Home
Home
Grey Skin Blue Skin Green Skin Red Skin
Last holes
CVE-2022-30777 | Parallels H-Sphere 3.6.2 index_en.php from Cross Site Scripting
2022-05-17
(92hits)
CVE-2022-30776 | atmail 6.5.0 index.php/admin/index/ error Cross Site Scripting
2022-05-17
(99hits)
CVE-2021-42897 | FeMiner wms 1.0 datarec.php r_name Privilege Escalation (ID 12)
2022-05-17
(93hits)
CVE-2022-30050 | Gnuboard 5.55/5.56 bbs/member_confirm.php Cross Site Scripting
2022-05-17
(97hits)
CVE-2022-1753 | WoWonder Group /requests.php group_id erweiterte Rechte
2022-05-17
(92hits)
CVE-2022-1557 | ULeak Security & Monitoring Plugin bis 1.2.3 auf WordPress Cross Site Scripting
2022-05-16
(87hits)
CVE-2022-1418 | Social Stickers Plugin bis 2.2.9 auf WordPress Network Setting Cross Site Request Forgery
2022-05-16
(99hits)
CVE-2022-1407 | VikBooking Hotel Booking Engine & PMS Plugin bis 1.5.7 auf WordPress Tracking Campaign Cross Site Request Forgery
2022-05-16
(92hits)
CVE-2022-1559 | Clipr Plugin bis 1.2.3 auf WordPress API Key Setting Cross Site Scripting
2022-05-16
(103hits)
CVE-2022-1512 | ScrollReveal.js Effects Plugin bis 1.2 auf WordPress Setting Cross Site Scripting
2022-05-16
(99hits)
CVE-2022-1455 | Call Now Button Plugin bis 1.1.1 auf WordPress Attribute Cross Site Scripting
2022-05-16
(73hits)
The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
2022-05-16
(65hits)
CVE-2022-30012 | HMS 1.0 POST Request appointment.php SQL Injection
2022-05-16
(60hits)
CVE-2022-30011 | HMS bis 1.0 appointment.php SQL Injection
2022-05-16
(62hits)
CVE-2022-30779 | Laravel 9.1.8 FileCookieJar.php erweiterte Rechte
2022-05-16
(91hits)
CVE-2022-30778 | Laravel 9.1.8 PendingBroadcast.php dispatch erweiterte Rechte
2022-05-16
(94hits)
CVE-2022-30373 | Air Cargo Management System 1.0 manage_cargo_type.php id SQL Injection
2022-05-13
(112hits)
CVE-2022-30372 | Air Cargo Management System 1.0 Master.php SQL Injection
2022-05-13
(119hits)
CVE-2022-30371 | Air Cargo Management System 1.0 view_cargo_type.php id SQL Injection
2022-05-13
(118hits)
CVE-2022-30370 | Air Cargo Management System 1.0 Master.php SQL Injection
2022-05-13
(124hits)
CVE-2022-29363 | Phpok 6.1 login_control.php update_f erweiterte Rechte (ID 12)
2022-05-13
(100hits)
CVE-2022-29982 | Simple Client Management System 1.0 manage_service.php id SQL Injection
2022-05-12
(82hits)
CVE-2022-29981 | Simple Client Management System 1.0 Users.php SQL Injection
2022-05-12
(84hits)
CVE-2022-29979 | Simple Client Management System 1.0 Master.php SQL Injection
2022-05-12
(85hits)
CVE-2022-29751 | Simple Client Management System 1.0 Master.php SQL Injection
2022-05-12
(82hits)
CVE-2022-29750 | Simple Client Management System 1.0 Master.php SQL Injection
2022-05-12
(84hits)
CVE-2022-29749 | Simple Client Management System 1.0 Master.php SQL Injection
2022-05-12
(81hits)
CVE-2022-29985 | Online Sports Complex Booking System 1.0 Master.php SQL Injection
2022-05-12
(82hits)
Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites
2022-05-12
(112hits)
CVE-2022-30452 | Shopwind bis 3.4.2 Database.php SQL Injection
2022-05-11
(115hits)
CVE-2022-30062 | ftcms bis 2.1 tp.php Directory Traversal
2022-05-11
(107hits)
CVE-2022-30060 | ftcms bis 2.1 admin/controllers/tp.php unbekannte Schwachstelle
2022-05-11
(106hits)
e107 CMS 3.2.1 Arbitrary File Upload / Cross Site Scripting
2022-05-11
(108hits)
WordPress Blue Admin 21.06.01 Cross Site Request Forgery
2022-05-11
(103hits)
CVE-2022-29656 | Wedding Management System 1.0 package_detail.php id SQL Injection
2022-05-11
(119hits)
CVE-2022-29317 | Simple Bus Ticket Booking System 1.0 _handleLogin.php username/password SQL Injection
2022-05-11
(91hits)
CVE-2022-29316 | Complete Online Job Search System 1.0 index.php SQL Injection
2022-05-11
(128hits)
CVE-2022-1209 | Ultimate Member Plugin bis 2.3.1 auf WordPress Profile Page Redirect (ID 989)
2022-05-11
(123hits)
CVE-2022-28601 | LMS Doctor Simple 2FA Plugin auf Moodle Two-factor Authentication profile.php schwache Authentisierung
2022-05-11
(118hits)
CVE-2022-1567 | WP-JS Plugin bis 2.0.6 auf WordPress wp-js.php wp_js_admin Cross Site Scripting
2022-05-11
(123hits)
CVE-2022-1505 | RSVPMaker Plugin bis 9.2.6 auf WordPress rsvpmaker-api-endpoints.php SQL Injection
2022-05-11
(131hits)
CVE-2022-1453 | RSVPMaker Plugin bis 9.2.5 auf WordPress rsvpmaker-util.php SQL Injection
2022-05-11
(136hits)
CVE-2022-1476 | All-in-One WP Migration Plugin bis 7.58 auf WordPress class-ai1wm-backups.php Directory Traversal
2022-05-11
(96hits)
CVE-2022-1463 | Booking Calendar Plugin bis 9.1 auf WordPress Shortcode erweiterte Rechte
2022-05-11
(96hits)
CVE-2021-42645 | CMSimple_XH 1.7.4 File erweiterte Rechte
2022-05-10
(121hits)
CVE-2022-0814 | Ubigeo de Perú para Woocommerce Plugin bis 3.6.3 auf WordPress AJAX Action SQL Injection
2022-05-10
(129hits)
CVE-2022-1338 | Easily Generate Rest API Url Plugin bis 1.0.0 auf WordPress Cross Site Scripting
2022-05-09
(140hits)
CVE-2022-1303 | Slide Anything Plugin bis 2.3.43 auf WordPress Description Cross Site Scripting
2022-05-09
(132hits)
CVE-2022-1171 | Vertical Scroll Recent Post Plugin bis 13.x auf WordPress Cross Site Scripting
2022-05-09
(130hits)
CVE-2022-1104 | Popup Maker Plugin bis 1.16.4 auf WordPress Cross Site Scripting
2022-05-09
(128hits)
CVE-2022-1047 | Themify Post Type Builder Search Addon Plugin bis 1.3.x auf WordPress Cross Site Scripting
2022-05-09
(135hits)
CVE-2022-0898 | IgniteUp Plugin bis 3.4.1 auf WordPress Cross Site Scripting
2022-05-09
(105hits)
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the
2022-05-09
(92hits)
PHProjekt (PhpSimplyGest / MyProjects, 1.3.0) - Stored XSS (Cross-Site Scripting)
2022-05-08
(116hits)
CVE-2020-19217 | Piwigo 2.9.5 admin/batch_manager.php filter_category SQL Injection (ID 1012)
2022-05-06
(129hits)
CVE-2020-19216 | Piwigo 2.9.5 admin/user_perm.php cat_false SQL Injection (ID 1011)
2022-05-06
(121hits)
CVE-2020-19215 | Piwigo 2.9.5 admin/user_perm.php cat_false SQL Injection (ID 1011)
2022-05-06
(116hits)
CVE-2020-19213 | Piwigo 2.9.5 cat_move.php move_categories selection SQL Injection (ID 1010)
2022-05-06
(126hits)
SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete.
2022-05-06
(115hits)
SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories.
2022-05-06
(117hits)
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm.
2022-05-06
(118hits)
SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm.
2022-05-06
(121hits)
SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager.
2022-05-06
(112hits)
CVE-2022-27359 | Foxit PDF Reader 11.2.1.53537 PHP FoxitPDFReader.exe Denial of Service
2022-05-06
(127hits)
CVE-2022-28533 | SourceCodester Medical Hub Directory Site 1.0 view_details.php SQL Injection (ID 166539)
2022-05-06
(147hits)
CVE-2022-29938 | LibreHealth EHR 2.0.0 GET Parameter new_payment.php payment_id SQL Injection
2022-05-05
(145hits)
CVE-2022-29940 | LibreHealth EHR 2.0.0 GET Parameter find_order_popup.php formseq/formid Cross Site Scripting
2022-05-05
(130hits)
CVE-2022-29939 | LibreHealth EHR 2.0.0 GET Parameter sl_eob_process.php debug/InsId Cross Site Scripting
2022-05-05
(120hits)
CVE-2021-41739 | Artica Proxy 4.30.000000 cyrus.events.php logs/rp erweiterte Rechte
2022-05-05
(129hits)
CVE-2021-42235 | osTicket bis 1.14.7/1.15.3 erweiterte Rechte
2022-05-04
(124hits)
CVE-2022-28512 | Sourcecodester Fantastic Blog CMS 1.0 single.php id SQL Injection
2022-05-04
(148hits)
CVE-2022-28508 | MantisBT bis 2.25.1 Hidden Input Field browser_search_plugin.php return Cross Site Scripting
2022-05-04
(120hits)
CVE-2022-28099 | Poultry Farm Management System 1.0 /farm/store.php Item SQL Injection
2022-05-04
(150hits)
CVE-2022-28096 | Zorlan Skycaiji 2.4 Develop.php Privilege Escalation (ID 39)
2022-05-04
(135hits)
CVE-2022-27330 | SourceCodester E-Commerce Website 1.0 index.php Product Title Cross Site Scripting
2022-05-04
(147hits)
CVE-2022-27413 | Hospital Management System 1.0 admin.php adminname SQL Injection
2022-05-04
(151hits)
WordPress Stafflist 3.1.2 Cross Site Scripting
2022-05-04
(133hits)
CVE-2022-28589 | Pixelimity 1.0 pages.php Title Cross Site Scripting (ID 23)
2022-05-03
(137hits)
CVE-2022-28590 | Pixelimity 1.0 admin-ajax.php Privilege Escalation (ID 24)
2022-05-03
(132hits)
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress.
2022-05-03
(127hits)
CVE-2022-1269 | Fast Flow Plugin bis 1.2.10 auf WordPress Admin Dashboard page Cross Site Scripting
2022-05-02
(145hits)
CVE-2022-1255 | Import and Export Users and Customers Plugin bis 1.19.2.0 auf WordPress CSV Data Cross Site Scripting
2022-05-02
(139hits)
CVE-2022-1250 | LifterLMS PayPal Plugin bis 1.3.x auf WordPress Payment Confirmation Page Cross Site Scripting
2022-05-02
(132hits)
CVE-2022-1046 | Visual Form Builder Plugin bis 3.0.6 auf WordPress Email to Cross Site Scripting
2022-05-02
(235hits)
CVE-2022-0952 | click5 Sitemap Plugin bis 1.0.35 auf WordPress REST Endpoint erweiterte Rechte
2022-05-02
(134hits)
CVE-2022-0662 | AdRotate Plugin bis 5.8.22 auf WordPress Advert Name Cross Site Scripting
2022-05-02
(111hits)
CVE-2022-0649 | AdRotate Plugin bis 5.8.22 auf WordPress Group Name Cross Site Scripting
2022-05-02
(111hits)
CVE-2022-0428 | Content Egg Plugin bis 5.2.x auf WordPress Autoblogging Admin Dashboard page Cross Site Scripting
2022-05-02
(119hits)
CVE-2022-0418 | Event List Plugin bis 0.8.7 auf WordPress Setting Cross Site Scripting
2022-05-02
(114hits)
CVE-2022-0191 | Ad Invalid Click Protector Plugin bis 1.2.6 auf WordPress Cross Site Request Forgery (ID 2705068)
2022-05-02
(124hits)
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via
2022-05-02
(112hits)
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it
2022-05-02
(101hits)
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page
2022-05-02
(99hits)
CVE-2022-28056 | ShopXO bis 2.2.5 Add Index.php erweiterte Rechte (ID 66)
2022-05-02
(103hits)
CVE-2022-27983 | Ruijie-NBR RG-NBR-E Enterprise Gateway check.php url Information Disclosure
2022-05-02
(102hits)
CVE-2022-27982 | Ruijie-NBR RG-NBR-E Enterprise Gateway upLoadCfg.php fileName Privilege Escalation
2022-05-02
(103hits)
CVE-2022-29969 | RSS Extension auf MediaWiki RSS Element Cross Site Scripting
2022-05-02
(103hits)
CVE-2022-21149 | S-Cart bis 6.8 URL Cross Site Scripting (SNYK-PHP-SCARTCORE-2389036)
2022-05-01
(132hits)
WordPress Booking Calendar 9.1 PHP Object Injection / Insecure Deserialization
2022-05-01
(118hits)
CVE-2022-28323 | MediaWiki bis 1.37.2 SecurePoll Extension Information Disclosure
2022-04-30
(87hits)
CVE-2022-29451 | One Click Demo Import Plugin bis 1.2.9 auf WordPress /wp-content/uploads/ Cross Site Request Forgery
2022-04-30
(126hits)
CVE-2022-29414 | WPKube Subscribe To Comments Reloaded Plugin bis 211130 auf WordPress Log Archive Cross Site Request Forgery
2022-04-30
(110hits)
CVE-2022-29907 | Nimbus Skin bis 1.37.2 auf MediaWiki Advertise Link Message Cross Site Scripting
2022-04-29
(114hits)
CVE-2022-29903 | Private Domains Extension bis 1.37.2 auf MediaWiki Extension Configuration Special:PrivateDomains Cross Site Request Forgery
2022-04-29
(111hits)
CVE-2022-29904 | SemanticDrilldown Extension bis 1.37.2 auf MediaWiki SQL Injection
2022-04-29
(113hits)
CVE-2022-29905 | FanBoxes Extension bis 1.37.2 auf MediaWiki Cross Site Request Forgery
2022-04-29
(112hits)
CVE-2022-29906 | QuizGame Extension bis 1.37.2 auf MediaWiki Admin API Module erweiterte Rechte
2022-04-29
(113hits)
CVE-2021-36895 | Tripetto Plugin bis 5.1.4 auf WordPress SVG Image Upload Cross Site Scripting
2022-04-27
(105hits)
CVE-2021-36867 | Alexander Ustimenko Psychological Tests & Quizzes Plugin bis 0.21.19 auf WordPress Cross Site Scripting
2022-04-27
(102hits)
CVE-2022-27854 | Alexander Ustimenko Psychological Tests & Quizzes Plugin bis 0.21.19 auf WordPress wpt_test_page_submit_button_caption Cross Site Scripting
2022-04-27
(136hits)
CVE-2022-26564 | HotelDruid Hotel Management Software 3.0.3 creaprezzi.php prezzoperiodo4 Cross Site Scripting
2022-04-27
(144hits)
CVE-2022-1503 | GetSimple CMS Content Module /admin/edit.php post-content Cross Site Scripting
2022-04-27
(142hits)
CVE-2022-28522 | ZCMS 20170206 index.php Cross Site Scripting
2022-04-27
(136hits)
CVE-2022-28918 | GreenCMS 2.3.0603 index.php plugin_name Denial of Service (ID 116)
2022-04-27
(129hits)
CVE-2022-28528 | bloofoxCMS 0.5.2.1 index.php erweiterte Rechte (ID 14)
2022-04-27
(101hits)
CVE-2022-28524 | ED01-CMS 20180505 post.php SQL Injection
2022-04-27
(110hits)
CVE-2022-28521 | ZCMS 20170206 index.php erweiterte Rechte
2022-04-27
(107hits)
CVE-2022-28059 | Verydows 2.0 database_controller.php Denial of Service (ID 21)
2022-04-27
(103hits)
CVE-2022-28058 | Verydows 2.0 file_controller.php Denial of Service (ID 20)
2022-04-27
(104hits)
CVE-2022-28525 | ED01-CMS 20180505 users.php erweiterte Rechte
2022-04-27
(110hits)
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights.
2022-04-27
(116hits)
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.
2022-04-27
(105hits)
CVE-2022-27985 | CuppaCMS 1.0 alertLightbox.php SQL Injection (ID 31)
2022-04-26
(80hits)
CVE-2022-27984 | CuppaCMS 1.0 right.php menu_filter SQL Injection (ID 30)
2022-04-26
(82hits)
CVE-2022-27299 | Hospital Management System 1.0 room.php SQL Injection
2022-04-26
(85hits)
WordPress Coru LFMember 1.0.2 Cross Site Scripting
2022-04-26
(81hits)
WordPress WP-Invoice 4.3.1 Cross Site Scripting
2022-04-26
(86hits)
CVE-2022-29418 | Mark Daniels Night Mode Plugin bis 1.0.0 auf WordPress Cross Site Scripting
2022-04-26
(80hits)
CVE-2022-28290 | Country Selector Plugin 1.6.5 auf WordPress Cross Site Scripting
2022-04-26
(91hits)
CVE-2022-1396 | Donorbox Plugin bis 7.1.6 auf WordPress Campaign URL Setting Cross Site Scripting (ID 166531)
2022-04-26
(74hits)
CVE-2022-1392 | Videos Sync PDF Plugin bis 1.7.4 auf WordPress p Directory Traversal (ID 166534)
2022-04-26
(85hits)
CVE-2022-1391 | Cab Fare Calculator Plugin bis 1.0.3 auf WordPress controller Directory Traversal (ID 166533)
2022-04-26
(81hits)
CVE-2022-1228 | Opensea Plugin bis 1.0.2 auf WordPress Setting Referer address Cross Site Scripting
2022-04-26
(86hits)
CVE-2022-1156 | Books & Papers Plugin bis 0.20210223 auf WordPress Custom DB Prefix Setting Cross Site Scripting
2022-04-26
(79hits)
CVE-2022-1153 | LayerSlider Plugin bis 7.1.1 auf WordPress Project Slug Cross Site Scripting
2022-04-26
(82hits)
CVE-2022-1152 | Menubar Plugin bis 5.7 auf WordPress Command Parameter Cross Site Scripting
2022-04-26
(91hits)
CVE-2022-0876 | WpDevArt Social Comments Plugin bis 2.4.x auf WordPress Cross Site Scripting
2022-04-26
(84hits)
CVE-2022-0634 | ThirstyAffiliates Affiliate Link Manager Plugin bis 3.10.4 auf WordPress ta_insert_external_image erweiterte Rechte
2022-04-26
(75hits)
CVE-2022-0398 | ThirstyAffiliates Affiliate Link Manager Plugin vor 3.10.5 auf WordPress erweiterte Rechte
2022-04-26
(84hits)
CVE-2022-0363 | myCred Plugin bis 2.4.3 auf WordPress AJAX Action mycred-tools-import-export erweiterte Rechte
2022-04-26
(74hits)
CVE-2021-46782 | Supsystic Pricing Table Plugin bis 1.9.4 auf WordPress Admin Dashboard tab Cross Site Scripting
2022-04-26
(83hits)
CVE-2021-46781 | Supsystic Coming Soon Plugin bis 1.7.5 auf WordPress Admin Dashboard tab Cross Site Scripting
2022-04-26
(81hits)
CVE-2021-24805 | DW Question & Answer Pro plugin bis 1.3.4 auf WordPress Cross Site Request Forgery
2022-04-26
(73hits)
CVE-2022-29419 | Don Crowther xSocializer plugin bis 0.98.22 auf WordPress SQL Injection
2022-04-26
(74hits)
CVE-2022-29417 | ShortPixel Adaptive Images Plugin bis 3.3.1 auf WordPress Setting erweiterte Rechte
2022-04-25
(123hits)
CVE-2022-0769 | Users Ultra Plugin bis 3.1.0 auf WordPress AJAX Action rating_vote data_target SQL Injection
2022-04-25
(122hits)
CVE-2022-0693 | Master Elements Plugin bis 8.0 auf WordPress remove_post_meta_condition meta_ids SQL Injection
2022-04-25
(120hits)
CVE-2022-0657 | RRatingg Plugin vor 1.2.54 auf WordPress rrtngg_delete_leads SQL Injection
2022-04-25
(107hits)
CVE-2022-0287 | myCred Plugin bis 2.4.3.0 auf WordPress AJAX Action mycred-tools-select-user Information Disclosure
2022-04-25
(118hits)
CVE-2021-25111 | English Admin Plugin bis 1.5.1 auf WordPress admin_custom_language_return_url Redirect
2022-04-25
(84hits)
CVE-2021-24957 | Advanced Page Visit Counter Plugin bis 5.0.8 auf WordPress AJAX Action apvc_reset_count_art artID SQL Injection
2022-04-25
(85hits)
CVE-2021-24800 | DW Question & Answer Pro Plugin bis 1.3.4 auf WordPress Comment erweiterte Rechte
2022-04-25
(85hits)
CVE-2021-46780 | Easy Google Maps Plugin bis 1.9.31 auf WordPress Admin Dashboard tab Cross Site Scripting
2022-04-25
(93hits)
CVE-2022-28094 | SourceCodester SCBS Online Sports Venue Reservation System 1.0 booking.php fid Cross Site Scripting
2022-04-25
(94hits)
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.
2022-04-25
(89hits)
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status.
2022-04-25
(80hits)
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection
2022-04-25
(80hits)
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot
2022-04-25
(82hits)
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue
2022-04-25
(83hits)
CVE-2022-1458 | OpenEMR bis 6.1.0.0 Cross Site Scripting
2022-04-25
(90hits)
CVE-2022-1461 | OpenEMR bis 6.1.0.0 Privilege Escalation
2022-04-25
(83hits)
CVE-2021-45837 | TerraMaster F4-210/F2-210 TOS 4.2.15-2107141517 /tos/index.php Privilege Escalation
2022-04-25
(76hits)
WordPress Videos Sync PDF 1.7.4 Cross Site Scripting
2022-04-25
(142hits)
WordPress Popup Maker 1.16.5 Cross Site Scripting
2022-04-25
(143hits)
CVE-2022-1429 | Pimcore bis 10.3.5 GridHelperService.php SQL Injection
2022-04-22
(130hits)
CVE-2022-27478 | Victor CMS 1.0 profile.php Privilege Escalation
2022-04-22
(141hits)
CVE-2022-28440 | UCMS 1.6 PHP File erweiterte Rechte
2022-04-22
(149hits)
CVE-2022-28417 | Master Home Owners Collection Management System 1.0 Master.php SQL Injection
2022-04-22
(152hits)
CVE-2022-28416 | Master Home Owners Collection Management System 1.0 Master.php SQL Injection
2022-04-22
(151hits)
CVE-2022-28415 | Master Home Owners Collection Management System 1.0 Master.php SQL Injection
2022-04-22
(154hits)
CVE-2022-28414 | Master Home Owners Collection Management System 1.0 Master.php SQL Injection
2022-04-22
(123hits)
CVE-2022-28439 | SourceCodester Baby Care System 1.0 uesrs.php&&action=delete&userid=4 SQL Injection
2022-04-22
(112hits)
CVE-2022-28438 | SourceCodester Baby Care System 1.0 uesrs.php&action=type&userrole=User userid SQL Injection
2022-04-22
(122hits)
CVE-2021-41162 | Combodo iTop bis 3.0.0 beta5 ajax.render.php Cross Site Scripting (GHSA-w5jw-hfvp-gx95)
2022-04-21
(135hits)
CVE-2022-29547 | CreateRedirect Extension auf MediaWiki Target Page erweiterte Rechte
2022-04-21
(117hits)
CVE-2021-43481 | webTareas bis 2.4p3 POST Parameter editapprovalstage.php uq SQL Injection
2022-04-21
(128hits)
CVE-2022-29533 | MISP bis 2.4.157 Checkbox OrganisationsController.php Cross Site Scripting
2022-04-21
(121hits)
CVE-2022-29534 | MISP bis 2.4.157 HTTP Header UsersController.php erweiterte Rechte
2022-04-21
(115hits)
CVE-2021-4096 | Fancy Product Designer Plugin bis 4.7.5 auf WordPress FPD_Admin_Import erweiterte Rechte
2022-04-20
(147hits)
CVE-2022-27863 | E4J VikBooking Hotel Booking Engine & PMS Plugin bis 1.5.3 auf WordPress POST Request Information Disclosure
2022-04-20
(149hits)
CVE-2022-1186 | Be POPIA Compliant Plugin bis 1.1.5 auf WordPress API Information Disclosure
2022-04-20
(154hits)
CVE-2022-0993 | SiteGround Security Plugin bis 1.2.5 auf WordPress Identity Verification schwache Authentisierung (ID 2706302)
2022-04-20
(145hits)
CVE-2022-0992 | SiteGround Security Plugin bis 1.2.5 auf WordPress schwache Authentisierung (ID 2706302)
2022-04-20
(153hits)
CVE-2022-28222 | CleanTalk AntiSpam Plugin bis 5.173 auf WordPress Users.php page Cross Site Scripting
2022-04-20
(126hits)
CVE-2022-28221 | CleanTalk AntiSpam Plugin bis 5.173 auf WordPress Comments.php page Cross Site Scripting
2022-04-20
(112hits)
CVE-2022-1187 | WP YouTube Live Plugin bis 1.7.21 auf WordPress ~/inc/admin.php Cross Site Scripting
2022-04-20
(119hits)
CVE-2022-27862 | E4J VikBooking Hotel Booking Engine & PMS Plugin bis 1.5.3 auf WordPress Signature erweiterte Rechte
2022-04-20
(127hits)
CVE-2022-27629 | MicroPayments Plugin bis 1.9.5 auf WordPress Cross Site Request Forgery
2022-04-20
(118hits)
CVE-2022-27055 | ecjia-daojia 1.38.1-20210202629 Helper.php Information Disclosure (ID 20)
2022-04-19
(144hits)
CVE-2022-1112 | Autolinks Plugin bis 1.0.1 auf WordPress Cross Site Request Forgery
2022-04-18
(136hits)
CVE-2022-0780 | SearchIQ Plugin bis 3.8 auf WordPress siq_ajax customCss Cross Site Scripting
2022-04-18
(132hits)
CVE-2022-1091 | Safe SVG Plugin bis 1.9.9 auf WordPress POST Request Cross Site Scripting
2022-04-18
(143hits)
CVE-2022-1090 | Good & Bad Comments Plugin bis 1.0.0 auf WordPress Cross Site Scripting
2022-04-18
(125hits)
CVE-2022-1088 | Page Security & Membership Plugin bis 1.5.15 auf WordPress Cross Site Scripting
2022-04-18
(129hits)
CVE-2022-1063 | Thank Me Later Plugin bis 3.3.4 auf WordPress Message List Message Subject Cross Site Scripting
2022-04-18
(98hits)
CVE-2022-1037 | EXMAGE Plugin bis 1.0.6 auf WordPress External Image erweiterte Rechte
2022-04-18
(119hits)
CVE-2022-0994 | Hummingbird Plugin bis 3.3.1 auf WordPress Config Name Cross Site Scripting
2022-04-18
(100hits)
CVE-2022-0879 | Caldera Forms Plugin bis 1.9.6 auf WordPress cf-api Cross Site Scripting
2022-04-18
(104hits)
CVE-2022-27853 | Contest Gallery Plugin bis 13.1.0.9 auf WordPress Cross Site Scripting
2022-04-18
(97hits)
CVE-2022-23975 | Access Demo Importer Plugin bis 1.0.7 auf WordPress Cross Site Request Forgery
2022-04-18
(87hits)
CVE-2022-23976 | Access Demo Importer Plugin bis 1.0.7 auf WordPress Cross Site Request Forgery
2022-04-18
(88hits)
CVE-2020-13567 | phpGACL 3.3.7 HTTP Request SQL Injection (TALOS-2020-1179)
2022-04-18
(96hits)
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.
2022-04-18
(129hits)
Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.
2022-04-18
(132hits)
PHP Advisories/Bugs/Vulns frequency for this month
217384110 17215850 0 1150 0 0 0 0 0 0 0 0 0 0 0 0 0 
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

App PHP Model Class (New)
2022-05-18
CVE-2021-42897 | FeMiner wms 1.0 datarec.php r_name Privilege Escalation (ID 12)
2022-05-17
CVE-2022-30776 | atmail 6.5.0 index.php/admin/index/ error Cross Site Scripting
2022-05-17
CVE-2022-30777 | Parallels H-Sphere 3.6.2 index_en.php from Cross Site Scripting
2022-05-17
CVE-2022-1753 | WoWonder Group /requests.php group_id erweiterte Rechte
2022-05-17
CVE-2022-30050 | Gnuboard 5.55/5.56 bbs/member_confirm.php Cross Site Scripting
2022-05-17
PHP Student Sessions API
2022-05-17
CVE-2022-1455 | Call Now Button Plugin bis 1.1.1 auf WordPress Attribute Cross Site Scripting
2022-05-16
CVE-2022-1512 | ScrollReveal.js Effects Plugin bis 1.2 auf WordPress Setting Cross Site Scripting
2022-05-16
CVE-2022-1559 | Clipr Plugin bis 1.2.3 auf WordPress API Key Setting Cross Site Scripting
2022-05-16
CVE-2022-1407 | VikBooking Hotel Booking Engine & PMS Plugin bis 1.5.7 auf WordPress Tracking Campaign Cross Site Request Forgery
2022-05-16
CVE-2022-1418 | Social Stickers Plugin bis 2.2.9 auf WordPress Network Setting Cross Site Request Forgery
2022-05-16
CVE-2022-1557 | ULeak Security & Monitoring Plugin bis 1.2.3 auf WordPress Cross Site Scripting
2022-05-16
The AGIL WordPress plugin through 1.0 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
2022-05-16
CVE-2022-30011 | HMS bis 1.0 appointment.php SQL Injection
2022-05-16
  News browser

PHP Tutorial PHPBasics Installation Guide, Data Types, Variables, and Operators, Control structures, Functions, Strings, Regular expression, Error Handling, Cookies+Sessions, and many more..

SQLi The SQL Injection Knowledge Base is the ultimate resource regarding SQL Injections. Here you will find everything there is to know about SQL Injections.

phpseclib phpSec is a open-source, PSR-0 compatible, PHP security library that takes care of the common security tasks a web developer faces.

Class:sql_inject - This class is meant to search in your SQL data values for special characters that may change the meaning of your SQL data and execute actions that may compromise the security of servers.

Top 10 Links
÷ phpforge
÷ KillerProtection
÷ PY-Membres
÷ PhenHP Album
÷ ALP - Banner Ad
÷ CuteNews
÷ phpMyNewsletter
÷ LokwaBB
÷ Avotravis
÷ Kietu










French English