Name |
Template |
WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution (CVE-2020-12800) |
cve/CVE-2020-12800.yaml |
WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting (CVE-2021-24291) |
cve/CVE-2021-24291.yaml |
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19752) |
cve/CVE-2018-19752.yaml |
WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting |
cve/CVE-2021-24287.yaml |
vBulletin SQL Injection (CVE-2020-12720) |
cve/CVE-2020-12720.yaml |
Open edX <2022-06-06 - Cross-Site Scripting (CVE-2022-32195) |
cve/CVE-2022-32195.yaml |
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE) (CVE-2023-0297) |
cve/CVE-2023-0297.yaml |
Apache Druid Kafka Connect - Remote Code Execution (CVE-2023-25194) |
cve/apache-druid-kafka-connect-rce.yaml |
WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting (CVE-2020-17453) |
cve/CVE-2020-17453.yaml |
Apache Airflow OS Command Injection (CVE-2022-24288) |
cve/CVE-2022-24288.yaml |
WordPress Ninja Forms <3.4.34 - Open Redirect (CVE-2021-24165) |
cve/CVE-2021-24165.yaml |
OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43014) |
cve/CVE-2022-43014.yaml |
Joomla! Component Photo Battle 1.0.1 - Local File Inclusion (CVE-2010-1461) |
cve/CVE-2010-1461.yaml |
WordPress RobotCPA 5 - Directory Traversal (CVE-2015-9480) |
cve/CVE-2015-9480.yaml |
Microweber <1.2.12 - Stored Cross-Site Scripting (CVE-2022-0963) |
cve/CVE-2022-0963.yaml |
Alerta < 8.1.0 - Authentication Bypass (CVE-2020-26214) |
cve/CVE-2020-26214.yaml |
Bank Locker Management System v1.0 - SQL Injection (CVE-2023-0562) |
cve/CVE-2023-0562.yaml |
Doctor Appointment System 1.0 - SQL Injection (CVE-2021-27316) |
cve/CVE-2021-27316.yaml |
Cuppa CMS v1.0 - SQL injection (CVE-2022-27985) |
cve/CVE-2022-27985.yaml |
Joomla! Component TweetLA 1.0.1 - Local File Inclusion (CVE-2010-1533) |
cve/CVE-2010-1533.yaml |
rConfig <3.9.4 - Sensitive Information Disclosure (CVE-2020-9425) |
cve/CVE-2020-9425.yaml |
Spring Boot - Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/springboot-log4j-rce.yaml |
Microweber <1.2.15 - Cross-Site Scripting (CVE-2022-1439) |
cve/CVE-2022-1439.yaml |
WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion (CVE-2015-5469) |
cve/CVE-2015-5469.yaml |
Joomla! Component JotLoader 2.2.1 - Local File Inclusion (CVE-2010-4617) |
cve/CVE-2010-4617.yaml |
Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting (CVE-2011-4336) |
cve/CVE-2011-4336.yaml |
Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection (CVE-2023-1020) |
cve/CVE-2023-1020.yaml |
WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting |
cve/CVE-2011-5106.yaml |
VMware vSphere Client (HTML5) - Remote Code Execution (CVE-2021-21972) |
cve/CVE-2021-21972.yaml |
Spring Cloud Config Server - Local File Inclusion (CVE-2020-5410) |
cve/CVE-2020-5410.yaml |
Joomla! Component Jfeedback 1.2 - Local File Inclusion (CVE-2010-1478) |
cve/CVE-2010-1478.yaml |
FineCMS <=5.0.10 - Cross-Site Scripting (CVE-2017-11629) |
cve/CVE-2017-11629.yaml |
Rukovoditel <= 2.7.2 - Cross Site Scripting (CVE-2020-35986) |
cve/CVE-2020-35986.yaml |
Joomla! Portfolio Nexus - Remote File Inclusion (CVE-2009-4679) |
cve/CVE-2009-4679.yaml |
MindPalette NateMail 3.0.15 - Cross-Site Scripting (CVE-2019-13392) |
cve/CVE-2019-13392.yaml |
Nette Framework - Remote Code Execution (CVE-2020-15227) |
cve/CVE-2020-15227.yaml |
Cisco IOS HTTP Configuration - Authentication Bypass (CVE-2001-0537) |
cve/CVE-2001-0537.yaml |
SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request |
cve/CVE-2020-6308.yaml |
PrestaShop 1.7.7.0 - SQL Injection (CVE-2021-3110) |
cve/CVE-2021-3110.yaml |
Xiaomi Mi WiFi R3G Routers - Local file Inclusion (CVE-2019-18371) |
cve/CVE-2019-18371.yaml |
AppCMS - Cross-Site Scripting (CVE-2021-45380) |
cve/CVE-2021-45380.yaml |
WordPress Country Selector <1.6.6 - Cross-Site Scripting (CVE-2022-28290) |
cve/CVE-2022-28290.yaml |
Hue Magic 3.0.0 - Local File Inclusion (CVE-2021-25864) |
cve/CVE-2021-25864.yaml |
Apache Druid - Local File Inclusion (CVE-2021-36749) |
cve/CVE-2021-36749.yaml |
Eaton Intelligent Power Manager 1.6 - Directory Traversal (CVE-2018-12031) |
cve/CVE-2018-12031.yaml |
Grafana 3.0.1-7.0.1 - Server-Side Request Forgery (CVE-2020-13379) |
cve/CVE-2020-13379.yaml |
Magento Mass Importer <0.7.24 - Remote Auth Bypass (CVE-2020-5777) |
cve/CVE-2020-5777.yaml |
Cisco RV132W/RV134W Router - Information Disclosure (CVE-2018-0127) |
cve/CVE-2018-0127.yaml |
Oracle WebLogic Server - Remote Code Execution (CVE-2018-2894) |
cve/CVE-2018-2894.yaml |
XStream <1.4.18 - Server-Side Request Forgery (CVE-2021-39152) |
cve/CVE-2021-39152.yaml |
Alert Before Your Post <= 0.1.1 - Cross-Site Scripting (CVE-2011-5107) |
cve/CVE-2011-5107.yaml |
Jira <8.4.0 - Information Disclosure (CVE-2019-8449) |
cve/CVE-2019-8449.yaml |
Seo Panel 4.8.0 - Cross-Site Scripting (CVE-2021-3002) |
cve/CVE-2021-3002.yaml |
WordPress Daily Prayer Time <2022.03.01 - SQL Injection (CVE-2022-0785) |
cve/CVE-2022-0785.yaml |
kkFileView 4.1.0 - Cross-Site Scripting (CVE-2022-35151) |
cve/CVE-2022-35151.yaml |
Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion (CVE-2010-1659) |
cve/CVE-2010-1659.yaml |
Kramer VIAware - Remote Code Execution (CVE-2021-36356) |
cve/CVE-2021-36356.yaml |
Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40971) |
cve/CVE-2021-40971.yaml |
KubeView <=0.1.31 - Information Disclosure (CVE-2022-45933) |
cve/CVE-2022-45933.yaml |
WBCE CMS v1.5.4 - Remote Code Execution (CVE-2022-46020) |
cve/CVE-2022-46020.yaml |
Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass (CVE-2018-3810) |
cve/CVE-2018-3810.yaml |
Cacti - Cross-Site Scripting (CVE-2021-26247) |
cve/CVE-2021-26247.yaml |
MAGMI - Cross-Site Request Forgery (CVE-2020-5776) |
cve/CVE-2020-5776.yaml |
WordPress WooCommerce <3.1.2 - Arbitrary Function Call (CVE-2022-1020) |
cve/CVE-2022-1020.yaml |
Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution (CVE-2020-11853) |
cve/CVE-2020-11853.yaml |
SAP NetWeaver Application Server Java 7.5 - Local File Inclusion (CVE-2017-12637) |
cve/CVE-2017-12637.yaml |
WordPress Sniplets 1.1.2 - Local File Inclusion (CVE-2008-1059) |
cve/CVE-2008-1059.yaml |
Zoho ManageEngine ServiceDesk Plus - Remote Code Execution (CVE-2021-44077) |
cve/CVE-2021-44077.yaml |
Ghost CMS <=4.32 - Cross-Site Scripting (CVE-2021-29484) |
cve/CVE-2021-29484.yaml |
74cms - ajax_common.php SQL Injection (CVE-2020-22210) |
cve/CVE-2020-22209.yaml |
IBAX - SQL Injection (CVE-2022-3800) |
cve/CVE-2022-3800.yaml |
rConfig 3.9.4 - SQL Injection (CVE-2020-10547) |
cve/CVE-2020-10547.yaml |
D-Link DIR-816L 2.x - Cross-Site Scripting (CVE-2020-15895) |
cve/CVE-2020-15895.yaml |
WordPress Contact Form 7 - Unrestricted File Upload (CVE-2020-35489) |
cve/CVE-2020-35489.yaml |
HD-Network Realtime Monitoring System 2.0 - Local File Inclusion (CVE-2021-45043) |
cve/CVE-2021-45043.yaml |
Express-handlebars - Local File Inclusion (CVE-2021-32820) |
cve/CVE-2021-32820.yaml |
CRM Perks Forms < 1.1.1 - Cross Site Scripting (CVE-2022-38467) |
cve/CVE-2022-38467.yaml |
cPanel - Cross-Site Scripting (CVE-2023-29489) |
cve/CVE-2023-29489.yaml |
LiveZilla Server 8.0.1.0 - Cross-Site Scripting (CVE-2019-12962) |
cve/CVE-2019-12962.yaml |
Joomla! Component com_jvideodirect - Directory Traversal (CVE-2010-0942) |
cve/CVE-2010-0942.yaml |
Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting (CVE-2021-27330) |
cve/CVE-2021-27330.yaml |
Apache ShenYu Admin JWT - Authentication Bypass (CVE-2021-37580) |
cve/CVE-2021-37580.yaml |
H3C SSL VPN <=2022-07-10 - Cross-Site Scripting (CVE-2022-35416) |
cve/CVE-2022-35416.yaml |
WordPress Core <4.7.1 - Username Enumeration (CVE-2017-5487) |
cve/CVE-2017-5487.yaml |
Apache Cocoon 2.1.12 - XML Injection (CVE-2020-11991) |
cve/CVE-2020-11991.yaml |
Securepoint UTM - Leaking Remote Memory Contents (CVE-2023-22897) |
cve/CVE-2023-22897.yaml |
Hotel Druid 3.0.2 - Cross-Site Scripting (CVE-2021-37833) |
cve/CVE-2021-37833.yaml |
Unyson < 2.7.27 - Cross Site Scripting (CVE-2022-2219) |
cve/CVE-2022-2219.yaml |
Podcast Channels < 0.28 - Cross-Site Scripting (CVE-2014-4544) |
cve/CVE-2014-4544.yaml |
WordPress WPQA <5.4 - Cross-Site Scripting (CVE-2022-1597) |
cve/CVE-2022-1597.yaml |
Joomla! Component Horoscope 1.5.0 - Local File Inclusion (CVE-2010-1472) |
cve/CVE-2010-1472.yaml |
Ghost CMS < 5.42.1 - Path Traversal (CVE-2023-32235) |
cve/CVE-2023-32235.yaml |
Car Rental Management System 1.0 - Local File Inclusion (CVE-2020-29227) |
cve/CVE-2020-29227.yaml |
WordPress Best Books <=2.6.3 - SQL Injection (CVE-2022-0827) |
cve/CVE-2022-0827.yaml |
WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion (CVE-2020-11738) |
cve/CVE-2020-11738.yaml |
phpfastcache - phpinfo Resource Exposure (CVE-2021-37704) |
cve/CVE-2021-37704.yaml |
FUEL CMS 1.4.1 - Remote Code Execution (CVE-2018-16763) |
cve/CVE-2018-16763.yaml |
Drupal - Remote Code Execution (CVE-2018-7602) |
cve/CVE-2018-7602.yaml |
D-Link - Unauthenticated Remote Code Execution (CVE-2018-6530) |
cve/CVE-2018-6530.yaml |
Jiangnan Online Judge 0.8.0 - Local File Inclusion (CVE-2019-17538) |
cve/CVE-2019-17538.yaml |
Microweber <1.2.11 - Stored Cross-Site Scripting (CVE-2022-0954) |
cve/CVE-2022-0954.yaml |
VMware VRealize Network Insight - Remote Code Execution (CVE-2023-20887) |
cve/CVE-2023-20887.yaml |
Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection (CVE-2020-17506) |
cve/CVE-2020-17506.yaml |
Citrix SD-WAN Center - Remote Command Injection (CVE-2019-12988) |
cve/CVE-2019-12988.yaml |
Nova Lite < 1.3.9 - Cross-Site Scripting (CVE-2020-17362) |
cve/CVE-2020-17362.yaml |
Telaen => v1.3.1 - Open Redirect (CVE-2013-2621) |
cve/CVE-2013-2621.yaml |
Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion (CVE-2010-1977) |
cve/CVE-2010-1977.yaml |
Ellucian Ethos Identity CAS - Cross-Site Scripting (CVE-2023-2822) |
cve/CVE-2023-2822.yaml |
Spring - Remote Code Execution (CVE-2022-22965) |
cve/CVE-2022-22965.yaml |
Thinfinity VirtualUI User Enumeration (CVE-2021-44848) |
cve/CVE-2021-44848.yaml |
WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting (CVE-2022-0595) |
cve/CVE-2022-0595.yaml |
WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting (CVE-2022-4306) |
cve/CVE-2022-4306.yaml |
NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution (CVE-2020-26919) |
cve/CVE-2020-26919.yaml |
Deltek Maconomy 2.2.5 - Local File Inclusion (CVE-2019-12314) |
cve/CVE-2019-12314.yaml |
Unauthenticated File Read Adobe ColdFusion (CVE-2023-26360) |
cve/CVE-2023-26360.yaml |
WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting (CVE-2021-24274) |
cve/CVE-2021-24274.yaml |
Traggo Server - Local File Inclusion (CVE-2023-34843) |
cve/CVE-2023-34843.yaml |
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44951) |
cve/CVE-2022-44951.yaml |
WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote |
cve/CVE-2022-0346.yaml |
Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability (CVE-2020-1938) |
cve/CVE-2020-1938.yaml |
GitLab GraphQL API User Enumeration (CVE-2021-4191) |
cve/CVE-2021-4191.yaml |
JeecgBoot 3.5.0 - SQL Injection (CVE-2023-34659) |
cve/CVE-2023-34659.yaml |
Atlassian Bitbucket - Remote Command Injection (CVE-2022-36804) |
cve/CVE-2022-36804.yaml |
Node.js Embedded JavaScript 3.1.6 - Template Injection (CVE-2022-29078) |
cve/CVE-2022-29078.yaml |
Odoo - Cross-Site Scripting (CVE-2023-1434) |
cve/CVE-2023-1434.yaml |
ARMember < 3.4.8 - Unauthenticated Admin Account Takeover (CVE-2022-1903) |
cve/CVE-2022-1903.yaml |
Wavlink WN535K2/WN535K3 - OS Command Injection (CVE-2022-2487) |
cve/CVE-2022-2487.yaml |
WordPress Google Maps <7.11.18 - SQL Injection (CVE-2019-10692) |
cve/CVE-2019-10692.yaml |
WBCE CMS v1.5.4 - Cross Site Scripting (Stored) (CVE-2022-45038) |
cve/CVE-2022-45038.yaml |
Sonatype Nexus Repository Manager 3 - Remote Code Execution (CVE-2020-10199) |
cve/CVE-2020-10199.yaml |
WordPress Asgaros Forum <1.15.13 - SQL Injection (CVE-2021-24827) |
cve/CVE-2021-24827.yaml |
WordPress Qards - Cross-Site Scripting (CVE-2017-18598) |
cve/CVE-2017-18598.yaml |
Jeesns 1.4.2 - Cross-Site Scripting (CVE-2020-19283) |
cve/CVE-2020-19283.yaml |
OpenSIS 7.3 - SQL Injection (CVE-2020-6637) |
cve/CVE-2020-6637.yaml |
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31983) |
cve/CVE-2022-31983.yaml |
LDAP Injection In OpenAM (CVE-2021-29156) |
cve/CVE-2021-29156.yaml |
Apache Flink 1.5.1 - Local File Inclusion (CVE-2020-17518) |
cve/CVE-2020-17518.yaml |
WordPress JSmol2WP <=1.07 - Local File Inclusion (CVE-2018-20463) |
cve/CVE-2018-20463.yaml |
Joomla! Core SQL Injection (CVE-2015-7297) |
cve/CVE-2015-7297.yaml |
NETGEAR - Authentication Bypass (CVE-2020-27866) |
cve/CVE-2020-27866.yaml |
VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication |
cve/CVE-2022-22972.yaml |
DomainMOD 4.13.0 - Cross-Site Scripting (CVE-2020-20988) |
cve/CVE-2020-20988.yaml |
Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution (CVE-2021-42013) |
cve/CVE-2021-42013.yaml |
Anchor CMS 0.12.3 - Error Log Exposure (CVE-2018-7251) |
cve/CVE-2018-7251.yaml |
BlogEngine.NET 3.3.7.0 - Local File Inclusion (CVE-2019-10717) |
cve/CVE-2019-10717.yaml |
Kibana - Local File Inclusion (CVE-2018-17246) |
cve/CVE-2018-17246.yaml |
Apache Druid - Remote Code Execution (CVE-2021-25646) |
cve/CVE-2021-25646.yaml |
ILIAS eLearning <7.16 - Open Redirect (CVE-2022-45917) |
cve/CVE-2022-45917.yaml |
BIQS IT Biqs-drive v1.83 Local File Inclusion (CVE-2021-39433) |
cve/CVE-2021-39433.yaml |
Clansphere CMS 2011.4 - Cross-Site Scripting (CVE-2021-27310) |
cve/CVE-2021-27310.yaml |
Cobbler <3.3.0 - Remote Code Execution (CVE-2021-40323) |
cve/CVE-2021-40323.yaml |
Prometheus - Open Redirect (CVE-2021-29622) |
cve/CVE-2021-29622.yaml |
Webkul QloApps 1.6.0 - Cross-site Scripting (CVE-2023-36289) |
cve/CVE-2023-36289.yaml |
Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal (CVE-2010-2037) |
cve/CVE-2010-2037.yaml |
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19914) |
cve/CVE-2018-19914.yaml |
WordPress Simple Image Manipulator < 1.0 - Local File Inclusion (CVE-2015-1000010) |
cve/CVE-2015-1000010.yaml |
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution (CVE-2021-22053) |
cve/CVE-2021-22053.yaml |
BackupBuddy - Local File Inclusion (CVE-2022-31474) |
cve/CVE-2022-31474.yaml |
pfSense - Arbitrary File Write (CVE-2021-41282) |
cve/CVE-2021-41282.yaml |
Php-mod/curl Library <2.3.2 - Cross-Site Scripting (CVE-2021-30134) |
cve/CVE-2021-30134.yaml |
Agentejo Cockpit < 0.11.2 - NoSQL Injection (CVE-2020-35846) |
cve/CVE-2020-35846.yaml |
WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery (CVE-2022-45362) |
cve/CVE-2022-45362.yaml |
ResourceSpace - Local File inclusion (CVE-2015-3648) |
cve/CVE-2015-3648.yaml |
Zyxel NAS Firmware 5.21- Remote Code Execution (CVE-2020-9054) |
cve/CVE-2020-9054.yaml |
ZTE Cable Modem Web Shell (CVE-2014-2321) |
cve/CVE-2014-2321.yaml |
WordPress Integrator 1.32 - Cross-Site Scripting (CVE-2012-5913) |
cve/CVE-2012-5913.yaml |
Open Redirect in Host Authorization Middleware (CVE-2021-44528) |
cve/CVE-2021-44528.yaml |
Advanced Comment System 1.0 - Local File Inclusion (CVE-2020-35598) |
cve/CVE-2020-35598.yaml |
Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval (CVE-2010-2122) |
cve/CVE-2010-2122.yaml |
Gurock TestRail Application files.md5 Exposure (CVE-2021-40875) |
cve/CVE-2021-40875.yaml |
Zoho ManageEngine - Remote Code Execution (CVE-2022-35405) |
cve/CVE-2022-35405.yaml |
TerraMaster TOS <.1.29 - Remote Code Execution (CVE-2020-15568) |
cve/CVE-2020-15568.yaml |
Eclipse Jetty - Information Disclosure (CVE-2021-34429) |
cve/CVE-2021-34429.yaml |
Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code |
cve/CVE-2020-14883.yaml |
WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting (CVE-2017-14651) |
cve/CVE-2017-14651.yaml |
YouSayToo auto-publishing 1.0 - Cross-Site Scripting (CVE-2012-0901) |
cve/CVE-2012-0901.yaml |
WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting (CVE-2016-1000142) |
cve/CVE-2016-1000142.yaml |
Dolibarr <7.0.2 - Cross-Site Scripting (CVE-2018-10095) |
cve/CVE-2018-10095.yaml |
Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion (CVE-2010-0972) |
cve/CVE-2010-0972.yaml |
CouchCMS <= 2.0 - Path Disclosure (CVE-2018-7662) |
cve/CVE-2018-7662.yaml |
Wavlink - Improper Access Control (CVE-2022-48165) |
cve/CVE-2022-48165.yaml |
WordPress wSecure Lite < 2.4 - Remote Code Execution (CVE-2016-10960) |
cve/CVE-2016-10960.yaml |
Bonita BPM Portal <6.5.3 - Local File Inclusion (CVE-2015-3897) |
cve/CVE-2015-3897.yaml |
WordPress Candidate Application Form <= 1.3 - Local File Inclusion (CVE-2015-1000005) |
cve/CVE-2015-1000005.yaml |
WordPress Simple File List <3.2.8 - Local File Inclusion (CVE-2022-1119) |
cve/CVE-2022-1119.yaml |
WordPress Church Admin <0.810 - Cross-Site Scripting (CVE-2015-4127) |
cve/CVE-2015-4127.yaml |
Adobe Experience Manager - XML External Entity Injection (CVE-2019-8086) |
cve/CVE-2019-8086.yaml |
Shirne CMS 1.2.0 - Local File Inclusion (CVE-2022-37299) |
cve/CVE-2022-37299.yaml |
Maian Cart <=3.8 - Remote Code Execution (CVE-2021-32172) |
cve/CVE-2021-32172.yaml |
Oracle WebLogic Server Java Object Deserialization - Remote Code Execution |
cve/CVE-2016-3510.yaml |
Cartadis Gespage 8.2.1 - Directory Traversal (CVE-2021-33807) |
cve/CVE-2021-33807.yaml |
WordPress Gallery <2.0.0 - Cross-Site Scripting (CVE-2022-1946) |
cve/CVE-2022-1946.yaml |
ZTE MF971R - Referer authentication bypass (CVE-2021-21745) |
cve/CVE-2021-21745.yaml |
WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting (CVE-2021-24498) |
cve/CVE-2021-24498.yaml |
Wavlink WN-533A8 - Cross-Site Scripting (CVE-2022-34048) |
cve/CVE-2022-34048.yaml |
PuneethReddyHC Online Shopping System homeaction.php SQL Injection (CVE-2021-41649) |
cve/CVE-2021-41649.yaml |
SysAid Technologies 20.3.64 b14 - Cross-Site Scripting (CVE-2021-30049) |
cve/CVE-2021-30049.yaml |
Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion (CVE-2009-1558) |
cve/CVE-2009-1558.yaml |
Spring Cloud Config - Local File Inclusion (CVE-2020-5405) |
cve/CVE-2020-5405.yaml |
WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting (CVE-2013-4117) |
cve/CVE-2013-4117.yaml |
WordPress GraceMedia Media Player 1.0 - Local File Inclusion (CVE-2019-9618) |
cve/CVE-2019-9618.yaml |
Adminer <=4.8.0 - Cross-Site Scripting (CVE-2021-29625) |
cve/CVE-2021-29625.yaml |
WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting (CVE-2021-24940) |
cve/CVE-2021-24940.yaml |
Citrix SD-WAN Center - Remote Command Injection (CVE-2019-12985) |
cve/CVE-2019-12985.yaml |
PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting (CVE-2022-24181) |
cve/CVE-2022-24181.yaml |
WordPress Mailster <=1.5.4 - Cross-Site Scripting (CVE-2017-17451) |
cve/CVE-2017-17451.yaml |
WAVLINK WN530HG4 - Improper Access Control (CVE-2022-34047) |
cve/CVE-2022-34047.yaml |
ChurchCRM 4.5.3 - Cross-Site Scripting (CVE-2023-26842) |
cve/CVE-2023-26842.yaml |
Apache Struts <2.3.1.1 - Remote Code Execution (CVE-2012-0394) |
cve/CVE-2012-0394.yaml |
Chyrp 2.x - Local File Inclusion (CVE-2011-2744) |
cve/CVE-2011-2744.yaml |
WordPress Metform <=2.1.3 - Information Disclosure (CVE-2022-1442) |
cve/CVE-2022-1442.yaml |
Citrix - Local File Inclusion (CVE-2020-8193) |
cve/CVE-2020-8193.yaml |
WordPress API Bearer Auth <20190907 - Cross-Site Scripting (CVE-2019-16332) |
cve/CVE-2019-16332.yaml |
Accela Civic Platform <=21.1 - Cross-Site Scripting (CVE-2021-34370) |
cve/CVE-2021-34370.yaml |
SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting (CVE-2002-1131) |
cve/CVE-2002-1131.yaml |
WordPress Sitemap by click5 <1.0.36 - Missing Authorization (CVE-2022-0952) |
cve/CVE-2022-0952.yaml |
WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion (CVE-2021-24970) |
cve/CVE-2021-24970.yaml |
XStream 1.4.18 - Remote Code Execution (CVE-2021-39141) |
cve/CVE-2021-39141.yaml |
SDT-CW3B1 1.1.0 - OS Command Injection (CVE-2021-46422) |
cve/CVE-2021-46422.yaml |
WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting (CVE-2016-1000149) |
cve/CVE-2016-1000149.yaml |
VMware NSX - Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/vmware-nsx-log4j.yaml |
Apache OFBiz <17.12.06 - Arbitrary Code Execution (CVE-2021-26295) |
cve/CVE-2021-26295.yaml |
Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting (CVE-2021-46387) |
cve/CVE-2021-46387.yaml |
Subrion CMS <4.1.5.10 - SQL Injection (CVE-2017-11444) |
cve/CVE-2017-11444.yaml |
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation (CVE-2017-12635) |
cve/CVE-2017-12635.yaml |
Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion (CVE-2010-1476) |
cve/CVE-2010-1476.yaml |
Kentico - Installer Privilege Escalation (CVE-2017-17736) |
cve/CVE-2017-17736.yaml |
Joomla! Component News Portal 1.5.x - Local File Inclusion (CVE-2010-1312) |
cve/CVE-2010-1312.yaml |
WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting (CVE-2021-24387) |
cve/CVE-2021-24387.yaml |
WordPress CTHthemes - Cross-Site Scripting (CVE-2019-20210) |
cve/CVE-2019-20210.yaml |
Sercomm VD625 Smart Modems - CRLF Injection (CVE-2021-27132) |
cve/CVE-2021-27132.yaml |
WordPress FoodBakery <2.2 - Cross-Site Scripting (CVE-2021-24389) |
cve/CVE-2021-24389.yaml |
Apache Struts2 S2-062 - Remote Code Execution (CVE-2021-31805) |
cve/CVE-2021-31805.yaml |
Homematic CCU3 - Local File Inclusion (CVE-2019-9726) |
cve/CVE-2019-9726.yaml |
Adminer <4.7.9 - Server-Side Request Forgery (CVE-2021-21311) |
cve/CVE-2021-21311.yaml |
WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure (CVE-2022-1595) |
cve/CVE-2022-1595.yaml |
Joomla! Component com_janews - Local File Inclusion (CVE-2010-1219) |
cve/CVE-2010-1219.yaml |
Wavlink Multiple AP - Remote Command Injection (CVE-2020-13117) |
cve/CVE-2020-13117.yaml |
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion (CVE-2017-15363) |
cve/CVE-2017-15363.yaml |
Spring Cloud Gateway Code Injection (CVE-2022-22947) |
cve/CVE-2022-22947.yaml |
Repetier Server - Directory Traversal (CVE-2023-31059) |
cve/CVE-2023-31059.yaml |
WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting (CVE-2022-2187) |
cve/CVE-2022-2187.yaml |
MSNSwitch Firmware MNT.2408 - Authentication Bypass (CVE-2022-32429) |
cve/CVE-2022-32429.yaml |
Axigen Mail Server Filename Directory Traversal (CVE-2012-4940) |
cve/CVE-2012-4940.yaml |
Apache 2.4.49 - Path Traversal and Remote Code Execution (CVE-2021-41773) |
cve/CVE-2021-41773.yaml |
WordPress Stop Bad Bots <6.930 - SQL Injection (CVE-2022-0949) |
cve/CVE-2022-0949.yaml |
WordPress InfiniteWP <1.9.4.5 - Authorization Bypass (CVE-2020-8772) |
cve/CVE-2020-8772.yaml |
MKdocs 1.2.2 - Directory Traversal (CVE-2021-40978) |
cve/CVE-2021-40978.yaml |
Trilium <0.52.4 - Cross-Site Scripting (CVE-2022-2290) |
cve/CVE-2022-2290.yaml |
Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting (CVE-2018-19877) |
cve/CVE-2018-19877.yaml |
Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery (CVE-2019-8982) |
cve/CVE-2019-8982.yaml |
DotCMS < 5.0.2 - Open Redirect (CVE-2018-17422) |
cve/CVE-2018-17422.yaml |
Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection (CVE-2023-0630) |
cve/CVE-2023-0630.yaml |
FV Flowplayer Video Player WordPress plugin - Authenticated Cross-Site Scripting |
cve/CVE-2021-39350.yaml |
Dairy Farm Shop Management System 1.0 - SQL Injection (CVE-2022-29007) |
cve/CVE-2022-29007.yaml |
IncomCMS 2.0 - Arbitrary File Upload (CVE-2020-29597) |
cve/CVE-2020-29597.yaml |
SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution (CVE-2021-20038) |
cve/CVE-2021-20038.yaml |
JamF Pro - Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/jamf-pro-log4j-rce.yaml |
WordPress S3 Video <=0.983 - Cross-Site Scripting (CVE-2016-1000148) |
cve/CVE-2016-1000148.yaml |
QNAP QTS Photo Station External Reference - Local File Inclusion (CVE-2022-27593) |
cve/CVE-2022-27593.yaml |
Joomla! Component Cookex Agency CKForms - Local File Inclusion (CVE-2010-1345) |
cve/CVE-2010-1345.yaml |
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF META-INF) (CVE-2020-29453) |
cve/CVE-2020-29453.yaml |
WSO2 Management - Arbitrary File Upload & Remote Code Execution (CVE-2022-29464) |
cve/CVE-2022-29464.yaml |
WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting |
cve/CVE-2018-5316.yaml |
Citrix ADC and Gateway - Directory Traversal (CVE-2019-19781) |
cve/CVE-2019-19781.yaml |
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31984) |
cve/CVE-2022-31984.yaml |
WooCommerce Payments - Unauthorized Admin Access (CVE-2023-28121) |
cve/CVE-2023-28121.yaml |
Openfire Administration Console - Authentication Bypass (CVE-2023-32315) |
cve/CVE-2023-32315.yaml |
Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting (CVE-2014-4561) |
cve/CVE-2014-4561.yaml |
OpenEMR 4.1 - Local File Inclusion (CVE-2012-0991) |
cve/CVE-2012-0991.yaml |
WordPress Photoxhibit 2.1.8 - Cross-Site Scripting (CVE-2016-1000143) |
cve/CVE-2016-1000143.yaml |
WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site |
cve/CVE-2022-0147.yaml |
Kubernetes Dashboard <1.10.1 - Authentication Bypass (CVE-2018-18264) |
cve/CVE-2018-18264.yaml |
SquirrelMail 1.4.x - Folder Name Cross-Site Scripting (CVE-2004-0519) |
cve/CVE-2004-0519.yaml |
Cuppa CMS v1.0 - Local File Inclusion (CVE-2022-25497) |
cve/CVE-2022-25497.yaml |
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected) (CVE-2021-40969) |
cve/CVE-2021-40969.yaml |
WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting |
cve/CVE-2021-24214.yaml |
SAP Internet Graphics Server (IGS) - XML External Entity Injection (CVE-2018-2392) |
cve/CVE-2018-2392.yaml |
Odoo 8.0/9.0/10.0 - Local File Inclusion (CVE-2017-9416) |
cve/CVE-2017-9416.yaml |
Yaws 1.91 - Local File Inclusion (CVE-2017-10974) |
cve/CVE-2017-10974.yaml |
Joomla! Component Percha Image Attach 1.1 - Directory Traversal (CVE-2010-2034) |
cve/CVE-2010-2034.yaml |
WWBN AVideo 11.6 - Cross-Site Scripting (CVE-2022-32770) |
cve/CVE-2022-32770.yaml |
Purchase Order Management v1.0 - SQL Injection (CVE-2023-2130) |
cve/CVE-2023-2130.yaml |
DomainMOD <=4.13.0 - Cross-Site Scripting (CVE-2019-15811) |
cve/CVE-2019-15811.yaml |
Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion (CVE-2018-13980) |
cve/CVE-2018-13980.yaml |
Aruba Airwave <8.2.3.1 - Cross-Site Scripting (CVE-2016-8527) |
cve/CVE-2016-8527.yaml |
WordPress Imagements <=1.2.5 - Arbitrary File Upload (CVE-2021-24236) |
cve/CVE-2021-24236.yaml |
uWSGI PHP Plugin Local File Inclusion (CVE-2018-7490) |
cve/CVE-2018-7490.yaml |
Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40968) |
cve/CVE-2021-40968.yaml |
Opsview Monitor Pro - Local File Inclusion (CVE-2016-10367) |
cve/CVE-2016-10367.yaml |
SolarView 6.00 - Remote Command Execution (CVE-2022-40881) |
cve/CVE-2022-40881.yaml |
Trixbox - 2.8.0.4 OS Command Injection (CVE-2017-14535) |
cve/CVE-2017-14535.yaml |
WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure (CVE-2022-31847) |
cve/CVE-2022-31847.yaml |
WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload (CVE-2021-24370) |
cve/CVE-2021-24370.yaml |
Atlassian Questions For Confluence - Hardcoded Credentials (CVE-2022-26138) |
cve/CVE-2022-26138.yaml |
Oracle WebLogic Server - Remote Code Execution (CVE-2018-2893) |
cve/CVE-2018-2893.yaml |
WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion (CVE-2019-14205) |
cve/CVE-2019-14205.yaml |
WAVLINK WN530HG4 - Improper Access Control (CVE-2022-34045) |
cve/CVE-2022-34045.yaml |
Custom 404 Pro < 3.2.8 - Cross-Site Scripting (CVE-2019-14789) |
cve/CVE-2019-14789.yaml |
Joomla! Component GMapFP 3.5 - Arbitrary File Upload (CVE-2020-23972) |
cve/CVE-2020-23972.yaml |
Micro Focus UCMDB - Remote Code Execution (CVE-2020-11854) |
cve/CVE-2020-11854.yaml |
Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting (CVE-2021-37416) |
cve/CVE-2021-37416.yaml |
Netsweeper 4.0.8 - Cross-Site Scripting (CVE-2014-9606) |
cve/CVE-2014-9606.yaml |
Thinkphp Lang - Local File Inclusion (CVE-2022-47945) |
cve/CVE-2022-47945.yaml |
RPCMS 3.0.2 - Cross-Site Scripting (CVE-2022-41473) |
cve/CVE-2022-41473.yaml |
Gogs (Go Git Service) 0.11.66 - Remote Code Execution (CVE-2018-18925) |
cve/CVE-2018-18925.yaml |
b2evolution CMS <6.11.6 - Open Redirect (CVE-2020-22840) |
cve/CVE-2020-22840.yaml |
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting (CVE-2021-21800) |
cve/CVE-2021-21800.yaml |
Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting (CVE-2018-20824) |
cve/CVE-2018-20824.yaml |
Advantech R-SeeNet 2.4.12 - OS Command Injection (CVE-2021-21805) |
cve/CVE-2021-21805.yaml |
Apache Kylin 3.0.1 - Command Injection Vulnerability (CVE-2020-1956) |
cve/CVE-2020-1956.yaml |
nostromo 1.9.6 - Remote Code Execution (CVE-2019-16278) |
cve/CVE-2019-16278.yaml |
Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting (CVE-2020-2096) |
cve/CVE-2020-2096.yaml |
muhttpd <=1.1.5 - Local Inclusion (CVE-2022-31793) |
cve/CVE-2022-31793.yaml |
Xceedium Xsuite <=2.4.4.5 - Local File Inclusion (CVE-2015-4666) |
cve/CVE-2015-4666.yaml |
PMB v7.4.6 - Cross-Site Scripting (CVE-2023-24737) |
cve/CVE-2023-24737.yaml |
Argus Surveillance DVR 4.0.0.0 - Local File Inclusion (CVE-2018-15745) |
cve/CVE-2018-15745.yaml |
WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure (CVE-2020-12127) |
cve/CVE-2020-12127.yaml |
School Dormitory Management System 1.0 - SQL Injection (CVE-2022-30512) |
cve/CVE-2022-30512.yaml |
kkFileView 4.1.0 - Cross-Site Scripting (CVE-2022-46934) |
cve/CVE-2022-46934.yaml |
F5 iControl REST - Remote Command Execution (CVE-2021-22986) |
cve/CVE-2021-22986.yaml |
AxxonSoft Axxon Next - Local File Inclusion (CVE-2018-7467) |
cve/CVE-2018-7467.yaml |
Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS (CVE-2004-1965) |
cve/CVE-2004-1965.yaml |
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31981) |
cve/CVE-2022-31981.yaml |
Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local |
cve/CVE-2020-3452.yaml |
SolarView Compact 6.00 - 'pow' Cross-Site Scripting (CVE-2022-29301) |
cve/CVE-2022-29301.yaml |
Ivanti Avalanche 6.3.2 - Local File Inclusion (CVE-2021-30497) |
cve/CVE-2021-30497.yaml |
LG SuperSign EZ CMS 2.5 - Local File Inclusion (CVE-2018-16288) |
cve/CVE-2018-16288.yaml |
PhpMyAdmin <4.8.2 - Local File Inclusion (CVE-2018-12613) |
cve/CVE-2018-12613.yaml |
Netsweeper 4.0.8 - Directory Traversal (CVE-2014-9609) |
cve/CVE-2014-9609.yaml |
TikiWiki CMS Groupware v8.3 - Open Redirect (CVE-2012-5321) |
cve/CVE-2012-5321.yaml |
Node.js <8.6.0 - Directory Traversal (CVE-2017-14849) |
cve/CVE-2017-14849.yaml |
WordPress DZS-VideoGallery Plugin Cross-Site Scripting (CVE-2014-9094) |
cve/CVE-2014-9094.yaml |
WordPress VR Calendar <=2.3.2 - Remote Code Execution (CVE-2022-2314) |
cve/CVE-2022-2314.yaml |
WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting (CVE-2016-1000146) |
cve/CVE-2016-1000146.yaml |
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection (CVE-2021-25298) |
cve/CVE-2021-25298.yaml |
Lighttpd 1.4.34 SQL Injection and Path Traversal (CVE-2014-2323) |
cve/CVE-2014-2323.yaml |
phpMyAdmin <4.8.5 - Local File Inclusion (CVE-2019-6799) |
cve/CVE-2019-6799.yaml |
TeamPass 2.1.27.36 - Improper Authentication (CVE-2020-12478) |
cve/CVE-2020-12478.yaml |
WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure (CVE-2022-2373) |
cve/CVE-2022-2373.yaml |
OpenDreambox 2.0.0 - Remote Code Execution (CVE-2017-14135) |
cve/CVE-2017-14135.yaml |
Citrix ADC/Gateway - Cross-Site Scripting (CVE-2020-8191) |
cve/CVE-2020-8191.yaml |
SolarView Compact 6.00 - OS Command Injection (CVE-2022-29303) |
cve/CVE-2022-29303.yaml |
Jeesns 1.4.2 - Cross-Site Scripting (CVE-2020-19295) |
cve/CVE-2020-19295.yaml |
HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting (CVE-2020-25864) |
cve/CVE-2020-25864.yaml |
SpeakOut Email Petitions < 2.14.15.1 - SQL Injection (CVE-2022-0846) |
cve/CVE-2022-0846.yaml |
Joomla! Plugin Core Design Scriptegrator - Local File Inclusion (CVE-2010-0759) |
cve/CVE-2010-0759.yaml |
Cuppa CMS v1.0 - Local File Inclusion (CVE-2022-25485) |
cve/CVE-2022-25485.yaml |
WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting (CVE-2022-0148) |
cve/CVE-2022-0148.yaml |
Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion (CVE-2010-1954) |
cve/CVE-2010-1954.yaml |
WordPress Fontsy <=1.8.6 - SQL Injection (CVE-2022-4447) |
cve/CVE-2022-4447.yaml |
TVT NVMS 1000 - Local File Inclusion (CVE-2019-20085) |
cve/CVE-2019-20085.yaml |
Joomla! Component webERPcustomer - Local File Inclusion (CVE-2010-1315) |
cve/CVE-2010-1315.yaml |
WordPress Download Manager <2.9.94 - Cross-Site Scripting (CVE-2019-15889) |
cve/CVE-2019-15889.yaml |
Joomla! Cmimarketplace 0.1 - Local File Inclusion (CVE-2009-1496) |
cve/CVE-2009-1496.yaml |
Zyxel Firewall - OS Command Injection (CVE-2022-30525) |
cve/CVE-2022-30525.yaml |
Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion (CVE-2018-9205) |
cve/CVE-2018-9205.yaml |
WordPress Mail Masta 1.0 - Local File Inclusion (CVE-2016-10956) |
cve/CVE-2016-10956.yaml |
WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload (CVE-2021-24284) |
cve/CVE-2021-24284.yaml |
UC Gateway Investment SiteEngine v5.0 - Open Redirect (CVE-2008-7269) |
cve/CVE-2008-7269.yaml |
Apache mod_userdir CRLF injection (CVE-2016-4975) |
cve/CVE-2016-4975.yaml |
Timesheet Next Gen <=1.5.3 - Cross-Site Scripting (CVE-2019-1010287) |
cve/CVE-2019-1010287.yaml |
Embedthis GoAhead <3.6.5 - Remote Code Execution (CVE-2017-17562) |
cve/CVE-2017-17562.yaml |
Confluence - Remote Code Execution (CVE-2022-26134) |
cve/CVE-2022-26134.yaml |
L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting (CVE-2019-15501) |
cve/CVE-2019-15501.yaml |
Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion |
cve/CVE-2010-2918.yaml |
Joomla! Component Property - Local File Inclusion (CVE-2010-1875) |
cve/CVE-2010-1875.yaml |
Hongdian H8922 3.0.5 - Information Disclosure (CVE-2021-28150) |
cve/CVE-2021-28150.yaml |
Car Rental Management System 1.0 - SQL Injection (CVE-2022-32028) |
cve/CVE-2022-32026.yaml |
ehicle Service Management System 1.0 - Cross-Site Scripting (CVE-2021-46071) |
cve/CVE-2021-46071.yaml |
Javafaces LFI (CVE-2013-3827) |
cve/CVE-2013-3827.yaml |
Atmail 6.5.0 - Cross-Site Scripting (CVE-2022-30776) |
cve/CVE-2022-30776.yaml |
WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting (CVE-2018-18069) |
cve/CVE-2018-18069.yaml |
WordPress BackupBuddy <8.8.3 - Cross Site Scripting (CVE-2022-4897) |
cve/CVE-2022-4897.yaml |
Pascom CPS Server-Side Request Forgery (CVE-2021-45967) |
cve/CVE-2021-45967.yaml |
FlatnuX CMS - Directory Traversal (CVE-2012-4878) |
cve/CVE-2012-4878.yaml |
Sidekiq <=6.2.0 - Cross-Site Scripting (CVE-2021-30151) |
cve/CVE-2021-30151.yaml |
TCExam <= 14.8.1 - Sensitive Information Exposure (CVE-2021-20114) |
cve/CVE-2021-20114.yaml |
PowerJob <=4.3.2 - Unauthenticated Access (CVE-2023-29923) |
cve/CVE-2023-29923.yaml |
WordPress WPSmartContracts <1.3.12 - SQL Injection (CVE-2022-3768) |
cve/CVE-2022-3768.yaml |
Dompdf < v0.6.0 - Local File Inclusion (CVE-2014-2383) |
cve/CVE-2014-2383.yaml |
Cisco CUCM UCCX and Unified IP-IVR- Directory Traversal (CVE-2011-3315) |
cve/CVE-2011-3315.yaml |
MStore API <= 3.9.2 - Authentication Bypass (CVE-2023-2732) |
cve/CVE-2023-2732.yaml |
Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion (CVE-2022-29014) |
cve/CVE-2022-29014.yaml |
Atom CMS v2.0 - SQL Injection (CVE-2022-28032) |
cve/CVE-2022-28032.yaml |
Joomla! Component SmartSite 1.0.0 - Local File Inclusion (CVE-2010-1657) |
cve/CVE-2010-1657.yaml |
Knowage Suite 7.3 - Cross-Site Scripting (CVE-2021-30213) |
cve/CVE-2021-30213.yaml |
Car Rental Management System 1.0 - SQL Injection (CVE-2022-32025) |
cve/CVE-2022-32025.yaml |
Hongdian H8922 3.0.5 - Remote Command Injection (CVE-2021-28151) |
cve/CVE-2021-28151.yaml |
Tyto Sahi pro 7.x/8.x - Local File Inclusion (CVE-2018-20470) |
cve/CVE-2018-20470.yaml |
WordPress New Year Firework <=1.1.9 - Cross-Site Scripting (CVE-2016-1000140) |
cve/CVE-2016-1000140.yaml |
Mara CMS 7.5 - Cross-Site Scripting (CVE-2020-24223) |
cve/CVE-2020-24223.yaml |
Z-Blog <=1.5.2 - Open Redirect (CVE-2020-18268) |
cve/CVE-2020-18268.yaml |
VMware - Local File Inclusion (CVE-2022-31656) |
cve/CVE-2022-31656.yaml |
Oracle WebLogic Server - Remote Command Execution (CVE-2017-10271) |
cve/CVE-2017-10271.yaml |
Custom 404 Pro < 3.7.3 - Cross-Site Scripting (CVE-2023-2023) |
cve/CVE-2023-2023.yaml |
HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting (CVE-2022-26564) |
cve/CVE-2022-26564.yaml |
Agentejo Cockpit <0.12.0 - NoSQL Injection (CVE-2020-35848) |
cve/CVE-2020-35848.yaml |
Seagate NAS OS 4.3.15.1 - Open Redirect (CVE-2018-12300) |
cve/CVE-2018-12300.yaml |
Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting (CVE-2019-12581) |
cve/CVE-2019-12581.yaml |
Joomla! Component com_blog - Directory Traversal (CVE-2010-1540) |
cve/CVE-2010-1540.yaml |
Allied Telesis AT-GS950/8 - Local File Inclusion (CVE-2019-18922) |
cve/CVE-2019-18922.yaml |
Purchase Order Management v1.0 - SQL Injection (CVE-2022-28022) |
cve/CVE-2022-28022.yaml |
Microweber <1.2.11 - Cross-Site Scripting (CVE-2022-0678) |
cve/CVE-2022-0678.yaml |
Nortek Linear eMerge E3-Series - Cross-Site Scripting (CVE-2022-31798) |
cve/CVE-2022-31798.yaml |
2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting (CVE-2012-4273) |
cve/CVE-2012-4273.yaml |
Dreambox WebControl 2.0.0 - Cross-Site Scripting (CVE-2017-15287) |
cve/CVE-2017-15287.yaml |
Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery (CVE-2019-18394) |
cve/CVE-2019-18394.yaml |
WordPress wpCentral <1.5.1 - Information Disclosure (CVE-2020-9043) |
cve/CVE-2020-9043.yaml |
Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution (CVE-2022-21587) |
cve/CVE-2022-21587.yaml |
Advanced Custom Fields < 6.1.6 - Cross-Site Scripting (CVE-2023-30777) |
cve/CVE-2023-30777.yaml |
UniFi Network Application - Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/unifi-network-log4j-rce.yaml |
Rukovoditel <= 2.7.2 - Cross Site Scripting (CVE-2020-35984) |
cve/CVE-2020-35984.yaml |
Dahua IPC/VTH/VTO - Authentication Bypass (CVE-2021-33044) |
cve/CVE-2021-33044.yaml |
Citrix SD-WAN Center - Remote Command Injection (CVE-2019-12987) |
cve/CVE-2019-12987.yaml |
WordPress wpDiscuz <=7.0.4 - Remote Code Execution (CVE-2020-24186) |
cve/CVE-2020-24186.yaml |
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44947) |
cve/CVE-2022-44947.yaml |
VICIdial Sensitive Information Disclosure (CVE-2021-28854) |
cve/CVE-2021-28854.yaml |
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection (CVE-2019-2579) |
cve/CVE-2019-2579.yaml |
Gogs <0.12.5 - Server-Side Request Forgery (CVE-2022-0870) |
cve/CVE-2022-0870.yaml |
Ruby on Rails <5.0.1 - Remote Code Execution (CVE-2020-8163) |
cve/CVE-2020-8163.yaml |
Wavlink WN535K2/WN535K3 - OS Command Injection (CVE-2022-2486) |
cve/CVE-2022-2486.yaml |
Joomla! Component SMEStorage - Local File Inclusion (CVE-2010-1858) |
cve/CVE-2010-1858.yaml |
WordPress DB Backup <=4.5 - Local File Inclusion (CVE-2014-9119) |
cve/CVE-2014-9119.yaml |
WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload |
cve/CVE-2021-24347.yaml |
Cyber Cafe Management System 1.0 - SQL Injection (CVE-2022-29009) |
cve/CVE-2022-29009.yaml |
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19892) |
cve/CVE-2018-19892.yaml |
Accela Civic Platform <=21.1 - Cross-Site Scripting (CVE-2021-33904) |
cve/CVE-2021-33904.yaml |
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31980) |
cve/CVE-2022-31980.yaml |
Buffalo WSR-2533DHPL2 - Path Traversal (CVE-2021-20090) |
cve/CVE-2021-20090.yaml |
MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion (CVE-2021-23241) |
cve/CVE-2021-23241.yaml |
Joomla! Component Online Exam 1.5.0 - Local File Inclusion (CVE-2010-1715) |
cve/CVE-2010-1715.yaml |
ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting (CVE-2012-4889) |
cve/CVE-2012-4889.yaml |
Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure (CVE-2020-26413) |
cve/CVE-2020-26413.yaml |
GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability. (CVE-2021-43778) |
cve/CVE-2021-43778.yaml |
openSIS Student Information System 8.0 SQL Injection (CVE-2021-41691) |
cve/CVE-2021-41691.yaml |
D-Link Routers - Remote Code Execution (CVE-2019-16920) |
cve/CVE-2019-16920.yaml |
WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload (CVE-2022-4328) |
cve/CVE-2022-4328.yaml |
Grafana <= 6.7.1 - Cross-Site Scripting (CVE-2020-11110) |
cve/CVE-2020-11110.yaml |
Powertek Firmware <3.30.30 - Authorization Bypass (CVE-2022-33174) |
cve/CVE-2022-33174.yaml |
Centos Web Panel 0.9.8.480 - Local File Inclusion (CVE-2018-18323) |
cve/CVE-2018-18323.yaml |
DomPHP 0.83 - Directory Traversal (CVE-2014-10037) |
cve/CVE-2014-10037.yaml |
LinuxKI Toolset <= 6.01 - Remote Command Execution (CVE-2020-7209) |
cve/CVE-2020-7209.yaml |
HPE System Management - Cross-Site Scripting (CVE-2017-12544) |
cve/CVE-2017-12544.yaml |
CLink Office 2.0 - Cross-Site Scripting (CVE-2020-6171) |
cve/CVE-2020-6171.yaml |
Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure (CVE-2021-37305) |
cve/CVE-2021-37305.yaml |
PowerJob V4.3.1 - Authentication Bypass (CVE-2023-29922) |
cve/CVE-2023-29922.yaml |
Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting |
cve/CVE-2018-19439.yaml |
Purchase Order Management v1.0 - Cross Site Scripting (Reflected) (CVE-2023-29623) |
cve/CVE-2023-29623.yaml |
WordPress White Label CMS <2.2.9 - Cross-Site Scripting (CVE-2022-0422) |
cve/CVE-2022-0422.yaml |
WordPress wpForo Forum < 1.9.7 - Open Redirect (CVE-2021-24406) |
cve/CVE-2021-24406.yaml |
NeDi 1.9C - Cross-Site Scripting (CVE-2020-14413) |
cve/CVE-2020-14413.yaml |
Aptana Jaxer 1.0.3.4547 - Local File inclusion (CVE-2019-14312) |
cve/CVE-2019-14312.yaml |
Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection (CVE-2008-1547) |
cve/CVE-2008-1547.yaml |
Microweber Cross-Site Scripting (CVE-2022-0378) |
cve/CVE-2022-0378.yaml |
Atlassian Jira Confluence - Cross-Site Scripting (CVE-2018-5230) |
cve/CVE-2018-5230.yaml |
WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection (CVE-2021-24862) |
cve/CVE-2021-24862.yaml |
Apache Solr DataImportHandler <8.2.0 - Remote Code Execution (CVE-2019-0193) |
cve/CVE-2019-0193.yaml |
OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect (CVE-2017-14524) |
cve/CVE-2017-14524.yaml |
WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval |
cve/CVE-2019-19985.yaml |
WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting (CVE-2019-20141) |
cve/CVE-2019-20141.yaml |
Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection (CVE-2022-31499) |
cve/CVE-2022-31499.yaml |
Gitea 1.1.0 - 1.12.5 - Remote Code Execution (CVE-2020-14144) |
cve/CVE-2020-14144.yaml |
Atlassian Jira Seraph - Authentication Bypass (CVE-2022-0540) |
cve/CVE-2022-0540.yaml |
Metabase Local File Inclusion (CVE-2021-41277) |
cve/CVE-2021-41277.yaml |
Joomla! Component Advertising 0.25 - Local File Inclusion (CVE-2010-1473) |
cve/CVE-2010-1473.yaml |
Joomla! Component JProject Manager 1.0 - Local File Inclusion (CVE-2010-1469) |
cve/CVE-2010-1469.yaml |
Joomla! Component Address Book 1.5.0 - Local File Inclusion (CVE-2010-1471) |
cve/CVE-2010-1471.yaml |
Vehicle Service Management System 1.0 - Stored Cross Site Scripting (CVE-2021-46072) |
cve/CVE-2021-46072.yaml |
Monstra CMS 3.0.4 - Cross-Site Scripting (CVE-2018-11473) |
cve/CVE-2018-11473.yaml |
DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution (CVE-2017-9822) |
cve/CVE-2017-9822.yaml |
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19136) |
cve/CVE-2018-19136.yaml |
Elasticsearch 7.10.0-7.13.3 - Information Disclosure (CVE-2021-22145) |
cve/CVE-2021-22145.yaml |
Roxy Fileman 1.4.5 - Unrestricted File Upload (CVE-2018-20526) |
cve/CVE-2018-20526.yaml |
Zabbix <=4.4 - Authentication Bypass (CVE-2019-17382) |
cve/CVE-2019-17382.yaml |
Oracle E-Business Suite - Blind SSRF (CVE-2018-3167) |
cve/CVE-2018-3167.yaml |
Intelbras WIN 300/WRN 342 - Credentials Disclosure (CVE-2021-3017) |
cve/CVE-2021-3017.yaml |
Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution |
cve/CVE-2022-28219.yaml |
Airflow Experimental <1.10.11 - REST API Auth Bypass (CVE-2020-13927) |
cve/CVE-2020-13927.yaml |
WordPress Pie Register <3.8.2.3 - Open Redirect (CVE-2023-0552) |
cve/CVE-2023-0552.yaml |
Ametys CMS Information Disclosure (CVE-2022-26159) |
cve/CVE-2022-26159.yaml |
WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting (CVE-2022-0189) |
cve/CVE-2022-0189.yaml |
SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command Execution (CVE-2022-34753) |
cve/CVE-2022-34753.yaml |
Drupal - Remote Code Execution (CVE-2019-6340) |
cve/CVE-2019-6340.yaml |
WordPress GiveWP <2.17.3 - Cross-Site Scripting (CVE-2021-25099) |
cve/CVE-2021-25099.yaml |
Lansweeper Unauthenticated SQL Injection (CVE-2019-13462) |
cve/CVE-2019-13462.yaml |
WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting (CVE-2023-0942) |
cve/CVE-2023-0942.yaml |
Wordpress Profile Builder Plugin Cross-Site Scripting (CVE-2022-0653) |
cve/CVE-2022-0653.yaml |
Deprecated SSHv1 Protocol Detection (CVE-2001-1473) |
cve/CVE-2001-1473.yaml |
WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting (CVE-2021-24435) |
cve/CVE-2021-24435.yaml |
ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting (CVE-2022-24681) |
cve/CVE-2022-24681.yaml |
Socomec DIRIS A-40 Devices Password Disclosure (CVE-2019-15859) |
cve/CVE-2019-15859.yaml |
WordPress ProfileGrid <5.1.1 - Cross-Site Scripting (CVE-2022-3578) |
cve/CVE-2022-3578.yaml |
Rubedo CMS <=3.4.0 - Directory Traversal (CVE-2018-16836) |
cve/CVE-2018-16836.yaml |
Gogs (Go Git Service) - SQL Injection (CVE-2014-8682) |
cve/CVE-2014-8682.yaml |
Apache Log4j2 Remote Code Injection (CVE-2021-44228) |
cve/CVE-2021-44228.yaml |
ProFTPd - Remote Code Execution (CVE-2015-3306) |
cve/CVE-2015-3306.yaml |
Joomla! Component Fabrik 2.0 - Local File Inclusion (CVE-2010-1981) |
cve/CVE-2010-1981.yaml |
WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting (CVE-2022-1904) |
cve/CVE-2022-1904.yaml |
ClinicCases 7.3.3 Cross-Site Scripting (CVE-2021-38704) |
cve/CVE-2021-38704.yaml |
Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection (CVE-2021-21881) |
cve/CVE-2021-21881.yaml |
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion (CVE-2010-1980) |
cve/CVE-2010-1980.yaml |
PilusCart <=1.4.1 - Local File Inclusion (CVE-2019-16123) |
cve/CVE-2019-16123.yaml |
ReadToMyShoe - Generation of Error Message Containing Sensitive Information |
cve/CVE-2023-27587.yaml |
OEcms 3.1 - Cross-Site Scripting (CVE-2018-12095) |
cve/CVE-2018-12095.yaml |
Jeedom <=4.0.38 - Cross-Site Scripting (CVE-2020-9036) |
cve/CVE-2020-9036.yaml |
WBCE CMS v1.5.4 - Cross Site Scripting (Stored) (CVE-2022-45037) |
cve/CVE-2022-45037.yaml |
Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion (CVE-2010-2128) |
cve/CVE-2010-2128.yaml |
Microweber Information Disclosure (CVE-2022-0281) |
cve/CVE-2022-0281.yaml |
Mura CMS <10.0.580 - Authentication Bypass (CVE-2022-47003) |
cve/CVE-2022-47003.yaml |
WordPress E2Pdf <1.16.45 - Cross-Site Scripting (CVE-2022-0535) |
cve/CVE-2022-0535.yaml |
Laravel <5.5.21 - Information Disclosure (CVE-2017-16894) |
cve/CVE-2017-16894.yaml |
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (CVE-2010-2682) |
cve/CVE-2010-2682.yaml |
Monstra CMS 3.0.4 - HTTP Header Injection (CVE-2018-16979) |
cve/CVE-2018-16979.yaml |
ExponentCMS <= 2.6 - Host Header Injection (CVE-2021-38751) |
cve/CVE-2021-38751.yaml |
Joomla! Component MMS Blog 2.3.0 - Local File Inclusion (CVE-2010-1491) |
cve/CVE-2010-1491.yaml |
Apache Struts2 S2-057 - Remote Code Execution (CVE-2018-11776) |
cve/CVE-2018-11776.yaml |
Cute Editor for ASP.NET 6.4 - Cross-Site Scripting (CVE-2020-24903) |
cve/CVE-2020-24903.yaml |
SourceBans <2.0 - Cross-Site Scripting (CVE-2015-8349) |
cve/CVE-2015-8349.yaml |
WordPress BulletProof Security 5.1 Information Disclosure (CVE-2021-39327) |
cve/CVE-2021-39327.yaml |
MinIO Cluster Deployment - Information Disclosure (CVE-2023-28432) |
cve/CVE-2023-28432.yaml |
Car Rental Management System 1.0 - SQL Injection (CVE-2022-32022) |
cve/CVE-2022-32022.yaml |
Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting (CVE-2016-10973) |
cve/CVE-2016-10973.yaml |
WordPress Gift Voucher <4.1.8 - Blind SQL Injection (CVE-2018-16159) |
cve/CVE-2018-16159.yaml |
MicroStrategy Web 10.4 - Information Disclosure (CVE-2020-11450) |
cve/CVE-2020-11450.yaml |
D-Link DIR-610 Devices - Information Disclosure (CVE-2020-9376) |
cve/CVE-2020-9376.yaml |
HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass (CVE-2017-12542) |
cve/CVE-2017-12542.yaml |
PMB 7.3.10 - Cross-Site Scripting (CVE-2022-34328) |
cve/CVE-2022-34328.yaml |
Zoho ManageEngine Desktop Central - Remote Code Execution (CVE-2021-44515) |
cve/CVE-2021-44515.yaml |
DokuWiki - Cross-Site Scripting (CVE-2017-12583) |
cve/CVE-2017-12583.yaml |
Zoho manageengine - Cross-Site Scripting (CVE-2018-12998) |
cve/CVE-2018-12998.yaml |
Kentico CMS 8.2 - Open Redirect (CVE-2015-7823) |
cve/CVE-2015-7823.yaml |
WordPress Pie Register <3.7.0.1 - Cross-Site Scripting (CVE-2021-24239) |
cve/CVE-2021-24239.yaml |
Sophos UTM Preauth - Remote Code Execution (CVE-2020-25223) |
cve/CVE-2020-25223.yaml |
WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution (CVE-2021-25003) |
cve/CVE-2021-25003.yaml |
WordPress Customize Login Image <3.5.3 - Cross-Site Scripting (CVE-2021-33851) |
cve/CVE-2021-33851.yaml |
WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting (CVE-2016-1000132) |
cve/CVE-2016-1000132.yaml |
Metabase - Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/metabase-log4j.yaml |
McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting (CVE-2017-4011) |
cve/CVE-2017-4011.yaml |
Easy!Appointments <1.4.3 - Broken Access Control (CVE-2022-0482) |
cve/CVE-2022-0482.yaml |
WordPress UserPro 4.9.32 - Cross-Site Scripting (CVE-2019-14470) |
cve/CVE-2019-14470.yaml |
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44952) |
cve/CVE-2022-44952.yaml |
Graylog (Log4j) - Remote Code Execution (CVE-2021-44228) |
cve/graylog-log4j.yaml |
Eclipse Jetty - Information Disclosure (CVE-2021-28164) |
cve/CVE-2021-28164.yaml |
Apache OFBiz <17.12.07 - Arbitrary Code Execution (CVE-2021-30128) |
cve/CVE-2021-30128.yaml |
WordPress e-search <=1.0 - Cross-Site Scripting (CVE-2016-1000130) |
cve/CVE-2016-1000130.yaml |
WordPress KiviCare <2.3.9 - SQL Injection (CVE-2022-0786) |
cve/CVE-2022-0786.yaml |
SonicWall SonicOS 7.0 - Open Redirect (CVE-2021-20031) |
cve/CVE-2021-20031.yaml |
WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting (CVE-2021-24316) |
cve/CVE-2021-24316.yaml |
Yii 2 < 2.0.38 - Remote Code Execution (CVE-2020-15148) |
cve/CVE-2020-15148.yaml |
Parallels H-Sphere 3.6.1713 - Cross-Site Scripting (CVE-2022-30777) |
cve/CVE-2022-30777.yaml |
Thinfinity Iframe Injection (CVE-2021-45092) |
cve/CVE-2021-45092.yaml |
vBulletin 5.5.4 - 5.6.2- Remote Command Execution (CVE-2020-17496) |
cve/CVE-2020-17496.yaml |
Citrix SD-WAN Center - Local File Inclusion (CVE-2019-12990) |
cve/CVE-2019-12990.yaml |
Squidex <7.4.0 - Cross-Site Scripting (CVE-2023-24278) |
cve/CVE-2023-24278.yaml |
Terraboard <2.2.0 - SQL Injection (CVE-2022-1883) |
cve/CVE-2022-1883.yaml |
Yachtcontrol Webapplication 1.0 - Remote Command Injection (CVE-2019-17270) |
cve/CVE-2019-17270.yaml |
FiberHome Routers - Local File Inclusion (CVE-2017-15647) |
cve/CVE-2017-15647.yaml |
Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site |
cve/CVE-2021-42663.yaml |
Rudloff alltube prior to 3.0.1 - Open Redirect (CVE-2022-0692) |
cve/CVE-2022-0692.yaml |
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File |
cve/CVE-2021-46417.yaml |
SEO Panel 4.8.0 - Blind SQL Injection (CVE-2021-28419) |
cve/CVE-2021-28419.yaml |
ChurchCRM 4.5.3 - Cross-Site Scripting (CVE-2023-26843) |
cve/CVE-2023-26843.yaml |
Vehicle Service Management System - Stored Cross-Site Scripting (CVE-2021-46068) |
cve/CVE-2021-46068.yaml |
KR-Web <=1.1b2 - Remote File Inclusion (CVE-2009-4223) |
cve/CVE-2009-4223.yaml |
Purchase Order Management v1.0 - SQL Injection (CVE-2022-28023) |
cve/CVE-2022-28023.yaml |
WordPress FlatPM <3.0.13 - Cross-Site Scripting (CVE-2022-3934) |
cve/CVE-2022-3934.yaml |
Faculty Evaluation System v1.0 - SQL Injection (CVE-2023-33439) |
cve/CVE-2023-33439.yaml |
XStream 1.4.18 - Remote Code Execution (CVE-2021-39144) |
cve/CVE-2021-39144.yaml |
WAVLINK WN533A8 - Improper Access Control (CVE-2022-34046) |
cve/CVE-2022-34046.yaml |
KONGA 0.14.9 - Privilege Escalation (CVE-2021-42192) |
cve/CVE-2021-42192.yaml |
Hospital Management System 1.0 - SQL Injection (CVE-2022-34590) |
cve/CVE-2022-34590.yaml |
Advanced Text Widget < 2.0.2 - Cross-Site Scripting (CVE-2011-4618) |
cve/CVE-2011-4618.yaml |
CandidATS 3.0.0 - Cross-Site Scripting. (CVE-2022-42746) |
cve/CVE-2022-42746.yaml |
Ruckus Wireless Admin - Remote Code Execution (CVE-2023-25717) |
cve/CVE-2023-25717.yaml |
WordPress Simple Job Board <2.9.4 - Local File Inclusion (CVE-2020-35749) |
cve/CVE-2020-35749.yaml |
WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting (CVE-2016-1000139) |
cve/CVE-2016-1000139.yaml |
WordPress Videos sync PDF <=1.7.4 - Local File Inclusion (CVE-2022-1392) |
cve/CVE-2022-1392.yaml |
CandidATS 3.0.0 - Cross-Site Scripting (CVE-2022-42749) |
cve/CVE-2022-42749.yaml |
Debug Endpoint pprof - Exposure Detection (CVE-2019-11248) |
cve/CVE-2019-11248.yaml |
UnRaid <=6.80 - Remote Code Execution (CVE-2020-5847) |
cve/CVE-2020-5847.yaml |
Fortinet FortiOS <=5.2.3 - Cross-Site Scripting (CVE-2015-1880) |
cve/CVE-2015-1880.yaml |
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting |
cve/CVE-2022-30514.yaml |
WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting (CVE-2017-17043) |
cve/CVE-2017-17043.yaml |
Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting (CVE-2021-41349) |
cve/CVE-2021-41349.yaml |
WAVLINK WN535 G3 - Improper Access Control (CVE-2022-34576) |
cve/CVE-2022-34576.yaml |
Complete Online Job Search System 1.0 - SQL Injection (CVE-2022-32015) |
cve/CVE-2022-32015.yaml |
WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting (CVE-2012-4242) |
cve/CVE-2012-4242.yaml |
UpdraftPlus < 1.22.9 - Cross-Site Scripting (CVE-2022-0864) |
cve/CVE-2022-0864.yaml |
PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection (CVE-2020-5307) |
cve/CVE-2020-5307.yaml |
WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting (CVE-2021-24276) |
cve/CVE-2021-24276.yaml |
Joomla! Roland Breedveld Album 1.14 - Local File Inclusion (CVE-2009-3318) |
cve/CVE-2009-3318.yaml |
Webkul QloApps 1.6.0 - Cross-site Scripting (CVE-2023-36287) |
cve/CVE-2023-36287.yaml |
Babel - Open Redirect (CVE-2019-1010290) |
cve/CVE-2019-1010290.yaml |
qdPM 9.1 - Cross-site Scripting (CVE-2019-8390) |
cve/CVE-2019-8390.yaml |
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31879) |
cve/CVE-2022-31879.yaml |
NETGEAR Routers - Authentication Bypass (CVE-2017-5521) |
cve/CVE-2017-5521.yaml |
LOYTEC LGATE-902 6.3.2 - Local File Inclusion (CVE-2018-14918) |
cve/CVE-2018-14918.yaml |
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31982) |
cve/CVE-2022-31982.yaml |
Joomla! Component Matamko 1.01 - Local File Inclusion (CVE-2010-1495) |
cve/CVE-2010-1495.yaml |
Jira Netic Group Export <1.0.3 - Missing Authorization (CVE-2022-39960) |
cve/CVE-2022-39960.yaml |
DotCMS - Arbitrary File Upload (CVE-2022-26352) |
cve/CVE-2022-26352.yaml |
Kodi 17.1 - Local File Inclusion (CVE-2017-5982) |
cve/CVE-2017-5982.yaml |
Oracle WebLogic Server Deserialization - Remote Code Execution (CVE-2018-2628) |
cve/CVE-2018-2628.yaml |
Gogs <0.12.6 - Remote Command Execution (CVE-2022-0415) |
cve/CVE-2022-0415.yaml |
Joomla! Component iF surfALERT 1.2 - Local File Inclusion (CVE-2010-1717) |
cve/CVE-2010-1717.yaml |
Fortinet FortiMail 7.0.1 - Cross-Site Scripting (CVE-2021-43062) |
cve/CVE-2021-43062.yaml |
WordPress Ad Inserter <2.7.10 - Cross-Site Scripting (CVE-2022-0288) |
cve/CVE-2022-0288.yaml |
WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting (CVE-2022-2546) |
cve/CVE-2022-2546.yaml |
eShop 3.0.4 - Cross-Site Scripting (CVE-2022-35493) |
cve/CVE-2022-35493.yaml |
CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution (CVE-2022-44877) |
cve/CVE-2022-44877.yaml |
Codoforum 5.1 - Arbitrary File Upload (CVE-2022-31854) |
cve/CVE-2022-31854.yaml |
Rukovoditel <= 2.7.2 - Cross Site Scripting (CVE-2020-35985) |
cve/CVE-2020-35985.yaml |
WordPress WP JobSearch <1.5.1 - Cross-Site Scripting (CVE-2022-1168) |
cve/CVE-2022-1168.yaml |
Kirona Dynamic Resource Scheduler - Information Disclosure (CVE-2019-17503) |
cve/CVE-2019-17503.yaml |
IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution (CVE-2022-47986) |
cve/CVE-2022-47986.yaml |
WordPress Jannah Theme <5.4.4 - Cross-Site Scripting (CVE-2021-24364) |
cve/CVE-2021-24364.yaml |
WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect |
cve/CVE-2021-25074.yaml |
ManageEngine ADManager Plus - Command Injection (CVE-2023-29084) |
cve/CVE-2023-29084.yaml |
Joomla! Component ZiMBCore 0.1 - Local File Inclusion (CVE-2010-1603) |
cve/CVE-2010-1603.yaml |
WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting (CVE-2021-24510) |
cve/CVE-2021-24510.yaml |
WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting (CVE-2021-24436) |
cve/CVE-2021-24436.yaml |
WordPress Admin Font Editor <=1.8 - Cross-Site Scripting (CVE-2016-1000138) |
cve/CVE-2016-1000138.yaml |
Citrix XenMobile Server - Local File Inclusion (CVE-2020-8209) |
cve/CVE-2020-8209.yaml |
Apache Struts 2.0.0-2.5.25 - Remote Code Execution (CVE-2020-17530) |
cve/CVE-2020-17530.yaml |
Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login (CVE-2021-24647) |
cve/CVE-2021-24647.yaml |
NETGEAR WNAP320 Access Point Firmware - Remote Command Injection (CVE-2016-1555) |
cve/CVE-2016-1555.yaml |
WordPress Nirweb Support <2.8.2 - SQL Injection (CVE-2022-0781) |
cve/CVE-2022-0781.yaml |
Jellyfin <10.7.0 - Local File Inclusion (CVE-2021-21402) |
cve/CVE-2021-21402.yaml |
WordPress Realteo <=1.2.3 - Cross-Site Scripting (CVE-2021-24237) |
cve/CVE-2021-24237.yaml |
WordPress Perfect Survey<1.5.2 - SQL Injection (CVE-2021-24762) |
cve/CVE-2021-24762.yaml |
Agentejo Cockpit <0.11.2 - NoSQL Injection (CVE-2020-35847) |
cve/CVE-2020-35847.yaml |
Atlassian Confluence Download Attachments - Remote Code Execution (CVE-2019-3398) |
cve/CVE-2019-3398.yaml |
Rosario Student Information System Unauthenticated SQL Injection (CVE-2021-44427) |
cve/CVE-2021-44427.yaml |
Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution (CVE-2021-3129) |
cve/CVE-2021-3129.yaml |
Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery |
cve/CVE-2020-24148.yaml |
WordPress Spreadsheet - Cross-Site Scripting (CVE-2013-6281) |
cve/CVE-2013-6281.yaml |
Joomla! Component BeeHeard 1.0 - Local File Inclusion (CVE-2010-1952) |
cve/CVE-2010-1952.yaml |
WordPress IWS Geo Form Fields <=1.0 - SQL Injection (CVE-2022-4117) |
cve/CVE-2022-4117.yaml |
Joomla! Component com_bfsurvey - Local File Inclusion (CVE-2010-2259) |
cve/CVE-2010-2259.yaml |
HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting (CVE-2022-0218) |
cve/CVE-2022-0218.yaml |
ShellShock - Remote Code Execution (CVE-2014-6271) |
cve/CVE-2014-6271.yaml |
Webkul QloApps 1.5.2 - Cross-site Scripting (CVE-2023-30256) |
cve/CVE-2023-30256.yaml |
ThinkAdmin 6 - Local File Inclusion (CVE-2020-25540) |
cve/CVE-2020-25540.yaml |
WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting (CVE-2015-6920) |
cve/CVE-2015-6920.yaml |
Gibbon v25.0.0 - Local File Inclusion (CVE-2023-34598) |
cve/CVE-2023-34598.yaml |
Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion (CVE-2009-4202) |
cve/CVE-2009-4202.yaml |
Home Assistant Supervisor - Authentication Bypass (CVE-2023-27482) |
cve/CVE-2023-27482.yaml |
Revive Adserver 4.2 - Remote Code Execution (CVE-2019-5434) |
cve/CVE-2019-5434.yaml |
WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting (CVE-2021-24235) |
cve/CVE-2021-24235.yaml |
Oracle Business Intelligence/XML Publisher - XML External Entity Injection |
cve/CVE-2019-2616.yaml |
Joomla! ChronoForums 2.0.11 - Local File Inclusion (CVE-2021-28377) |
cve/CVE-2021-28377.yaml |
ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval (CVE-2017-11512) |
cve/CVE-2017-11512.yaml |
Joomla! Component Juke Box 1.7 - Local File Inclusion (CVE-2010-1352) |
cve/CVE-2010-1352.yaml |
WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting (CVE-2020-7107) |
cve/CVE-2020-7107.yaml |
Hikvision IP camera/NVR - Remote Command Execution (CVE-2021-36260) |
cve/CVE-2021-36260.yaml |
Harbor <=1.82.0 - Privilege Escalation (CVE-2019-16097) |
cve/CVE-2019-16097.yaml |
Linear eMerge E3 - Cross-Site Scripting (CVE-2019-7255) |
cve/CVE-2019-7255.yaml |
Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion (CVE-2010-1532) |
cve/CVE-2010-1532.yaml |
PHPUnit - Remote Code Execution (CVE-2017-9841) |
cve/CVE-2017-9841.yaml |
Rundeck - Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/rundeck-log4j.yaml |
DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery (CVE-2017-0929) |
cve/CVE-2017-0929.yaml |
Node RED Dashboard <2.26.2 - Local File Inclusion (CVE-2021-3223) |
cve/CVE-2021-3223.yaml |
WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload (CVE-2021-24155) |
cve/CVE-2021-24155.yaml |
Jboss Application Server - Remote Code Execution (CVE-2017-12149) |
cve/CVE-2017-12149.yaml |
Geoserver - Server-Side Request Forgery (CVE-2021-40822) |
cve/CVE-2021-40822.yaml |
Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities |
cve/CVE-2012-1226.yaml |
Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting (CVE-2020-2036) |
cve/CVE-2020-2036.yaml |
Wavlink WN-535G3 - Cross-Site Scripting (CVE-2022-30489) |
cve/CVE-2022-30489.yaml |
PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection (CVE-2021-36748) |
cve/CVE-2021-36748.yaml |
Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect (CVE-2017-3528) |
cve/CVE-2017-3528.yaml |
Horde Groupware Unauthenticated Admin Access (CVE-2005-3344) |
cve/CVE-2005-3344.yaml |
Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor (CVE-2021-40859) |
cve/CVE-2021-40859.yaml |
Symmetricom SyncServer Unauthenticated - Remote Command Execution (CVE-2022-40022) |
cve/CVE-2022-40022.yaml |
D-Link DVG-N5402SP - Local File Inclusion (CVE-2015-7245) |
cve/CVE-2015-7245.yaml |
Oracle Weblogic - SSRF in SearchPublicRegistries.jsp (CVE-2014-4210) |
cve/CVE-2014-4210.yaml |
WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting (CVE-2017-17059) |
cve/CVE-2017-17059.yaml |
Akkadian Provisioning Manager - Information Disclosure (CVE-2021-31581) |
cve/CVE-2021-31581.yaml |
Umbraco <7.4.0- Server-Side Request Forgery (CVE-2015-8813) |
cve/CVE-2015-8813.yaml |
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44949) |
cve/CVE-2022-44949.yaml |
Cuppa CMS v1.0 - SQL injection (CVE-2022-24265) |
cve/CVE-2022-24265.yaml |
Zabbix - SQL Injection (CVE-2016-10134) |
cve/CVE-2016-10134.yaml |
WordPress WHIZZ <=1.0.7 - Cross-Site Scripting (CVE-2016-1000154) |
cve/CVE-2016-1000154.yaml |
Simple Online Planning Tool <1.3.2 - Local File Inclusion (CVE-2014-8676) |
cve/CVE-2014-8676.yaml |
Nova noVNC - Open Redirect (CVE-2021-3654) |
cve/CVE-2021-3654.yaml |
SolarWinds Serv-U 15.3 - Directory Traversal (CVE-2021-35250) |
cve/CVE-2021-35250.yaml |
LumisXP <10.0.0 - Blind XML External Entity Attack (CVE-2021-27931) |
cve/CVE-2021-27931.yaml |
NetBiblio WebOPAC - Cross-Site Scripting (CVE-2021-42551) |
cve/CVE-2021-42551.yaml |
Reflected XSS - Telerik Reporting Module (CVE-2017-9140) |
cve/CVE-2017-9140.yaml |
MaxSite CMS Cross-Site Scripting (CVE-2021-35265) |
cve/CVE-2021-35265.yaml |
D-Link DNS-320 - Unauthenticated Remote Code Execution (CVE-2020-25506) |
cve/CVE-2020-25506.yaml |
Cisco CloudCenter Suite (Log4j) - Remote Code Execution (CVE-2021-44228) |
cve/cisco-cloudcenter-suite-log4j-rce.yaml |
Revive Adserver <5.1.0 - Open Redirect (CVE-2021-22873) |
cve/CVE-2021-22873.yaml |
Netmask NPM Package - Server-Side Request Forgery (CVE-2021-28918) |
cve/CVE-2021-28918.yaml |
Vehicle Service Management System 1.0 - Stored Cross Site Scripting (CVE-2021-46069) |
cve/CVE-2021-46069.yaml |
Temenos T24 R20 - Cross-Site Scripting (CVE-2023-24367) |
cve/CVE-2023-24367.yaml |
Joomla! Component AWDwall 1.5.4 - Local File Inclusion (CVE-2010-1494) |
cve/CVE-2010-1494.yaml |
OpenCATS 0.9.6 - Cross-Site Scripting (CVE-2022-43015) |
cve/CVE-2022-43015.yaml |
Jeecg P3 Biz Chat - Local File Inclusion (CVE-2023-33510) |
cve/CVE-2023-33510.yaml |
NexusDB <4.50.23 - Local File Inclusion (CVE-2020-24571) |
cve/CVE-2020-24571.yaml |
WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read (CVE-2021-24947) |
cve/CVE-2021-24947.yaml |
IceWarp WebMail 11.4.5.0 - Cross-Site Scripting (CVE-2020-27982) |
cve/CVE-2020-27982.yaml |
Sitecore Experience Platform Pre-Auth RCE (CVE-2021-42237) |
cve/CVE-2021-42237.yaml |
Joomla! Component com_abbrev - Local File Inclusion (CVE-2010-0985) |
cve/CVE-2010-0985.yaml |
Erxes <0.23.0 - Cross-Site Scripting (CVE-2021-32853) |
cve/CVE-2021-32853.yaml |
Alfresco Share - Open Redirect (CVE-2019-14223) |
cve/CVE-2019-14223.yaml |
PHP Proxy 3.0.3 - Local File Inclusion (CVE-2018-19458) |
cve/CVE-2018-19458.yaml |
Sophos Firewall <=18.5 MR3 - Remote Code Execution (CVE-2022-1040) |
cve/CVE-2022-1040.yaml |
GitLab CE/EE - Information Disclosure (CVE-2022-0735) |
cve/CVE-2022-0735.yaml |
Totaljs <3.2.3 - Local File Inclusion (CVE-2019-8903) |
cve/CVE-2019-8903.yaml |
Advantech R-SeeNet - Cross-Site Scripting (CVE-2021-21802) |
cve/CVE-2021-21802.yaml |
DedeCMS 5.7 - Path Disclosure (CVE-2018-6910) |
cve/CVE-2018-6910.yaml |
Apache Struts2 S2-052 - Remote Code Execution (CVE-2017-9805) |
cve/CVE-2017-9805.yaml |
Pre-Auth Takeover of Build Pipelines in GoCD (CVE-2021-43287) |
cve/CVE-2021-43287.yaml |
Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion (CVE-2018-16133) |
cve/CVE-2018-16133.yaml |
Opencart Divido - Sql Injection (CVE-2018-11231) |
cve/CVE-2018-11231.yaml |
Microsoft FrontPage Extensions Check (shtml.dll) (CVE-2000-0114) |
cve/CVE-2000-0114.yaml |
Caddy 2.4.6 - Open Redirect (CVE-2022-28923) |
cve/CVE-2022-28923.yaml |
Schools Alert Management Script - Arbitrary File Read (CVE-2018-12054) |
cve/CVE-2018-12054.yaml |
VelotiSmart Wifi - Directory Traversal (CVE-2018-14064) |
cve/CVE-2018-14064.yaml |
YouPHPTube Encoder 2.3 - Remote Command Injection (CVE-2019-5127) |
cve/CVE-2019-5127.yaml |
Masa CMS - Authentication Bypass (CVE-2022-47002) |
cve/CVE-2022-47002.yaml |
WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference (CVE-2020-13700) |
cve/CVE-2020-13700.yaml |
iSpy 7.2.2.0 - Authentication Bypass (CVE-2022-29775) |
cve/CVE-2022-29775.yaml |
Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion (CVE-2010-1081) |
cve/CVE-2010-1081.yaml |
rConfig <=3.9.4 - SQL Injection (CVE-2020-10549) |
cve/CVE-2020-10549.yaml |
NCBI ToolBox - Directory Traversal (CVE-2018-16716) |
cve/CVE-2018-16716.yaml |
BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting (CVE-2021-31589) |
cve/CVE-2021-31589.yaml |
phpPgAdmin <=4.1.1 - Cross-Site Scripting (CVE-2007-5728) |
cve/CVE-2007-5728.yaml |
Popup by Supsystic <1.10.5 - Cross-Site scripting (CVE-2021-24275) |
cve/CVE-2021-24275.yaml |
WordPress Copyright Proof <=4.16 - Cross-Site-Scripting (CVE-2022-1906) |
cve/CVE-2022-1906.yaml |
Yonyou U8 13.0 - Cross-Site Scripting (CVE-2022-26263) |
cve/CVE-2022-26263.yaml |
Zimbra Collaboration (ZCS) - Cross Site Scripting (CVE-2022-27926) |
cve/CVE-2022-27926.yaml |
WordPress PayPal Pro <1.1.65 - SQL Injection (CVE-2020-14092) |
cve/CVE-2020-14092.yaml |
D-Link Routers - Local File Inclusion (CVE-2018-10822) |
cve/CVE-2018-10822.yaml |
Cisco HyperFlex HX Data Platform - Remote Command Execution (CVE-2021-1498) |
cve/CVE-2021-1498.yaml |
Oracle Access Manager - Remote Code Execution (CVE-2021-35587) |
cve/CVE-2021-35587.yaml |
Apereo CAS Cross-Site Scripting (CVE-2021-42567) |
cve/CVE-2021-42567.yaml |
Nuxeo <10.3 - Remote Code Execution (CVE-2018-16341) |
cve/CVE-2018-16341.yaml |
SolarView Compact <= 6.00 - Local File Inclusion (CVE-2023-29919) |
cve/CVE-2023-29919.yaml |
Confluence Server - Remote Code Execution (CVE-2021-26084) |
cve/CVE-2021-26084.yaml |
XStream 1.4.18 - Arbitrary Code Execution (CVE-2021-39146) |
cve/CVE-2021-39146.yaml |
Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection |
cve/CVE-2020-35338.yaml |
RevealJS postMessage <4.3.0 - Cross-Site Scripting (CVE-2022-0776) |
cve/CVE-2022-0776.yaml |
Magmi 0.7.22 - Cross-Site Scripting (CVE-2017-7391) |
cve/CVE-2017-7391.yaml |
Horde/Horde Groupware - Local File Inclusion (CVE-2009-0932) |
cve/CVE-2009-0932.yaml |
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19749) |
cve/CVE-2018-19749.yaml |
PDF Generator for WordPress < 1.1.2 - Cross Site Scripting (CVE-2022-4321) |
cve/CVE-2022-4321.yaml |
Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting |
cve/CVE-2018-3238.yaml |
Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting (CVE-2019-7219) |
cve/CVE-2019-7219.yaml |
Django Debug Page - Cross-Site Scripting (CVE-2017-12794) |
cve/CVE-2017-12794.yaml |
Jolokia 1.3.7 - Cross-Site Scripting (CVE-2018-1000129) |
cve/CVE-2018-1000129.yaml |
Adobe ColdFusion - Unrestricted File Upload Remote Code Execution (CVE-2018-15961) |
cve/CVE-2018-15961.yaml |
ifw8 Router ROM v4.31 - Credential Discovery (CVE-2019-16313) |
cve/CVE-2019-16313.yaml |
Cachet <=2.3.18 - SQL Injection (CVE-2021-39165) |
cve/CVE-2021-39165.yaml |
HotelDruid 2.3.0 - Cross-Site Scripting (CVE-2019-8937) |
cve/CVE-2019-8937.yaml |
strapi CMS <3.0.0-beta.17.5 - Admin Password Reset (CVE-2019-18818) |
cve/CVE-2019-18818.yaml |
GenieACS => 1.2.8 - OS Command Injection (CVE-2021-46704) |
cve/CVE-2021-46704.yaml |
Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion (CVE-2010-3426) |
cve/CVE-2010-3426.yaml |
Django SQL Injection (CVE-2020-9402) |
cve/CVE-2020-9402.yaml |
Fortinet - Authentication Bypass (CVE-2022-40684) |
cve/CVE-2022-40684.yaml |
Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass (CVE-2021-40856) |
cve/CVE-2021-40856.yaml |
ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure (CVE-2015-0554) |
cve/CVE-2015-0554.yaml |
WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion |
cve/CVE-2017-1000170.yaml |
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected) (CVE-2021-43725) |
cve/CVE-2021-43725.yaml |
WordPress English Admin <1.5.2 - Open Redirect (CVE-2021-25111) |
cve/CVE-2021-25111.yaml |
Joomla! Harmis Messenger 1.2.2 - Local File Inclusion (CVE-2019-9922) |
cve/CVE-2019-9922.yaml |
TP-Link - OS Command Injection (CVE-2021-41653) |
cve/CVE-2021-41653.yaml |
LabKey Server Community Edition <18.3.0 - Open Redirect (CVE-2019-3912) |
cve/CVE-2019-3912.yaml |
Ruby Dragonfly <1.4.0 - Remote Code Execution (CVE-2021-33564) |
cve/CVE-2021-33564.yaml |
WordPress JoomSport <5.2.8 - SQL Injection (CVE-2022-4050) |
cve/CVE-2022-4050.yaml |
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-20011) |
cve/CVE-2018-20011.yaml |
WordPress Personal Dictionary <1.3.4 - Blind SQL Injection (CVE-2022-1013) |
cve/CVE-2022-1013.yaml |
Apache Airflow - Unauthenticated Variable Import (CVE-2021-38540) |
cve/CVE-2021-38540.yaml |
Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion (CVE-2010-1955) |
cve/CVE-2010-1955.yaml |
Apache OFBiz 17.12.03 - Cross-Site Scripting (CVE-2020-9496) |
cve/CVE-2020-9496.yaml |
WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting (CVE-2021-24320) |
cve/CVE-2021-24320.yaml |
HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass (CVE-2021-29203) |
cve/CVE-2021-29203.yaml |
Oracle Business Intelligence Publisher - XML External Entity Injection (CVE-2019-2767) |
cve/CVE-2019-2767.yaml |
IBM WebSphere HCL Digital Experience - Server-Side Request Forgery (CVE-2021-27748) |
cve/CVE-2021-27748.yaml |
Navigate CMS 2.9.4 - Server-Side Request Forgery (CVE-2022-28117) |
cve/CVE-2022-28117.yaml |
Micro Focus Operations Bridge Reporter - Remote Code Execution (CVE-2021-22502) |
cve/CVE-2021-22502.yaml |
Joomla! Component Web TV 1.0 - Local File Inclusion (CVE-2010-1470) |
cve/CVE-2010-1470.yaml |
SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition (CVE-2020-6287) |
cve/CVE-2020-6287.yaml |
WordPress Localize My Post 1.0 - Local File Inclusion (CVE-2018-16299) |
cve/CVE-2018-16299.yaml |
WWBN AVideo 11.6 - Cross-Site Scripting (CVE-2022-32771) |
cve/CVE-2022-32771.yaml |
Forescout CounterACT 6.3.4.1 - Open Redirect (CVE-2012-4982) |
cve/CVE-2012-4982.yaml |
Drupal - Remote Code Execution (CVE-2018-7600) |
cve/CVE-2018-7600.yaml |
IceWarp Mail Server <11.1.1 - Directory Traversal (CVE-2015-1503) |
cve/CVE-2015-1503.yaml |
Oracle E-Business Suite <=12.2 - Authentication Bypass (CVE-2022-21500) |
cve/CVE-2022-21500.yaml |
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19137) |
cve/CVE-2018-19137.yaml |
WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting (CVE-2021-24452) |
cve/CVE-2021-24452.yaml |
Fortinet FortiOS - Open Redirect/Cross-Site Scripting (CVE-2016-3978) |
cve/CVE-2016-3978.yaml |
Joomla! Component Arcade Games 1.0 - Local File Inclusion (CVE-2010-1714) |
cve/CVE-2010-1714.yaml |
WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File |
cve/CVE-2021-24145.yaml |
WordPress CDI <5.1.9 - Cross Site Scripting (CVE-2022-1933) |
cve/CVE-2022-1933.yaml |
vBulletin <= 4.2.3 - SQL Injection (CVE-2016-6195) |
cve/CVE-2016-6195.yaml |
Cisco SD-WAN vManage Software - Local File Inclusion (CVE-2020-26073) |
cve/CVE-2020-26073.yaml |
FortiWeb - Cross-Site Scripting (CVE-2021-22122) |
cve/CVE-2021-22122.yaml |
Cuppa CMS v1.0 - SQL injection (CVE-2022-24264) |
cve/CVE-2022-24264.yaml |
Fortinet FortiOS - Credentials Disclosure (CVE-2018-13379) |
cve/CVE-2018-13379.yaml |
Cisco ASA/FTD Software - Cross-Site Scripting (CVE-2020-3580) |
cve/CVE-2020-3580.yaml |
WordPress WPS Hide Login <1.9.1 - Information Disclosure (CVE-2021-24917) |
cve/CVE-2021-24917.yaml |
Joomla! RSfiles <=1.0.2 - Local File Inclusion (CVE-2007-4504) |
cve/CVE-2007-4504.yaml |
IND780 - Local File Inclusion (CVE-2021-40661) |
cve/CVE-2021-40661.yaml |
Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery |
cve/CVE-2017-9506.yaml |
WOOF WordPress plugin - Cross-Site Scripting (CVE-2021-25085) |
cve/CVE-2021-25085.yaml |
WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting |
cve/CVE-2022-1916.yaml |
Onkyo TX-NR585 Web Interface - Directory Traversal (CVE-2020-12447) |
cve/CVE-2020-12447.yaml |
OpenNMS - JNDI Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/opennms-log4j-jndi-rce.yaml |
T24 Web Server - Local File Inclusion (CVE-2019-14251) |
cve/CVE-2019-14251.yaml |
VMware Horizon - JNDI Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/vmware-horizon-log4j-jndi-rce.yaml |
Ulterius Server < 1.9.5.0 - Directory Traversal (CVE-2017-16806) |
cve/CVE-2017-16806.yaml |
Movies <= 0.6 - Cross-Site Scripting (CVE-2014-4539) |
cve/CVE-2014-4539.yaml |
Joomla! MooFAQ 1.0 - Local File Inclusion (CVE-2009-2015) |
cve/CVE-2009-2015.yaml |
Drawio <18.0.4 - Server-Side Request Forgery (CVE-2022-1713) |
cve/CVE-2022-1713.yaml |
Drupal SQL Injection (CVE-2014-3704) |
cve/CVE-2014-3704.yaml |
webEdition 6.3.8.0 - Directory Traversal (CVE-2014-5258) |
cve/CVE-2014-5258.yaml |
Suprema BioStar <2.8.2 - Local File Inclusion (CVE-2020-15050) |
cve/CVE-2020-15050.yaml |
Apache Tomcat - Cross-Site Scripting (CVE-2019-0221) |
cve/CVE-2019-0221.yaml |
WordPress Sniplets <=1.2.2 - Cross-Site Scripting (CVE-2008-1061) |
cve/CVE-2008-1061.yaml |
11in1 CMS 1.2.1 - Local File Inclusion (LFI) (CVE-2012-0996) |
cve/CVE-2012-0996.yaml |
MovableType - Remote Command Injection (CVE-2021-20837) |
cve/CVE-2021-20837.yaml |
WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection (CVE-2021-32789) |
cve/CVE-2021-32789.yaml |
Gibbon v25.0.0 - Cross-Site Scripting (CVE-2023-34599) |
cve/CVE-2023-34599.yaml |
WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection (CVE-2022-45805) |
cve/CVE-2022-45805.yaml |
WordPress Permalink Manager <2.2.15 - Cross-Site Scripting (CVE-2022-0201) |
cve/CVE-2022-0201.yaml |
Apache Tomcat - Remote Code Execution (CVE-2017-12617) |
cve/CVE-2017-12617.yaml |
Buffalo WSR-2533DHPL2 - Improper Access Control (CVE-2021-20092) |
cve/CVE-2021-20092.yaml |
WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting (CVE-2016-1000134) |
cve/CVE-2016-1000134.yaml |
FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting (CVE-2017-14186) |
cve/CVE-2017-14186.yaml |
ACME mini_httpd <1.30 - Local File Inclusion (CVE-2018-18778) |
cve/CVE-2018-18778.yaml |
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion (CVE-2023-26255) |
cve/CVE-2023-26255.yaml |
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43170) |
cve/CVE-2022-43170.yaml |
Cisco Unified Communications Manager 7/8/9 - Directory Traversal (CVE-2013-5528) |
cve/CVE-2013-5528.yaml |
Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control |
cve/CVE-2019-2578.yaml |
myfactory FMS - Cross-Site Scripting (CVE-2021-42565) |
cve/CVE-2021-42565.yaml |
Spring Boot Actuator Logview Directory Traversal (CVE-2021-21234) |
cve/CVE-2021-21234.yaml |
WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval (CVE-2015-4694) |
cve/CVE-2015-4694.yaml |
WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting (CVE-2021-34643) |
cve/CVE-2021-34643.yaml |
Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense |
cve/CVE-2020-3187.yaml |
Cisco vManage (Log4j) - Remote Code Execution (CVE-2021-44228) |
cve/cisco-vmanage-log4j.yaml |
Apache Solr <=8.3.1 - Remote Code Execution (CVE-2019-17558) |
cve/CVE-2019-17558.yaml |
Joomla! Component Canteen 1.0 - Local File Inclusion (CVE-2010-4977) |
cve/CVE-2010-4977.yaml |
BuddyPress REST API <7.2.1 - Privilege Escalation/Remote Code Execution (CVE-2021-21389) |
cve/CVE-2021-21389.yaml |
External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request |
cve/CVE-2022-1398.yaml |
Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF) |
cve/CVE-2020-10770.yaml |
BigAnt Server v5.6.06 - Local File Inclusion (CVE-2022-23347) |
cve/CVE-2022-23347.yaml |
Ncomputing vSPace Pro 10 and 11 - Directory Traversal (CVE-2018-10201) |
cve/CVE-2018-10201.yaml |
phpMyAdmin < 5.1.2 - Cross-Site Scripting (CVE-2022-23808) |
cve/CVE-2022-23808.yaml |
WAVLINK WN530HG4 - Improper Access Control (CVE-2022-34049) |
cve/CVE-2022-34049.yaml |
IceWarp Mail Server - Open Redirect (CVE-2021-36580) |
cve/CVE-2021-36580.yaml |
WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting |
cve/CVE-2021-24335.yaml |
Simple File List < 4.4.12 - Cross Site Scripting (CVE-2022-3062) |
cve/CVE-2022-3062.yaml |
VMware HCX - Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/vmware-hcx-log4j.yaml |
WP Planet <= 0.1 - Cross-Site Scripting (CVE-2014-4592) |
cve/CVE-2014-4592.yaml |
74cms - ajax_officebuilding.php SQL Injection (CVE-2020-22210) |
cve/CVE-2020-22210.yaml |
Ivanti EPM Cloud Services Appliance Code Injection (CVE-2021-44529) |
cve/CVE-2021-44529.yaml |
SCIMono <0.0.19 - Remote Code Execution (CVE-2021-21479) |
cve/CVE-2021-21479.yaml |
Contao <4.13.3 - Cross-Site Scripting (CVE-2022-24899) |
cve/CVE-2022-24899.yaml |
DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution (CVE-2018-7700) |
cve/CVE-2018-7700.yaml |
OpenSymphony XWork/Apache Struts2 - Remote Code Execution (CVE-2007-4556) |
cve/CVE-2007-4556.yaml |
DomainMOD 4.11.01 - Cross-Site Scripting (CVE-2018-19751) |
cve/CVE-2018-19751.yaml |
Apache Superset - Authentication Bypass (CVE-2023-27524) |
cve/CVE-2023-27524.yaml |
CData RSB Connect v22.0.8336 - Server Side Request Forgery (CVE-2023-24243) |
cve/CVE-2023-24243.yaml |
WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal (CVE-2013-7240) |
cve/CVE-2013-7240.yaml |
WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery |
cve/CVE-2022-45835.yaml |
myfactory FMS - Cross-Site Scripting (CVE-2021-42566) |
cve/CVE-2021-42566.yaml |
Vehicle Service Management System 1.0 - Cross Site Scripting (CVE-2021-46073) |
cve/CVE-2021-46073.yaml |
WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting (CVE-2021-39322) |
cve/CVE-2021-39322.yaml |
Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal (CVE-2018-19365) |
cve/CVE-2018-19365.yaml |
XStream <1.4.17 - Remote Code Execution (CVE-2021-29505) |
cve/CVE-2021-29505.yaml |
GLPI <9.4.6 - Open Redirect (CVE-2020-11034) |
cve/CVE-2020-11034.yaml |
Webmin <1.990 - Improper Access Control (CVE-2022-0824) |
cve/CVE-2022-0824.yaml |
OpenCATS - Open Redirect (CVE-2023-27292) |
cve/CVE-2023-27292.yaml |
twitter-server Cross-Site Scripting (CVE-2020-35774) |
cve/CVE-2020-35774.yaml |
Fortra GoAnywhere MFT - Remote Code Execution (CVE-2023-0669) |
cve/CVE-2023-0669.yaml |
D-Link DAP-1620 - Local File Inclusion (CVE-2021-46381) |
cve/CVE-2021-46381.yaml |
Apache Struts2 S2-053 - Remote Code Execution (CVE-2017-12611) |
cve/CVE-2017-12611.yaml |
BigAnt Server 5.6.06 - Improper Access Control (CVE-2022-23348) |
cve/CVE-2022-23348.yaml |
Openemr < 7.0.0.1 - Cross-Site Scripting (CVE-2022-2733) |
cve/CVE-2022-2733.yaml |
WSO2 - Cross-Site Scripting (CVE-2022-29548) |
cve/CVE-2022-29548.yaml |
WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability |
cve/CVE-2022-27849.yaml |
Microweber <1.1.20 - Information Disclosure (CVE-2020-13405) |
cve/CVE-2020-13405.yaml |
Microweber <1.2.12 - Integer Overflow (CVE-2022-0968) |
cve/CVE-2022-0968.yaml |
HP System Management Homepage (SMH) v2.x.x.x - Open Redirect (CVE-2010-1586) |
cve/CVE-2010-1586.yaml |
Belkin N150 Router 1.00.08/1.00.09 - Path Traversal (CVE-2014-2962) |
cve/CVE-2014-2962.yaml |
DVDFab 12 Player/PlayerFab - Local File Inclusion (CVE-2022-25216) |
cve/CVE-2022-25216.yaml |
WordPress Post Grid <2.1.8 - Cross-Site Scripting (CVE-2021-24488) |
cve/CVE-2021-24488.yaml |
Inspur ClusterEngine 4.0 - Remote Code Execution (CVE-2020-21224) |
cve/CVE-2020-21224.yaml |
ZZcms - Cross-Site Scripting (CVE-2020-20285) |
cve/CVE-2020-20285.yaml |
WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting |
cve/CVE-2022-0599.yaml |
Jira Improper Authorization (CVE-2019-8446) |
cve/CVE-2019-8446.yaml |
Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion (CVE-2018-19326) |
cve/CVE-2018-19326.yaml |
WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials (CVE-2022-35413) |
cve/CVE-2022-35413.yaml |
pfSense pfBlockerNG <=2.1..4_26 - OS Command Injection (CVE-2022-31814) |
cve/CVE-2022-31814.yaml |
WordPress Jannah Theme <5.4.5 - Cross-Site Scripting (CVE-2021-24407) |
cve/CVE-2021-24407.yaml |
Orange Forum 1.4.0 - Open Redirect (CVE-2018-14474) |
cve/CVE-2018-14474.yaml |
WordPress Booking Calendar <3.2.2 - Arbitrary File Upload (CVE-2022-3982) |
cve/CVE-2022-3982.yaml |
Elasticsearch 5 - Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/elasticsearch5-log4j-rce.yaml |
Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting (CVE-2018-10141) |
cve/CVE-2018-10141.yaml |
Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting |
cve/CVE-2021-46005.yaml |
JFrog Artifactory 6.7.3 - Admin Login Bypass (CVE-2019-9733) |
cve/CVE-2019-9733.yaml |
Joomla! Component PicSell 1.0 - Arbitrary File Retrieval (CVE-2010-3203) |
cve/CVE-2010-3203.yaml |
Jeecg-boot 3.5.0 qurestSql - SQL Injection (CVE-2023-1454) |
cve/CVE-2023-1454.yaml |
WordPress StageShow <5.0.9 - Open Redirect (CVE-2015-5461) |
cve/CVE-2015-5461.yaml |
Joomla! ProDesk 1.0/1.2 - Local File Inclusion (CVE-2008-6222) |
cve/CVE-2008-6222.yaml |
SkyWalking SQLI (CVE-2020-9483) |
cve/CVE-2020-9483.yaml |
Ericsson Drutt MSDP - Local File Inclusion (CVE-2015-2166) |
cve/CVE-2015-2166.yaml |
Joomla! Component Percha Fields Attach 1.0 - Directory Traversal (CVE-2010-2036) |
cve/CVE-2010-2036.yaml |
Directorist < 7.5.4 - Local File Inclusion (CVE-2023-2252) |
cve/CVE-2023-2252.yaml |
LearnPress <4.1.6 - Cross-Site Scripting (CVE-2022-0271) |
cve/CVE-2022-0271.yaml |
PhpColl 2.5.1 Arbitrary File Upload (CVE-2017-6090) |
cve/CVE-2017-6090.yaml |
Joomla! Component DW Graph - Local File Inclusion (CVE-2010-1302) |
cve/CVE-2010-1302.yaml |
MOVEit Transfer - SQL Injection (CVE-2023-36934) |
cve/CVE-2023-36934.yaml |
WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload (CVE-2022-1952) |
cve/CVE-2022-1952.yaml |
eMerge E3 1.00-06 - Local File Inclusion (CVE-2019-7254) |
cve/CVE-2019-7254.yaml |
Nagios XI 5.7.5 - Cross-Site Scripting (CVE-2021-25299) |
cve/CVE-2021-25299.yaml |
DedeCMS 5.7 SP2 - Cross-Site Scripting (CVE-2018-18608) |
cve/CVE-2018-18608.yaml |
WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness (CVE-2021-34621) |
cve/CVE-2021-34621.yaml |
Apache Airflow <1.10.14 - Authentication Bypass (CVE-2020-17526) |
cve/CVE-2020-17526.yaml |
Atlassian Jira Limited - Local File Inclusion (CVE-2021-26086) |
cve/CVE-2021-26086.yaml |
Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass |
cve/CVE-2021-31602.yaml |
Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion |
cve/CVE-2010-1475.yaml |
CMSimple 3.1 - Local File Inclusion (CVE-2008-2650) |
cve/CVE-2008-2650.yaml |
Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion (CVE-2020-35951) |
cve/CVE-2020-35951.yaml |
Flyte Console <0.52.0 - Server-Side Request Forgery (CVE-2022-24856) |
cve/CVE-2022-24856.yaml |
Grafana Unauthenticated Snapshot Creation (CVE-2021-27358) |
cve/CVE-2021-27358.yaml |
Spring Data Commons - Remote Code Execution (CVE-2018-1273) |
cve/CVE-2018-1273.yaml |
WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset (CVE-2023-32243) |
cve/CVE-2023-32243.yaml |
VMware Site Recovery Manager - Remote Code Execution (Apache Log4j) (CVE-2021-44228) |
cve/vmware-siterecovery-log4j-rce.yaml |
Geutebruck - Remote Command Injection (CVE-2021-33544) |
cve/CVE-2021-33544.yaml |
Apache Tomcat - Open Redirect (CVE-2018-11784) |
cve/CVE-2018-11784.yaml |
WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting (CVE-2022-4260) |
cve/CVE-2022-4260.yaml |
phpShowtime 2.0 - Directory Traversal (CVE-2010-4282) |
cve/CVE-2010-4282.yaml |
WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting |
cve/CVE-2022-3933.yaml |
CirCarLife <4.3 - Improper Authentication (CVE-2018-16668) |
cve/CVE-2018-16668.yaml |
Cisco Small Business 200300 and 500 Series Switches - Open Redirect (CVE-2019-1943) |
cve/CVE-2019-1943.yaml |
Virtua Software Cobranca <12R - Blind SQL Injection (CVE-2021-37589) |
cve/CVE-2021-37589.yaml |
Joomla! Component User Status - Local File Inclusion (CVE-2010-1304) |
cve/CVE-2010-1304.yaml |
Cisco Unified IP Conference Station 7937G - Denial-of-Service (CVE-2020-16139) |
cve/CVE-2020-16139.yaml |
Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection (CVE-2021-42071) |
cve/CVE-2021-42071.yaml |
STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion (CVE-2023-26256) |
cve/CVE-2023-26256.yaml |
WordPress Plugin Age Verification v0.4 - Open Redirect (CVE-2012-6499) |
cve/CVE-2012-6499.yaml |
Zyxel ZyWall UAG/USG - Account Creation Access (CVE-2019-12583) |
cve/CVE-2019-12583.yaml |
Resourcespace - Cross-Site Scripting (CVE-2021-41951) |
cve/CVE-2021-41951.yaml |
Jenkins build-metrics 1.3 - Cross-Site Scripting (CVE-2019-10475) |
cve/CVE-2019-10475.yaml |
vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution (CVE-2023-25135) |
cve/CVE-2023-25135.yaml |
Oracle WebLogic Server Administration Console - Remote Code Execution (CVE-2019-2729) |
cve/CVE-2019-2729.yaml |
Grav <1.7 - Open Redirect (CVE-2020-11529) |
cve/CVE-2020-11529.yaml |
D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure (CVE-2020-25078) |
cve/CVE-2020-25078.yaml |
Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion (CVE-2010-1979) |
cve/CVE-2010-1979.yaml |
Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting (CVE-2021-36450) |
cve/CVE-2021-36450.yaml |
Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery |
cve/CVE-2020-7796.yaml |
OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution (CVE-2020-7247) |
cve/CVE-2020-7247.yaml |
WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting (CVE-2022-1221) |
cve/CVE-2022-1221.yaml |
ZK Framework - Information Disclosure (CVE-2022-36537) |
cve/CVE-2022-36537.yaml |
Genie Access WIP3BVAF IP Camera - Local File Inclusion (CVE-2019-7315) |
cve/CVE-2019-7315.yaml |
Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery (CVE-2020-5775) |
cve/CVE-2020-5775.yaml |
Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization (CVE-2019-3401) |
cve/CVE-2019-3401.yaml |
Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution (CVE-2020-7980) |
cve/CVE-2020-7980.yaml |
SysAid Help Desk <15.2 - Local File Inclusion (CVE-2015-2996) |
cve/CVE-2015-2996.yaml |
Planon <Live Build 41 - Cross-Site Scripting (CVE-2018-18570) |
cve/CVE-2018-18570.yaml |
GRAND FlAGallery 1.57 - Cross-Site Scripting (CVE-2011-4624) |
cve/CVE-2011-4624.yaml |
Microsoft SQL Server Reporting Services - Remote Code Execution (CVE-2020-0618) |
cve/CVE-2020-0618.yaml |
GLPI <=10.0.2 - Remote Command Execution (CVE-2022-35914) |
cve/CVE-2022-35914.yaml |
Jenzabar 9.2x-9.2.2 - Cross-Site Scripting (CVE-2021-26723) |
cve/CVE-2021-26723.yaml |
Joomla! Percha Categories Tree 0.6 - Local File Inclusion (CVE-2010-2033) |
cve/CVE-2010-2033.yaml |
Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution (CVE-2020-35713) |
cve/CVE-2020-35713.yaml |
Spotweb <= 1.5.1 - Cross Site Scripting (CVE-2021-40970) |
cve/CVE-2021-40970.yaml |
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-43165) |
cve/CVE-2022-43165.yaml |
WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting (CVE-2021-24351) |
cve/CVE-2021-24351.yaml |
ZZZCMS 1.6.1 - Remote Code Execution (CVE-2019-9041) |
cve/CVE-2019-9041.yaml |
WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting (CVE-2014-4558) |
cve/CVE-2014-4558.yaml |
Palo Alto Network PAN-OS - Remote Code Execution (CVE-2017-15944) |
cve/CVE-2017-15944.yaml |
CHIYU TCP/IP Converter - Cross-Site Scripting (CVE-2021-31250) |
cve/CVE-2021-31250.yaml |
Kaseya Virtual System Administrator - Open Redirect (CVE-2015-2863) |
cve/CVE-2015-2863.yaml |
WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting |
cve/CVE-2022-0149.yaml |
WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting (CVE-2013-4625) |
cve/CVE-2013-4625.yaml |
WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure |
cve/CVE-2021-24146.yaml |
TermTalk Server 3.24.0.2 - Local File Inclusion (CVE-2021-35380) |
cve/CVE-2021-35380.yaml |
Opsview Monitor Pro - Open Redirect (CVE-2016-10368) |
cve/CVE-2016-10368.yaml |
Haraj 3.7 - Cross-Site Scripting (CVE-2022-31299) |
cve/CVE-2022-31299.yaml |
WordPress Title Experiments Free <9.0.1 - SQL Injection (CVE-2022-0784) |
cve/CVE-2022-0784.yaml |
Cobbler - Authentication Bypass (CVE-2018-1000226) |
cve/CVE-2018-1000226.yaml |
Piano LED Visualizer 1.3 - Local File Inclusion (CVE-2022-24900) |
cve/CVE-2022-24900.yaml |
TP-LINK - Local File Inclusion (CVE-2015-3035) |
cve/CVE-2015-3035.yaml |
Elementor Website Builder - Remote Code Execution (CVE-2022-1329) |
cve/CVE-2022-1329.yaml |
D-Link Routers - Remote Command Injection (CVE-2018-10823) |
cve/CVE-2018-10823.yaml |
SecurePoint UTM 12.x Session ID Leak (CVE-2023-22620) |
cve/CVE-2023-22620.yaml |
Aryanic HighMail (High CMS) - Cross-Site Scripting (CVE-2020-23517) |
cve/CVE-2020-23517.yaml |
SAP Solution Manager 7.2 - Remote Command Execution (CVE-2020-6207) |
cve/CVE-2020-6207.yaml |
EPrints 3.4.2 - Cross-Site Scripting (CVE-2021-26702) |
cve/CVE-2021-26702.yaml |
WordPress HTML2WP <=1.0.0 - Arbitrary File Upload (CVE-2022-1574) |
cve/CVE-2022-1574.yaml |
Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control (CVE-2022-38817) |
cve/CVE-2022-38817.yaml |
PMB 7.4.6 - Open Redirect (CVE-2023-24735) |
cve/CVE-2023-24735.yaml |
ThinkPHP 5.0.24 - Information Disclosure (CVE-2022-25481) |
cve/CVE-2022-25481.yaml |
D-Link DIR-816L - Improper Access Control (CVE-2022-28955) |
cve/CVE-2022-28955.yaml |
Mastodon Prototype Pollution Vulnerability (CVE-2022-0432) |
cve/CVE-2022-0432.yaml |
PhpMyAdmin Scripts - Remote Code Execution (CVE-2009-1151) |
cve/CVE-2009-1151.yaml |
Joomla! Component JE Job 1.0 - Local File Inclusion (CVE-2010-5028) |
cve/CVE-2010-5028.yaml |
WordPress WPvivid Backup <0.9.76 - Local File Inclusion (CVE-2022-2863) |
cve/CVE-2022-2863.yaml |
PRTG Network Monitor <20.1.57.1745 - Information Disclosure (CVE-2020-11547) |
cve/CVE-2020-11547.yaml |
Membership Database <= 1.0 - Cross-Site Scripting (CVE-2023-0514) |
cve/CVE-2023-0514.yaml |
Apache Tapestry - Remote Code Execution (CVE-2021-27850) |
cve/CVE-2021-27850.yaml |
ZeroShell <= 1.0beta11 Remote Code Execution (CVE-2009-0545) |
cve/CVE-2009-0545.yaml |
Kyocera Printer d-COPIA253MF - Directory Traversal (CVE-2020-23575) |
cve/CVE-2020-23575.yaml |
Rukovoditel <= 3.2.1 - Cross-Site Scripting (CVE-2022-44946) |
cve/CVE-2022-44946.yaml |
Extreme Management Center 8.4.1.24 - Cross-Site Scripting (CVE-2020-13820) |
cve/CVE-2020-13820.yaml |
SMTP WP Plugin Directory Listing (CVE-2020-35234) |
cve/CVE-2020-35234.yaml |
Microweber <1.2.11 - Information Disclosure (CVE-2022-0660) |
cve/CVE-2022-0660.yaml |
Joomla! Component JRadio - Local File Inclusion (CVE-2010-4719) |
cve/CVE-2010-4719.yaml |
Windows Server 2003 & IIS 6.0 - Remote Code Execution (CVE-2017-7269) |
cve/CVE-2017-7269.yaml |
WordPress Redux Framework <=4.2.11 - Information Disclosure (CVE-2021-38314) |
cve/CVE-2021-38314.yaml |
node-srv - Local File Inclusion (CVE-2018-3714) |
cve/CVE-2018-3714.yaml |
Show all comments < 7.0.1 - Cross-Site Scripting (CVE-2022-4295) |
cve/CVE-2022-4295.yaml |
Rukovoditel <= 3.2.1 - Cross Site Scripting (CVE-2022-44950) |
cve/CVE-2022-44950.yaml |
emlog 5.3.1 Path Disclosure (CVE-2021-3293) |
cve/CVE-2021-3293.yaml |
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection (CVE-2021-24946) |
cve/CVE-2021-24946.yaml |
Frontend Uploader <= 0.9.2 - Cross-Site Scripting (CVE-2014-9444) |
cve/CVE-2014-9444.yaml |
ECOA Building Automation System - Arbitrary File Retrieval (CVE-2021-41293) |
cve/CVE-2021-41293.yaml |
WordPress Master Elements <=8.0 - SQL Injection (CVE-2022-0693) |
cve/CVE-2022-0693.yaml |
Jenkins - Remote Command Injection (CVE-2018-1000861) |
cve/CVE-2018-1000861.yaml |
JamF (Log4j) - Remote Code Execution (CVE-2021-44228) |
cve/jamf-log4j-jndi-rce.yaml |
WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting (CVE-2021-24875) |
cve/CVE-2021-24875.yaml |
Camtron CMNC-200 IP Camera - Directory Traversal (CVE-2010-4231) |
cve/CVE-2010-4231.yaml |
Spring Cloud - Remote Code Execution (CVE-2022-22963) |
cve/CVE-2022-22963.yaml |
MySQLDumper 1.24.4 - Directory Traversal (CVE-2012-4253) |
cve/CVE-2012-4253.yaml |
OURPHP <= 7.2.0 - Cross Site Scripting (CVE-2023-30212) |
cve/CVE-2023-30212.yaml |
WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting (CVE-2012-4768) |
cve/CVE-2012-4768.yaml |
WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection (CVE-2022-1057) |
cve/CVE-2022-1057.yaml |
Fortinet FortiOS - Cross-Site Scripting (CVE-2018-13380) |
cve/CVE-2018-13380.yaml |
Node.js st module Directory Traversal (CVE-2014-3744) |
cve/CVE-2014-3744.yaml |
LG-Ericsson iPECS NMS 30M - Local File Inclusion (CVE-2018-15138) |
cve/CVE-2018-15138.yaml |
Cuppa CMS v1.0 - Local File Inclusion (CVE-2022-25486) |
cve/CVE-2022-25486.yaml |
Joomla! Component NoticeBoard 1.3 - Local File Inclusion (CVE-2010-1658) |
cve/CVE-2010-1658.yaml |
D-Link DIR-868L/817LW - Information Disclosure (CVE-2019-17506) |
cve/CVE-2019-17506.yaml |
Labstack Echo 4.8.0 - Open Redirect (CVE-2022-40083) |
cve/CVE-2022-40083.yaml |
WordPress File Manager Plugin - Remote Code Execution (CVE-2020-25213) |
cve/CVE-2020-25213.yaml |
Opensis-Classic 8.0 - Cross-Site Scripting (CVE-2021-40542) |
cve/CVE-2021-40542.yaml |
Wing FTP 6.4.4 - Cross-Site Scripting (CVE-2020-27735) |
cve/CVE-2020-27735.yaml |
Jira < 8.1.1 - Cross-Site Scripting (CVE-2019-3402) |
cve/CVE-2019-3402.yaml |
Oracle WebLogic Server - Remote Code Execution (CVE-2020-2551) |
cve/CVE-2020-2551.yaml |
ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting (CVE-2011-5181) |
cve/CVE-2011-5181.yaml |
Lotus Core CMS 1.0.1 - Local File Inclusion (CVE-2020-8641) |
cve/CVE-2020-8641.yaml |
SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting (CVE-2021-42063) |
cve/CVE-2021-42063.yaml |
NewStatPress <0.9.9 - Cross-Site Scripting (CVE-2015-4063) |
cve/CVE-2015-4063.yaml |
VoipMonitor - Pre-Auth SQL Injection (CVE-2022-24260) |
cve/CVE-2022-24260.yaml |
Online Birth Certificate System 1.2 - Stored Cross-Site Scripting (CVE-2022-29005) |
cve/CVE-2022-29005.yaml |
Spring Security OAuth2 Remote Command Execution (CVE-2016-4977) |
cve/CVE-2016-4977.yaml |
Cofax <=2.0RC3 - Cross-Site Scripting (CVE-2005-4385) |
cve/CVE-2005-4385.yaml |
Apache ShardingSphere ElasticJob-UI privilege escalation (CVE-2022-22733) |
cve/CVE-2022-22733.yaml |
Online Fire Reporting System v1.0 - SQL injection (CVE-2022-31974) |
cve/CVE-2022-31974.yaml |
WordPress Event Tickets < 5.2.2 - Open Redirect (CVE-2021-25028) |
cve/CVE-2021-25028.yaml |
Imgproxy <= 3.14.0 - Server-side request forgery (SSRF) (CVE-2023-30019) |
cve/CVE-2023-30019.yaml |
GitList < 0.6.0 Remote Code Execution (CVE-2018-1000533) |
cve/CVE-2018-1000533.yaml |
VMware vCenter Server - Arbitrary File Upload (CVE-2021-22005) |
cve/CVE-2021-22005.yaml |
Oracle Business Intelligence - Path Traversal (CVE-2019-2588) |
cve/CVE-2019-2588.yaml |
Artica Proxy Community Edition <4.30.000000 - Local File Inclusion (CVE-2020-13158) |
cve/CVE-2020-13158.yaml |
Joomla! Component RWCards 3.0.11 - Local File Inclusion (CVE-2008-6172) |
cve/CVE-2008-6172.yaml |
Atmail 6.5.0 - Cross-Site Scripting (CVE-2021-43574) |
cve/CVE-2021-43574.yaml |
WebPort 1.19.1 - Cross-Site Scripting (CVE-2019-12461) |
cve/CVE-2019-12461.yaml |
Oracle WebLogic Server - Remote Command Execution (CVE-2019-2725) |
cve/CVE-2019-2725.yaml |
WordPress JSmol2WP <=1.07 - Cross-Site Scripting (CVE-2018-20462) |
cve/CVE-2018-20462.yaml |
Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) (CVE-2012-3153) |
cve/CVE-2012-3153.yaml |
Joomla! <=2.0.0 RC2 - Local File Inclusion (CVE-2008-4764) |
cve/CVE-2008-4764.yaml |
VMWare Workspace ONE UEM - Server-Side Request Forgery (CVE-2021-22054) |
cve/CVE-2021-22054.yaml |
WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting (CVE-2017-18536) |
cve/CVE-2017-18536.yaml |
SAP Memory Pipes (MPI) Desynchronization (CVE-2022-22536) |
cve/CVE-2022-22536.yaml |
Detect SSL Certificate Issuer |
ssl/metasploit-c2.yaml |
Covenant C2 SSL - Detect |
ssl/covenant-c2-ssl.yaml |
ShadowPad C2 Infrastructure - Detect |
ssl/shadowpad-c2.yaml |
Kubernetes Fake Ingress Certificate - Detect |
ssl/kubernetes-fake-certificate.yaml |
Expired SSL Certificate |
ssl/expired-ssl.yaml |
TLS Version - Detect |
ssl/tls-version.yaml |
Weak Cipher Suites Detection |
ssl/weak-cipher-suites.yaml |
Cobalt Strike C2 - Detect |
ssl/cobalt-strike-c2.yaml |
AsyncRAT C2 - Detect |
ssl/asyncrat-c2.yaml |
Revoked SSL Certificate - Detect |
ssl/revoked-ssl-certificate.yaml |
OrcusRAT - Detect |
ssl/orcus-rat-c2.yaml |
Untrusted Root Certificate - Detect |
ssl/untrusted-root-certificate.yaml |
Gozi Malware - Detect |
ssl/gozi-malware.yaml |
Self Signed SSL Certificate |
ssl/self-signed-ssl.yaml |
DcRat Server C2 - Detect |
ssl/dcrat-server-c2.yaml |
Posh C2 - Detect |
ssl/posh-c2.yaml |
Quasar RAT C2 SSL Certificate - Detect |
ssl/quasar-rat-c2.yaml |
IcedID Infrastructure - Detect |
ssl/icedid.yaml |
Deprecated TLS Detection (TLS 1.1 or SSLv3) |
ssl/deprecated-tls.yaml |
Insecure Cipher Suite Detection |
ssl/insecure-cipher-suite-detect.yaml |
Bitrat C2 - Detect |
ssl/bitrat-c2.yaml |
CNAME Detect Dangling |
dns/detect-dangling-cname.yaml |
DNS WAF Detection |
dns/dns-waf-detect.yaml |
CNAME Service Detection |
dns/cname-service.yaml |
DNS TXT Record Detected |
dns/txt-fingerprint.yaml |
Detect DNS over HTTPS |
dns/detect-dns-over-https.yaml |
AWS EC2 Detection |
dns/ec2-detection.yaml |
CNAME Fingerprint |
dns/cname-fingerprint.yaml |
CAA Record |
dns/caa-fingerprint.yaml |
NS Record Detection |
dns/nameserver-fingerprint.yaml |
Worksites.net Service Detection |
dns/worksites-detection.yaml |
Microsoft Azure Takeover Detection |
dns/azure-takeover-detection.yaml |
Email Service Detector |
dns/mx-service-detector.yaml |
DNS DMARC - Detect |
dns/dmarc-detect.yaml |
PTR Detected |
dns/ptr-fingerprint.yaml |
DNSSEC Detection |
dns/dnssec-detection.yaml |
MX Record Detection |
dns/mx-fingerprint.yaml |
DNS Servfail Host Finder |
dns/servfail-refused-hosts.yaml |
ElasticBeanTalk Subdomain Takeover Detection |
dns/elasticbeantalk-takeover.yaml |
Spoofable SPF Records with PTR Mechanism |
dns/spoofable-spf-records-ptr.yaml |