Exploit 2024

Exploit 2024 2026() 2025() 2024() 2023() 2022() OTHER()

17.12.24	DrayTek Routers	EXPLOIT	DrayTek Routers Exploited in Massive Ransomware Campaign: Analysis and Recommendations
04.12.24	ANY.RUN	EXPLOIT	The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox
05.12.24	MOONSHINE	EXPLOIT KIT	MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
30.10.24	CrossBarking	VULNEREBILITY	“CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack
15.11.24	SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
1.10.24	reNgine 2.2.0 - Command Injection (Authenticated)	WebApps	Multiple
1.10.24	openSIS 9.1 - SQLi (Authenticated)	WebApps	PHP
31.8.24	NoteMark < 0.13.0 - Stored XSS	WebApps	Multiple
31.8.24	Gitea 1.22.0 - Stored XSS	WebApps	Multiple
31.8.24	Invesalius3 - Remote Code Execution	WebApps	Python
31.8.24	Windows TCP/IP - RCE Checker and Denial of Service	DoS	Windows
25.8.24	Aurba 501 - Authenticated RCE	WebApps	Linux
25.8.24	HughesNet HT2000W Satellite Modem - Password Reset	WebApps	Hardware
25.8.24	Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure	WebApps	Hardware
25.8.24	Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass	WebApps	Hardware
25.8.24	Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config	WebApps	Hardware
25.8.24	Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass	WebApps	Hardware
25.8.24	Helpdeskz v2.0.2 - Stored XSS	WebApps	PHP
25.8.24	Calibre-web 0.6.21 - Stored XSS	WebApps	Multiple
21.8.24	WireServing	EXPLOIT	"WireServing" Up Credentials: Escalating Privileges in Azure Kubernetes Services
9.8.24	0.0.0.0 Day	EXPLOIT	0.0.0.0 Day: Exploiting Localhost APIs From the Browser
7.8.24	SLUBStick	Linux	SLUBStick: Arbitrary Memory Writes through Practical Software Cross-Cache Attacks within the Linux Kernel
11.8.24	Devika v1 - Path Traversal via 'snapshot_path'	WebApps	Python
11.8.24	Genexus Protection Server 9.7.2.10 - 'protsrvservice' Unquoted Service Path	Local	Windows
11.8.24	SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path	Local	Windows
11.8.24	Oracle Database 12c Release 1 - Unquoted Service Path	Local	Windows
11.8.24	Ivanti vADC 9.9 - Authentication Bypass	WebApps	Multiple
11.8.24	Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation	Local	Windows
25.7.24	Cursed tapes	Social site	Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
19.7.24	DUSTPAN	Shell	APT41 used a combination of ANTSWORD and BLUEBEAM web shells for the execution of DUSTPAN to execute BEACON backdoor for command-and-control communication.
13.7.24	Xhibiter NFT Marketplace 1.10.2 - SQL Injection	PHP	WebApps
13.7.24	Azon Dominator Affiliate Marketing Script - SQL Injection	PHP	WebApps
13.7.24	Microweber 2.0.15 - Stored XSS	PHP	WebApps
13.7.24	Customer Support System 1.0 - Stored XSS	PHP	WebApps
13.7.24	Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)	PHP	WebApps
13.7.24	SolarWinds Platform 2024.1 SR1 - Race Condition	Multiple	WebApps
13.7.24	Flatboard 3.2 - Stored Cross-Site Scripting (XSS) (Authenticated)	PHP	WebApps
13.7.24	Poultry Farm Management System v1.0 - Remote Code Execution (RCE)	PHP	WebApps
16.6.24	Boelter Blue System Management 1.3 - SQL Injection	WebApps	PHP
16.6.24	Rebar3 3.13.2 - Command Injection	WebApps	Multiple
16.6.24	ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)	WebApps	PHP
16.6.24	Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)	Remote	Hardware
16.6.24	WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)	WebApps	PHP
16.6.24	PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)	WebApps	PHP
16.6.24	AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.	WebApps	PHP
16.6.24	AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)	WebApps	PHP
16.6.24	XMB 1.9.12.06 - Stored XSS	WebApps	PHP
16.6.24	Carbon Forum 5.9.0 - Stored XSS	WebApps	PHP
16.6.24	AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)	WebApps	PHP
7.6.24	appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
7.6.24	CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
7.6.24	WBCE CMS v1.6.2 - Remote Code Execution (RCE)	WebApps	PHP
7.6.24	Monstra CMS 3.0.4 - Remote Code Execution (RCE)	WebApps	PHP
7.6.24	Dotclear 2.29 - Remote Code Execution (RCE)	WebApps	PHP
7.6.24	Serendipity 2.5.0 - Remote Code Execution (RCE)	WebApps	PHP
7.6.24	Sitefinity 15.0 - Cross-Site Scripting (XSS)	WebApps	Multiple
1.6.24	Craft CMS Logs Plugin 3.0.3 - Path Traversal (Authenticated)	WebApps	PHP
1.6.24	ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE) & SSH Access	Remote	Hardware
1.6.24	Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure	Remote	Windows
1.6.24	FreePBX 16 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
1.6.24	Akaunting 3.1.8 - Server-Side Template Injection (SSTI)	WebApps	PHP
1.6.24	Check Point Security Gateway - Information Disclosure (Unauthenticated)	WebApps	Hardware
1.6.24	Aquatronica Control System 5.1.6 - Information Disclosure	WebApps	Hardware
1.6.24	changedetection < 0.45.20 - Remote Code Execution (RCE)	WebApps	Multiple
1.6.24	ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
1.6.24	iMLog < 1.307 - Persistent Cross Site Scripting (XSS)	WebApps	PHP
1.6.24	BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection	WebApps	PHP
19.5.24	htmlLawed 1.2.5 - Remote Code Execution (RCE)	WebApps	PHP
19.5.24	PopojiCMS 2.0.1 - Remote Command Execution (RCE)	WebApps	PHP
19.5.24	Backdrop CMS 1.27.1 - Remote Command Execution (RCE)	WebApps	PHP
19.5.24	Apache OFBiz 18.12.12 - Directory Traversal	WebApps	Java
19.5.24	Wordpress Theme XStore 9.3.8 - SQLi	WebApps	PHP
19.5.24	Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)	WebApps	PHP
19.5.24	Prison Management System - SQL Injection Authentication Bypass	WebApps	PHP
19.5.24	PyroCMS v3.0.1 - Stored XSS	WebApps	PHP
19.5.24	CE Phoenix Version 1.0.8.20 - Stored XSS	WebApps	PHP
19.5.24	Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
19.5.24	Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
19.5.24	CrushFTP < 11.1.0 - Directory Traversal	Remote	Multiple
19.5.24	Plantronics Hub 3.25.1 - Arbitrary File Read	Local	Windows
19.5.24	Apache mod_proxy_cluster - Stored XSS	WebApps	PHP
19.5.24	iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)	WebApps	Multiple
19.5.24	Clinic Queuing System 1.0 - RCE	WebApps	PHP
5.5.24	Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure	WebApps	Hardware
5.5.24	Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass	WebApps	Hardware
5.5.24	Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure	WebApps	PHP
5.5.24	Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass	WebApps	Hardware
5.5.24	Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure	WebApps	Hardware
5.5.24	Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass	WebApps	Hardware
27.4.24	Flowise 1.6.5 - Authentication Bypass	WebApps	TypeScript
27.4.24	Laravel Framework 11 - Credential Leakage	WebApps	PHP
27.4.24	SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)	WebApps	PHP
27.4.24	Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution	WebApps	PHP
27.4.24	FlatPress v1.3 - Remote Command Execution	WebApps	PHP
27.4.24	Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation	Remote	Linux_x86-64
15.4.24	OpenClinic GA 5.247.01 - Path Traversal (Authenticated)	WebApps	PHP
15.4.24	OpenClinic GA 5.247.01 - Information Disclosure	WebApps	PHP
15.4.24	Jenkins 2.441 - Local File Inclusion	WebApps	Java
15.4.24	djangorestframework-simplejwt 5.3.1 - Information Disclosure	WebApps	Python
15.4.24	BMC Compuware iStrobe Web - 20.13 - Pre-auth RCE	WebApps	JSP
15.4.24	Stock Management System v1.0 - Unauthenticated SQL Injection	WebApps	PHP
15.4.24	Online Fire Reporting System OFRS - SQL Injection Authentication Bypass	WebApps	PHP
15.4.24	Savsoft Quiz v6.0 Enterprise - Stored XSS	WebApps	PHP
13.4.24	Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
13.4.24	WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)	WebApps	PHP
13.4.24	WBCE 1.6.0 - Unauthenticated SQL injection	WebApps	PHP
13.4.24	Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter	WebApps	PHP
13.4.24	PrusaSlicer 2.6.1 - Arbitrary code execution	Local	Multiple
13.4.24	PopojiCMS Version 2.0.1 - Remote Command Execution	WebApps	PHP
13.4.24	Wordpress Plugin Playlist for Youtube 1.32 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
13.4.24	HTMLy Version v2.9.6 - Stored XSS	WebApps	PHP
13.4.24	Ray OS v2.6.3 - Command Injection RCE(Unauthorized)	WebApps	Python
13.4.24	Terratec dmx_6fire USB - Unquoted Service Path	Local	Windows_x86-64
13.4.24	MinIO < 2024-01-31T20-20-33Z - Privilege Escalation	Remote	Go
13.4.24	GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload	WebApps	PHP
11.4.24	Open Source Medicine Ordering System v1.0 - SQLi	WebApps	PHP
11.4.24	Daily Expense Manager 1.0 - 'term' SQLi	WebApps	PHP
11.4.24	Best Student Result Management System v1.0 - Multiple SQLi	WebApps	PHP
11.4.24	Human Resource Management System v1.0 - Multiple SQLi	WebApps	PHP
11.4.24	Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass	Remote	Hardware
11.4.24	Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload	WebApps	PHP
11.4.24	AnyDesk 7.0.15 - Unquoted Service Path	Local	Windows
11.4.24	Quick CMS v6.7 en 2023 - 'password' SQLi	WebApps	PHP
6.4.24	Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
6.4.24	Computer Laboratory Management System v1.0 - Multiple-SQLi	WebApps	PHP
6.4.24	ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path	Local	Windows
6.4.24	Axigen < 10.5.7 - Persistent Cross-Site Scripting	WebApps	PHP
6.4.24	Gibbon LMS v26.0.00 - SSTI vulnerability	WebApps	PHP
6.4.24	Casdoor < v1.331.0 - '/api/set-password' CSRF	WebApps	Go
6.4.24	Microsoft Windows Defender - Detection Mitigation Bypass TrojanWin32Powessere.G	Local	Windows
6.4.24	Wordpress Plugin - Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)	WebApps	PHP
6.4.24	Smart School 6.4.1 - SQL Injection	WebApps	PHP
6.4.24	CE Phoenix v1.0.8.20 - Remote Code Execution	WebApps	PHP
6.4.24	Elementor Website Builder < 3.12.2 - Admin+ SQLi	WebApps	PHP
6.4.24	Blood Bank v1.0 - Stored Cross Site Scripting (XSS)	WebApps	PHP
6.4.24	Daily Habit Tracker 1.0 - Broken Access Control	WebApps	PHP
6.4.24	Daily Habit Tracker 1.0 - SQL Injection	WebApps	PHP
6.4.24	Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)	WebApps	PHP
6.4.24	Employee Management System 1.0 - `txtusername` and `txtpassword` SQL Injection (Admin Login)	WebApps	PHP
6.4.24	Employee Management System 1.0 - `txtfullname` and `txtphone` SQL Injection	WebApps	PHP
6.4.24	LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)	WebApps	PHP
6.4.24	FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)	WebApps	PHP
6.4.24	FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)	WebApps	PHP
6.4.24	Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation	Local	Windows
6.4.24	Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)	WebApps	PHP
6.4.24	E-INSUARANCE v1.0 - Stored Cross Site Scripting (XSS)	WebApps	PHP
6.4.24	Petrol Pump Management Software v1.0 - Remote Code Execution (RCE)	WebApps	PHP
6.4.24	GL-iNet MT6000 4.5.5 - Arbitrary File Download	Remote	Hardware
6.4.24	Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path	Local	Windows
6.4.24	OpenCart Core 4.0.2.3 - 'search' SQLi	WebApps	PHP
6.4.24	ASUS Control Center Express 01.06.15 - Unquoted Service Path	Local	Windows
6.4.24	Online Hotel Booking In PHP 1.0 - Blind SQL Injection (Unauthenticated)	WebApps	PHP
6.4.24	Simple Backup Plugin Python Exploit 2.7.10 - Path Traversal	WebApps	PHP
30.3.24	liveSite Version 2019.1 - Remote Code Execution	WebApps	PHP
30.3.24	WinRAR version 6.22 - Remote Code Execution via ZIP archive	Remote	Windows
30.3.24	Dell Security Management Server <1.9.0 - Local Privilege Escalation	Local	Linux
30.3.24	Siklu MultiHaul TG series < 2.0.0 - unauthenticated credential disclosure	Remote	Hardware
30.3.24	RouterOS 6.40.5 - 6.44 and 6.48.1 - 6.49.10 - Denial of Service	DoS	Hardware
30.3.24	Broken Access Control - on NodeBB v3.6.7	WebApps	Multiple
30.3.24	Purei CMS 1.0 - SQL Injection	WebApps	PHP
30.3.24	Workout Journal App 1.0 - Stored XSS	WebApps	PHP
30.3.24	Asterisk AMI - Partial File Content & Path Disclosure (Authenticated)	Remote	Multiple
30.3.24	LimeSurvey Community 5.3.32 - Stored XSS	WebApps	PHP
30.3.24	Nagios XI Version 2024R1.01 - SQL Injection	WebApps	Multiple
30.3.24	Wallos < 1.11.2 - File Upload RCE	WebApps	PHP
30.3.24	Tourism Management System v2.0 - Arbitrary File Upload	WebApps	PHP
30.3.24	LBT-T300-mini1 - Remote Buffer Overflow	Remote	Linux
30.3.24	MobileShop master v1.0 - SQL Injection Vuln.	WebApps	PHP
30.3.24	Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS	WebApps	PHP
30.3.24	SPA-CART CMS - Stored XSS	WebApps	PHP
30.3.24	Craft CMS 4.4.14 - Unauthenticated Remote Code Execution	WebApps	PHP
23.3.24	minaliC 2.0.0 - Denied of Service	Remote	Windows
23.3.24	CSZCMS v1.3.0 - SQL Injection (Authenticated)	WebApps	PHP
23.3.24	HNAS SMU 14.8.7825 - Information Disclosure	Remote	Hardware
23.3.24	Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi	WebApps	PHP
23.3.24	Simple Task List 1.0 - 'status' SQLi	WebApps	PHP
23.3.24	Blood Bank 1.0 - 'bid' SQLi	WebApps	PHP
23.3.24	Employee Management System 1.0 - 'admin_id' SQLi	WebApps	PHP
23.3.24	Quick.CMS 6.7 - SQL Injection Login Bypass	WebApps	PHP
23.3.24	xbtitFM 4.1.18 - Multiple Vulnerabilities	WebApps	PHP
23.3.24	TELSAT marKoni FM Transmitter 1.9.5 - Insecure Access Control Change Password	Remote	Hardware
23.3.24	TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure	Remote	Hardware
23.3.24	TELSAT marKoni FM Transmitter 1.9.5 - Root Command Injection	Remote	Hardware
23.3.24	Backdrop CMS 1.23.0 - Stored XSS	WebApps	PHP
23.3.24	Atlassian Confluence < 8.5.3 - Remote Code Execution	WebApps	Multiple
23.3.24	Gibbon LMS < v26.0.00 - Authenticated RCE	WebApps	PHP
23.3.24	ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE	WebApps	PHP
23.3.24	TYPO3 11.5.24 - Path Traversal (Authenticated)	WebApps	PHP
23.3.24	WEBIGniter v28.7.23 - Stored XSS	WebApps	PHP
23.3.24	WordPress File Upload Plugin < 4.23.3 - Stored XSS	WebApps	PHP
23.3.24	vm2 - sandbox escape	Local	Multiple
23.3.24	UPS Network Management Card 4 - Path Traversal	WebApps	PHP
23.3.24	Nokia BMC Log Scanner - Remote Code Execution	WebApps	Linux
23.3.24	Karaf v4.4.3 Console - RCE	WebApps	Java
23.3.24	LaborOfficeFree 19.10 - MySQL Root Password Calculator	Local	Windows
23.3.24	Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)	WebApps	PHP
23.3.24	KiTTY 0.76.1.13 - Command Injection	Local	Windows
23.3.24	KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow	Local	Windows
23.3.24	KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow	Local	Windows
23.3.24	GitLab CE/EE < 16.7.2 - Password Reset	Remote	Java
23.3.24	Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)	Remote	Hardware
23.3.24	Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)	Remote	Hardware
23.3.24	SolarView Compact 6.00 - Command Injection	Remote	Hardware
23.3.24	Honeywell PM43 < P10.19.050004 - Remote Code Execution (RCE)	Remote	Hardware
23.3.24	JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)	Remote	Java
23.3.24	SnipeIT 6.2.1 - Stored Cross Site Scripting	WebApps	Multiple
23.3.24	VMware Cloud Director 10.5 - Bypass identity verification	Remote	Multiple
23.3.24	Cisco Firepower Management Center < 6.6.7.1 - Authenticated RCE	WebApps	Hardware
23.3.24	Client Details System 1.0 - SQL Injection	WebApps	PHP
23.3.24	OSGi v3.7.2 (and below) Console - RCE	WebApps	Multiple
23.3.24	OSGi v3.8-3.18 Console - RCE	WebApps	Multiple
23.3.24	Human Resource Management System 1.0 - 'employeeid' SQL Injection	WebApps	PHP
11.3.24	Sitecore - Remote Code Execution v8.2	WebApps	ASPX
11.3.24	Adobe ColdFusion versions 2018,15 (and earlier) and 2021,5 and earlier - Arbitrary File Read	WebApps	Multiple
11.3.24	WordPress Plugin Duplicator < 1.5.7.1 - Unauthenticated Sensitive Data Exposure to Account Takeover	WebApps	PHP
11.3.24	Microsoft Windows Defender / Trojan.Win32/Powessere.G - Detection Mitigation Bypass	Local	Windows
11.3.24	Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 - IDOR	WebApps	Hardware
11.3.24	Hide My WP < 6.2.9 - Unauthenticated SQLi	WebApps	PHP
11.3.24	Akaunting < 3.1.3 - RCE	WebApps	PHP
11.3.24	Ladder v0.0.21 - Server-side request forgery (SSRF)	WebApps	Go
11.3.24	DataCube3 v1.0 - Unrestricted file upload 'RCE'	WebApps	PHP
11.3.24	Numbas < v7.3 - Remote Code Execution	WebApps	NodeJS
11.3.24	TP-Link TL-WR740N - Buffer Overflow 'DOS'	WebApps	Hardware
11.3.24	GLiNet - Router Authentication Bypass	WebApps	Hardware
11.3.24	elFinder Web file manager Version - 2.1.53 Remote Command Execution	WebApps	PHP
11.3.24	CSZ CMS Version 1.3.0 - Authenticated Remote Command Execution	WebApps	PHP
11.3.24	CVE-2023-50071 - Multiple SQL Injection	WebApps	PHP
11.3.24	Lot Reservation Management System - Unauthenticated File Disclosure	WebApps	PHP
11.3.24	Lot Reservation Management System - Unauthenticated File Upload and Remote Code Execution	WebApps	PHP
11.3.24	kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition	WebApps	PHP
11.3.24	Neontext Wordpress Plugin - Stored XSS	WebApps	PHP
11.3.24	Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS	WebApps	Hardware
11.3.24	Easywall 0.3.1 - Authenticated Remote Command Execution	WebApps	Multiple
11.3.24	R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure	Remote	Hardware
11.3.24	GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit	Remote	Hardware
11.3.24	TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution	Remote	Hardware
11.3.24	GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit	Remote	Hardware
11.3.24	GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit	Remote	Hardware
11.3.24	Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)	Remote	Hardware
11.3.24	A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc	Local	Multiple
11.3.24	Boss Mini 1.4.0 - local file inclusion	WebApps	PHP
11.3.24	Magento ver. 2.4.6 - XSLT Server Side Injection	WebApps	Multiple
11.3.24	TPC-110W - Missing Authentication for Critical Function	Remote	Hardware
11.3.24	Enrollment System v1.0 - SQL Injection	Remote	PHP
11.3.24	AC Repair and Services System v1.0 - Multiple SQL Injection	Remote	PHP
11.3.24	Windows PowerShell - Event Log Bypass Single Quote Code Execution	Local	Windows_x86-64
11.3.24	Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection	Remote	PHP
11.3.24	Simple Student Attendance System v1.0 - Time Based Blind SQL Injection	Remote	PHP
11.3.24	Real Estate Management System v1.0 - Remote Code Execution via File Upload	Remote	PHP
11.3.24	Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload	Remote	PHP
11.3.24	Petrol Pump Management Software v.1.0 - SQL Injection	Remote	PHP
11.3.24	Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file	Remote	PHP
11.3.24	Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting	Remote	PHP
11.3.24	WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection	WebApps	PHP
11.3.24	(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]	Local	Linux
11.3.24	Blood Bank v1.0 - Multiple SQL Injection	WebApps	PHP
11.3.24	Saflok - Key Derication Function Exploit	Local	Hardware
11.3.24	WordPress Plugin Admin Bar & Dashboard Access Control Version: 1.2.8 - "Dashboard Redirect" field Stored Cross-Site Scripting (XSS)	WebApps	PHP
11.3.24	WP Rocket < 2.10.3 - Local File Inclusion (LFI)	WebApps	PHP
11.3.24	Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)	WebApps	Multiple
11.3.24	TEM Opera Plus FM Family Transmitter 35.45 - XSRF	Remote	Hardware
11.3.24	TEM Opera Plus FM Family Transmitter 35.45 - Remote Code Execution	Remote	Hardware
11.3.24	Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)	WebApps	PHP
11.3.24	Executables Created with perl2exe < V30.10C - Arbitrary Code Execution	Remote	Multiple
11.3.24	Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin	WebApps	PHP
11.3.24	Automatic-Systems SOC FL9600 FastLine - Directory Transversal	WebApps	PHP
11.3.24	SuperStoreFinder - Multiple Vulnerabilities	WebApps	PHP
11.3.24	Moodle 4.3 - Insecure Direct Object Reference	WebApps	PHP
11.3.24	Zoo Management System 1.0 - Unauthenticated RCE	WebApps	PHP
11.3.24	dawa-pharma 1.0-2022 - Multiple-SQLi	WebApps	PHP
11.3.24	IBM i Access Client Solutions v1.1.2 - 1.1.4, v1.1.4.3 - 1.1.9.4 - Remote Credential Theft	Remote	Windows_x86-64
11.3.24	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'Credentials Disclosure'	Remote	Multiple
11.3.24	Wyrestorm Apollo VX20 < 1.3.58 - Incorrect Access Control 'DoS'	DoS	Multiple
11.3.24	Wyrestorm Apollo VX20 < 1.3.58 - Account Enumeration	Remote	Multiple
11.3.24	FAQ Management System v1.0 - 'faq' SQL Injection	Remote	PHP
11.3.24	Flashcard Quiz App v1.0 - 'card' SQL Injection	Remote	PHP
11.3.24	Online Shopping System Advanced - Sql Injection	WebApps	PHP
11.3.24	taskhub 2.8.7 - SQL Injection	WebApps	PHP
11.3.24	comments-like-dislike < 1.2.0 - Authenticated (Subscriber+) Plugin Setting Reset	WebApps	PHP
11.3.24	Simple Inventory Management System v1.0 - 'email' SQL Injection	Remote	PHP
25.2.24	WEBIGniter v28.7.23 - Stored Cross Site Scripting (XSS)	WebApps	PHP
25.2.24	JFrog Artifactory < 7.25.4 - Blind SQL Injection	WebApps	PHP
25.2.24	Wondercms 4.3.2 - XSS to RCE	WebApps	Multiple
25.2.24	SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration	WebApps	Multiple
25.2.24	Employee Management System v1 - 'email' SQL Injection	WebApps	PHP
25.2.24	Microsoft Windows Defender - VBScript Detection Bypass	Local	Windows_x86-64
25.2.24	Microsoft Windows Defender Bypass - Detection Mitigation Bypass	Local	Windows_x86-64
25.2.24	XAMPP - Buffer Overflow POC	DoS	Windows
25.2.24	phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit	WebApps	PHP
25.2.24	DS Wireless Communication - Remote Code Execution	Local	Hardware
25.2.24	Metabase 0.46.6 - Pre-Auth Remote Code Execution	WebApps	Linux
25.2.24	SISQUALWFM 7.1.319.103 - Host Header Injection	WebApps	Multiple
25.2.24	Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over	WebApps	PHP
25.2.24	ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure	WebApps	Windows
25.2.24	VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) - Remote Denial Of Service	DoS	Hardware
25.2.24	Splunk 9.0.4 - Information Disclosure	WebApps	Multiple
10.2.24	Online Nurse Hiring System 1.0 - Time-Based SQL Injection	WebApps	PHP
10.2.24	Rail Pass Management System 1.0 - Time-Based SQL Injection	WebApps	PHP
10.2.24	Wordpress Seotheme - Remote Code Execution Unauthenticated	WebApps	PHP
10.2.24	Wordpress Augmented-Reality - Remote Code Execution Unauthenticated	WebApps	PHP
10.2.24	Elasticsearch - StackOverflow DoS	DoS	Multiple
10.2.24	Zyxel zysh - Format string	Remote	Hardware
10.2.24	Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-Site Scripting (XSS) (Authenticated)	WebApps	PHP
10.2.24	Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption	Remote	Hardware
10.2.24	Wordpress 'simple urls' Plugin < 115 - XSS	WebApps	PHP
10.2.24	TASKHUB-2.8.8 - XSS-Reflected	WebApps	PHP
10.2.24	WhatsUp Gold 2022 (22.1.0 Build 39) - XSS	WebApps	Multiple
10.2.24	MISP 2.4.171 - Stored XSS	WebApps	PHP
10.2.24	Clinic's Patient Management System 1.0 - Unauthenticated RCE	WebApps	PHP
10.2.24	Curfew e-Pass Management System 1.0 - FromDate SQL Injection	WebApps	PHP
10.2.24	GYM MS - GYM Management System - Cross Site Scripting (Stored)	WebApps	PHP
3.2.24	Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)	WebApps	PHP
3.2.24	Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution	WebApps	Hardware
3.2.24	Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS	DoS	Hardware
3.2.24	Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal	WebApps	Hardware
3.2.24	Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass	WebApps	Hardware
3.2.24	Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure	WebApps	Hardware
3.2.24	Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure	WebApps	Hardware
3.2.24	TP-LINK TL-WR740N - Multiple HTML Injection	WebApps	Hardware
3.2.24	TP-Link TL-WR740N - UnAuthenticated Directory Transversal	WebApps	Hardware
3.2.24	PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow	Remote	Windows
3.2.24	mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page	WebApps	PHP
3.2.24	WebCatalog 48.4 - Arbitrary Protocol Execution	Remote	Windows
2.2.24	RoyalTSX 6.0.1 - RTSZ File Handling Heap Memory Corruption PoC	Remote	macOS
2.2.24	Proxmox VE - TOTP Brute Force	Remote	Linux
2.2.24	GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities	WebApps	Multiple
2.2.24	Grocy <=4.0.2 - CSRF	WebApps	PHP
2.2.24	101 News 1.0 - Multiple-SQLi	WebApps	PHP
2.2.24	Academy LMS 6.2 - SQL Injection	WebApps	PHP
2.2.24	Academy LMS 6.2 - Reflected XSS	WebApps	PHP
31.1.24	Ricoh Printer - Directory and File Exposure	Remote	Hardware
31.1.24	PHP Shopping Cart 4.2 - Multiple-SQLi	WebApps	PHP
31.1.24	Fundraising Script 1.0 - SQLi	WebApps	PHP
31.1.24	Typora v1.7.4 - OS Command Injection	Local	Windows
31.1.24	Bank Locker Management System - SQL Injection	WebApps	PHP
31.1.24	Blood Bank & Donor Management System using v2.2 - Stored XSS	Remote	PHP
31.1.24	Equipment Rental Script-1.0 - SQLi	Remote	PHP
31.1.24	7 Sticky Notes v1.9 - OS Command Injection	Local	Windows