775) cve/CVE-2018-18775.yaml
WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting (CVE-2021-25075) cve/CVE-2021-25075.yaml
Nacos <1.4.1 - Authentication Bypass (CVE-2021-29441) cve/CVE-2021-29441.yaml
Chyrp 2.x - Local File Inclusion (CVE-2011-2780) cve/CVE-2011-2780.yaml
Metinfo 7.0.0 beta - SQL Injection (CVE-2019-16996) cve/CVE-2019-16996.yaml
Netsweeper 3.0.6 - Open Redirection (CVE-2014-9617) cve/CVE-2014-9617.yaml
Backdrop CMS version 1.23.0 - Stored Cross Site Scripting (CVE-2022-42094) cve/CVE-2022-42094.yaml
Zaver - Local File Inclusion (CVE-2022-38794) cve/CVE-2022-38794.yaml
Royal Event - SQL Injection (CVE-2022-28080) cve/CVE-2022-28080.yaml
Symfony - Authentication Bypass (CVE-2015-4050) cve/CVE-2015-4050.yaml
Phoenix Framework - Open Redirect (CVE-2017-1000163) cve/CVE-2017-1000163.yaml
College Management System 1.0 - SQL Injection (CVE-2022-28079) cve/CVE-2022-28079.yaml
Carel pCOWeb <B1.2.4 - Cross-Site Scripting (CVE-2019-11370) cve/CVE-2019-11370.yaml
Tenda 11N - Authentication Bypass (CVE-2022-42233) cve/CVE-2022-42233.yaml
Jeesns 1.4.2 - Cross-Site Scripting (CVE-2020-19282) cve/CVE-2020-19282.yaml
XStream <1.4.15 - Server-Side Request Forgery (CVE-2020-26258) cve/CVE-2020-26258.yaml
Joomla! Component MS Comment 0.8.0b - Local File Inclusion (CVE-2010-2050) cve/CVE-2010-2050.yaml
WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion (CVE-2018-16059) cve/CVE-2018-16059.yaml
ChurchCRM 4.5.3 - Cross-Site Scripting (CVE-2023-25346) cve/CVE-2023-25346.yaml
Swim Team <= v1.44.10777 - Local File Inclusion (CVE-2015-5471) cve/CVE-2015-5471.yaml
ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion (CVE-2016-6601) cve/CVE-2016-6601.yaml
VMware Aria Operations for Networks - Remote Code Execution (CVE-2023-20888) cve/CVE-2023-20888.yaml
Wordpress Zedna eBook download <1.2 - Local File Inclusion (CVE-2016-10924) cve/CVE-2016-10924.yaml
Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion (CVE-2018-8727) cve/CVE-2018-8727.yaml
WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site cve/CVE-2022-2599.yaml
MODx manager - Local File Inclusion (CVE-2010-5278) cve/CVE-2010-5278.yaml
Jenkins <=2.218 - Information Disclosure (CVE-2020-2103) cve/CVE-2020-2103.yaml
WordPress AJAX Random Post <=2.00 - Cross-Site Scripting (CVE-2016-1000127) cve/CVE-2016-1000127.yaml
CSE Bookstore 1.0 - SQL Injection (CVE-2020-36112) cve/CVE-2020-36112.yaml
FlatPress 1.2.1 - Stored Cross-Site Scripting (CVE-2021-41432) cve/CVE-2021-41432.yaml
Fortinet FortiNAC - Arbitrary File Write (CVE-2022-39952) cve/CVE-2022-39952.yaml
Geddy <13.0.8 - Local File Inclusion (CVE-2015-5688) cve/CVE-2015-5688.yaml
D-Link DIR-615 - Unauthorized Access (CVE-2021-42627) cve/CVE-2021-42627.yaml
Microstrategy Web 7 - Local File Inclusion (CVE-2018-18777) cve/CVE-2018-18777.yaml
Purchase Order Management v1.0 - SQL Injection (CVE-2021-40908) cve/CVE-2021-40908.yaml
Jfrog Artifactory <6.17.0 - Default Admin Password (CVE-2019-17444) cve/CVE-2019-17444.yaml
FineCMS <5.0.9 - Open Redirect (CVE-2017-11586) cve/CVE-2017-11586.yaml
Apache ActiveMQ <=5.15.5 - Cross-Site Scripting (CVE-2018-8006) cve/CVE-2018-8006.yaml
IBM WebSphere Java Object Deserialization - Remote Code Execution (CVE-2015-7450) cve/CVE-2015-7450.yaml
Sourcecodester Hotel and Lodge Management System 2.0 - SQL Injection (CVE-2020-21012) cve/CVE-2020-21012.yaml
Cisco ASA - Local File Inclusion (CVE-2018-0296) cve/CVE-2018-0296.yaml
Thruk 2.40-2 - Cross-Site Scripting (CVE-2021-35488) cve/CVE-2021-35488.yaml
WordPress GTranslate <2.8.52 - Cross-Site Scripting (CVE-2020-11930) cve/CVE-2020-11930.yaml
KMCIS CaseAware - Cross-Site Scripting (CVE-2017-5631) cve/CVE-2017-5631.yaml
Users Ultra <= 3.1.0 - SQL Injection (CVE-2022-0769) cve/CVE-2022-0769.yaml
GrandNode 4.40 - Local File Inclusion (CVE-2019-12276) cve/CVE-2019-12276.yaml
vBulletin - Open Redirect (CVE-2018-6200) cve/CVE-2018-6200.yaml
OpenEMR <5.0.2 - Local File Inclusion (CVE-2019-14530) cve/CVE-2019-14530.yaml
Netgear RAX43 - Command Injection/Authentication Bypass Buffer Overrun cve/CVE-2021-20167.yaml
WordPress Cab fare calculator < 1.0.4 - Local File Inclusion (CVE-2022-1391) cve/CVE-2022-1391.yaml
Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure (CVE-2020-27361) cve/CVE-2020-27361.yaml
Joomla! Component JInventory 1.23.02 - Local File Inclusion (CVE-2010-1305) cve/CVE-2010-1305.yaml
TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass (CVE-2021-42887) cve/CVE-2021-42887.yaml
WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting (CVE-2016-1000129) cve/CVE-2016-1000129.yaml
Featurific For WordPress 1.6.2 - Cross-Site Scripting (CVE-2011-5265) cve/CVE-2011-5265.yaml
Sourcecodester Simple Client Management System 1.0 - SQL Injection (CVE-2021-43510) cve/CVE-2021-43510.yaml
NewStatPress <=1.0.4 - Cross-Site Scripting (CVE-2015-9312) cve/CVE-2015-9312.yaml
WebCTRL OEM <= 6.5 - Cross-Site Scripting (CVE-2021-31682) cve/CVE-2021-31682.yaml
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44944) cve/CVE-2022-44944.yaml
GitLab CE/EE - Remote Code Execution (CVE-2021-22205) cve/CVE-2021-22205.yaml
WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection (CVE-2022-0948) cve/CVE-2022-0948.yaml
WordPress WP Courses Plugin Information Disclosure (CVE-2020-26876) cve/CVE-2020-26876.yaml
Noptin < 1.6.5 - Open Redirect (CVE-2021-25033) cve/CVE-2021-25033.yaml
AlquistManager Local File Inclusion (CVE-2021-43495) cve/CVE-2021-43495.yaml
Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass (CVE-2021-3297) cve/CVE-2021-3297.yaml
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43167) cve/CVE-2022-43167.yaml
ZZZCMS zzzphp 2.1.0 - Remote Code Execution (CVE-2022-23881) cve/CVE-2022-23881.yaml
Joomla! Component Graphics 1.0.6 - Local File Inclusion (CVE-2010-1653) cve/CVE-2010-1653.yaml
ManageEngine Firewall Analyzer <8.0 - Local File Inclusion (CVE-2015-7780) cve/CVE-2015-7780.yaml
BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting (CVE-2018-16139) cve/CVE-2018-16139.yaml
Joomla! Component redTWITTER 1.0 - Local File Inclusion (CVE-2010-1983) cve/CVE-2010-1983.yaml
Cherokee HTTPD <=0.5 - Cross-Site Scripting (CVE-2006-1681) cve/CVE-2006-1681.yaml
phpMyChat-Plus 1.98 - Cross-Site Scripting (CVE-2019-19908) cve/CVE-2019-19908.yaml
VMware Workspace ONE Access - Server-Side Template Injection (CVE-2022-22954) cve/CVE-2022-22954.yaml
Online Security Guards Hiring System - Cross-Site Scripting (CVE-2023-0527) cve/CVE-2023-0527.yaml
WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection (CVE-2022-0412) cve/CVE-2022-0412.yaml
Grav CMS <1.3.0 - Cross-Site Scripting (CVE-2018-5233) cve/CVE-2018-5233.yaml
Cuppa CMS v1.0 - Authenticated Local File Inclusion (CVE-2022-37191) cve/CVE-2022-37191.yaml
GateOne 1.1 - Local File Inclusion (CVE-2020-35736) cve/CVE-2020-35736.yaml
WordPress Sensei LMS <4.5.0 - Information Disclosure (CVE-2022-2034) cve/CVE-2022-2034.yaml
WordPress Accessibility Helper < - Cross-Site Scripting (CVE-2022-0150) cve/CVE-2022-0150.yaml
Joomla! Component Shoutbox Pro - Local File Inclusion (CVE-2010-1534) cve/CVE-2010-1534.yaml
WordPress Payeezy Pay <=2.97 - Local File Inclusion (CVE-2018-20985) cve/CVE-2018-20985.yaml
VMware View Planner <4.6 SP1- Remote Code Execution (CVE-2021-21978) cve/CVE-2021-21978.yaml
Agentejo Cockpit 0.10.2 - Cross-Site Scripting (CVE-2020-14408) cve/CVE-2020-14408.yaml
SolarView Compact 6.00 - Local File Inclusion (CVE-2022-29298) cve/CVE-2022-29298.yaml
Submitty <= 20.04.01 - Open Redirect (CVE-2020-13121) cve/CVE-2020-13121.yaml
Draytek VigorConnect 6.0-B3 - Local File Inclusion (CVE-2021-20124) cve/CVE-2021-20124.yaml
Craft CMS < 3.3.0 - Server-Side Template Injection (CVE-2020-9757) cve/CVE-2020-9757.yaml
SupportCandy < 3.1.5 - Unauthenticated SQL Injection (CVE-2023-1730) cve/CVE-2023-1730.yaml
WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting (CVE-2022-29455) cve/CVE-2022-29455.yaml
OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43017) cve/CVE-2022-43017.yaml
Casdoor 1.13.0 - Unauthenticated SQL Injection (CVE-2022-24124) cve/CVE-2022-24124.yaml
VMware Operations Manager - Remote Code Execution (Apache Log4j) (CVE-2021-44228) cve/vmware-operation-manager-log4j.yaml
Apache Tomcat Servers - Remote Code Execution (CVE-2017-12615) cve/CVE-2017-12615.yaml
Purchase Order Management v1.0 - SQL Injection (CVE-2023-29622) cve/CVE-2023-29622.yaml
ChurchCRM v4.5.3 - Cross-Site Scripting (CVE-2023-31548) cve/CVE-2023-31548.yaml
WordPress Visitor Statistics <=5.7 - SQL Injection (CVE-2022-33965) cve/CVE-2022-33965.yaml
WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection (CVE-2021-24666) cve/CVE-2021-24666.yaml
Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion (CVE-2010-2045) cve/CVE-2010-2045.yaml
Motorola Baby Monitors - Remote Command Execution (CVE-2021-3577) cve/CVE-2021-3577.yaml
WordPress WooCommerce <1.13.22 - Cross-Site Scripting (CVE-2021-24300) cve/CVE-2021-24300.yaml
WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access (CVE-2022-4140) cve/CVE-2022-4140.yaml
Atlassian Confluence Server - Path Traversal (CVE-2019-3396) cve/CVE-2019-3396.yaml
Complete Online Job Search System 1.0 - SQL Injection (CVE-2022-32018) cve/CVE-2022-32018.yaml
Kibana Timelion - Arbitrary Code Execution (CVE-2019-7609) cve/CVE-2019-7609.yaml
Joomla! Component Online Market 2.x - Local File Inclusion (CVE-2010-1722) cve/CVE-2010-1722.yaml
RocketMQ <= 5.1.0 - Remote Code Execution (CVE-2023-33246) cve/CVE-2023-33246.yaml
Jeecg Boot <= 2.4.5 - Information Disclosure (CVE-2021-37304) cve/CVE-2021-37304.yaml
TerraMaster TOS < 4.2.30 Server Information Disclosure (CVE-2022-24990) cve/CVE-2022-24990.yaml
Joomla! Component Jimtawl 1.0.2 - Local File Inclusion (CVE-2010-4769) cve/CVE-2010-4769.yaml
phpMyAdmin <4.9.0 - Cross-Site Request Forgery (CVE-2019-12616) cve/CVE-2019-12616.yaml
Crestron Device - Credentials Disclosure (CVE-2022-23178) cve/CVE-2022-23178.yaml
PaperCut - Unauthenticated Remote Code Execution (CVE-2023-27350) cve/CVE-2023-27350.yaml
EyouCMS 1.5.4 Open Redirect (CVE-2021-39501) cve/CVE-2021-39501.yaml
PlaceOS 1.2109.1 - Open Redirection (CVE-2021-41826) cve/CVE-2021-41826.yaml
Devalcms 1.4a - Cross-Site Scripting (CVE-2008-6982) cve/CVE-2008-6982.yaml
Zeroshell 3.9.0 - Remote Command Execution (CVE-2019-12725) cve/CVE-2019-12725.yaml
Adminimize 1.7.22 - Cross-Site Scripting (CVE-2011-4926) cve/CVE-2011-4926.yaml
Diary Management System 1.0 - Cross-Site Scripting (CVE-2022-29004) cve/CVE-2022-29004.yaml
CandidATS 3.0.0 - Cross-Site Scripting. (CVE-2022-42748) cve/CVE-2022-42748.yaml
Hikvision - Authentication Bypass (CVE-2017-7921) cve/CVE-2017-7921.yaml
Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27124) cve/CVE-2021-27124.yaml
Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read (CVE-2020-8982) cve/CVE-2020-8982.yaml
Dasan GPON Devices - Remote Code Execution (CVE-2018-10562) cve/CVE-2018-10562.yaml
WordPress Ninja Job Board < 1.3.3 - Direct Request (CVE-2022-2544) cve/CVE-2022-2544.yaml
WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting (CVE-2017-9288) cve/CVE-2017-9288.yaml
Kae's File Manager <=1.4.7 - Cross-Site Scripting (CVE-2022-40359) cve/CVE-2022-40359.yaml
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting (CVE-2022-0212) cve/CVE-2022-0212.yaml
Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion (CVE-2017-1000028) cve/CVE-2017-1000028.yaml
Joomla! Component com_jashowcase - Directory Traversal (CVE-2010-0943) cve/CVE-2010-0943.yaml
Cisco Small Business RV Series - OS Command Injection (CVE-2021-1472) cve/CVE-2021-1472.yaml
elFinder 2.1.58 - Remote Code Execution (CVE-2021-32682) cve/CVE-2021-32682.yaml
Mlflow <2.3.1 - Local File Inclusion Bypass (CVE-2023-2780) cve/CVE-2023-2780.yaml
Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion (CVE-2008-4668) cve/CVE-2008-4668.yaml
WordPress Tidio-form <=1.0 - Cross-Site Scripting (CVE-2016-1000152) cve/CVE-2016-1000152.yaml
MetInfo 7.0.0 beta - SQL Injection (CVE-2019-17418) cve/CVE-2019-17418.yaml
WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery (CVE-2021-24150) cve/CVE-2021-24150.yaml
Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection (CVE-2019-10232) cve/CVE-2019-10232.yaml
Koha 3.20.1 - Directory Traversal (CVE-2015-4632) cve/CVE-2015-4632.yaml
AudioCode 420HD - Remote Code Execution (CVE-2018-10093) cve/CVE-2018-10093.yaml
ASUS GT-AC2900 - Authentication Bypass (CVE-2021-32030) cve/CVE-2021-32030.yaml
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure cve/CVE-2010-1429.yaml
WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting (CVE-2019-19134) cve/CVE-2019-19134.yaml
GoAnywhere Managed File Transfer - Remote Code Execution (Apache Log4j) (CVE-2021-44228) cve/goanywhere-mft-log4j-rce.yaml
HP Data Protector - Arbitrary Command Execution (CVE-2016-2004) cve/CVE-2016-2004.yaml
WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting (CVE-2021-25055) cve/CVE-2021-25055.yaml
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication cve/CVE-2022-26833.yaml
Joomla! Webservice - Password Disclosure (CVE-2023-23752) cve/CVE-2023-23752.yaml
Cloudron 6.2 Cross-Site Scripting (CVE-2021-40868) cve/CVE-2021-40868.yaml <= 0.1.2 - Cross-Site Scripting (CVE-2023-2272) cve/CVE-2023-2272.yaml
Apache OFBiz <=16.11.07 - Cross-Site Scripting (CVE-2020-1943) cve/CVE-2020-1943.yaml
Apache Log4j2 - Remote Code Injection (CVE-2021-45046) cve/CVE-2021-45046.yaml
mongo-express Remote Code Execution (CVE-2019-10758) cve/CVE-2019-10758.yaml
WordPress Simple Link Directory <7.7.2 - SQL injection (CVE-2022-0760) cve/CVE-2022-0760.yaml
Apache Struts2 S2-012 RCE (CVE-2013-1965) cve/CVE-2013-1965.yaml
WordPress Watu Quiz < - Cross-Site Scripting (CVE-2023-0968) cve/CVE-2023-0968.yaml
Rukovoditel <= 3.2.1 - Cross-Site Scripting (CVE-2022-43169) cve/CVE-2022-43169.yaml
Academy Learning Management System <5.9.1 - Cross-Site Scripting (CVE-2022-38553) cve/CVE-2022-38553.yaml
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31977) cve/CVE-2022-31977.yaml
Nimble Streamer <=3.5.4-9 - Local File Inclusion (CVE-2019-11013) cve/CVE-2019-11013.yaml
WordPress Page Builder KingComposer <=2.9.6 - Open Redirect (CVE-2022-0165) cve/CVE-2022-0165.yaml
WordPress InPost Gallery < - Local File Inclusion (CVE-2022-4063) cve/CVE-2022-4063.yaml
Combodo iTop <2.2.0-2459 - Cross-Site Scripting (CVE-2015-6544) cve/CVE-2015-6544.yaml
XStream <1.4.6/1.4.10 - Remote Code Execution (CVE-2013-7285) cve/CVE-2013-7285.yaml
Zoho ManageEngine - Internal Hostname Disclosure (CVE-2022-23779) cve/CVE-2022-23779.yaml
Joomla! Component Saber Cart - Local File Inclusion (CVE-2010-1313) cve/CVE-2010-1313.yaml
nweb2fax <=0.2.7 - Local File Inclusion (CVE-2008-6668) cve/CVE-2008-6668.yaml
Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion (CVE-2009-2100) cve/CVE-2009-2100.yaml
Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage (CVE-2015-2080) cve/CVE-2015-2080.yaml
Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X- - Directory cve/CVE-2010-2307.yaml
Pulse Connect Secure SSL VPN Arbitrary File Read (CVE-2019-11510) cve/CVE-2019-11510.yaml
Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect (CVE-2021-24358) cve/CVE-2021-24358.yaml
WebGlimpse 2.18.7 - Directory Traversal (CVE-2009-5114) cve/CVE-2009-5114.yaml
WordPress Car Seller - Auto Classifieds Script - SQL Injection (CVE-2021-24285) cve/CVE-2021-24285.yaml
Kavita < - Server-Side Request Forgery (CVE-2022-2756) cve/CVE-2022-2756.yaml
WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site cve/CVE-2021-24169.yaml
WordPress <5.8.3 - SQL Injection (CVE-2022-21661) cve/CVE-2022-21661.yaml
Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27315) cve/CVE-2021-27315.yaml
WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL Injection cve/CVE-2023-0261.yaml
Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion (CVE-2010-1953) cve/CVE-2010-1953.yaml
TerraMaster TOS - Unauthenticated Remote Command Execution (CVE-2020-28188) cve/CVE-2020-28188.yaml
nitely/spirit 0.12.3 - Open Redirect (CVE-2022-0869) cve/CVE-2022-0869.yaml
Joomla! Component OrgChart 1.0.0 - Local File Inclusion (CVE-2010-1878) cve/CVE-2010-1878.yaml
GitLab 16.0.0 - Path Traversal (CVE-2023-2825) cve/CVE-2023-2825.yaml
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43166) cve/CVE-2022-43166.yaml
Spring Cloud Config Server - Local File Inclusion (CVE-2019-3799) cve/CVE-2019-3799.yaml
Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion (CVE-2022-32409) cve/CVE-2022-32409.yaml
MCMS 5.2.4 - SQL Injection (CVE-2022-25125) cve/CVE-2022-25125.yaml
Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion (CVE-2015-4074) cve/CVE-2015-4074.yaml
Joomla! Component Magic Updater - Local File Inclusion (CVE-2010-1307) cve/CVE-2010-1307.yaml
Autonomy Ultraseek - Open Redirect (CVE-2009-0347) cve/CVE-2009-0347.yaml
TileServer GL <=3.0.0 - Cross-Site Scripting (CVE-2020-15500) cve/CVE-2020-15500.yaml
Apache Struts2 S2-008 RCE (CVE-2012-0392) cve/CVE-2012-0392.yaml
Apache Solr 7+ - Remote Code Execution (Apache Log4j) (CVE-2021-44228) cve/apache-solr-log4j-rce.yaml
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43164) cve/CVE-2022-43164.yaml
Mlflow <2.2.1 - Local File Inclusion (CVE-2023-1177) cve/CVE-2023-1177.yaml
JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure (CVE-2020-2733) cve/CVE-2020-2733.yaml
Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command cve/CVE-2021-40539.yaml
exacqVision Web Service - Remote Code Execution (CVE-2020-9047) cve/CVE-2020-9047.yaml
Tenda Router AC11 - Remote Command Injection (CVE-2021-31755) cve/CVE-2021-31755.yaml
Jellyfin 10.7.2 - Server Side Request Forgery (CVE-2021-29490) cve/CVE-2021-29490.yaml
Osclass Security Advisory 3.4.1 - Local File Inclusion (CVE-2014-6308) cve/CVE-2014-6308.yaml
unilogies/bumsys < v2.0.2 - Clickjacking (CVE-2023-1362) cve/CVE-2023-1362.yaml
Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting (CVE-2021-20323) cve/CVE-2021-20323.yaml
WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting (CVE-2022-3506) cve/CVE-2022-3506.yaml
WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting (CVE-2016-1000135) cve/CVE-2016-1000135.yaml
shadoweb wdja v1.5.1 - Cross-Site Scripting (CVE-2020-20982) cve/CVE-2020-20982.yaml
Traefik - Open Redirect (CVE-2020-15129) cve/CVE-2020-15129.yaml
GitLab CE/EE - Remote Code Execution (CVE-2022-2185) cve/CVE-2022-2185.yaml
Sourcecodester Multi Restaurant Table Reservation System 1.0 - SQL Injection cve/CVE-2020-29284.yaml
WordPress Easy Digital Downloads - SQL Injection (CVE-2023-23489) cve/CVE-2023-23489.yaml
Netsweeper 4.0.3 - Cross-Site Scripting (CVE-2014-9608) cve/CVE-2014-9608.yaml
Sophos Mobile managed on-premises - XML External Entity Injection (CVE-2022-3980) cve/CVE-2022-3980.yaml
Artica Proxy 4.30.000000 - Cross-Site Scripting (CVE-2022-37153) cve/CVE-2022-37153.yaml
Tiki Wiki CMS Groupware 5.2 - Local File Inclusion (CVE-2010-4239) cve/CVE-2010-4239.yaml
SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion (CVE-2016-2389) cve/CVE-2016-2389.yaml
XML-RPC Server - Remote Code Execution (CVE-2017-11610) cve/CVE-2017-11610.yaml
Tiny Java Web Server - Cross-Site Scripting (CVE-2021-37573) cve/CVE-2021-37573.yaml
WordPress Feed Them Social <3.0.1 - Cross-Site Scripting (CVE-2022-2383) cve/CVE-2022-2383.yaml
Joomla! Component redSHOP 1.0 - Local File Inclusion (CVE-2010-1531) cve/CVE-2010-1531.yaml
Orchard 'ReturnUrl' Parameter URI - Open Redirect (CVE-2011-5252) cve/CVE-2011-5252.yaml
Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40973) cve/CVE-2021-40973.yaml
BOA Web Server 0.94.14 - Arbitrary File Access (CVE-2017-9833) cve/CVE-2017-9833.yaml
Joomla! <3.7.1 - SQL Injection (CVE-2017-8917) cve/CVE-2017-8917.yaml
OpenTSDB <=2.4.0 - Remote Code Execution (CVE-2020-35476) cve/CVE-2020-35476.yaml
Linear eMerge E3-Series - Cross-Site Scripting (CVE-2022-46381) cve/CVE-2022-46381.yaml
Sophos Web Appliance - Remote Code Execution (CVE-2023-1671) cve/CVE-2023-1671.yaml
LISTSERV 17 - Cross-Site Scripting (CVE-2022-39195) cve/CVE-2022-39195.yaml
DrayTek - Remote Code Execution (CVE-2020-8515) cve/CVE-2020-8515.yaml
Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion (CVE-2010-1602) cve/CVE-2010-1602.yaml
EpiServer Find <13.2.7 - Open Redirect (CVE-2020-24550) cve/CVE-2020-24550.yaml
Bitrix24 <=20.0.0 - Cross-Site Scripting (CVE-2020-13483) cve/CVE-2020-13483.yaml
Pie Register < - SQL Injection (CVE-2021-24731) cve/CVE-2021-24731.yaml
Adobe Coldfusion <=8.0.1 - Cross-Site Scripting (CVE-2009-1872) cve/CVE-2009-1872.yaml
Zabbix Setup Configuration Authentication Bypass (CVE-2022-23134) cve/CVE-2022-23134.yaml
Rocket.Chat <=3.13 - NoSQL Injection (CVE-2021-22911) cve/CVE-2021-22911.yaml
WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting (CVE-2021-24298) cve/CVE-2021-24298.yaml
WordPress AnyComment <0.3.5 - Open Redirect (CVE-2021-24838) cve/CVE-2021-24838.yaml
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31975) cve/CVE-2022-31975.yaml
Altenergy Power Control Software C1.2.5 - Remote Command Injection (CVE-2023-28343) cve/CVE-2023-28343.yaml
WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting (CVE-2013-2287) cve/CVE-2013-2287.yaml
WBCE CMS 1.5.2 - Cross-Site Scripting (CVE-2022-30073) cve/CVE-2022-30073.yaml
eMerge E3 1.00-06 - Remote Code Execution (CVE-2019-7256) cve/CVE-2019-7256.yaml
VMware vRealize Operations Tenant - JNDI Remote Code Execution (Apache Log4j) cve/vrealize-operations-log4j-rce.yaml
WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting (CVE-2021-34640) cve/CVE-2021-34640.yaml
ImpressCMS <1.4.3 - Incorrect Authorization (CVE-2021-26598) cve/CVE-2021-26598.yaml
Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass (CVE-2023-2982) cve/CVE-2023-2982.yaml
Zyxel - Cross-Site Scripting (CVE-2019-9955) cve/CVE-2019-9955.yaml
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager cve/CVE-2019-1821.yaml
Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection (CVE-2020-8194) cve/CVE-2020-8194.yaml
IceWarp WebMail Server <= - Cross-Site Scripting (CVE-2020-8512) cve/CVE-2020-8512.yaml
Apache httpd <=2.4.29 - Arbitrary File Upload (CVE-2017-15715) cve/CVE-2017-15715.yaml
NETGEAR ProSafe SSL VPN firmware - SQL Injection (CVE-2022-29383) cve/CVE-2022-29383.yaml
Lotus Domino R5 and R6 WebMail - Information Disclosure (CVE-2005-2428) cve/CVE-2005-2428.yaml
ATutor < 2.2.1 - Cross Site Scripting (CVE-2023-27008) cve/CVE-2023-27008.yaml
Formcraft3 <3.8.28 - Server-Side Request Forgery (CVE-2022-0591) cve/CVE-2022-0591.yaml
WordPress zm-gallery plugin 1.0 SQL Injection (CVE-2016-10940) cve/CVE-2016-10940.yaml
Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting cve/CVE-2019-10092.yaml
Acrolinx Server <5.2.5 - Local File Inclusion (CVE-2018-7719) cve/CVE-2018-7719.yaml
WordPress AcyMailing <7.5.0 - Open Redirect (CVE-2021-24288) cve/CVE-2021-24288.yaml
Rumpus FTP Web File Manager - Cross-Site Scripting (CVE-2019-19368) cve/CVE-2019-19368.yaml
WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL cve/CVE-2021-24931.yaml
rConfig 3.9.4 - SQL Injection (CVE-2020-10548) cve/CVE-2020-10548.yaml
GitLab CE/EE Unauthenticated RCE Using ExifTool (CVE-2021-22205) cve/gitlab-rce.yaml
WordPress Duplicator <1.4.7 - Authentication Bypass (CVE-2022-2551) cve/CVE-2022-2551.yaml
Apache S2-032 Struts - Remote Code Execution (CVE-2016-3081) cve/CVE-2016-3081.yaml
LionWiki <3.2.12 - Local File Inclusion (CVE-2020-27191) cve/CVE-2020-27191.yaml
Dell iDRAC7/8 Devices - Remote Code Injection (CVE-2018-1207) cve/CVE-2018-1207.yaml
SAP Web Application Server 6.x/7.0 - Open Redirect (CVE-2005-3634) cve/CVE-2005-3634.yaml
WordPress WPB Show Core - Cross-Site Scripting (CVE-2022-3484) cve/CVE-2022-3484.yaml
Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure (CVE-2019-1653) cve/CVE-2019-1653.yaml
PacsOne Server <7.1.1 - Cross-Site Scripting (CVE-2020-29164) cve/CVE-2020-29164.yaml
WordPress Time Capsule < 1.21.16 - Authentication Bypass (CVE-2020-8771) cve/CVE-2020-8771.yaml
VMware VCenter - Remote Code Execution (Apache Log4j) (CVE-2021-44228) cve/vmware-vcenter-log4j-jndi-rce.yaml
GDidees CMS v3.9.1 - Arbitrary File Download (CVE-2023-27179) cve/CVE-2023-27179.yaml
WordPress Guppy <=1.1 - Information Disclosure (CVE-2021-24997) cve/CVE-2021-24997.yaml
PHPGurukul Hospital Management System - Cross-Site Scripting (CVE-2020-5191) cve/CVE-2020-5191.yaml
WordPress Page Layout builder v1.9.3 - Cross-Site Scripting (CVE-2016-1000141) cve/CVE-2016-1000141.yaml
Rails File Content Disclosure (CVE-2019-5418) cve/CVE-2019-5418.yaml
rConfig 3.9.4 - SQL Injection (CVE-2020-10546) cve/CVE-2020-10546.yaml
Joomla! JCK Editor SQL Injection (CVE-2018-17254) cve/CVE-2018-17254.yaml
WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting (CVE-2016-1000133) cve/CVE-2016-1000133.yaml
Elasticsearch - Local File Inclusion (CVE-2015-3337) cve/CVE-2015-3337.yaml
WordPress Page Views Count <2.4.15 - SQL Injection (CVE-2022-0434) cve/CVE-2022-0434.yaml
Seagate NAS OS - Server Information Disclosure (CVE-2018-12296) cve/CVE-2018-12296.yaml
Cuppa CMS v1.0 - Remote Code Execution (CVE-2022-37190) cve/CVE-2022-37190.yaml
GitLab CE/EE - Hard-Coded Credentials (CVE-2022-1162) cve/CVE-2022-1162.yaml
WordPress 15Zine <3.3.0 - Cross-Site Scripting (CVE-2020-36510) cve/CVE-2020-36510.yaml
Zoho ManageEngine OpManger - Arbitrary File Read (CVE-2020-12116) cve/CVE-2020-12116.yaml
IBM Maximo Asset Management Information Disclosure - XML External Entity Injection cve/CVE-2020-4463.yaml
Jira - Local File Inclusion (CVE-2019-8442) cve/CVE-2019-8442.yaml
MantisBT <=2.30 - Arbitrary Password Reset/Admin Access (CVE-2017-7615) cve/CVE-2017-7615.yaml
IceWarp Mail Server <=10.4.4 - Local File Inclusion (CVE-2019-12593) cve/CVE-2019-12593.yaml
AppWeb - Authentication Bypass (CVE-2018-8715) cve/CVE-2018-8715.yaml
Tablesome < 1.0.9 - Cross-Site Scripting (CVE-2023-1890) cve/CVE-2023-1890.yaml
SAS/Internet 9.4 1520 - Local File Inclusion (CVE-2021-41569) cve/CVE-2021-41569.yaml
FUDForum 3.1.0 - Cross-Site Scripting (CVE-2021-27519) cve/CVE-2021-27519.yaml
Puppet Server/PuppetDB - Sensitive Information Disclosure (CVE-2020-7943) cve/CVE-2020-7943.yaml
Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection (CVE-2021-25297) cve/CVE-2021-25297.yaml
Ivanti MobileIron (Log4j) - Remote Code Execution (CVE-2021-44228) cve/mobileiron-log4j-jndi-rce.yaml
Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access cve/CVE-2012-0896.yaml
WordPress PhastPress <1.111 - Open Redirect (CVE-2021-24210) cve/CVE-2021-24210.yaml
Hitachi Pentaho Business Analytics Server - Remote Code Execution (CVE-2022-43769) cve/CVE-2022-43769.yaml
Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability cve/CVE-2016-4437.yaml
NocoDB version <= 0.106.1 - Arbitrary File Read (CVE-2023-35843) cve/CVE-2023-35843.yaml
Apache Kylin - Exposed Configuration File (CVE-2020-13937) cve/CVE-2020-13937.yaml
Etherpad Lite <1.6.4 - Admin Authentication Bypass (CVE-2018-9845) cve/CVE-2018-9845.yaml
JustWriting - Cross-Site Scripting (CVE-2021-41467) cve/CVE-2021-41467.yaml
WordPress True Ranker <2.2.4 - Local File Inclusion (CVE-2021-39312) cve/CVE-2021-39312.yaml
Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution (CVE-2017-3506) cve/CVE-2017-3506.yaml
WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site cve/CVE-2021-24991.yaml
Netsweeper 4.0.4 - Cross-Site Scripting (CVE-2014-9607) cve/CVE-2014-9607.yaml
Cuppa CMS v1.0 - Cross Site Scripting (CVE-2022-38295) cve/CVE-2022-38295.yaml
EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution (CVE-2020-8654) cve/CVE-2020-8654.yaml
Welcart eCommerce <=2.7.7 - Local File Inclusion (CVE-2022-41840) cve/CVE-2022-41840.yaml
Directory Management System 1.0 - SQL Injection (CVE-2022-29006) cve/CVE-2022-29006.yaml
Hospital Management System 4.0 - SQL Injection (CVE-2020-5192) cve/CVE-2020-5192.yaml
Joomla! Component com_kp - 'Controller' Local File Inclusion (CVE-2011-4804) cve/CVE-2011-4804.yaml
WordPress EasyCart <2.0.6 - Information Disclosure (CVE-2014-4942) cve/CVE-2014-4942.yaml
Splunk <=7.0.1 - Information Disclosure (CVE-2018-11409) cve/CVE-2018-11409.yaml
Joomla! Component jesectionfinder - Local File Inclusion (CVE-2010-2680) cve/CVE-2010-2680.yaml
Documentor <= 1.5.3 - Unauthenticated SQL Injection (CVE-2022-0773) cve/CVE-2022-0773.yaml
Skysa App Bar 1.04 - Cross-Site Scripting (CVE-2011-5179) cve/CVE-2011-5179.yaml
Advantech R-SeeNet - Cross-Site Scripting (CVE-2021-21801) cve/CVE-2021-21801.yaml
Commvault CommCell - Local File Inclusion (CVE-2020-25780) cve/CVE-2020-25780.yaml
RaspAP <=2.6.5 - Remote Command Injection (CVE-2021-33357) cve/CVE-2021-33357.yaml
CuppaCMS v1.0 - Local File Inclusion (CVE-2022-34121) cve/CVE-2022-34121.yaml
Rukovoditel <= 2.7.2 - Cross-Site Scripting (CVE-2020-35987) cve/CVE-2020-35987.yaml
playSMS <1.4.3 - Remote Code Execution (CVE-2020-8644) cve/CVE-2020-8644.yaml
Roxy-WI < - Remote Code Execution (CVE-2022-31126) cve/CVE-2022-31126.yaml
Apache Solr <=8.8.1 - Server-Side Request Forgery (CVE-2021-27905) cve/CVE-2021-27905.yaml
PrismaWEB - Credentials Disclosure (CVE-2018-9161) cve/CVE-2018-9161.yaml
NexusPHP <1.7.33 - Cross-Site Scripting (CVE-2022-46888) cve/CVE-2022-46888.yaml
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure cve/CVE-2020-14179.yaml
ForgeRock OpenAM <7.0 - Remote Code Execution (CVE-2021-35464) cve/CVE-2021-35464.yaml
phpIPAM - 1.6 - Cross-Site Scripting (CVE-2023-24657) cve/CVE-2023-24657.yaml
VMware vSphere - Server-Side Request Forgery (CVE-2021-21973) cve/CVE-2021-21973.yaml
Jira <8.4.0 - Server-Side Request Forgery (CVE-2019-8451) cve/CVE-2019-8451.yaml
Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting cve/CVE-2018-14013.yaml
WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution cve/CVE-2019-15858.yaml
Appwrite <=1.2.1 - Server-Side Request Forgery (CVE-2023-27159) cve/CVE-2023-27159.yaml
WordPress NewStatPress <1.3.6 - Cross-Site Scripting (CVE-2022-0206) cve/CVE-2022-0206.yaml
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection (CVE-2021-25296) cve/CVE-2021-25296.yaml
Apache Tika <1.1.8- Header Command Injection (CVE-2018-1335) cve/CVE-2018-1335.yaml
WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting (CVE-2022-1007) cve/CVE-2022-1007.yaml
Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion cve/CVE-2022-26233.yaml
WordPress MyPixs <=0.3 - Local File Inclusion (CVE-2015-1000012) cve/CVE-2015-1000012.yaml
XStream <1.4.16 - Remote Code Execution (CVE-2021-21351) cve/CVE-2021-21351.yaml
AvantFAX 3.3.3 - Cross-Site Scripting (CVE-2017-18024) cve/CVE-2017-18024.yaml
ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting (CVE-2014-4513) cve/CVE-2014-4513.yaml
Mlflow <2.3.0 - Local File Inclusion (CVE-2023-2356) cve/CVE-2023-2356.yaml
WAVLINK WN535 G3 - Information Disclosure (CVE-2022-31846) cve/CVE-2022-31846.yaml
WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read (CVE-2022-33901) cve/CVE-2022-33901.yaml
Netsweeper - Authentication Bypass (CVE-2014-9618) cve/CVE-2014-9618.yaml
npm ansi_up v4 - Cross-Site Scripting (CVE-2021-3377) cve/CVE-2021-3377.yaml
SugarCRM 3.5.1 - Cross-Site Scripting (CVE-2018-5715) cve/CVE-2018-5715.yaml
Redis Sandbox Escape - Remote Code Execution (CVE-2022-0543) cve/CVE-2022-0543.yaml
Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution (CVE-2021-40870) cve/CVE-2021-40870.yaml
SV3C HD Camera L Series - Open Redirect (CVE-2018-12675) cve/CVE-2018-12675.yaml
GetSimple CMS 3.3.13 - Open Redirect (CVE-2019-9915) cve/CVE-2019-9915.yaml
Atlassian Jira Server-Side Template Injection (CVE-2019-11581) cve/CVE-2019-11581.yaml
Admidio - Cross-Site Scripting (CVE-2021-43810) cve/CVE-2021-43810.yaml
kkFileView 4.1.0 - Server-Side Request Forgery (CVE-2022-43140) cve/CVE-2022-43140.yaml
Shortcode Ninja <= 1.4 - Cross-Site Scripting (CVE-2014-4550) cve/CVE-2014-4550.yaml
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting cve/CVE-2022-30513.yaml
Apache ShenYu Admin Unauth Access (CVE-2022-23944) cve/CVE-2022-23944.yaml
CandidATS 3.0.0 - Cross-Site Scripting. (CVE-2022-42747) cve/CVE-2022-42747.yaml
Ruby On Rails - Local File Inclusion (CVE-2018-3760) cve/CVE-2018-3760.yaml
Jira Server and Data Center - Information Disclosure (CVE-2020-36289) cve/CVE-2020-36289.yaml
Apache Flink - Local File Inclusion (CVE-2020-17519) cve/CVE-2020-17519.yaml
Tarantella Enterprise <3.11 - Local File Inclusion (CVE-2018-19753) cve/CVE-2018-19753.yaml
YeaLink DM - Remote Command Injection (CVE-2021-27561) cve/CVE-2021-27561.yaml
Apache <= 2.4.48 - Mod_Proxy SSRF (CVE-2021-40438) cve/CVE-2021-40438.yaml
PHP-Fusion 9.03.50 - Remote Code Execution (CVE-2020-24949) cve/CVE-2020-24949.yaml
Lucee Admin - Remote Code Execution (CVE-2021-21307) cve/CVE-2021-21307.yaml
Clansphere CMS 2011.4 - Cross-Site Scripting (CVE-2021-27309) cve/CVE-2021-27309.yaml
SearchBlox <9.2.2 - Local File Inclusion (CVE-2020-35580) cve/CVE-2020-35580.yaml
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion (CVE-2018-16283) cve/CVE-2018-16283.yaml
SolarView Compact 6.00 - OS Command Injection (CVE-2023-23333) cve/CVE-2023-23333.yaml
Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion (CVE-2023-29887) cve/CVE-2023-29887.yaml
LG NAS Devices - Remote Code Execution (CVE-2018-10818) cve/CVE-2018-10818.yaml
Smartstore <4.1.0 - Open Redirect (CVE-2020-36365) cve/CVE-2020-36365.yaml
The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting (CVE-2021-25008) cve/CVE-2021-25008.yaml
Grafana Snapshot - Authentication Bypass (CVE-2021-39226) cve/CVE-2021-39226.yaml
Cisco Unified Communications - Remote Code Execution (Apache Log4j) (CVE-2021-44228) cve/cisco-unified-communications-log4j.yaml
Complete Online Job Search System 1.0 - SQL Injection (CVE-2022-32007) cve/CVE-2022-32007.yaml
Easy Social Feed < 6.2.7 - Cross-Site Scripting (CVE-2021-25120) cve/CVE-2021-25120.yaml
Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal (CVE-2010-2035) cve/CVE-2010-2035.yaml
Pascom CPS - Local File Inclusion (CVE-2021-45968) cve/CVE-2021-45968.yaml
Oracle Content Server - Cross-Site Scripting (CVE-2017-10075) cve/CVE-2017-10075.yaml
WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local cve/CVE-2018-9118.yaml
Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting (CVE-2021-24495) cve/CVE-2021-24495.yaml
Processwire CMS <2.7.1 - Local File Inclusion (CVE-2020-27467) cve/CVE-2020-27467.yaml
Comodo Unified Threat Management Web Console - Remote Code Execution (CVE-2018-17431) cve/CVE-2018-17431.yaml
Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation (CVE-2022-25369) cve/CVE-2022-25369.yaml
WordPress JH 404 Logger <=1.1 - Cross-Site Scripting (CVE-2021-24176) cve/CVE-2021-24176.yaml
VoipMonitor <24.61 - Remote Code Execution (CVE-2021-30461) cve/CVE-2021-30461.yaml
Grafana & Zabbix Integration - Credentials Disclosure (CVE-2022-26148) cve/CVE-2022-26148.yaml
Monitorr 1.7.6m - Unauthenticated Remote Code Execution (CVE-2020-28871) cve/CVE-2020-28871.yaml
Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting (CVE-2014-4536) cve/CVE-2014-4536.yaml
Grafana - Improper Access Control (CVE-2019-15043) cve/CVE-2019-15043.yaml
WordPress WP Video Gallery <=1.7.1 - SQL Injection (CVE-2022-0826) cve/CVE-2022-0826.yaml
Joomla! Component Archery Scores 1.0.6 - Local File Inclusion (CVE-2010-1718) cve/CVE-2010-1718.yaml
Nacos <1.4.1 - Authentication Bypass (CVE-2021-29442) cve/CVE-2021-29442.yaml
Member Hero <=1.0.9 - Remote Code Execution (CVE-2022-0885) cve/CVE-2022-0885.yaml
Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored) (CVE-2022-42095) cve/CVE-2022-42095.yaml
kkFileview v4.0.0 - Local File Inclusion (CVE-2021-43734) cve/CVE-2021-43734.yaml
MasterStudy LMS <2.7.6 - Improper Access Control (CVE-2022-0441) cve/CVE-2022-0441.yaml
Joomla! Component SVMap 1.1.1 - Local File Inclusion (CVE-2010-1308) cve/CVE-2010-1308.yaml
WordPress Plugin Tera Charts - Local File Inclusion (CVE-2014-4940) cve/CVE-2014-4940.yaml
Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting (CVE-2019-14696) cve/CVE-2019-14696.yaml
WordPress anti-plagiarism <=3.60 - Cross-Site Scripting (CVE-2016-1000128) cve/CVE-2016-1000128.yaml
Joomla! Component Highslide 1.5 - Local File Inclusion (CVE-2010-1314) cve/CVE-2010-1314.yaml
Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting (CVE-2021-26812) cve/CVE-2021-26812.yaml
Ninja Forms < 3.6.22 - Cross-Site Scripting (CVE-2023-1835) cve/CVE-2023-1835.yaml
Apache Cassandra Load UDF RCE (CVE-2021-44521) cve/CVE-2021-44521.yaml
Joomla! Component com_cartweberp - Local File Inclusion (CVE-2010-0982) cve/CVE-2010-0982.yaml
Joomla! Component Foobla Suggestions - Local File Inclusion (CVE-2010-2920) cve/CVE-2010-2920.yaml
PrestaShop SmartBlog <4.0.6- SQL Injection (CVE-2021-37538) cve/CVE-2021-37538.yaml
Apache APISIX - Remote Code Execution (CVE-2022-24112) cve/CVE-2022-24112.yaml
WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion (CVE-2022-0679) cve/CVE-2022-0679.yaml
NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting (CVE-2022-33119) cve/CVE-2022-33119.yaml
Grafana v8.x - Arbitrary File Read (CVE-2021-43798) cve/CVE-2021-43798.yaml
PMB 7.4.6 - Cross-Site Scripting (CVE-2023-24733) cve/CVE-2023-24733.yaml
WordPress Slider Revolution - Local File Disclosure (CVE-2015-1579) cve/CVE-2015-1579.yaml
TBK DVR4104/DVR4216 Devices - Authentication Bypass (CVE-2018-9995) cve/CVE-2018-9995.yaml
Lightdash version <= 0.510.3 Arbitrary File Read (CVE-2023-35844) cve/CVE-2023-35844.yaml
Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery (CVE-2022-24129) cve/CVE-2022-24129.yaml
WordPress Social Warfare <3.5.3 - Cross-Site Scripting (CVE-2019-9978) cve/CVE-2019-9978.yaml
Joomla! Component Jstore - 'Controller' Local File Inclusion (CVE-2010-5286) cve/CVE-2010-5286.yaml
Mongo-Express - Remote Code Execution (CVE-2020-24391) cve/CVE-2020-24391.yaml
Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion (CVE-2010-1535) cve/CVE-2010-1535.yaml
WordPress WOOCS < - Cross-Site Scripting (CVE-2022-0234) cve/CVE-2022-0234.yaml
Drawio <18.1.2 - Server-Side Request Forgery (CVE-2022-1815) cve/CVE-2022-1815.yaml
SolarView Compact 6.00 - Cross-Site Scripting (CVE-2022-31373) cve/CVE-2022-31373.yaml
Cuppa CMS v1.0 - SQL injection (CVE-2022-24266) cve/CVE-2022-24266.yaml
WordPress GN Publisher <1.5.6 - Cross-Site Scripting (CVE-2023-1080) cve/CVE-2023-1080.yaml
phpShowtime 2.0 - Directory Traversal (CVE-2012-0981) cve/CVE-2012-0981.yaml
WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection (CVE-2021-24554) cve/CVE-2021-24554.yaml
Rukovoditel <= 3.2.1 - Cross-Site Scripting (CVE-2022-43185) cve/CVE-2022-43185.yaml
D-Link DIR-600M - Authentication Bypass (CVE-2019-13101) cve/CVE-2019-13101.yaml
D-Link DSL 2888a - Authentication Bypass/Remote Command Execution (CVE-2020-24579) cve/CVE-2020-24579.yaml
OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43016) cve/CVE-2022-43016.yaml
ServiceNow - Cross-Site Scripting (CVE-2022-38463) cve/CVE-2022-38463.yaml
rConfig 3.9.2 - Remote Code Execution (CVE-2019-16662) cve/CVE-2019-16662.yaml
WordPress Helloprint <1.4.7 - Cross-Site Scripting (CVE-2022-3908) cve/CVE-2022-3908.yaml
WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting (CVE-2022-4301) cve/CVE-2022-4301.yaml
WordPress ARPrice <3.6.1 - SQL Injection (CVE-2022-0867) cve/CVE-2022-0867.yaml
Cacti <=1.2.22 - Remote Command Injection (CVE-2022-46169) cve/CVE-2022-46169.yaml
Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting (CVE-2020-26153) cve/CVE-2020-26153.yaml
Gitea <1.16.5 - Open Redirect (CVE-2022-1058) cve/CVE-2022-1058.yaml
Cobub Razor 0.8.0 - Information Disclosure (CVE-2018-8770) cve/CVE-2018-8770.yaml
WordPress RSVPMaker <=9.3.2 - SQL Injection (CVE-2022-1768) cve/CVE-2022-1768.yaml
WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting (CVE-2021-36873) cve/CVE-2021-36873.yaml
uDraw <3.3.3 - Local File Inclusion (CVE-2022-0656) cve/CVE-2022-0656.yaml
Apache ActiveMQ Fileserver - Arbitrary File Write (CVE-2016-3088) cve/CVE-2016-3088.yaml
The School Management < 9.9.7 - Remote Code Execution (CVE-2022-1609) cve/CVE-2022-1609.yaml
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-20010) cve/CVE-2018-20010.yaml
Infographic Maker iList < 4.3.8 - SQL Injection (CVE-2022-0747) cve/CVE-2022-0747.yaml
Eclipse Jetty ConcatServlet - Information Disclosure (CVE-2021-28169) cve/CVE-2021-28169.yaml
WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting (CVE-2018-11709) cve/CVE-2018-11709.yaml
Redash Setup Configuration - Default Secrets Disclosure (CVE-2021-41192) cve/CVE-2021-41192.yaml
Sunhillo SureLine < - Unauthenticated OS Command Injection (CVE-2021-36380) cve/CVE-2021-36380.yaml
WordPress Canto 1.3.0 - Blind Server-Side Request Forgery (CVE-2020-28976) cve/CVE-2020-28976.yaml
WordPress Visual Form Builder <3.0.8 - Cross-Site Scripting (CVE-2022-0140) cve/CVE-2022-0140.yaml
Oracle Weblogic Server - Remote Command Execution (CVE-2020-14882) cve/CVE-2020-14882.yaml
Microfinance Management System 1.0 - SQL Injection (CVE-2022-27927) cve/CVE-2022-27927.yaml
Gryphon Tower - Cross-Site Scripting (CVE-2021-20137) cve/CVE-2021-20137.yaml
Mida eFramework <=2.9.0 - Remote Command Execution (CVE-2020-15920) cve/CVE-2020-15920.yaml
Joomla! Component Picasa 2.0 - Local File Inclusion (CVE-2010-1306) cve/CVE-2010-1306.yaml
74cms - ajax_street.php 'x' SQL Injection (CVE-2020-22210) cve/CVE-2020-22208.yaml
Import Legacy Media <= 0.1 - Cross-Site Scripting (CVE-2014-4535) cve/CVE-2014-4535.yaml
Ignite Realtime Openfire <4.42 - Local File Inclusion (CVE-2019-18393) cve/CVE-2019-18393.yaml
Fonality trixbox - Local File Inclusion (CVE-2014-5111) cve/CVE-2014-5111.yaml
Exchange Server - Remote Code Execution (CVE-2021-34473) cve/CVE-2021-34473.yaml
Next.js <9.3.2 - Local File Inclusion (CVE-2020-5284) cve/CVE-2020-5284.yaml
Joomla! Component com_rokdownloads - Local File Inclusion (CVE-2010-1056) cve/CVE-2010-1056.yaml
Responsive filemanager 9.13.1 Server-Side Request Forgery (CVE-2018-14728) cve/CVE-2018-14728.yaml
WordPress NotificationX <2.3.9 - SQL Injection (CVE-2022-0349) cve/CVE-2022-0349.yaml
Clustering Local File Inclusion (CVE-2021-43496) cve/CVE-2021-43496.yaml
Eventum <3.4.0 - Open Redirect (CVE-2018-16761) cve/CVE-2018-16761.yaml
Bank Locker Management System - Cross-Site Scripting (CVE-2023-0563) cve/CVE-2023-0563.yaml
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting (CVE-2014-2908) cve/CVE-2014-2908.yaml
WordPress Plugin DukaPress 2.5.2 - Directory Traversal (CVE-2014-8799) cve/CVE-2014-8799.yaml
Netsweeper <=6.4.3 - Python Code Injection (CVE-2020-13167) cve/CVE-2020-13167.yaml
LabKey Server Community Edition <18.3.0 - Cross-Site Scripting (CVE-2019-3911) cve/CVE-2019-3911.yaml
OURPHP <= 7.2.0 - Cross Site Scripting (CVE-2023-30210) cve/CVE-2023-30210.yaml
MinIO Browser API - Server-Side Request Forgery (CVE-2021-21287) cve/CVE-2021-21287.yaml
Omnia MPX 1.5.0+r1 - Local File Inclusion (CVE-2022-36642) cve/CVE-2022-36642.yaml
SPIP <3.1.2 - Cross-Site Scripting (CVE-2016-7981) cve/CVE-2016-7981.yaml
VMware vSphere Client (HTML5) - Remote Code Execution (CVE-2021-21985) cve/CVE-2021-21985.yaml
CirCarLife <4.3 - Improper Authentication (CVE-2018-16670) cve/CVE-2018-16670.yaml
WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting (CVE-2015-2755) cve/CVE-2015-2755.yaml
WordPress RSVP and Event Management <2.7.8 - Missing Authorization (CVE-2022-1054) cve/CVE-2022-1054.yaml
u5cms v8.3.5 - Open Redirect (CVE-2022-32444) cve/CVE-2022-32444.yaml
WordPress GDPR & CCPA <1.9.27 - Cross-Site Scripting (CVE-2022-0220) cve/CVE-2022-0220.yaml
Nagios XI <5.8.5 - Open Redirect (CVE-2022-29272) cve/CVE-2022-29272.yaml
Rukovoditel <= 3.2.1 - Cross-Site Scripting (CVE-2022-44948) cve/CVE-2022-44948.yaml
Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting (CVE-2008-6465) cve/CVE-2008-6465.yaml
ZEROF Web Server 2.0 - Cross-Site Scripting (CVE-2022-25323) cve/CVE-2022-25323.yaml
WordPress DZS Zoomsounds <=6.50 - Local File Inclusion (CVE-2021-39316) cve/CVE-2021-39316.yaml
AWStats < 6.95 - Open Redirect (CVE-2009-5020) cve/CVE-2009-5020.yaml
MicroStrategy Library <11.1.3 - Cross-Site Scripting (CVE-2019-18957) cve/CVE-2019-18957.yaml
Apache Airflow <=1.10.10 - Remote Code Execution (CVE-2020-11978) cve/CVE-2020-11978.yaml
D-Link DIR850 ET850-1.08TRb03 - Open Redirect (CVE-2021-46379) cve/CVE-2021-46379.yaml
Ruby on Rails Web Console - Remote Code Execution (CVE-2015-3224) cve/CVE-2015-3224.yaml
AccessAlly <3.5.7 - Sensitive Information Leakage (CVE-2021-24226) cve/CVE-2021-24226.yaml
TOTOLink - Unauthenticated Command Injection (CVE-2022-25082) cve/CVE-2022-25082.yaml
Car Rental Management System 1.0 - SQL Injection (CVE-2022-32028) cve/CVE-2022-32028.yaml
ElasticSearch - Remote Code Execution (CVE-2015-1427) cve/CVE-2015-1427.yaml
Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect (CVE-2019-10098) cve/CVE-2019-10098.yaml
Linear eMerge E3-Series - Information Disclosure (CVE-2022-31269) cve/CVE-2022-31269.yaml
Joomla! Component com_jcollection - Directory Traversal (CVE-2010-0944) cve/CVE-2010-0944.yaml
Buffalo WSR-2533DHPL2 - Configuration File Injection (CVE-2021-20091) cve/CVE-2021-20091.yaml
Mautic <3.3.4 - Cross-Site Scripting (CVE-2021-27909) cve/CVE-2021-27909.yaml
WordPress Ocean Extra <1.9.5 - Cross-Site Scripting (CVE-2021-25104) cve/CVE-2021-25104.yaml
FAUST iServer - Local File Inclusion (CVE-2021-34805) cve/CVE-2021-34805.yaml
Advantech R-SeeNet - Cross-Site Scripting (CVE-2021-21803) cve/CVE-2021-21803.yaml
Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion cve/CVE-2010-1723.yaml
Webmin <1.997 - Authenticated Remote Code Execution (CVE-2022-36446) cve/CVE-2022-36446.yaml
IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion (CVE-2018-10956) cve/CVE-2018-10956.yaml
WordPress NewStatPress 0.9.8 - SQL Injection (CVE-2015-4062) cve/CVE-2015-4062.yaml
ElasticSearch v1.1.1/1.2 RCE (CVE-2014-3120) cve/CVE-2014-3120.yaml
WordPress Sell Media 2.4.1 - Cross-Site Scripting (CVE-2019-6112) cve/CVE-2019-6112.yaml
HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery (CVE-2022-29153) cve/CVE-2022-29153.yaml
Reprise License Manager 14.2 - Cross-Site Scripting (CVE-2022-28363) cve/CVE-2022-28363.yaml
Joomla! Component Love Factory 1.3.4 - Local File Inclusion (CVE-2010-1957) cve/CVE-2010-1957.yaml
Joomla! Component com_jresearch - 'Controller' Local File Inclusion (CVE-2010-1340) cve/CVE-2010-1340.yaml
Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion (CVE-2010-1719) cve/CVE-2010-1719.yaml
Void Aural Rec Monitor - SQL Injection (CVE-2021-25899) cve/CVE-2021-25899.yaml
Icinga Web 2 - Arbitrary File Disclosure (CVE-2022-24716) cve/CVE-2022-24716.yaml
qdPM 9.1 - Cross-site Scripting (CVE-2020-19515) cve/CVE-2020-19515.yaml
Gridx 1.3 - Remote Code Execution (CVE-2020-19625) cve/CVE-2020-19625.yaml
WordPress Directorist <7.3.1 - Information Disclosure (CVE-2022-2376) cve/CVE-2022-2376.yaml
Webmin <= 1.920 - Unauthenticated Remote Command Execution (CVE-2019-15107) cve/CVE-2019-15107.yaml
WWBN AVideo 11.6 - Cross-Site Scripting (CVE-2022-32772) cve/CVE-2022-32772.yaml
Citrix Gateway and Citrix ADC - Cross-Site Scripting (CVE-2023-24488) cve/CVE-2023-24488.yaml
WordPress Under Construction <1.19 - Cross-Site Scripting (CVE-2021-39320) cve/CVE-2021-39320.yaml
WordPress Admin Word Count Column 2.2 - Local File Inclusion (CVE-2022-1390) cve/CVE-2022-1390.yaml
Monstra CMS 3.0.4 - Cross-Site Scripting (CVE-2020-23697) cve/CVE-2020-23697.yaml
phpPgAdmin <=4.2.1 - Local File Inclusion (CVE-2008-5587) cve/CVE-2008-5587.yaml
Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal (CVE-2021-44138) cve/CVE-2021-44138.yaml
Apache Superset <=1.3.2 - Default Login (CVE-2021-44451) cve/CVE-2021-44451.yaml
kkFileView 4.1.0 - Cross-Site Scripting (CVE-2022-40879) cve/CVE-2022-40879.yaml
VSFTPD 2.3.4 - Backdoor Command Execution (CVE-2011-2523) cve/CVE-2011-2523.yaml
Spring MVC Framework - Local File Inclusion (CVE-2018-1271) cve/CVE-2018-1271.yaml
Joomla! Agora 3.0.0b - Local File Inclusion (CVE-2009-3053) cve/CVE-2009-3053.yaml
vBulletin 5.0.0-5.5.4 - Remote Command Execution (CVE-2019-16759) cve/CVE-2019-16759.yaml
GeoServer <1.2.2 - Remote Code Execution (CVE-2022-24816) cve/CVE-2022-24816.yaml
Nextjs <2.4.1 - Local File Inclusion (CVE-2017-16877) cve/CVE-2017-16877.yaml
WordPress WP Security Audit Log 3.1.1 - Information Disclosure (CVE-2018-8719) cve/CVE-2018-8719.yaml
WordPress e-search <=1.0 - Cross-Site Scripting (CVE-2016-1000131) cve/CVE-2016-1000131.yaml
ffay lanproxy Directory Traversal (CVE-2021-3019) cve/CVE-2021-3019.yaml
Joomla! Component JA Voice 2.0 - Local File Inclusion (CVE-2010-1982) cve/CVE-2010-1982.yaml
WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting (CVE-2020-12054) cve/CVE-2020-12054.yaml
Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution (CVE-2019-7238) cve/CVE-2019-7238.yaml
Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion (CVE-2010-2507) cve/CVE-2010-2507.yaml
Revive Adserver <=5.0.3 - Cross-Site Scripting (CVE-2020-8115) cve/CVE-2020-8115.yaml
Joomla! Component Sweetykeeper 1.5 - Local File Inclusion (CVE-2010-1474) cve/CVE-2010-1474.yaml
Xsuite <= - Open Redirect (CVE-2015-4668) cve/CVE-2015-4668.yaml
Atlassian Crowd and Crowd Data Center Unauthenticated Remote Code Execution cve/CVE-2019-11580.yaml
Magento Server MAGMI - Directory Traversal (CVE-2015-2067) cve/CVE-2015-2067.yaml
Zend Server <9.13 - Cross-Site Scripting (CVE-2018-10230) cve/CVE-2018-10230.yaml
Hospital Management System 1.0 - SQL Injection (CVE-2022-38637) cve/CVE-2022-38637.yaml
WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery (CVE-2022-1386) cve/CVE-2022-1386.yaml
CirCarLife <4.3 - Improper Authentication (CVE-2018-16671) cve/CVE-2018-16671.yaml
Car Rental Management System 1.0 - SQL Injection (CVE-2022-32024) cve/CVE-2022-32024.yaml
Reprise License Manager 14.2 - Information Disclosure (CVE-2022-28365) cve/CVE-2022-28365.yaml
Wavlink WN535K2/WN535K3 - OS Command Injection (CVE-2022-2488) cve/CVE-2022-2488.yaml
WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting (CVE-2021-25063) cve/CVE-2021-25063.yaml
Monstra CMS <=3.0.4 - Cross-Site Scripting (CVE-2018-11227) cve/CVE-2018-11227.yaml
Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40972) cve/CVE-2021-40972.yaml
Zabbix - SAML SSO Authentication Bypass (CVE-2022-23131) cve/CVE-2022-23131.yaml
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-20009) cve/CVE-2018-20009.yaml
HTTP File Server <2.3c - Remote Command Execution (CVE-2014-6287) cve/CVE-2014-6287.yaml
Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting (CVE-2020-28351) cve/CVE-2020-28351.yaml
Affiliates Manager < 2.9.0 - Cross Site Scripting (CVE-2021-25078) cve/CVE-2021-25078.yaml
SaltStack Salt <3002.5 - Auth Bypass (CVE-2021-25281) cve/CVE-2021-25281.yaml
WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting (CVE-2021-24746) cve/CVE-2021-24746.yaml
Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure (CVE-2021-28937) cve/CVE-2021-28937.yaml
CouchDB Erlang Distribution - Remote Command Execution (CVE-2022-24706) cve/CVE-2022-24706.yaml
Laravel Filemanager v2.5.1 - Local File Inclusion (CVE-2022-40734) cve/CVE-2022-40734.yaml
LimeSurvey 4.1.11 - Local File Inclusion (CVE-2020-11455) cve/CVE-2020-11455.yaml
Onair2 < & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side cve/CVE-2021-24472.yaml
WordPress Events Calendar <1.4.5 - Cross-Site Scripting (CVE-2022-4320) cve/CVE-2022-4320.yaml
W3 Total Cache - Unauthenticated File Read / Directory Traversal cve/CVE-2019-6715.yaml
Complete Online Job Search System 1.0 - Cross-Site Scripting cve/eris-xss.yaml
ReQlogic v11.3 - Cross Site Scripting (CVE-2022-41441) cve/CVE-2022-41441.yaml
Apache Struts - Multiple Open Redirection Vulnerabilities (CVE-2013-2248) cve/CVE-2013-2248.yaml
SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting (CVE-2021-31537) cve/CVE-2021-31537.yaml
WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection cve/CVE-2022-0788.yaml
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion (CVE-2017-1000029) cve/CVE-2017-1000029.yaml
WordPress Tutor LMS <2.0.10 - Cross Site Scripting (CVE-2023-0236) cve/CVE-2023-0236.yaml
Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery (CVE-2018-1000600) cve/CVE-2018-1000600.yaml
Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection (CVE-2019-9670) cve/CVE-2019-9670.yaml
ElasticSearch <1.6.1 - Local File Inclusion (CVE-2015-5531) cve/CVE-2015-5531.yaml
Apache OFBiz 16.11.04 - XML Entity Injection (CVE-2018-8033) cve/CVE-2018-8033.yaml
WAVLINK WN535 G3 - Information Disclosure (CVE-2022-31845) cve/CVE-2022-31845.yaml
Plesk Obsidian <=18.0.49 - Open Redirect (CVE-2023-24044) cve/CVE-2023-24044.yaml
WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting (CVE-2021-24891) cve/CVE-2021-24891.yaml
Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change (CVE-2021-20158) cve/CVE-2021-20158.yaml
vRealize Operations Manager API - Server-Side Request Forgery (CVE-2021-21975) cve/CVE-2021-21975.yaml
Seagate BlackArmor NAS - Command Injection (CVE-2014-3206) cve/CVE-2014-3206.yaml
OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43018) cve/CVE-2022-43018.yaml
Dolibarr Unauthenticated Contacts Database Theft (CVE-2023-33568) cve/CVE-2023-33568.yaml
XStream <1.4.14 - Remote Code Execution (CVE-2020-26217) cve/CVE-2020-26217.yaml
Python Flask-Security - Open Redirect (CVE-2021-32618) cve/CVE-2021-32618.yaml
Squirrelmail <=1.4.6 - Local File Inclusion (CVE-2006-2842) cve/CVE-2006-2842.yaml
Responsive FileManager <9.13.4 - Local File Inclusion (CVE-2018-15535) cve/CVE-2018-15535.yaml
WordPress Stop Spammers <2021.9 - Cross-Site Scripting (CVE-2021-24245) cve/CVE-2021-24245.yaml
Cyberoam NetGenie Cross-Site Scripting (CVE-2021-38702) cve/CVE-2021-38702.yaml
Galera WebTemplate 1.0 Directory Traversal (CVE-2021-40960) cve/CVE-2021-40960.yaml
Optergy Proton/Enterprise Building Management System - Open Redirect (CVE-2019-7275) cve/CVE-2019-7275.yaml
Atlassian Confluence Server - Local File Inclusion (CVE-2021-26085) cve/CVE-2021-26085.yaml
Jira Server and Data Center - Information Disclosure (CVE-2020-14181) cve/CVE-2020-14181.yaml
D-Link DIR-3040 1.13B03 - Information Disclosure (CVE-2021-21816) cve/CVE-2021-21816.yaml
Graphite <=1.1.5 - Server-Side Request Forgery (CVE-2017-18638) cve/CVE-2017-18638.yaml
Loytec LGATE-902 <6.4.2 - Local File Inclusion (CVE-2018-14916) cve/CVE-2018-14916.yaml
74cms - ajax_street.php 'key' SQL Injection (CVE-2020-22210) cve/CVE-2020-22211.yaml
Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion (CVE-2021-24227) cve/CVE-2021-24227.yaml
WordPress Ninja Forms <3.3.18 - Cross-Site Scripting (CVE-2018-19287) cve/CVE-2018-19287.yaml
Artica Web Proxy 4.30 - OS Command Injection (CVE-2020-17505) cve/CVE-2020-17505.yaml
Joomla! Component CCNewsLetter - Local File Inclusion (CVE-2010-0467) cve/CVE-2010-0467.yaml
Payara Micro Community 5.2021.6 Directory Traversal (CVE-2021-41381) cve/CVE-2021-41381.yaml
Joomla! Component LoginBox - Local File Inclusion (CVE-2010-1353) cve/CVE-2010-1353.yaml
WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting (CVE-2013-3526) cve/CVE-2013-3526.yaml
AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion (CVE-2022-23854) cve/CVE-2022-23854.yaml
Metinfo 7.0.0 beta - SQL Injection (CVE-2019-16997) cve/CVE-2019-16997.yaml
Jira Rainbow.Zen - Cross-Site Scripting (CVE-2007-0885) cve/CVE-2007-0885.yaml
Joomla! ionFiles 4.4.2 - Local File Inclusion (CVE-2008-6080) cve/CVE-2008-6080.yaml
WordPress Chop Slider 3 - Blind SQL Injection (CVE-2020-11530) cve/CVE-2020-11530.yaml
Landing Page Builder < - Cross-Site Scripting (CVE-2021-25067) cve/CVE-2021-25067.yaml
PrestaShop Product Comments <4.2.0 - SQL Injection (CVE-2020-26248) cve/CVE-2020-26248.yaml
Good Layers LMS Plugin <= 2.1.4 - SQL Injection (CVE-2020-27481) cve/CVE-2020-27481.yaml
Microsoft Open Management Infrastructure - Remote Code Execution (CVE-2021-38647) cve/CVE-2021-38647.yaml
Joomla! Component Jw_allVideos - Arbitrary File Retrieval (CVE-2010-0696) cve/CVE-2010-0696.yaml
XStream <1.4.16 - Remote Code Execution (CVE-2021-21345) cve/CVE-2021-21345.yaml
LogonTracer <=1.2.0 - Remote Command Injection (CVE-2018-16167) cve/CVE-2018-16167.yaml
NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure (CVE-2016-5649) cve/CVE-2016-5649.yaml
ScoreMe Theme - Cross-Site Scripting (CVE-2016-10993) cve/CVE-2016-10993.yaml
WordPress Site Editor <=1.1.1 - Local File Inclusion (CVE-2018-7422) cve/CVE-2018-7422.yaml
Oracle WebLogic Server - Remote Command Execution (CVE-2020-14750) cve/CVE-2020-14750.yaml
Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion (CVE-2013-7091) cve/CVE-2013-7091.yaml
Majordomo2 - SMTP/HTTP Directory Traversal (CVE-2011-0049) cve/CVE-2011-0049.yaml
WordPress Transposh Translation <1.0.8 - Cross-Site Scripting (CVE-2021-24910) cve/CVE-2021-24910.yaml
karma-runner DOM-based Cross-Site Scripting (CVE-2022-0437) cve/CVE-2022-0437.yaml
Kong Admin <=2.03 - Admin API Access (CVE-2020-11710) cve/CVE-2020-11710.yaml
CHIYU TCP/IP Converter - Carriage Return Line Feed Injection (CVE-2021-31249) cve/CVE-2021-31249.yaml
MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution cve/CVE-2020-15505.yaml
WordPress WPSOLR <=8.6 - Cross-Site Scripting (CVE-2016-1000155) cve/CVE-2016-1000155.yaml
Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload (CVE-2021-45428) cve/CVE-2021-45428.yaml
SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution (CVE-2020-17456) cve/CVE-2020-17456.yaml
EPrints 3.4.2 - Cross-Site Scripting (CVE-2021-26475) cve/CVE-2021-26475.yaml
Pega Infinity - Authentication Bypass (CVE-2021-27651) cve/CVE-2021-27651.yaml
Cacti v1.2.8 - Remote Code Execution (CVE-2020-8813) cve/CVE-2020-8813.yaml
AppServ Open Project <=2.5.10 - Cross-Site Scripting (CVE-2008-2398) cve/CVE-2008-2398.yaml
Microsoft Exchange Server SSRF Vulnerability (CVE-2021-26855) cve/CVE-2021-26855.yaml
CirCarLife Scada <4.3 - System Log Exposure (CVE-2018-12634) cve/CVE-2018-12634.yaml
Polarisft Intellect Core Banking Software Version 9.7.1 - Open Redirect (CVE-2018-14931) cve/CVE-2018-14931.yaml
Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion (CVE-2010-1217) cve/CVE-2010-1217.yaml
Reolink E1 Zoom Camera <= - Private Key Disclosure (CVE-2021-40149) cve/CVE-2021-40149.yaml
WordPress Shareaholic <9.7.6 - Information Disclosure (CVE-2022-0594) cve/CVE-2022-0594.yaml
Joomla! Component WMI 1.5.0 - Local File Inclusion (CVE-2010-1607) cve/CVE-2010-1607.yaml
WordPress Easy Student Results <=2.2.8 - Improper Authorization (CVE-2022-2379) cve/CVE-2022-2379.yaml
SugarCRM Enterprise 9.0.0 - Cross-Site Scripting (CVE-2019-14974) cve/CVE-2019-14974.yaml
Joomla! Component VJDEO 1.0 - Local File Inclusion (CVE-2010-1354) cve/CVE-2010-1354.yaml
Intel Active Management - Authentication Bypass (CVE-2017-5689) cve/CVE-2017-5689.yaml
WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation (CVE-2021-24278) cve/CVE-2021-24278.yaml
WordPress Admin Font Editor <=1.8 - Cross-Site Scripting (CVE-2016-1000126) cve/CVE-2016-1000126.yaml
WordPress Checklist <1.1.9 - Cross-Site Scripting (CVE-2019-16525) cve/CVE-2019-16525.yaml
Quixplorer <=2.4.1 - Cross-Site Scripting (CVE-2020-24902) cve/CVE-2020-24902.yaml
Zeit Next.js <4.2.3 - Local File Inclusion (CVE-2018-6184) cve/CVE-2018-6184.yaml
PHP CGI v5.3.12/5.4.2 Remote Code Execution (CVE-2012-1823) cve/CVE-2012-1823.yaml
Joomla! Component com_biblestudy - Local File Inclusion (CVE-2010-0157) cve/CVE-2010-0157.yaml
All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery (CVE-2022-2633) cve/CVE-2022-2633.yaml
SonicWall SMA1000 LFI (CVE-2023-0126) cve/CVE-2023-0126.yaml
XOOPS Core 2.5.8 - Open Redirect (CVE-2017-12138) cve/CVE-2017-12138.yaml
Websvn <2.6.1 - Remote Code Execution (CVE-2021-32305) cve/CVE-2021-32305.yaml
Atom CMS v2.0 - Remote Code Execution (CVE-2022-25487) cve/CVE-2022-25487.yaml
PuneethReddyHC action.php SQL Injection (CVE-2021-41648) cve/CVE-2021-41648.yaml
Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion (CVE-2010-1956) cve/CVE-2010-1956.yaml
WAVLINK - Access Control (CVE-2020-10973) cve/CVE-2020-10973.yaml
Apache APISIX - Insufficiently Protected Credentials (CVE-2020-13945) cve/CVE-2020-13945.yaml
WordPress Button Generator <2.3.3 - Remote File Inclusion (CVE-2021-25052) cve/CVE-2021-25052.yaml
Gogs 0.5.5 - 0.12.2 - Remote Code Execution (CVE-2020-15867) cve/CVE-2020-15867.yaml
Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting (CVE-2020-29395) cve/CVE-2020-29395.yaml

    Did this answer your question?